1. Introduction and Contact Information of the Data Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data are all data that can be used to identify you personally.

1.2 The data controller for processing personal data on this website, as defined by the General Data Protection Regulation (GDPR), is Bhumi Bavarva, bawras, Sürther Str. 86, 50996 Köln, Germany, Tel.: 022120467609, Email: info@bawras.com. The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

1. Data Collection When Visiting Our Website

2.1 When you use our website for informational purposes only, i.e., if you do not register or provide us with any other information, we collect only the data that your browser transmits to the server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

• The website you visited
• Date and time of access
• Amount of data sent in bytes
• Source/referral from which you accessed the page
• Browser used
• Operating system used
• IP address used (if applicable, in anonymized form)

The processing is carried out in accordance with Art. 6 (1) lit. f GDPR, based on our legitimate interest in improving the stability and functionality of our website. There is no transfer or other use of the data. However, we reserve the right to review the server log files retrospectively if specific indications suggest unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser’s address bar.

1. Hosting & Content Delivery Network

3.1 Shopify

For hosting our website and displaying page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada. All data collected on our website is processed on the provider's servers. We have entered into a data processing agreement with the provider to ensure the protection of our site visitors' data and prohibit unauthorized disclosure to third parties. When data is transferred to Canada, an adequate level of data protection is ensured by an adequacy decision from the European Commission.

3.2 Cloudflare

We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA. This service allows us to deliver large media files, such as graphics, page content, or scripts, more quickly through a network of regionally distributed servers. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 (1) lit. f GDPR. We have entered into a data processing agreement with the provider to ensure the protection of our site visitors' data and prohibit unauthorized disclosure to third parties. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision from the European Commission.

1. Cookies

To make your visit to our website more attractive and to enable the use of certain features, we use cookies, which are small text files placed on your device. Some of these cookies are automatically deleted when you close the browser (so-called "session cookies"), while others remain on your device for a longer period and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in your browser's cookie settings.

If individual cookies we use process personal data, the processing is carried out in accordance with Art. 6 (1) lit. b GDPR for the performance of the contract, Art. 6 (1) lit. a GDPR in case of consent, or Art. 6 (1) lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and efficient design of the site visit.

You can configure your browser to inform you about the setting of cookies and decide individually whether to accept them or exclude the acceptance of cookies for certain cases or generally. Please note that the functionality of our website may be restricted if cookies are not accepted.

1. Contact

5.1 Judge.me

For review reminders, we use the services of the following provider: Judge.me Ltd., c/o Buckworths, 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB, United Kingdom. Only with your explicit consent, according to Art. 6 (1) lit. a GDPR, we will transmit your email address and, if applicable, other customer data to the provider to contact you with a review reminder via email. You can revoke your consent at any time with effect for the future to us or the provider. We have entered into a data processing agreement with the provider to ensure the protection of our site visitors' data and prohibit unauthorized disclosure to third parties. If data is transferred to the provider’s location, an adequate level of data protection is ensured by an adequacy decision from the European Commission.

5.2 In the context of contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your inquiry and only to the extent necessary. The legal basis for the processing of this data is our legitimate interest in responding to your inquiry, according to Art. 6 (1) lit. f GDPR. If your contact is aimed at a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted when it becomes apparent that the matter in question has been resolved and no legal retention obligations exist.

1. Use of Customer Data for Direct Marketing

Shopify Email

The sending of our email newsletters is handled by the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada. Based on our legitimate interest in effective and user-friendly newsletter marketing, we transmit the data you provided when signing up for the newsletter in accordance with Art. 6 (1) lit. f GDPR to this provider so that they can handle the newsletter dispatch on our behalf.

Subject to your explicit consent according to Art. 6 (1) lit. a GDPR, the provider also performs statistical analysis of newsletter campaigns using web beacons or tracking pixels in the sent emails, which can measure open rates and specific interactions with the content of the newsletters. Device information (e.g., time of access, IP address, browser type, and operating system) is also collected and analyzed but not merged with other data.

You can revoke your consent to newsletter tracking at any time with effect for the future.

We have entered into a data processing agreement with the provider to protect our site visitors' data and prohibit unauthorized disclosure to third parties. When data is transferred to Canada, an adequate level of data protection is ensured by an adequacy decision from the European Commission.

1. Data Processing for Order Processing

7.1 As required for the contract execution related to delivery and payment purposes, we transmit the personal data we collect in accordance with Art. 6 (1) lit. b GDPR to the commissioned transport company and the commissioned financial institution.

