Privacy policy

This privacy notice describes the processing of personal data in connection with the use of the website www.outsmartsupplies.com. It also contains information about your rights and how you can contact us.

 

 

1. Who is responsible for processing personal data?

The party responsible for this website and the associated processing of personal data is:

GbR with Mike Antoni, Moritz Eberhard
Leharstraße 3
74747 Ravenstein, Germany
Email: info@outsmartsupplies.com

If you have any questions regarding the processing of your personal data in connection with this website or regarding data protection in general, please contact: support@outsmartsupplies.com

 

 

2. Collection and Storage of Personal Data, Type and Purpose of Their Use

a) When Visiting the Website

You can generally use our website without disclosing your identity. When you access our website, your browser automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

  • IP address of the requesting device

  • Date and time of access

  • Name and URL of the retrieved file

  • Website from which access was made (referrer URL)

  • Browser used and, if applicable, the operating system of your device as well as the name of your access provider

We process the above data for the following purposes:

  • Ensuring a smooth connection setup of the website

  • Ensuring comfortable use of our website

  • Evaluation of system security and stability

  • Other administrative purposes

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest arises from the purposes listed above for data collection. Under no circumstances do we use the collected data to draw conclusions about your person.

In addition, we use cookies and analysis services when you visit our website. Further details can be found in Sections 5 and 7 of this privacy policy.

b) When Using Our Contact Form

If you have any questions, we offer you the opportunity to contact us via a form provided on our website. A valid email address is required so that we know who the request came from and to answer it. Additional information can be provided voluntarily. Whether you enter this data in the contact form is entirely your choice.

Data processing for the purpose of contacting us is based on your voluntarily granted consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.

The personal data collected by us for the use of the contact form will be automatically deleted after your request has been processed.

c) When Placing Orders via Our Website

You can place orders via our website either as a guest without registering or by registering as a customer for future orders. Registering provides you with the benefit of logging into our shop with your email address and password for future orders without having to re-enter your contact details. Your personal data will be entered into an input form and transmitted to us and stored. When placing an order via our website, whether as a guest or a registered customer, we collect the following data:

  • Title, first name, last name

  • A valid email address

  • Address

  • Telephone number (landline and/or mobile)

We collect this data for the following purposes:

  • To identify you as our customer

  • To process, fulfill, and manage your order

  • For correspondence with you

  • For invoicing

  • To handle potential liability claims and to assert any claims against you

  • To ensure technical administration of our website

  • To manage our customer data

During the ordering process, your consent to process this data will be obtained.

Data processing is based on your order and/or registration and is required under Art. 6 Para. 1 S. 1 lit. b GDPR for the stated purposes to properly process your order and for the mutual fulfillment of obligations arising from the purchase contract.

Personal data collected for the processing of your order will be stored until the expiration of the statutory retention period and then deleted, unless we are required under Article 6 Para. 1 S. 1 lit. c GDPR due to tax and commercial law retention and documentation obligations (from HGB, StGB, or AO) to store it for a longer period, or you have consented to further storage according to Art. 6 Para. 1 S. 1 lit. a GDPR.

 

 

3. Data Sharing

Your personal data will only be shared with third parties involved in the execution of the contract, such as the logistics company responsible for delivery and the credit institution handling payment transactions. In cases where your personal data is shared with third parties, the extent of the transmitted data is limited to the necessary minimum.

If you choose to pay via PayPal, credit card via PayPal, direct debit via PayPal, or "purchase on account" via PayPal, your payment data will be transferred to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"), as part of the payment process. PayPal reserves the right to perform a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or "purchase on account" via PayPal. The result of the credit check regarding the statistical probability of payment default is used by PayPal to decide on the provision of the respective payment method. The credit report may include score values (so-called score values). If score values are included in the credit check result, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values. Further information regarding data protection at PayPal can be found in PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Your personal data will not be disclosed to third parties for purposes other than those mentioned above.

We will only share your personal data with third parties if:

  • You have given your express consent pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR,

  • The disclosure is necessary to assert, exercise, or defend legal claims pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,

  • There is a legal obligation for disclosure pursuant to Art. 6 Para. 1 S. 1 lit. c GDPR, or

  • It is legally permissible and necessary for the performance of contractual relationships with you pursuant to Art. 6 Para. 1 S. 1 lit. b GDPR.

During the ordering process, your consent to share your data with third parties will be obtained.

 

 

4. Use of Cookies

We use cookies on our website. These are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device, nor do they contain viruses, trojans, or other malware. Information is stored in the cookie that results from the specific device you are using. However, this does not mean that we immediately gain knowledge of your identity.

The use of cookies serves, on the one hand, to make the use of our offering more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we use temporary cookies to optimize user-friendliness. These are stored on your device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you made, so you do not have to enter them again.

Furthermore, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see Section 7). These cookies allow us to automatically recognize that you have already visited us when you return to our site. These cookies are automatically deleted after a defined period.

The data processed by cookies is necessary for the purposes mentioned to protect our legitimate interests as well as those of third parties pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a warning always appears before a new cookie is created. The complete deactivation of cookies may mean that you cannot use all the functions of our website.

