Data protection

Privacy Policy

We process personal data (hereinafter mostly referred to as “data”) only to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

According to Article 4(1) of Regulation (EU) 2016/679, the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or linking, restriction, erasure or destruction.

With the following privacy policy, we inform you in particular about the type, scope, purpose, duration, and legal basis of the processing of personal data, insofar as we decide either alone or jointly with others on the purposes and means of processing. Furthermore, we inform you below about the third-party components we use for optimization purposes and to improve the quality of use, insofar as third parties process data under their own responsibility.

Our privacy policy is structured as follows:

I. Information about us as the responsible party
II. Rights of users and data subjects
III. Information on data processing

I. Information about us as the responsible party

The responsible provider of this website in terms of data protection law is:

Yak Thai Owner Chonticha Schopf
Obergolzaberg 5
84106 Volkenschwand
Germany

Telephone: 08442 - 962 1450
Email: info@yak-thai.de

The provider’s data protection officer is:

Chonticha Schopf

II. Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right

to confirmation as to whether data concerning them is being processed, to information about the data being processed, to further information about the data processing and to copies of the data (see also Art. 15 GDPR);
to rectification or completion of incorrect or incomplete data (see also Art. 16 GDPR);
to the immediate erasure of the data concerning them (see also Art. 17 GDPR), or, alternatively, if further processing is necessary pursuant to Art. 17 (3) GDPR, to the restriction of processing in accordance with Art. 18 GDPR;
to receive the data concerning them and provided by them and to transmit this data to other providers/controllers (see also Art. 20 GDPR);
to lodge a complaint with the supervisory authority if they believe that the data concerning them is being processed by the provider in violation of data protection regulations (see also Art. 77 GDPR).

Furthermore, the provider is obligated to inform all recipients to whom data has been disclosed by the provider of any rectification or erasure of data or restriction of processing carried out pursuant to Articles 16, 17 (1), and 18 GDPR. However, this obligation shall not apply if such notification is impossible or involves disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.

Likewise, according to Art. 21 GDPR, users and data subjects have the right to object to the future processing of their data, provided that the data is processed by the provider in accordance with Art. 6 (1) (f) GDPR. In particular, an objection to data processing for direct marketing purposes is permissible.

III. Information on data processing

Your data processed when you use our website will be deleted or blocked as soon as the purpose of storage no longer applies, there are no legal retention obligations that prevent the deletion of the data and no other information is given below regarding individual processing procedures.

Server data

For technical reasons, particularly to ensure a secure and stable website, data is transmitted to us or our web space provider via your internet browser. These so-called server log files collect, among other things, the type and version of your internet browser, the operating system, the website from which you accessed our website (referrer URL), the website(s) of our website that you visit, the date and time of each access, and the IP address of the internet connection from which you accessed our website.

The data collected in this way will be stored temporarily, but not together with other data about you.

This storage is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.

The data will be deleted after seven days at the latest, unless further retention is required for evidentiary purposes. Otherwise, the data will be exempt from deletion in whole or in part until the incident has been finally resolved.

Cookies

a) Session cookies

We use so-called cookies on our website. Cookies are small text files or other storage technologies that are placed and stored on your device by the internet browser you use. These cookies process certain information about you on an individual basis, such as your browser or location data or your IP address.

This processing makes our website more user-friendly, effective and secure, as it enables, for example, the display of our website in different languages or the provision of a shopping cart function.

The legal basis for this processing is Art. 6 (1) GDPR, provided that these cookies process data for the purpose of initiating or executing a contract.

If the processing does not serve to initiate or execute a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is Art. 6 (1) (f) GDPR.

When you close your internet browser, these session cookies are deleted.

b) Third-party cookies

Our website may also use cookies from partner companies with whom we work for the purposes of advertising, analysis or the functionality of our website.

For details, in particular regarding the purposes and legal basis for processing such third-party cookies, please see the information below.

c) Possibility of removal

You can prevent or restrict the installation of cookies by adjusting the settings in your Internet browser. You can also delete cookies that have already been saved at any time. The steps and measures required to do this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact the manufacturer or support. In the case of so-called Flash cookies, however, the processing cannot be prevented via the browser settings. Instead, you must change the settings of your Flash player. The steps and measures required to do this also depend on the specific Flash player you are using. If you have any questions, please also use the help function or documentation of your Flash player or contact the manufacturer or user support.

