• Free shipping from £99
  • 24,000 products in stock
  • 30 days return policy

Safety and Privacy

Privacy and security are especially important to Connox. Through constant optimisation of all technical security fundamentals, Connox is continuously improving the protection of your data.

If you voluntarily provide us with personal data, e.g. via our contact form, by e-mail or as part of the use of our online shop, the processing is carried out in accordance with the requirements of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

Name and contact details of the authority designated as responsible for the processing of that data:
Connox GmbH
Aegidientorplatz 2a
30159 Hanover Germany
Email: support@connox.com
Tel. +44 20 388 000 27‬
Available Mon-Fri 8.30am-16pm, Berlin Time

Data Protection Officer
Mister Thomas Becker, Email: datenschutz@connox.de

Transfer of data
Your data is in good hands. We promise you that: We will not sell your personal data to third parties, nor lease it to other companies for advertising purposes.

We only share your personal information with third parties if:

  • you have given us explicit consent to do so in accordance with Art. 6 para. 1 lit. a GDPR
  • to the extent permitted by law and in accordance with Art. 6 para. 1 lit. b GDPR necessary for the settlement of contractual relationships with you, your personal data will be passed on to third parties. This includes credit institutions, postal and courier services and logistics companies.
  • External service companies process data on our behalf as a processor. Your data is subject to the same privacy standards as ours. The recipient of the data may only use the data for the purposes for which the data was transmitted to them. The external service providers include data centres and companies that support us in the maintenance of computer equipment and IT applications.
  • in the event that disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR there is a legal obligation.
  • disclosure pursuant to Art. 6 para. 1 lit. f GDPR is required to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest in not disclosing your data.

For the purpose of processing your request and your orders, it may be necessary to pass your personal data to affiliated companies within the Connox group of companies.

The affiliated companies of the Connox group of companies and third parties to whom we pass on your personal data, may only use this data for the above-mentioned purposes.
Furthermore, they are obligated to process the data only according to our specifications as well as the
relevant data protection laws.

Service providers acting on our behalf have been carefully selected and commissioned by us and are bound by our instructions. Furthermore, we are contractually entitled to contractual and legal regulations by the service providers control. The external service providers can be assigned to the following categories:

  • Service providers for the hosting, maintenance and upkeep of our website,
  • Service providers in the area of customer service
  • "Dropshippers", i.e. manufacturers who ship the goods directly to you,
  • banks and other providers of payment services, also for the processing of
  • payments,
  • Shipping providers for email newsletters and shipping providers for catalogs,
  • Fraud prevention service providers who detect or prevent abuse on our site,
  • Service providers from the field of marketing and web analysis,
  • Service providers for customer inquiries,
  • Service providers for the display of forms on the website.

If we transfer personal data to recipients in so-called "third countries", i.e. countries outside the European Union ("EU") or the European Economic Area ("EEA"), in which a level of data protection comparable to that in the EU cannot be assumed without further ado and we are not authorized to transfer on the basis of a legal obligation, we ensure that the required adequate level of data protection is guaranteed in the respective third country or at the recipient in the third country. This may result in particular from a so-called "adequacy decision" of the European Commission, which establishes an adequate level of data protection for a specific third country as a whole. Alternatively, we can also base the data transfer on the so-called "EU standard contractual clauses" agreed with a recipient or binding internal data protection regulations (so-called Binding Corporate Rules). You can read the contractual texts of the EU standard contractual clauses at the European Commission. This also applies to adequacy decisions. We will be happy to provide you with further information on the appropriate and adequate safeguards for compliance with an adequate level of data protection upon request.
As part of the financing of our business, we sometimes assign receivables from the purchase contracts with you - our customers - to third parties. In the context of such an assignment, the personal data required for the identification of the relevant claim will be passed on. The legal basis for the data transfer in this case is Art. 6 (1) lit. f DSGVO. The assignees process the transferred data on their own responsibility under the applicable data protection provisions. For you as a customer, this does not change anything in the processing of your contract with us. Connox remains your direct contact and is entitled to receive your purchase price payments.

For further details on the transfer of personal data, please refer to the explanations below.

SSL Encryption
Personal data on this website are transmitted only in an encrypted form, using the TLS encryption method (Transport Layer Security, also known as SSL, Secure Sockets Layer). The TLS v1.2 method used is at this time one of the safest ways to encrypt data. Connox.de uses a 256-bit encryption pursuant to AES (Advanced Encryption Standard) and thus meets the highest security standards. The issuer of the SSL certificate is digicert, and the method used for the key exchange is DHE_RSA (2048 Bit).

Through the application of the SSL encryption, your data will be mutated so that a third party could not reconstruct it before it is transmitted to the Connox-server. This encryption procedure also ensures that your data will be sent exclusively to the server from which it was requested. Once the data is received by the Connox server, it is verified in regards to completeness and immutability.

If you use the Internet Explorer as your browser, you can identify the encrypted data transmission by the yellow lock icon in the address bar of your browser.

Personal data
Pursuant to Art. 4 No. 1 GDPR, personal data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Personal data is therefore any data that is personally available to you, e.g.:

  • your name, address, e-mail address, gender, telephone number, encrypted password to the customer account and, if applicable, your date of birth,
  • your order data, the products you have purchased, the services you have used, payment information, your preferences regarding product types,
  • your data, which is generated during the use of our online offer,
  • data that we receive in certain cases from our service providers (e.g. from credit agencies or payment service providers).

Collection and storage of personal data and the nature and purpose of its use

We process personal data when you visit our website, when you create a customer account and when you place an order with us. We also process your personal data for contacting you, as well as for advertising purposes. In connection with the above purposes, we provide you with content, analyze the use of our platform and implement necessary security measures.
If you are asked by us to enter certain personal data, you can of course refuse to do so. You have the choice as to which information you give us. However, we may then not be able to offer you certain products and services. For example, no furniture delivery can be made without the provision of a delivery address. If certain information is required (mandatory information), we will inform you of this by marking it accordingly.

When visiting the website
When you visit our website, the browser on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer (shortened in the logfile),
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • the browser used and, if applicable, the operating system of your computer and the name of your access provider
  • Online identifiers (e.g., device identifiers, session-IDs).

The mentioned data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • Ensuring comfortable use of our website,
  • evaluation of system security and stability as well as
  • for other administrative purposes. Connox uses the IP address to protect the customer and to prevent misuse of the website or to detect misuse. We point out that the IP address is only used in a shortened version and further processed in order to exclude a direct reference to a person.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.