 

 

5. Links to Third-Party Websites

The links published on our website are researched and compiled with the greatest possible care. However, we have no influence on the current or future design and content of the linked pages. We are not responsible for the content of linked pages and do not adopt the content of these pages as our own. Responsibility for illegal, incorrect, or incomplete content and for damages resulting from the use or non-use of such information rests solely with the provider of the website to which reference was made. Liability for those who merely refer to the publication via a link is excluded. We are only responsible for third-party references if we have positive knowledge of them, including any illegal or criminal content, and if it is technically possible and reasonable for us to prevent their use.

 

 

6. Data Subject Rights

You have the right to:

  • Request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been disclosed or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, where applicable, meaningful information about its details.

  • Request the immediate correction of incorrect or completion of your personal data stored by us in accordance with Art. 16 GDPR.

  • Request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is required for exercising the right of freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

  • Request the restriction of processing of your personal data in accordance with Art. 18 GDPR if you contest the accuracy of the data, the processing is unlawful but you oppose deletion, we no longer need the data but you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing in accordance with Art. 21 GDPR.

  • Receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or request the transmission to another controller in accordance with Art. 20 GDPR.

  • Withdraw your consent at any time in accordance with Art. 7 Para. 3 GDPR. This means that we may no longer continue data processing based on this consent in the future.

  • Lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. In general, you can contact the supervisory authority of your usual place of residence, place of work, or our company headquarters.

 

 

7. Right to Object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without the need to specify a particular situation.

If you wish to exercise your right of withdrawal or objection, simply send an email to: support@outsmartsupplies.com

 

 

8. Data Security

We use the widespread SSL (Secure Socket Layer) method in combination with the highest level of encryption supported by your browser during your website visit. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognize whether an individual page of our website is transmitted in encrypted form by the closed key or lock symbol displayed in the lower status bar of your browser.

We also implement appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

 

 

9. Updates to This Privacy Policy

This privacy policy is currently valid and has the status of July 2025.

Due to the further development of our website and offers, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version of the privacy policy can be accessed and printed at any time on our website at the following link:
https://outsmartsupplies.com/policies/privacy-policy

 

 

10. Shopify

Our online shop uses the Shopify platform. This is provided by Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. We have concluded a data processing agreement with Shopify in accordance with Art. 28 GDPR, which governs the processing of your personal data by Shopify.

All data collected on our website is processed on Shopify’s servers. In the course of providing its services, Shopify may also process data on behalf of us via Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. In case of data transfers to Shopify Inc. in Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

If Shopify processes your data on servers in the USA, Shopify has committed, within the framework of the data processing agreement, to do so in compliance with legal requirements. Shopify may use additional subprocessors to process your personal data and relies, among others, on Google Analytics and Cloudflare. The legal basis for transferring your personal data to Shopify servers in the USA is Art. 49 (1) lit. b GDPR, as it is necessary for contract performance or pre-contractual measures in our online shop. According to the European Commission, there is no adequate level of data protection in the USA, particularly due to the risk of access by US security authorities without effective legal remedies available to EU citizens.

Further information about Shopify’s data protection practices can be found at:
https://www.shopify.com/legal/privacy

The use of Shopify is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website.

(2.1) We may also process the data you provide to inform you about similar products or to send you transactional emails.

(2.2) We are legally obliged under commercial and tax laws to store your address, payment, and order data for a period of ten years.

(2.3) In addition to the aforementioned data, Shopify processes the following data on our behalf:

  • IP address

  • Information in reports and statistics generated from cookies set by Shopify, such as the website that referred you to our shop, how often you visit our website, information about your device or browser, and products stored in your shopping cart. Further details about cookies used by Shopify can be found in the section “Use of Cookies” above.

  • Information about triggered orders

  • If you contact Shopify’s telephone support, Shopify processes your telephone number, audio content, and information you provide during the call, as well as, if applicable, identity verification details.

  • If you use Shopify’s online chat for support requests, Shopify processes the information you provide, such as your name, email address, chat logs, and any details provided during the chat, along with the aforementioned technical information.

(2.4) The legal basis for this data processing is Art. 6 Para. 1 lit. b GDPR, where the processing is necessary for providing online shop functions such as shopping cart, checkout, navigation, and fulfilling your orders or responding to inquiries about your orders.

(2.5) In all other cases, processing is based on our legitimate interest in the secure and trouble-free provision of our online shop and thus on Art. 6 Para. 1 lit. f GDPR.

(2.6) As described in the section on cookies, certain cookies are set by Shopify to enable Shopify to improve the platform and us to further develop and adjust our product offering and online shop. Based on this cookie information, Shopify generates reports and analyses about shop usage. Depending on whether you have granted consent via the consent banner, these cookies are deleted when you close your browser window or stored until the specified retention period expires. This affects the level of detail in reporting and analysis. The legal basis is our legitimate interest or Shopify’s legitimate interest in these purposes and thus Art. 6 Para. 1 lit. f GDPR, or your consent, where applicable, and thus Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time via the link in the footer of the website.

(2.7) The use of cookies necessary for the functionality of our online shop is based on § 25 Para. 2 No. 2 TTDSG. Other cookies are only stored after your consent. The legal basis in this case is § 25 Para. 1 TTDSG in conjunction with Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time via the link in the footer of the website.

(2.8) If Shopify processes your data for its own services that establish a direct customer relationship between you and Shopify, Shopify acts under its own responsibility. Information about such processing can be found in Shopify’s privacy notice:
https://www.shopify.com/legal/privacy

(2.9) To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process is encrypted using TLS technology.