If we owe you updates for goods with digital elements or digital products based on an applicable contract, we process the contact data you provided during the order (name, address, email) to personally inform you about upcoming updates within the legally specified time frame via suitable communication channels (e.g., mail or email), in compliance with our legal information obligations according to Art. 6 (1) lit. c GDPR.

7.2 Use of Payment Service Providers

• Apple Pay

If you opt for the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is processed via the "Apple Pay" function of your iOS, watchOS, or macOS device by charging a payment card stored in Apple Pay. Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must enter a code previously set by you and verify it using the "Face ID" or "Touch ID" function of your device.

For payment processing, the information you provided during the order process, along with the details of your order, is transmitted in encrypted form to Apple. Apple then re-encrypts this data with a developer-specific key before sending it to the payment service provider of the payment card stored in Apple Pay. The encryption ensures that only the website where the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific dynamic security code back to the originating website for confirmation of the payment success.

If personal data is processed during these transmissions, the processing is solely for the purpose of payment processing in accordance with Art. 6 (1) lit. b GDPR.

Apple stores anonymized transaction data, including the approximate purchase amount, date and time, and whether the transaction was successfully

8) Web Analytics Services
PayPal Marketing Solutions

This website uses the web analytics service of the following provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

By means of cookies and/or similar technologies (tracking pixels, web beacons, algorithms for reading device and browser information), the service collects and stores pseudonymized visitor data, including information about the device used, such as the IP address and browser information, in order to evaluate them for statistical analysis of website usage behavior and create pseudonymized user profiles. Among other things, this allows the analysis of movement patterns (so-called heatmaps), which show the duration of page visits and interactions with page content (e.g., text inputs, scrolling, clicks, and mouse-overs). The pseudonymization fundamentally prevents direct identification. No merging with other personally identifiable data collected in another way will occur.

All of the above-mentioned processes, especially reading or storing information on the device used, will only take place if you have explicitly consented to them in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by disabling this service in the "Cookie Consent Tool" provided on the website.
We have signed a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

9) Site Functionalities
YouTube

This website uses plugins to display and play videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data may also be transmitted to: Google LLC., USA
When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the provider's servers to load the plugin. In the process, certain information, including your IP address, is transmitted to the provider.
When the embedded videos are played via the plugin, the provider also uses cookies to collect information about user behavior, create playback statistics, and prevent abusive behavior.
If you are logged into a user account with the provider during your visit, your data will be directly associated with your account when you click on a video. If you do not want the data to be linked to your account, you must log out before clicking the playback button.
All of the aforementioned processes, especially setting cookies to read information on the device used, will only occur if you have explicitly consented to them in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by disabling this service through the "Cookie Consent Tool" provided on the website.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.

10) Rights of the Data Subject
10.1 The applicable data protection law grants you the following rights concerning the processing of your personal data:

• Right of access according to Art. 15 GDPR;
• Right to rectification according to Art. 16 GDPR;
• Right to erasure according to Art. 17 GDPR;
• Right to restriction of processing according to Art. 18 GDPR;
• Right to notification according to Art. 19 GDPR;
• Right to data portability according to Art. 20 GDPR;
• Right to withdraw consent according to Art. 7 para. 3 GDPR;
• Right to lodge a complaint according to Art. 77 GDPR.

10.2 RIGHT TO OBJECT
If we process your personal data based on our legitimate interests, you have the right to object to this processing at any time for reasons arising from your particular situation. If you exercise your right to object, we will cease processing the affected data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes. You may exercise your objection as described above.
If you exercise your right to object, we will cease processing the affected data for direct marketing purposes.

11) Duration of Storage of Personal Data
The duration of the storage of personal data is determined based on the respective legal basis, processing purpose, and, if applicable, the respective legal retention period (e.g., commercial and tax law retention periods).
When personal data is processed based on explicit consent according to Art. 6 para. 1 lit. a GDPR, the data will be stored as long as you do not revoke your consent.
If there are legal retention periods for data processed under contractual or similar obligations based on Art. 6 para. 1 lit. b GDPR, the data will be routinely deleted once the retention periods expire unless they are required for the performance of the contract or the initiation of the contract and/or we have a legitimate interest in further storage.
If personal data is processed based on Art. 6 para. 1 lit. f GDPR, the data will be stored as long as you do not exercise your right to object according to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
If personal data is processed for direct marketing purposes based on Art. 6 para. 1 lit. f GDPR, the data will be stored as long as you do not exercise your right to object according to Art. 21 para. 2 GDPR.
Unless otherwise stated in this declaration concerning specific processing situations, stored personal data will be deleted once it is no longer necessary for the purposes for which it was collected or otherwise processed.