We use Google Consent Mode ("GCM") to manage customer-facing ordering and optimize customer-facing marketing. GCM is a tool that facilitates the control of Google tags taking into account the consent or refusal of advertising cookies of the website visitor. By agreeing to this Privacy Policy, permission is granted only to apply GCM by visiting our website.

In addition, we use cookies when you visit our website. You will find more detailed explanations under the data protection declaration below.

Customer registration
Here, Connox processes and uses the data, which has been voluntarily entered into input forms and transmitted to Connox. These are, e.g. the name, address and other contact details such as telephone number and e-mail address, a user name and password (Art. 6 (1) (1) (b) GDPR for the execution of contractual relationships). You can also order as a guest user and your data will then be used and processed for the implementation of the contractual relationship and to process the order.

Orders in the online shop
We collect personal data when you voluntarily provide it to us for the purpose of carrying out a contract or opening a customer account. This can include, e.g. name, addres, e-mail address and payment data. This data is used and stored by us for the execution of the contract and the delivery of your order (Art. 6 (1) (1) (b) GDPR for the execution of contractual relationships).

Processing of orders
In order for us to be able to process and deliver your online shop orders, we pass on the necessary data to the logistics company responsible for the delivery, e.g. name and delivery address (Art. 6 (1) (1) (b) GDPR for the execution of contractual relationships). In addition, your e-mail address can be forwarded to the supplier. You will then receive an e-mail to use the tracking service and to know when your package will arrive. The data transmitted in this way may only be used by the recipient for the purpose of performing his task. Any other use of the information is not permitted.

Newsletter registration and shipping
If, pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, you have given your explicit consent and have registered to our newsletter (double opt-in procedure), we use your e-mail address and any other personal data you have provided to send you regular newsletters. For the receipt of the newsletter the indication of an e-mail address is sufficient. You can resign from receiving these newsletters from us at any time e.g. via a link at the end of each newsletter. You can also send us an e-mail to unsubscribe at any time. The data is then deleted and no longer used for the newsletter distribution.

Advertising by mail
On the basis of our legitimate interest in personalized direct advertising, we reserve the right to store your personal data, in particular your first and last names and your postal address in accordance with Art. 6 Para. 1 lit. f DSGVO and to use it to send you offers and information about our products and offers by letter post. The advertising mailings are provided within the scope of processing on our behalf, among others by optilyz GmbH, Neue Schönhauser Str. 19, 10178 Berlin, to whom we pass on your data for this purpose. You can object to the storage and use of your data for this purpose at any time by sending us a message to this effect.

Use of our contact form, contact by e-mail
For questions of any kind, we offer you the opportunity to contact us via a form provided on the website or to send us an e-mail. It is necessary to provide a name and a valid e-mail address in the contact form so that we know who the request came from and where to send the reply. Further information can be made voluntarily in the contact form. The legal basis for processing data is our legitimate interest in responding to your request and establishing contact in accordance with Art. 6 (1) point f GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, provided that there are no legal storage obligations to the contrary. If your contact is aimed at the conclusion of a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR (processing of contractual relationships).

Commentary function / customer reviews
Within the scope of the commentary function on this website, in addition to your comment, information on the time of writing the comment and the name of the commentator you have chosen are stored and published on the website. Furthermore, your IP address is logged and stored. This IP address is stored for security reasons, in case the person concerned violates the rights of third parties or posts illegal content by submitting a comment. We need your e-mail address to contact you if a third party should object to your published content as unlawful. The legal basis for the storage of your data is Art. 6 (1) point b and f GDPR. We reserve the right to delete comments if they are objected to as unlawful by third parties.

Each consumer review is checked for authenticity before it is published, ensuring that reviews only come from consumers who have actually purchased the products being reviewed.
Verification is carried out by making the submission of a review dependent on a previous purchase. The reviews are manually checked for text passages that do not comply with the law and approved before publication.

Credit check and scoring
We reserve the right to conduct a credit check based on mathematical-statistical procedures in order to safeguard our legitimate interests, even with existing customers. The personal data required for a credit check is submitted in accordance with Art. 6 para. 1 lit. f GDPR to the following service providers:

Creditreform Boniversum GmbH, Hellersbergstraße 11, D-41460 Neuss

For customer from Austria: CRIF GmbH Diefenbachgasse 35, A-1150 Vienna, Austria

For customers from Switzerland: CRIF AG Hagenholzstrasse 81, 8050 Zürich, Switzerland

The credit check may contain probability values (known as score values). As far as score values are included in the result of the creditworthiness examination, these are based upon a scientifically recognised mathematical statistical procedure, which takes into account, among other factors, the address data. The results of the credit check relating to the statistical probability of payment default is used for the purpose of deciding on the establishment, execution, or termination of a contractual relationship.

The information according to Article 14 of the EU General Data Protection Regulation on data processing at Creditreform Boniversum GmbH can be found here: www.boniversum.de/EU-GDPR

Payment Services

Payment via PayPal
For payment via the payment service provider PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" via PayPal, we will transfer your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"), in accordance with Article 6 (1) (1) (b) GDPR for the execution of contractual relationships. PayPal reserves the right to undertake a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account". The result of the credit check on the statistical probability of default is used by PayPal to confirm creditworthiness, willingness and ability of the customers to pay. The credit information can contain probability values (so-called score values). Insofar as score values are included in the results of the credit rating, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of score values includes, among other things, address data. For further information in regards to data protection and credit checks by PayPal, please refer to the PayPal privacy policy:

When paying via the online payment service provider Sofortüberweisung, your contact details will be sent to Sofortüberweisung within the scope of the order that has been placed. Sofortüberweisung is offered by SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany. The personal data transferred to Sofortüberweisung is usually a first name, last name, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data related to the order (Art. 6 (1) (1) (b) GDPR for the execution of contractual relationships). Under certain circumstances, the personal data transmitted to Sofortüberweisung will be transferred by instant transfer to credit reference agencies. This transfer is used to verify the identity and credit rating of the order you have placed. You can find out which data protection principles are based on the immediate processing of your data when processing your data, as shown in the data protection guidelines that are displayed during the payment process of Sofortüberweisung.


Connox uses so-called cookies on some internet sites in order to enable web-based applications to manage the status of an online visit and to provide smooth navigation between the separate services and contents on the website as well as to provide the internet user with permanent settings on the Connox website.

