Privacy Policy

1. Privacy Policy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to all data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section “Notice on the Responsible Party” in this privacy policy.

How do we collect your data?

Your data is collected in part by you providing it to us. This may include data that you enter into a contact form, for example.

Other data is collected automatically or with your consent when you visit the website by our IT systems. This includes mainly technical data (e.g., internet browser, operating system, or time of page access). The collection of this data occurs automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior. Should contracts be concluded or initiated through the website, the transmitted data will also be processed for contract offers, orders, or other service requests.

What rights do you have regarding your data?

You have the right at any time to obtain free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of processing of your personal data. Additionally, you have the right to lodge a complaint with the competent supervisory authority.

Should you have any further questions regarding data protection, you may contact us at any time.

2. Responsible Party

Responsible for data processing on this website is:

JoeFrex GmbH
Joerg Rexroth
Dientzenhoferstr. 72
90480 Nuremberg
Phone: 0911 5430056
Email: info@joefrex.de
Legal Notice: https://www.joefrex.de/en/imprint-directions

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

3. General Information and Mandatory Information

Storage Duration

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will occur after such reasons cease to apply.

General Information on the Legal Basis for Data Processing

If you have consented to data processing, we process your personal data on the basis of Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR, if special categories of data according to Art. 9 Para. 1 GDPR are processed. In case of explicit consent to the transfer of personal data to third countries, data processing also occurs on the basis of Art. 49 Para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your end device, data processing additionally occurs on the basis of § 25 Para. 1 TDDDG. Consent is revocable at any time. If your data is required for contract performance or to carry out pre-contractual measures, we process your data on the basis of Art. 6 Para. 1 lit. b GDPR. Furthermore, we process your data if it is required to fulfill a legal obligation on the basis of Art. 6 Para. 1 lit. c GDPR. Data processing may also occur on the basis of our legitimate interest according to Art. 6 Para. 1 lit. f GDPR. The respectively applicable legal bases for processing in individual cases are described in the following sections of this privacy policy.

Notice on Data Transfer to Third Countries

We use, among other tools, services from companies located in data protection-wise non-secure third countries as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to and processed in these countries. We point out that in data protection-wise non-secure third countries, a level of data protection comparable to that of the EU cannot be guaranteed.

We point out that the USA as a secure third country generally provides a level of data protection comparable to the EU. Data transfer to the USA is permitted if the recipient holds a certification under the ‘EU-US Data Privacy Framework’ (DPF) or has suitable additional safeguards.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may revoke any previously given consent at any time. The legality of data processing carried out prior to the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING OCCURS ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS OR UNLESS PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21 PARA. 2 GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work, or the place of the alleged violation. This right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Competent supervisory authority for JoeFrex GmbH (Bavaria):

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach
https://www.lda.bayern.de

Right to Data Portability

You have the right to receive data that we process on the basis of your consent or to fulfill a contract in an automated manner in a common, machine-readable format or to have it transmitted to another controller. Such transmission occurs only insofar as it is technically feasible.

Information, Correction, and Deletion

You have the right at any time, within the scope of applicable statutory provisions, to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing, and if applicable, the right to request correction or deletion of this data. For these and any other questions regarding personal data, you may contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored with us, we generally require time to verify this. During the period of verification, you have the right to request the restriction of processing of your personal data.
If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.
If we no longer require your personal data but you need it for the assertion, exercise, or defense of legal claims, you have the right to request the restriction of processing of your personal data instead of deletion.
If you have lodged an objection pursuant to Art. 21 Para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of processing of your personal data.

If you have restricted the processing of your personal data, such data may—except for its storage—only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.

SSL or TLS Encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the address bar of your browser changing from http:// to https:// and by the lock symbol in your browser bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to Marketing Emails

The use of contact information published in compliance with legal notice requirements for sending unsolicited advertising and informational material is hereby objected to. The site operators expressly reserve the right to take legal action in the event of unsolicited transmission of advertising information, such as through spam emails.

4. Hosting

External Hosting – profihost GmbH

This website is hosted externally. Personal data collected on this website is stored on the servers of the hosting provider. This may primarily include IP addresses, contact inquiries, meta and communication data, contract data, contact data, names, website access logs, and other data generated via a website.