However, if you prevent or restrict the installation of cookies, this may mean that not all functions of our website can be used to their full extent.

Contract processing

The data you provide to use our range of goods and/or services will be processed by us for the purpose of contract execution and is necessary for this purpose. Conclusion and contract execution are not possible without providing your data.

The legal basis for the processing is Art. 6 (1) (b) GDPR.

We will delete the data once the contract has been fully processed, but we must observe the retention periods required by tax and commercial law.

As part of the contract processing, we will pass on your data to the transport company commissioned with the delivery of the goods or to the financial service provider, insofar as the transfer is necessary for the delivery of the goods or for payment purposes.

The legal basis for the transfer of data is then Art. 6 (1) (b) GDPR.

Customer account / registration function

If you create a customer account with us via our website, we will collect and store the data you entered during registration (e.g., your name, address, or email address) exclusively for pre-contractual services, for contract fulfillment, or for customer care purposes (e.g., to provide you with an overview of your previous orders with us or to offer you the so-called wish list function). At the same time, we will store your IP address and the date and time of your registration. This data will not be passed on to third parties.

As part of the registration process, your consent to this processing will be obtained and reference will be made to this privacy policy. The data we collect will be used exclusively to provide the customer account.

If you consent to this processing, Art. 6 (1) (a) GDPR is the legal basis for the processing.

If the opening of the customer account also serves pre-contractual measures or the fulfilment of the contract, the legal basis for this processing is also Art. 6 (1) (b) GDPR.

You may revoke your consent to open and maintain a customer account at any time with future effect in accordance with Art. 7 (3) GDPR. To do so, you simply need to notify us of your revocation.

The data collected in this way will be deleted as soon as processing is no longer necessary. However, we must observe retention periods under tax and commercial law.

Creditworthiness and scoring checks

If we offer you the general option of payment by invoice as part of our product or service offering and you choose to make use of this option, we reserve the right to obtain a credit report from a credit agency (such as Creditreform, Schufa, Bürgel, or Infoscore) based on mathematical and statistical procedures. For this purpose, your data, insofar as it is contractually relevant, such as your name and address, will be forwarded to the credit agency. We use the resulting information on the statistical probability of a payment default to decide whether to offer you payment by invoice.

The legal basis for this processing is our legitimate interest in the reliability of the claim in accordance with Art. 6 (1) (f) GDPR.

If you sign up for our free newsletter, the data you provide, i.e., your email address and—optionally—your name and address, will be transmitted to us. At the same time, we store the IP address of the internet connection from which you access our website, as well as the date and time of your registration. As part of the further registration process, we will obtain your consent to send the newsletter, describe its content in detail, and refer you to this privacy policy. We use the data collected exclusively for sending the newsletter—it will therefore not be shared with third parties.

The legal basis for this is Art. 6 (1) (a) GDPR.

You can revoke your consent to receive the newsletter at any time with future effect in accordance with Art. 7 (3) GDPR. To do so, simply notify us of your revocation or click the unsubscribe link included in each newsletter.

Contact requests / contact options

If you contact us via contact form or email, the data you provide will be used to process your inquiry. Providing this data is necessary to process and respond to your inquiry; without it, we cannot respond to your inquiry or can only respond to a limited extent.

The legal basis for this processing is Art. 6 (1) (b) GDPR.

Your data will be deleted once your inquiry has been conclusively answered and there are no legal retention obligations that prevent deletion, such as in the case of any subsequent contract processing.

YouTube

We maintain an online presence on YouTube to present our company and our services and to communicate with customers and interested parties. YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.

In this respect, we would like to point out that user data may be processed outside the European Union, particularly in the USA. This may increase the risks for users, for example, by making subsequent access to user data more difficult. We also have no access to this user data. Access to this data lies exclusively with YouTube.

YouTube’s privacy policy can be found at

https://policies.google.com/privacy

Facebook

To promote our products and services and to communicate with interested parties or customers, we maintain a company presence on the Facebook platform.

On this social media platform, we are jointly responsible with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Facebook’s data protection officer can be reached via a contact form:

https://www.facebook.com/help/contact/540977946302970

We have regulated our joint controllership in an agreement regarding our respective obligations under the GDPR. This agreement, from which our mutual obligations arise, can be accessed at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the resulting processing of personal data, as described below, is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the analysis, communication, sale, and promotion of our products and services.