A cookie is a small file that is transferred by Connox onto the user’s computer when he or she visits the Connox website. A cookie only contains information that Connox itself transmits to the user’s computer – private files cannot be read by a cookie.
When cookies are accepted by the user, Connox does not have access to his or her personal information. Connox may however identify the user’s computer through the use of the cookies. Connox uses cookies so that the user can fill and manage the shopping cart during a session, and that Connox’s website can be tailored even more towards the desires of the customer.

Necessary cookies
Necessary cookies are those cookies that ensure the functions of our website. Without the absolutely necessary cookies, the website cannot be used as intended. They are needed, for example, to offer you the shopping cart function across multiple pages or to ensure that a logged-in user remains logged in when accessing different sub-pages of a website and does not have to enter the login data again and again when calling up a new page. Necessary cookies are only cookies from Connox, all information stored in the cookies goes only to Connox and is not sent to third parties.

The legal basis for the use of necessary cookies on our website is Art. 6 para. 1 lit f) DSGVO (legitimate interest, here in the technically flawless provision of our website and the services offered via it). The use of necessary cookies is possible and permissible without your prior consent. You can deactivate necessary cookies altogether via the browser settings (see above under 3.), but this may lead to functional restrictions in connection with the use of our website.

In addition, the provisions under the "Act on Data Protection and Privacy in Telecommunications and Telemedia" (TTDSG) apply.

Marketing Cookies
Marketing cookies collect information about how our website is used in order to improve its attractiveness, content and functionality. These cookies help us determine whether, which, how often and for how long subpages of our website are visited and which content users are particularly interested in. Furthermore, we record movements, "clicks" and scrolling with the computer mouse to understand which areas of our website users are particularly interested in. These cookies do not store any information that allows the identification of the user. The information collected is aggregated and does not allow us to draw any direct conclusions about you. They are used solely to compile statistics in order to tailor the content of our website more specifically to the needs of our users, to improve the user experience and to optimize our offering.
Marketing cookies are also used to collect information about the websites visited by the user in order to create targeted advertisements for the user and to play out advertisements based on the user's interests. They are also used to limit the appearance of an ad and to measure the effectiveness of advertising campaigns.
These cookies can send information to Connox or to another website to which the cookie belongs (third party cookie).
The legal basis for the use of marketing cookies is Art. 6 (1) a) DSGVO in conjunction with your consent.

Connox uses „session-based“ cookies that are not stored permanently on the visitor’s computer. These temporary cookies will be deleted after leaving the website. Using the gathered information, Connox is able to analyse usage patterns and structures of the website. This enables further continuous optimisation of the website by improving the content and the usage.

Connox also uses “persistent“ cookies. These cookies remain on the customer’s computer,simplifying shopping and registration services during their next visit. For example, the cookies are able to remember which articles the customer has chosen for purchase while he or she continues to shop. Furthermore, the customer only has to enter passwords once on sites that require registration.

Permanent cookies can be removed manually by the user. The permanent cookies used by Connox will be stored for up to 1000 days on your hard disk. Afterwards, they are automatically deleted. Most of the standard browsers accept cookies by default. Temporary or stored cookies can be enabled or disabled independently in the browser’s security settings. If cookies are disabled, certain features on Connox webpages may not be available and some websites may not be displayed correctly.

In order to use the Connox shopping cart and the checkout, session-related cookies have to be allowed! If the customer generally does not wish to, or cannot, allow cookies it is also possible to order at Connox by email, phone or fax.

Connox works with some partner companies in order to increase the value of the internet assortment and of the websites for the user. Therefore, cookies from partner companies are also stored on your website when you visit Connox websites. These cookies are “persistent” cookies. These cookies remain on the computer of the user and are automatically deleted after the specified lifetime. The lifetimes may be up to 22 years in some cases. Our partner companies do not have any access to your personal information and personal data. The pseudonymous data is never merged with your personal data. The pseudonymous data includes data about the products that were searched for or which ones were viewed and bought by the user. This information is only used to enable our partner companies to, for example, show advertising that might actually interest the user or to prevent a user seeing the same advertisements over and over.

The data processed by cookies are for the purpose of safeguarding our legitimate interests as well as the interests of third parties according to Art. 6. para. 1 sentence 1 lit. f GDRP or according to Art 6. para. 1 lit b GDRP. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message appears before a new cookie is created. Disabling cookies may result in not being able to use all of the features on our website.

Use of social media, online marketing, web analytics and tracking services as well as tools of other service providers

The technologies and measures used by Connox are in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR based on our legitimate interests. With the measures and the associated statistical recording and evaluation of the use of our website, we want to ensure a needs-based design and continuous optimisation of our website and optimal marketing of our website and reach. The described data processing operations can acc. Art. 6 (1) lit. F. GDPR also exist on the basis of the legitimate interests of the individual providers (e.g. in the display of personalised advertising or to inform other users of social networks about your activities on our website).

Criteo retargeting
This website uses technology provided by Criteo (Criteo SA, Rue Blanche, 75009 Paris, France (http://www.criteo.com)). With the help of this technology, information about the surfing behaviour of our website visitors is collected in an anonymous form and cookies are set for marketing purposes. Criteo can then analyse the browsing behaviour and display targeted recommendations in form of a banner when user visit other websites. In no case can the anonymous data be used to personally identify the visitor of the website. In particular, Criteo does not use full IP addresses. You can prevent the storage and use of information by the Criteo service by using the following link (http://www.criteo.com/privacy/) and then setting the control to “ON” at “Opt-Out”.

Google Remarketing Tag
On our websites, technologies by Google (Google Remarketing Tag) are used to collect and store data for marketing purposes. From this data, anonymised usage profiles can be created and stored in cookies. Third parties, including Google, serve ads on web pages in the internet. These parties, including Google, use cookies to serve ads based on your previous visits to our website, as part of the remarketing tag function. The data collected by the remarketing tag function, will not – without your separate consent – be used to personally identify you as a visitor of this website and will not be merged with personal information from the anonymised user profile. You can opt out of the use of cookies by Google by going to https://www.google.com/settings/u/0/ads/authenticated and clicking on the "opt out"-button. Alternatively, you may find the deactivation site of the Network Advertising Initiative here: http://www.networkadvertising.org/managing/opt_out.asp. For more information about Google’s privacy policy can be found here: http://www.google.com/intl/eng/privacy.

Google uses Standard Data Protection Clauses.