External hosting is provided for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of secure, fast, and efficient provision of our online services through a professional provider (Art. 6 Para. 1 lit. f GDPR).

We use the following hosting provider:

profihost GmbH, Hildesheimer Straße 25, 30880 Laatzen

Cloudflare (CDN & Security)

We use the service ‘Cloudflare’. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Cloudflare offers a globally distributed content delivery network with DNS. The technical transfer of information between your browser and our website is routed through Cloudflare’s network. This enables Cloudflare to analyze data traffic between your browser and our website and to act as a filter between our servers and potentially malicious internet traffic. In doing so, Cloudflare may use cookies or other technologies to identify internet users; however, these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our web services as error-free and securely as possible (Art. 6 Para. 1 lit. f GDPR).

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Cloudflare holds a certification under the ‘EU-US Data Privacy Framework’ (DPF).

5. Data Collection on This Website

Cookies

Our websites use so-called ‘cookies’. Cookies are small data packets and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain on your device until you delete them yourself or your web browser deletes them automatically.

Two types of cookies are used when you visit our website:

Temporary Cookies (Session Cookies): These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. Session cookies are deleted when you log out or close your browser.
Persistent Cookies: Persistent cookies remain stored even after closing your browser. This allows our website to recognize your computer when you return to our website. These cookies store, for example, information about language settings or login information.

Cookies required to carry out electronic communication, to provide specific functions desired by you (e.g., for the shopping cart function), or to optimize the website (necessary cookies) are stored on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in storing necessary cookies for technically error-free and optimized provision of its services.

You can configure your browser so that you are informed about the setting of cookies and allow cookies only on a case-by-case basis, exclude the acceptance of cookies for certain cases or generally, and enable automatic deletion of cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Change Cookie Settings

You can view and change your settings at any time here: Click here to open the cookie settings

Consent with Borlabs Cookie

Our website uses the consent technology of Borlabs Cookie to obtain your consent for the storage of certain cookies in your browser or the use of certain technologies and to document this in a data protection compliant manner. The provider of this technology is Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg.

When you enter our website, a Borlabs cookie is stored in your browser containing the consents you have granted or the revocation of these consents. This data is not shared with the provider of Borlabs Cookie. The collected data is stored until you request deletion or you delete the Borlabs cookie yourself or the purpose for data storage no longer applies. The use of Borlabs Cookie consent technology serves to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 Para. 1 lit. c GDPR.

Details: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

Contact Form

When you send inquiries to us via contact form, your information from the inquiry form including the contact data you provide there will be stored for the purpose of processing your inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is carried out on the basis of Art. 6 Para. 1 lit. b GDPR if your inquiry relates to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively processing inquiries directed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if such consent was requested; consent is revocable at any time.

Data you enter in the contact form remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory statutory provisions—in particular retention periods—remain unaffected.

Inquiry via Email, Telephone, or Fax

If you contact us via email, telephone, or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed for the purpose of handling your concern. We do not share this data without your consent.

Registration on This Website

You can register on this website to use additional functions on the site. We use the data you enter only for the purpose of using the respective service or offer for which you have registered.

The processing of data entered during registration is carried out for the purpose of performing the usage relationship established by registration and possibly to initiate further contracts (Art. 6 Para. 1 lit. b GDPR). Data collected during registration is stored by us as long as you are registered on this website and is subsequently deleted. Statutory retention periods remain unaffected.

To protect against abusive registrations, we store the IP address used during registration as well as the date and time of registration. This data is not shared with third parties.

6. Analysis Tools

WP Statistics

This website uses the WP Statistics analysis tool to statistically evaluate visitor access. The provider is Veronalabs, Tatari 64, 10134, Tallinn, Estonia.

With WP Statistics, we can analyze the use of our website. WP Statistics collects, among other things, log files (IP address, referrer, browser used, origin of the user, search engine used) and actions that website visitors have taken on the site. The data collected with WP Statistics is stored exclusively on our own server. Your IP address is shortened (anonymized) so that it cannot be directly attributed to you.

The use of this analysis tool is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in anonymously analyzing user behavior in order to optimize both our web services and our advertising. If appropriate consent has been requested, processing occurs exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG; consent is revocable at any time.