The legal basis may also be the user's consent to the platform operator pursuant to Art. 6 (1) (a) GDPR. According to Art. 7 (3) GDPR, the user may revoke this consent at any time with effect for the future by notifying the platform operator.

When you visit our online presence on the Facebook platform, Facebook Ireland Ltd., as the operator of the platform in the EU, processes user data (e.g. personal information, IP address, etc.).

This user data is used to collect statistical information about the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes, as well as to create user profiles. Based on these profiles, Facebook Ireland Ltd. is able, for example, to advertise to users both within and outside of Facebook based on their interests. If the user is logged into their Facebook account at the time of the visit, Facebook Ireland Ltd. can also link the data to the respective user account.

If the user contacts us via Facebook, the personal data entered on this occasion will be used to process the request. The user's data will be deleted by us once the user's request has been conclusively answered and there are no statutory retention periods, such as those required for subsequent contract processing.

Facebook Ireland Ltd. may also set cookies to process the data.

If the user does not agree to this processing, they have the option of preventing the installation of cookies by selecting the appropriate settings in their browser. Cookies already stored can also be deleted at any time. The settings for this depend on the respective browser. Flash cookies cannot be prevented via the browser settings, but rather by selecting the appropriate settings in the Flash Player. If the user prevents or restricts the installation of cookies, this may result in not all Facebook functions being fully usable.

Further information on the processing activities, their prevention and the deletion of data processed by Facebook can be found in Facebook's data policy:

https://www.facebook.com/privacy/explanation

It cannot be ruled out that processing by Facebook Ireland Ltd. may also be carried out via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Instagram

To promote our products and services and to communicate with interested parties or customers, we maintain a company presence on the Instagram platform.

On this social media platform, we are jointly responsible with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Instagram’s data protection officer can be reached via a contact form:

https://www.facebook.com/help/contact/540977946302970

https://www.facebook.com/legal/terms/page_controller_addendum

When you visit our online presence on the Instagram platform, Facebook Ireland Ltd., as the operator of the platform in the EU, processes user data (e.g. personal information, IP address, etc.).

This user data is used to collect statistical information about the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes, as well as to create user profiles. Based on these profiles, Facebook Ireland Ltd. is able, for example, to advertise to users both within and outside of Instagram based on their interests. If the user is logged into their Instagram account at the time of the visit, Facebook Ireland Ltd. can also link the data to the respective user account.

If the user contacts us via Instagram, the personal data entered on this occasion will be used to process the request. The user's data will be deleted by us provided the user's request has been conclusively answered and there are no statutory retention periods, such as those required for subsequent contract processing.

Facebook Ireland Ltd. may also set cookies to process the data.

Further information on the processing activities, their prevention and the deletion of the data processed by Instagram can be found in Instagram's data policy:

https://help.instagram.com/519522125107875

It cannot be ruled out that processing by Facebook Ireland Ltd. may also be carried out via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Social media linking via graphic or text link

We also promote our presence on the social networks listed below on our website. Integration is achieved via a linked graphic of the respective network. Using this linked graphic prevents a connection to the respective social network's server from being automatically established when accessing a website that has a social media advertisement in order to display a graphic from the respective network itself. Only by clicking on the corresponding graphic will the user be redirected to the respective social network's service.

After the user is redirected, information about the user is collected by the respective network. It cannot be ruled out that the data collected in this way will be processed in the USA.

This initially includes data such as IP address, date, time, and page visited. If the user is logged into their user account on the respective network during this time, the network operator may be able to assign the collected information from the specific user visit to the user's personal account. If the user interacts via a "Share" button on the respective network, this information may be stored in the user's personal user account and possibly published. If the user wishes to prevent the collected information from being directly assigned to their user account, they must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social networks are integrated into our site via links:

Facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

Instagram

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

“Facebook” social plug-in

Our website uses plug-ins from the social network Facebook. Facebook is an internet service provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter referred to as "Facebook."

The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in improving the quality of our website.

Further information about the possible plug-ins and their respective functions can be found on Facebook at

https://developers.facebook.com/docs/plugins/

ready for you.

If the plug-in is stored on one of the pages of our website you visit, your internet browser will download a representation of the plug-in from Facebook's servers in the USA. For technical reasons, it is necessary for Facebook to process your IP address. In addition, the date and time of your visit to our website will also be recorded.