Google Conversion Tracking
We use Google Conversion Tracking on our website. It is an analysis service by Google Inc. (“Google”). Google Adwords places a cookie on your computer (“conversion cookie”), if you came to our website via a Google advertisement. These cookies will expire after 30 days and are not personally identifiable. You can visit certain pages of ours and the cookie has not expired, Google and we are able to see that someone clicked on the advertisement and was directed to our webpage. Every AdWords customer receives a different cookie. Cookies can be tracked over different web sites of AdWords customers. The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have opted to use conversion tracking. The AdWords customers will know the total amount of users that clicked on their advertisement and were directed to a webpage with a conversion tracking tag. They won’t receive any information that would allow them to identify the user personally, however. If you do not want to be part of the tracking procedure, you can also reject the necessary cookie – by generally deactivating the automatic storage of cookies, for example. You can also deactivate cookies for conversion tracking by adjusting your browser settings to only block cookies from the domain “googleadservices.com”. Google’s privacy policy for conversion tracking can be found here https://services.google.com/sitestats/en.html.

We use "Advanced Conversions" from Google Ads. Advanced conversions allow conversions to be tracked more accurately. If the user has consented, Google's "Advanced Conversions" web implemented function, applies a secure SHA256 one-way hash algorithm to the customer's data (e.g. email addresses) before it is sent, securely, confidentially and anonymously, to Google. The hash data is then matched to signed-in Google accounts in order to assign the conversions from our campaigns to users’ actions, such as clicks or views, in response to adverts.

Google uses Standard Data Protection Clauses.

Google Double-Click
On our website, we use DoubleClick by Google, which is a service by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). DoubleClick uses cookies in order to show you relevant advertisements. This includes verifying which ads were shown in your browser and which ones were clicked. The cookies do not contain any personal information. The use of the DoubleClick cookies allows Google and their partner pages to place advertisements based on previous visits to ours or other websites. You can prevent the storage of cookies by adjusting setting your web browser. You can also prevent the collection of the data created by the cookie and the processing of this data by google by downloading and installing the browser plug-in available here: https://www.google.com/settings/ads/plugin. You can also deactivate the use of cookies by Google by clicking on the “opt out” button at: https://www.google.com/settings/u/0/ads/authenticated. Alternatively, you can access the deactivation page of the network advertising initiative: http://www.networkadvertising.org/managing/opt_out.asp. For more information about Google’s privacy policy can be found here: http://www.google.com/intl/eng/privacy.

Google uses Standard Data Protection Clauses.

Google Analytics
This website uses Google Analytics (in the current version Google Analytics 4, hereinafter "Google Analytics"), including the function Universal Analytics, a web analysis service of the Google Inc. Google Analytics uses so-called Cookies, text files which are stored on your computer and which allow an analysis of the use of the website by you. Through Universal Analytics and the use of a pseudonym user ID, device-crossing activities (e.g. tablet, PC or laptop) on our website can be analysed. The information generated by the cookie concerning your use of this website (including your IP address) will be passed on to a Google server in the USA and saved there. In case of an activation of the IP-anonymization on this website, your IP-address will be shortened by Google within the member states of the European Union or in other contractual states of the Agreement on the European Economic Area. Only in exceptional cases will the complete IP-address be transmitted to a Google-server in the USA and shortened then and there. Google will use this information on behalf of this website’s provider for the purpose of evaluating your website to gather reports concerning the website’s activities and to furthermore provide services around this website. Google Analytics does not combine your transmitted IP-address data with other data collected by Google. You can prevent the storage of cookies by a specific setting in your browser-software; however please note that if you do this you may not be able to use the full functionality of this website. You can furthermore prevent the collection of your data (including your IP-address) by Google as well as the processing of that data by Google by downloading and installing the following browser-plugin: http://tools.google.com/dlpage/gaoptout?hl=eng

Alternatively, you can prevent the processing of your data by Google by clicking on the following link: Click here, to be excluded from the Google Analytics measurement protocol.

Google uses Standard Data Protection Clauses.

We hereby point out that this website uses Google Analytics including Universal Analytics with the add-on „anonymizeIp()“, which is in accordance with privacy regularities. IP-addresses thereby are processed only in a shortened version to exclude any possibility of direct personal relation.

We use the tool "ParticularAudience" on our website, a service of Anamantic Pty Ltd, Level 1, 85 William Street, Darlinghurst, NSW 2010, Sydney, Australia. This tool enables us to optimize our Internet offering by displaying, in connection with the presentation of individual products in our online store, other products in which our website visitor is interested and which are, for example, similar to the displayed product or could match it. Through the use of cookies, anonymous information about the usage behavior of our website visitors is collected for the purpose of these product recommendations. In no case can this anonymous analysis data be used to personally identify the visitor to this website: https://particularaudience.com/privacy

Bing Ads
We use conversion tracking by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Thereby Microsoft Bing Ads saves a cookie on your computer if you arrived at our webpage via a Microsoft Bing advertisement. We and Microsoft can see that someone clicked on our ad and was directed to our page, and visited a predetermined target page beforehand. We learn only the total number of users that clicked on a Bing ad and were directed to our page. No personal information related to the identity of the user are transmitted. If you do not want to be part of the tracking procedure, you can also reject the necessary cookie – by generally deactivating the automatic storage of cookies, for example. Find further information privacy and cookies used by Microsoft Bing on the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement.

Microsoft uses Standard Data Protection Clauses.

Facebook Pixel
We use the “Pixel” by Facebook, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) for the analysis and support of online marketing measures. With its help we can track the movements of users after they see or click on a Facebook ad. This is how we can evaluate the significance of Facebook ads for statistics and market analysis purposes. The data collected is anonymous and personal data of individual users is not visible to us. However, the information is saved and processed by Facebook. Facebook can connect the information with your Facebook account and use them for its own advertising purposes according to Facebook’s Data Policy: https://www.facebook.com/policy.php. Cookies may be saved on your computer for this purpose. You can prevent the storage of cookies by adjusting setting your web browser.

Facebook uses Standard Data Protection Clauses.

Facebook Plugins
Our website also includes plugins by the social network Facebook. Our website is configured so that a direct connection between your browser and the Facebook server is made only when you click on a Facebook plugin. A connection will not be made automatically as soon as you open our website. Data is transmitted to Facebook only after you click on the plug-in, consciously “activating” it. If you click on the Facebook button while you’re logged in on your Facebook account, Facebook can possibly associate the visit to our website with your account. We would like to point out that as the provider of the web page we have no knowledge of the content of the transmitted data or of their use through Facebook. Further information about this can be found in Facebook’s Data Policy: http://de-de.facebook.com/policy.php. If you do not wish for Facebook to be able to associate the visit of our website with your Facebook account, please do not click on the Facebook plugins or log out of your Facebook account.

