Privacy Policy


This data privacy statement intends to inform the users of this website about the type, scope and purpose of the collection and use of personal data by the website operator German Culture Box GmbH.

The website operator takes your data privacy very seriously and treats your personal data confidentially and in accordance with legal regulations. As new technologies and the constant further development of this website can make changes to this data privacy statement, we recommend that you read the data protection declaration again at regular intervals.

Definitions of the terms used (e.g. “personal data” or “processing”) can be found in Art. 4 GDPR.

Access data

We, the website operator or shop operator, collect data about access to the website based on our legitimate interest (see Art. 6 Para. 1 lit. f. GDPR) and save it as "server log files" on the website server. The following data is logged:

  • Called host name
  • Visited website
  • Date and time at the point of access
  • Amount of data sent in bytes
  • Source / reference from which you came to the page
  • Browser used
  • Operating system used
  • IP address used
  • Protocols used
  • Status code

The IP addresses are stored anonymously. For this, the last three digits are removed, i.e. becomes 127.0.0. *. IPv6 addresses are also anonymized.

The server log files are stored for a maximum of 60 days and will be then deleted. The data is stored for security reasons, e.g. Abuse cases. If data have to be saved for reasons of evidence, they are excluded from deletion until the incident has been finally clarified.

Cookies (session, SLT, CSRF)

This website uses cookies to ensure the basic functions of the shop. Cookies are small files that are stored on your device. Cookies enable, for example, the contents of the shopping cart, the login status and also CSRF protection.

Common browsers offer the setting option of not allowing cookies. Note: There is no guarantee that you will be able to access all functions of this website without restrictions if you make the appropriate settings.

Collection and processing of personal data

The website operator only collects, uses and passes on your personal data if this is permitted by law or if you consent to the data collection. Personal information is all information that serves to identify you and which can be traced back to you - for example, your name, email address and telephone number.

You can also visit this website without providing any personal information. However, in order to improve our online offer, we store your access data to this website (without personal reference). These access data include e.g. the file you requested or the name of your Internet provider. By anonymizing the data, conclusions about your person are not possible.

We process personal data only with the express permission of the users concerned and in compliance with the applicable data protection regulations.

The processing of personal data is based on our legitimate interest in fulfilling our contractually agreed services.

User account

To be able to place orders via this website, each customer must set up a password-protected customer account. This includes an overview of orders placed and active order processes. If you leave the online shop as a customer, you will be logged out automatically.

The operator assumes no liability for password misuse, unless this was caused by the operator himself.

Ordering process

All data entered by customers during order processing is saved. This includes:

  • Salutation
  • Name, first Name
  • Address
  • Payment data
  • E-mail address

The data that are absolutely necessary for delivery or order processing are passed on to third-party service providers. As soon as the storage of your data is no longer necessary or required by law, it will be deleted.

Dealing with contact details

If you contact us as the website operator through the contact options offered, your details will be saved so that they can be used to process and answer your request. This data will not be passed on to third parties without your consent.

Google reCAPTCHA

We use Google reCAPTCHA (hereinafter referred to as reCAPTCHA) to protect against attacks or improper use of the website. reCAPTCHA analyzes the behavior of a website visitor, e.g. based on mouse movement, duration of stay or inputs. To evaluate the behavior, this information is forwarded to Google in order to distinguish human users from bots (automated programs). Further information on how reCAPTCHA works can be found at:

reCAPTCHA is only used where necessary on the website (registration, login, password recovery, contact). You can find the data protection declaration of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland at:

Disclosure of personal data

Only data that are absolutely necessary for delivery or order processing are passed on.


Access to personal data by Mittwald CM Service GmbH & Co. KG cannot be ruled out for hosting purposes. Therefore, we have concluded a contract for order processing in accordance with Art. 28 GDPR with Mittwald CM Service GmbH & Co. KG, so that your data are processed only in the course of hosting server systems and are not passed on. The data protection declaration of Mittwald CM Service GmbH & Co. KG can be found at:


As a payment service provider, we use PayPal. When the order process is completed, data from the shop (the delivery address, the order amount and the shopping cart) are transferred to PayPal. PayPal's privacy policy can be found at:


For delivery of our products, we pass on the surname, first name and delivery address to our respective shipping service provider.

Rights of the user

As a user, you have the right to receive free information about the personal data which has been stored about you. You also have the right to correct incorrect data and to restrict the processing or deletion of your personal data. If applicable, you can also exercise your right to data portability. If you assume that your data has been processed unlawfully, you can lodge a complaint with the responsible supervisory authority.

Deletion of data

If your request does not conflict with a legal obligation to store data (e.g. data retention), you have the right to have your data deleted. Data stored by us will be deleted if they are no longer required for their intended purpose and there are no statutory retention periods. If deletion cannot be carried out because the data is required for permitted legal purposes, data processing is restricted. In this case, the data will be blocked and not processed for other purposes.

Right to object

Users of this website can exercise their right to object and object to the processing of their personal data at any time.

If you want a correction, blocking, deletion or information about the personal data stored about you, or if you have any questions regarding the collection, processing or use of your personal data or if you want to revoke your consent, please contact the following e-mail address :