If you are logged in to Facebook while visiting one of our websites containing the plug-in, the information collected by the plug-in about your specific visit will be recognized by Facebook. Facebook may assign the information collected in this way to your personal user account there. For example, if you use the Facebook "Like" button, this information will be stored in your Facebook user account and possibly published via the Facebook platform. If you want to prevent this, you must either log out of Facebook before visiting our website or use an add-on for your internet browser to prevent the Facebook plug-in from being blocked.

Further information about the collection and use of data as well as your rights and protection options in this regard can be found on Facebook in the

https://www.facebook.com/policy.php

available data protection information.

Google Analytics

We use Google Analytics on our website. This is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google."

The Google Analytics service is used to analyze the usage behavior of our website. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our website.

Usage and user-related information, such as IP address, location, time, or frequency of visits to our website, is transmitted to a Google server in the USA and stored there. However, we use Google Analytics with the so-called anonymization function. This function shortens the IP address within the EU or EEA.

The data collected in this way is then used by Google to provide us with an evaluation of visits to our website and the user activities there. This data may also be used to provide other services related to the use of our website and the internet.

Google states that it will not associate your IP address with any other data. Furthermore, Google maintains

https://www.google.com/intl/de/policies/privacy/partners

We provide you with further information on data protection, including options for preventing the use of your data.

Google also offers

https://tools.google.com/dlpage/gaoptout?hl=de

a so-called deactivation add-on along with further information. This add-on can be installed with common internet browsers and offers you further control over the data that Google collects when you visit our website. The add-on tells the Google Analytics JavaScript (ga.js) that information about your visit to our website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analysis services. Whether and which other web analysis services we use can of course also be found in this privacy policy.

Google reCAPTCHA

We use Google reCAPTCHA on our website to verify and prevent interactions on our website through automated access, e.g., by so-called bots. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google."

This service allows Google to determine which website a request is sent from and the IP address from which you use the so-called reCAPTCHA input box. In addition to your IP address, Google may also collect other information necessary to provide and guarantee this service.

The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the security of our website and in preventing unwanted, automated access in the form of spam or similar.

Google offers

https://policies.google.com/privacy

further information on the general handling of your user data.

YouTube

We use YouTube on our website. This is a video portal provided by YouTube LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter referred to as "YouTube."

YouTube is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

We use YouTube in conjunction with the "Enhanced Privacy Mode" function to display videos to you. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in improving the quality of our website. According to YouTube, the "Enhanced Privacy Mode" function ensures that the data described in more detail below is only transmitted to the YouTube server when you actually start a video.

Without this “Extended Data Protection”, a connection to the YouTube server in the USA will be established as soon as you visit one of our websites on which a YouTube video is embedded.

This connection is necessary to display the respective video on our website via your internet browser. In the process, YouTube will collect and process at least your IP address, the date and time, and the website you visited. A connection to Google's "DoubleClick" advertising network will also be established.

If you are logged in to YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you want to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

For functionality and to analyze user behavior, YouTube permanently stores cookies on your device via your internet browser. If you do not agree to this processing, you have the option of preventing cookies from being stored by adjusting your internet browser settings. Further information on this can be found above under "Cookies."

Further information about the collection and use of data as well as your rights and protection options in this regard can be found on Google's

https://policies.google.com/privacy

available data protection information.

Google AdWords with conversion tracking

Our website uses Google AdWords, a service known as conversion tracking. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google."

We use conversion tracking to promote our services in a targeted manner. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our website.

If you click on an ad placed by Google, the conversion tracking we use will save a cookie on your device. These so-called conversion cookies expire after 30 days and are not used to personally identify you.

If the cookie is still valid and you visit a specific page of our website, both we and Google can evaluate that you have clicked on one of our ads placed on Google and that you were then redirected to our website.

Using the information collected in this way, Google compiles statistics about visits to our website. This also provides us with information about the number of users who clicked on our ad(s) and the pages of our website subsequently accessed. However, neither we nor third parties who also use Google AdWords are able to identify you in this way.

You can also prevent or restrict the installation of cookies by adjusting the settings in your browser accordingly. You can also delete cookies that have already been saved at any time. However, the steps and actions required to do so depend on the specific browser you use. If you have any questions, please use the help function or documentation provided with your browser, or contact the manufacturer or support team.