Facebook uses Standard Data Protection Clauses.

We have no influence on data that is processed by Facebook under its own responsibility in accordance with Facebook's terms of use. However, we would like to point out that when you visit the fan pages, data about your usage behavior is transferred from Facebook and the fan pages to Facebook. Facebook itself processes the aforementioned information to create more detailed statistics and for its own market research and advertising purposes, to which we have no influence. More detailed information on this find in the privacy notices of the respective social networks: Facebook data policy and Instagram privacy policy. In the event that personal data is transferred to the USA, there are sufficient guarantees or other instruments in place to ensure compliance with the European data protection principles in order to comprehensively ensure the protection of your data in this case as well.
Insofar as we receive your personal data during the operation of the fan pages, you are entitled to the rights stated in this data protection declaration. If you also wish to assert your rights against Facebook, the easiest way to do so is to contact Facebook directly. Facebook knows both the details of the technical operation of the platforms and the associated data processing as well as the specific purposes of the data processing and can implement appropriate measures upon request if you exercise your rights. We will be happy to support you in asserting your rights to the extent possible and forward your requests to Facebook.

On our website, we use plugins by the social network Twitter (Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, USA). Our website is configured so that a direct connection between your browser and the Twitter server is made only when you click on a Twitter plugin. A connection will not be made automatically as soon as you open our website. Data is transmitted to Twitter only after you click on the plug-in, consciously “activating” it. By clicking on the Twitter plugin, the websites you visit are linked with your Twitter account and divulged to other users. Data will thereby also be transmitted to Twitter. We would like to point out that as the provider of the web page we have no knowledge of the content of the transmitted data or of their use through Twitter. Find further information you can view Twitter’s privacy policy here: https://twitter.com/privacy. If you do not wish for Twitter to be able to associate the visit of our website with your Twitter account, please do not click on the Twitter plugin.

Twitter uses Standard Data Protection Clauses.

Our website uses plugins by the social network Google+ (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Our website is configured so that a direct connection between your browser and the Google+ server is made only when you click on a Google+ plugin. A connection will not be made automatically as soon as you open our website. Data is transmitted to Google only after you click on a plug-in, consciously “activating” it. If you click on the Google+ button while you’re logged in on your Google+ account, Google can possibly associate the visit to our website with your account. We would like to point out that as the provider of the web page we have no knowledge of the content of the transmitted data or of their use through Google. Further information and settings options can be found in the Google+ privacy policy here: http://www.google.com/intl/de/+/policy/+1button.html. If you do not wish for Google+ to be able to associate the visit of our website with your Google+ account, please do not click on the Google+ plugins or log out of your Google+ account.

Google uses Standard Data Protection Clauses.

We use the „Pin it“ button by the social media network Pinterest (Pinterest, Inc., 808 Brannan St, San Francisco, CA 94103, USA). Our website is configured so that a direct connection between your browser and the Pinterest server is made only when you click on a Pinterest plugin. A connection will not be made automatically as soon as you open our website. Data is transmitted to Pinterest only after you click on a plug-in, consciously “activating” it. If you click on the Pinterest button while you’re logged in on your Pinterest account, Pinterest can possibly associate the visit to our website with your account. We would like to point out that as the provider of the web page we have no knowledge of the content of the transmitted data or of their use through Pinterest. Further information and settings options can be found in the Pinterest privacy policy here: http://pinterest.com/about/privacy/. If you do not wish for Pinterest to be able to associate the visit of our website with your Pinterest account, please do not click on the Pinterest plugins or log out of your Pinterest account.

Pinterest uses Standard Data Protection Clauses.

The „XING Share Button“ by the social media network XING (XING AG, Gänsemarkt 43, 20354 Hamburg, Germany) is used on this webpage. Our website is configured so that a direct connection between your browser and the XING server is made only when you click on a XING plugin. A connection will not be made automatically as soon as you open our website. Data is transmitted to XING only after you click on the plug-in, consciously “activating” it. XING does not save any personal data when you open this website. XING does not store any IP addresses. There is also no analysis of your user behaviour through the usage of Cookies related to the “XING Share Button”. The current privacy policy of the “XING Share Button” and more information can be found on this webpage: https://dev.xing.com/plugins/share_button/privacy_policy

Affilinet / Tracdelight
Our website uses services of the companies affilinet GmbH (Joseph-Wild-Str. 20, 81829 Munich, Germany) and tracdelight GmbH (Wilhelmstr. 4a, 70182 Stuttgart, Germany). Cookies are produced for the optimization of our advertisement measures. These Cookies are only used for a correct association of the success of an advertisement of the distribution partner and the according invoicing of the service partner. Personal data aren’t collected. The Cookie only contains the information of when a determinate advertisement has been clicked from an internet-capable device. If you don’t want such Cookies to be saved in your browser, you will be able to change it via your browser adjustments.

Voucher offers of Sovendus GmbH
If you are interested in a voucher offer of Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe (Sovendus) and click on the coupon banner, we will transmit your address, your name and your e-mail address in encrypted form to Sovendus to prepare a voucher (Art. 6 par. 1 b, f GDPR). The IP-address will be exclusively used for data security purposes and as a rule the same will be anonymised after seven days (Art. 6 Abs.1 f GDPR). Furthermore, we will transmit order number, order value with currency, session ID, coupon code, and time stamp in pseudonymised form to Sovendus for billing purposes (Art. 6 Abs.1 f GDPR).
Further information for processing your data by Sovendus, please refer to the online privacy policy at https://www.sovendus.de/en/privacy_policy/.

We offer you the possibility to evaluate our service through a rating service (de.trustpilot.com) operated by Trustpilot A/S, Pilestræde 58, 5, 3rd floor, 1112 Copenhagen, Denmark. The evaluation is published on the Trustpilot internet pages and can also be displayed in so-called widgets on the connox.de website. In order to rate us without having to first log in to Trustpilot, we offer a direct evaluation via a “Unique Link”. By clicking on this link, we send your name, e-mail address and order number as a unique reference to Trustpilot. This information is sent encrypted and will not be transmitted in plaintext or be passed on to third parties. You can find more information about the “Unique Link” here: https://support.trustpilot.com/hc/en-us/articles/204953148-The-Unique-Link. Please also find Trustpilot’s privacy policy at http://legal.trustpilot.com/end-user-privacy-terms.

zenloop GmbH
We work with zenloop GmbH, Brunnenstrasse 196, 10119 Berlin, Germany. Zenloop is a business-to-business software-as-a-service platform that enables us to collect and analyse feedback from our customers to respond better to customer needs.

When using the feedback tool, zenloop collects statistic user data, the address of the page from which you use the feedback tool and other usage data such as the anonymized public IP address. Your device- and browser data is also collected anonymized. Zenloop also uses cookies page-tags to collect aggregated and anonymous data about users. In addition, zenloop collects the survey results and your e-mail address on our behalf insofar as you make them available to zenloop (only with your express consent).

The legal basis for data processing by zenloop is Art. 6 para. 1 lit. b DSGVO (consent) and Art. 6 para. 1 lit. f DSGVO (legitimate interest).

Further information can be found in zenloop's privacy policy.

We use the services of Exponea, Mlynské Nivy 12, 82109 Bratislava, Slovakia (Exponea) for the evaluation and support of online marketing measures, in particular when sending newsletters. This enables us to determine how our sent newsletters are opened and used (e.g. clicks on links in a newsletter) in order to record and measure the success of certain marketing measures. This information is used in the form of pseudonymous user profiles to improve our website and our newsletter and related marketing measures. Specifically, offers and information on other websites are adapted to the interests and wishes of users. Exponea processes data (e.g. the e-mail address) exclusively according to our instructions and will never use data for its own marketing purposes nor will they sell or pass on your information to third parties. Cookies can be stored on your computer for these purposes. You can prevent the storage of cookies by setting your browser software accordingly. The collection and evaluation of data described here by means of the newsletter can also be refused by unsubscribing from our newsletter. You will then no longer receive any further newsletters from us.

Our site uses Youtube Embedding feature to display and play videos from “Youtube”, which is owned by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Here, the extended privacy mode is used, which according to the provider information storage of user information only when playing the video in motion. When the playback of embedded Youtube videos starts, the provider “Youtube” uses cookies to collect information about user behaviour. According to “Youtube” hints, these are used, among other things, to capture video statistics, improve user-friendliness and prevent abusive practices. If you’re logged in to Google, your data will be assigned directly to your account when you click a video. If you do not wish to associate with your profile on YouTube, you must log out before activating the button. Google stores your data (even for non-logged-in users) as usage profiles and evaluates them. According to Art. 6 (1) (f) of the GDPR, such an evaluation is based on the legitimate interests of Google in the display of personalised advertising, market research and / or tailor-made design of its website. You have a right to object to the creation of these User Profiles, and you must be directed to YouTube to use them.

For more information on data protection at "YouTube", please see the provider's privacy policy at: https://www.google.com/intl/en/policies/privacy.

Google uses Standard Data Protection Clauses.

Deletion and blocking of personal data
We only process and store personal data for the period of time required to achieve the purpose of storage (e.g. due business transaction) or which corresponds to a legal storage / retention period. If the purpose of the storage is omitted or if a legal storage / retention period expires, the personal data will be deleted. If legal storage / storage obligations should continue to exist, e.g. after proper business transaction or having answered your inquiry, we will restrict the processing, e.g. by blocking your data.
After expiration of this period, we retain the information of the contractual relationship required by commercial and tax law for the periods determined by law. For this period (regularly ten years from the conclusion of the contract), the data is processed again solely in the event of a review by the tax authorities.
We delete the data collected and stored in connection with the customer account at the latest when the purpose of the storage no longer applies or you inform us that your customer account should be deleted. However, premature deletion of your personal data is not possible if and to the extent that the data is still required for the performance of the contract or to the extent that statutory provisions require us to store it further.

Rights of the affected person

As an affected person(s), you have the right:

  • to demand information about your personal data processed by Connox in accordance with Art. 15 GDPR. In particular, you have the right to information regarding processing purposes, the recipients or categories of recipients to whom the personal data have been disclosed, the planned duration for which the personal data is stored, the right of rectification, deletion, limitation of the processing or the right to object to such processing, all available information on the source of the information, and the existence of an automated decision-making process;
  • to request the immediate correction or completion of incomplete personal data in accordance with Art. 16 GDPR;
  • to demand, in accordance with Art. 17 GDPR, the immediate deletion of your personal data, unless the processing is necessary for the fulfilment of a legal obligation by Connox or for the performance of a public interest task or in the exercise of public authority delegated to Connox and /or assertion, exercise, or defence of legal claims;
  • to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR, as far as the accuracy of the personal data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data, but you require them to assert exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • to receive personally identifiable information provided to Connox in accordance with Art. 20 GDPR, in a structured, common and machine-readable format, and to transfer that data to another responsible person;
  • to revoke your once given consent to us at any time pursuant to Art. 7 para. 3 GDPR. As a result, we are not allowed to continue the data processing based on this consent for the future and
  • to lodge a complaint to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.

Right to withdraw
If your personal data is based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying any particular situation.

If you exercise your right of objection, we will stop the processing of the data concerned. However, we can continue to process your personal data, despite your objections, if in the case of processing based on legitimate interests or on the performance of a task in the public interest/exercise of official authority, we can prove that we have compelling legitimate grounds that override your interests, rights and freedoms.

If you would like to make use of your rights, please send us an e-mail.

Adjustment of the privacy policy
We reserve the right to update this Privacy Policy from time to time. Updates to this Privacy Policy will be posted on our website. Changes will be effective as of their publication on our website. We therefore recommend that you visit this website regularly to find out about any updates that may have been made.

To watch the PDFs you need e. g. the Adobe Reader, this one is downloaded for free under the following link: http://get.adobe.com



The SafeBuy Code

1. Qualifications, Purpose and Scope

1.1 The SafeBuy Assurance Scheme is operated by Ecommerce Security Ltd. SafeBuy have been evaluating high-tech products and services in the UK since 1987 and independently reporting to subscribers and report purchasers. It has no connection with any manufacturer or service provider and does not take any advertising or sponsorship. The SafeBuy scheme is funded by charges on retailers.
1.2 SafeBuy is acting in the interest of both retailers and consumers in publishing this Code of Practice. The retailers who conform to the Code know that their display of the SafeBuy logo will provide reassurance to consumers that they have undertaken to abide by the SafeBuy Code and any updates that are issued to remain in line with UK and EU regulations and legal requirements. SafeBuy code members must observe all relevant legal requirements when dealing with consumers. Consumers have access to the Code and are entitled to expect a high level of performance from subscribing retailers with a right of mediation by SafeBuy if they have a complaint.
1.3 The retailer agrees to accurately and honestly complete such questionnaires as are sent from time to time by SafeBuy to address the matters of ongoing website and operational security and of complaints registered, whether resolved prior to or with SafeBuy mediation or not, together with the outcomes.
1.4 By subscribing to the SafeBuy Code retailers undertake with SafeBuy and with their consumers that they will at all times abide by it. Although SafeBuy cannot guarantee that any individual retailer's site conforms with the SafeBuy Code at every moment in time, SafeBuy validates websites at the time of application and then regularly samples sites including the placing of orders for goods in order to test those sites for ongoing conformity. It also spot checks for evidence that consumers' prepayments or deposits, where required by clauses 4.5 and 4.6 of this Code are held securely.