Furthermore, Google also offers

https://services.google.com/sitestats/de.html

https://www.google.com/policies/technologies/ads/

http://www.google.de/policies/privacy/

further information on this topic and in particular on the options for preventing data usage.

Google AdSense

We use Google AdSense to integrate advertisements on our website. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google."

Google AdSense stores cookies and web beacons on your device via your internet browser. This allows Google to analyze your use of our website. The information collected in this way, along with your IP address and the advertising formats displayed to you, is transmitted to Google in the USA and stored there. Google may also share this information with contractual partners. However, Google states that your IP address will not be merged with other data about you.

The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our website.

If you do not agree to this processing, you have the option of preventing the installation of cookies by selecting the appropriate settings in your Internet browser. Details can be found above under the "Cookies" section.

Google also offers

https://policies.google.com/privacy

https://adssettings.google.com/authenticated

further information, in particular on the options for preventing data usage.

Shopify (shop software + web analytics)

a) Shopify store software

We use “Shopify” to host our shop system, to display our offers and to process contracts.

The legal basis is Art. 6 (1) (b) GDPR (contract initiation/contract execution).

“Shopify” is the service of a group of companies consisting of Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., Shopify (USA) Inc., Shopify Commerce Singapore Pte. Ltd., and Shopify International Limited.

If we are located in the European Economic Area (EEA), processing is carried out by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, hereinafter referred to as “Shopify”.

However, due to the corporate structure, it cannot be ruled out that processing may also take place in Canada and the USA, i.e., outside the EEA. However, an appropriate level of data protection is guaranteed when data is transferred to the Canadian Shopify Inc. by the European Commission's adequacy decision.

Shopify processes the following data on our behalf:

Name, billing and, if applicable, delivery address, email address, payment details, company name (if applicable), telephone number (if applicable), IP address, information about orders, information about the Shopify-supported merchant stores you visit, and information about your device and internet browser.

Shopify also offers

https://www.shopify.de/legal/datenschutz

further data protection information.

b) Shopify web analytics

If we also use Shopify's web analytics service on our website, Shopify stores cookies on your device via your internet browser. These cookies transmit additional information, such as the location, time, or frequency of your visits to our website, to a Shopify server for analysis.

The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the analysis and optimization of our website.

If you do not agree to this processing, you have the option of preventing the storage of cookies by selecting the appropriate settings in your browser. Further information can be found above under "Cookies."

Klarna “CHECK-OUT”

To process payments for orders placed via our online shop, we use the payment service of Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden, hereinafter referred to as “Klarna”.

For this purpose, we have integrated Klarna's checkout into the final order page of our online shop.

The legal basis is the fulfillment of the contract pursuant to Art. 6 (1) (b) GDPR. Furthermore, we have a legitimate interest in offering effective and secure payment options, so a further legal basis is Art. 6 (1) (f) GDPR.

By integrating Klarna, your internet browser loads the checkout page from a Klarna server. This alone transmits the operating system you use, the type and version of your internet browser, the website from which the checkout was requested, the date and time of the visit, and your IP address to Klarna – even without you interacting with the checkout page.

As soon as you complete your order in our online shop, the data you enter in the input fields on the checkout page will be processed by Klarna at its own responsibility to process the payment.

For the payment methods offered, “PayPal” and “Prepayment”, processing without your further consent is limited to the transfer of payment data to us or PayPal.

For the payment methods offered, “purchase on account”, “installment purchase”, “credit card”, “direct debit” or “instant transfer”, the following personal data in particular will be processed by Klarna for the purpose of payment processing as well as identity and credit checks:

- Contact information such as name, address, date of birth, gender, email address, telephone number, mobile phone number, IP address, etc.

- Information for processing the order, such as product type, product number, price, etc.

- Payment information, such as debit and credit card details (card number, expiration date and CCV code), billing details, account number, etc.

If you choose the payment method "purchase on account" or "installment purchase," Klarna collects and uses personal data and information about your previous payment behavior to decide whether to grant you the desired payment method. Furthermore, probability values for your future payment behavior (so-called scoring) are used. The scoring is calculated based on scientifically recognized mathematical and statistical methods.

Klarna provides

https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf

Further information on the processing described above as well as the applicable data protection regulations are available.

Sample privacy policy the Law firm Weiß & Partner