2. Website Requirements

2.1 The site must use the SafeBuy logo as an active link (hyperlink) to safebuy.org.uk where this Code of Practice is published. The logo must be given sufficient prominence that every site visitor is aware of your membership of the SafeBuy scheme. The logos may not be used on any site the owner of which does not have a current subscription to the SafeBuy scheme or which SafeBuy considers not to be compliant with the SafeBuy Code.
2.2 Any advertising on the site, whether by the site owner or third parties, must comply with the British Codes of Advertising and Sales Promotion (BCASP) and any other relevant code of advertising and all other statutory requirements. These include The Control of Misleading Advertisements Regulations 1988 (as amended) and, if the site owner offers credit, The Consumer Credit (Advertisements) Regulations 2004.
2.3 Any advertising on the site, whether by the site owner or third parties, must conform to the rulings laid down by the Advertising Standards Authority (asa.org.uk).
2.4 The site must have clearly accessible details of the retailer's name and address, phone number, an email address and details of what information consumers are required to provide to pursue a complaint against the retailer. Consumers must also be advised of their right to no-charge mediation by SafeBuy.
2.5 Customers should be charged at the normal rate for a UK inland call for queries relating to a transaction. Where technical support charges are made, either by the retailer or by a third party whose product or service is being sold, that fact must be made clear to the customer before the order is placed. Information on the cost of communication relating to technical support, where it is at other than the basic rate, must be provided. Hours of availability for all types of phone enquiry must be clearly stated.
2.6 The website must make reasonable provision to be compatible with technology that facilitates Internet use for the disabled. The retailer must be aware of its obligations under the Disability Discrimination Act 2005.

3. Transaction Requirements

3.1 Products or services for sale must be clearly and accurately described with relevant characteristics (e.g. dimensions, material). Any variation between the goods or services that are for sale and usual consumer expectations should be explained as should any disparity between a consumer's stated requirements and the nature of the goods or services to be offered to the consumer.
3.2 Any restrictions on ordering (e.g. parental approval, geographic location) must be made clear to the consumer as a part of the description of the product or service.
3.3 The total price, including packing, delivery and VAT where applicable must be shown for the complete order before consumer final agreement to place the order.
3.4 The method of delivery must be clearly identified. Where appropriate (e.g. for bulky items or those which need to be signed for), the retailer must have effective procedures for agreeing a scheduled delivery and maintaining liaison with the customer to ensure that the delivery occurs as projected or as altered with the customer's agreement.
3.5 Payment options must be shown and the level of security displayed for the transaction.
3.6 A clear explanation must be given as to the process by which the customer may place, change or cancel an order prior to it being processed and an option given for the consumer to abort the order up to the point of final confirmation. If languages other than English are available this fact should be made clear.
3.7 There must be no possibility of orders being accepted which are unlikely to be fulfilled within 30 days.
3.8 'High pressure selling' must not be used and any special offers must have the time or condition requirements clearly identified. Where a special offer is time-related the consumer's cancellation rights as per clause 4.1 (d) must be drawn to the consumer's attention.
3.9 The consumer must be advised that a confirmation of the order will be sent by email or post within 24 hours. This confirmation must include the retailer's company details, a unique order number, the total price and clear instructions on the consumer's rights of cancellation or return, including timescales, with an explanation of how to effect a cancellation or return, including any return costs that may be applied.
3.10 There must be no misleading claim made on the website or the order confirmation regarding delivery timescale to the consumer. Where any delivery timescale and/or delivery date is stated the consumer must be advised in advance if that timescale and/or date will be delayed and the consumer's right to cancel must be made clear.
3.11 If there is an ongoing contract with the consumer the minimum duration for the contract to supply goods or services continuously or recurrently must be clearly explained.
3.12 All relevant staff must be adequately trained regarding the retailer's responsibilities in relation to the law and to this Code of Practice.

4. Terms and Conditions

4.1 The website must specify:
the name, physical address of the principal place of business, email address and telephone number and the company number and VAT number where appropriate;
the price of the goods or services and any ancillary costs such as delivery charges, identified individually;
the delivery procedure;
in terms of products the right of the consumer to cancel the order for at least fourteen working days after delivery; in terms of services fourteen days after the contract is agreed or after the consumer has agreed to the service starting. Please note these cancellation periods could be longer if you have not complied with the detail of the Consumer Protection (Distance Selling) Regulations 2000 (as amended) where those regulations apply. These regulations include requirements on information that must be given to the consumer and specifies when it has to be given.
the returns policy and procedure including information on who bears the cost of return or recovery in the event of revocation of the order in each and all circumstances. Where goods are returned at the consumer's choice the liability for any expense incurred must be spelt out to the consumer and any conditions, e.g. insurance, proof of delivery made clear. If the retailer in the normal course of business elects to collect the goods that expense must equally be spelt out and not exceed the direct cost;
the means by which the website user can lodge a complaint with the retailer and how the complaints procedure will operate.
4.2 All contract terms, including any guarantees or warranties, must be clearly displayed and a further clear indication given that they do not affect the consumer's statutory rights. In particular a statement should be made that "This does not affect your statutory rights, in relation to faulty or misdescribed goods, details of which can be obtained from Consumer Direct (the Government's consumer advice helpline) or your local Trading Standards Office." If the retailer's contract terms give rights to the consumer which are more beneficial than the consumer's statutory rights, this should be made apparent. If any additional guarantees/warranties are offered, the costs and options must be clearly stated together with all other key elements and, if offered through a third party, a name, address and contact point for that third party. Additional warranties/guarantees must not be projected as a requirement on the consumer nor misrepresented in any way as to their cost, coverage or benefits. The Terms & Conditions which the site owner uses for any transaction must take into account the Unfair Terms in Consumer Contract Regulations on which Office of Fair Trading guidance is available.
In particular the retailer must conform with Statutory Instrument 2005 No. 37 (The Supply of Extended Warranties on Domestic Electrical Goods Order 2005) if the website offers products which fall into this category. Details are available at http://www.opsi.gov.uk/si/si2005/20050037.htm
4.3 The product or service must be delivered within 30 days unless the consumer agrees otherwise. In the event that this term cannot be met, or the consumer's right to cancel has been exercised, the consumer must be advised in good time and offered a cancellation option with a total refund, within 30 days, of any monies, including delivery costs, paid.
4.4 The consumer must, at any time, before or after the order, be able to scroll through and, if necessary, print the Terms and Conditions and Privacy Policy.
4.5 No payment from a consumer should be processed more than two working days before despatch of the goods or, if it is, should be regarded as a prepayment under the terms of clause 4.6. The website must make this clear either in general or at the point of order.
4.6 Deposits and prepayments must be protected against loss in the event of the retailer ceasing to trade or for any other reason. This protection must be provided by an insurance-backed scheme, a ring-fenced consumer account, independent third party holding of such funds or other secure deposit. Deposits, prepayments and scheduled part payments for bespoke products or consumer-specific services should be subject to clear terms, including protection of the consumer's funds where appropriate, which are agreed to by the consumer as part of the basis for the contract.

5. Faults and Disagreements

5.1 Errors in any area of order processing, delivery or administration must be corrected within 10 working days.
5.2 The retailer must have an effective complaints procedure. At a minimum, any complaint must be logged and an acknowledgement given to the consumer within three working days. The consumer must be further advised on the retailer's procedures for acting on the complaint with a reasonable and stated timescale. The retailer must keep the consumer informed of the progress of the investigation of the complaint. The same provisions apply regarding an intermediary, acting on behalf of the claimant, as they do to dealing directly with the complainant.
5.3 In the event that the retailer and consumer cannot agree on the resolution of a complaint, the retailer must advise the consumer of any trade complaints body, regulator or ombudsman who may be relevant. They must also advise the consumer of the SafeBuy mediation procedure.
5.4 SafeBuy will act as mediators, at no charge to either party, in the event of a dispute between the retailer and consumer which cannot be resolved in a timely manner. SafeBuy will only act where the consumer can provide a transaction number and date. SafeBuy will be at liberty to provide copies to both parties of all documentation presented in connection with the dispute. SafeBuy is not entitled to impose a decision upon the parties but, as mediator, to attempt to facilitate a resolution of the dispute between the parties. If this is not achieved within a reasonable time (45 days maximum) then SafeBuy will be entitled to withdraw from involvement as mediator.
5.5 In the event of the retailer's own complaints procedure and the SafeBuy mediation procedure being unsuccessful in resolving the complaint, the retailer agrees that the consumer has the right to arbitration under the SafeBuy/CIArb scheme operated by the Chartered Institute of Arbitrators and waives his/her right to decline arbitration under this scheme. SafeBuy/CIArb is an email arbitration scheme, at relatively low cost, the full details of which are at www.idrs.ltd.uk/safebuy. Details are also available by email from SafeBuy. The costs of the arbitration are borne by the consumer and the retailer. Decisions made by the arbitrator will be referred back to SafeBuy and may be acted on to enhance this Code and will contribute to the warning system laid down in clauses 5.8 (i) and (ii).
5.6 None of the above processes affects the right of the consumer to take the matter to the Courts or any other complaints resolution body.
5.7 If the retailer is in breach of the code with no reasonable justification, the retailer will be subject to SafeBuy's disciplinary procedure (which is overseen by an independent party). The retailer accepts that there is no right of appeal or redress against the Independent Overseer's decision (which includes, ultimately, expulsion of the retailer from the scheme). SafeBuy acts according to the rules as set out at clause 5.8.
5.8 For the purposes of clarity, SafeBuy acts according to the following rules in formal warnings, final warnings and expulsions.
A Formal Warning is issued if a mediation is not concluded successfully, or a breach of the Code that has been advised to the member (following 'mystery shopping' for example), has not been acted upon within 30 days of notification. The member has the right to claim 'special circumstances' (e.g. the return of goods to the maker for a report) to extend this period to an agreed deadline.
A Formal Warning will also be issued if, following an unsuccessful mediation, the consumer has exercised the right to go to arbitration and the Abitrator's decision is more than 50% in favour of the consumer.
A Final Warning is issued if more than one Formal Warning has become necessary in a six month period.
Expulsion will ensue if another Formal Warning becomes necessary within six months of a Final Warning.
5.9 In the event that the retailer becomes uncontactable by email, phone or recorded delivery letter SafeBuy will regard the retailer as no longer accredited and remove him from the scheme.

6. Security

6.1 The retailer must take and maintain all practicable security procedures to prevent hacking or other external access, or any unauthorised internal access, to any data relating to consumers or orders. If data is provided to any third parties necessary for the execution of the contract, it is the retailer's responsibility to ensure that the same standards are met by those third parties.
6.2 Methods of payment must be as secure as is practicable and the consumer clearly advised of the level of security applicable. If a hyperlink is required to another site with further details of the level of security it should be prominently displayed.
6.3 The retailer must be aware of its obligations under the Disability Discrimination Act 2005. It is also recommended that the retailer conforms to the requirements of the ISO Code ISO/IEC 27002:2005 (was BS7799) in security matters but as a minimum should ensure that hardware and software security is in line with general standards in the industry for the scale of the retailer's operation. The retailer must identify a named individual who is responsible for all aspects of security.
6.4 It is understood that the same standards on security of data or process by any third party used by the retailer should be at least equivalent to those used by the retailer.

7. Privacy

7.1 The website owner must conform with the requirements of the Data Protection Act, 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. .
7.2 The website must incorporate a privacy policy which informs website users of their right to access to information collected from them and how any such personal information will be used.
7.3 The consumer must be given the option to decline any distribution of personal data to third parties. This option must include further use of the data by the retailer and any associated organisations. In the event that the consumer does not reject further use, if appropriate it must be separately made clear that such data may be transferred outside the European Economic Area and the option provided to reject such use.
7.4 Before the website user can submit personal details to the website, he/she must be able to scroll through the terms of the privacy policy.
7.5 The use of email for direct marketing purposes is not allowed unless the consumer has previously given his/her consent and the contact details have been obtained in the course of a sale of a product or service to that consumer. Direct marketing approaches are confined to the products or services supplied by the online retailer who should ensure that the subscriber is aware of the nature of those products and services. The consumer has also to be given the oppor