7. Plugins and Tools

YouTube with Enhanced Data Protection

This website embeds videos from YouTube. The operator of the website is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced data protection mode. Videos played in enhanced data protection mode are not used by YouTube for personalizing browsing on YouTube according to YouTube’s statement. No cookies are set in enhanced data protection mode. Instead, so-called Local Storage elements are stored in the browser of the user that contain personal data similar to cookies and can be used for re-identification.

The use of YouTube serves the purpose of attractive presentation of our online services. This constitutes a legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR. Google holds a certification under the ‘EU-US Data Privacy Framework’ (DPF).

Google Fonts (Local Hosting)

This website uses Google Fonts, so-called web fonts provided by Google, for uniform display of fonts. The Google Fonts are installed locally. No connection to Google servers takes place.

Google Maps

This website uses the Google Maps mapping service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. With the help of this service, we can embed map material on our website.

To use the functions of Google Maps, it is necessary to store your IP address. This information is typically transmitted to a Google server in the USA and stored there. The use of Google Maps serves the purpose of attractive presentation of our online services and to make it easy to find the locations specified by us on the website (Art. 6 Para. 1 lit. f GDPR). Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission.

Cloudflare Turnstile

We use Cloudflare Turnstile on this website. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Turnstile is used to verify whether data entry on this website is carried out by a human or by an automated program. For this purpose, Turnstile analyzes the behavior of the website visitor based on various characteristics (e.g., IP address, time spent on site, mouse movements). The data collected during the analysis is forwarded to Cloudflare. Processing is based on Art. 6 Para. 1 lit. f GDPR (legitimate interest in protection against automated access and spam).

Details: https://www.cloudflare.com/cloudflare-customer-dpa/

Wordfence

We have integrated Wordfence on this website. The provider is Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA.

Wordfence serves to protect our website against unwanted access or malicious cyberattacks. For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can reconcile its databases with accesses made on our website and, if necessary, block them. The use of Wordfence is based on Art. 6 Para. 1 lit. f GDPR (legitimate interest in effective protection against cyberattacks). Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission.

Details: https://www.wordfence.com/help/general-data-protection-regulation/

8. Newsletter

We send out a newsletter at regular intervals to inform our customers, business partners, and interested parties about our services. You have the option to register for our newsletter on our website and consent to receiving the newsletter as part of the registration.

When you register for our newsletter, providing your email address is mandatory. Once you subscribe to our newsletter, you will receive a confirmation email to the email address provided during registration via the so-called double opt-in procedure.

Legal Basis: Art. 6 Para. 1 lit. a GDPR. The email address will be deleted either if you do not click the confirmation link within 1 month of sending the confirmation email in the double opt-in procedure or immediately after you unsubscribe from the newsletter. You may revoke your consent at any time.

9. Social Networks

We maintain online presences within the following listed social networks. When you visit any of these presences, the respective operator collects and processes your usage data. This typically occurs through cookies stored on your device. Your usage behavior and interests are stored in these cookies, and corresponding usage profiles are created.

Legal Basis: If one of the following providers has requested your consent to data processing, the legal basis for processing is Art. 6 Para. 1 lit. a GDPR. Otherwise, the processing of your data is based on our legitimate interest (Art. 6 Para. 1 lit. f GDPR).

Instagram

Operator: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Facebook

Operator: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Operator: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

X (formerly Twitter)

Operator: X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. EU Branch: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.

10. eCommerce and Payment Providers

Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data to establish, define the content of, and modify our contractual relationships. We collect, process, and use personal data about the use of this website only insofar as necessary to enable the user to use the service or to bill the user for it. The legal basis for this is Art. 6 Para. 1 lit. b GDPR.

The collected customer data is deleted after completion of the order or termination of the business relationship and after expiration of any applicable statutory retention periods. Statutory retention periods remain unaffected.

Due to commercial and tax law requirements, we are obliged to store your address, payment, and order data for a period of 10 years.

Data Transmission Upon Conclusion of Contract for the Online Shop

When you order goods from us, we transmit your personal data to the transport company responsible for delivery and to the payment service provider responsible for payment processing. We only provide data that the respective service provider needs to fulfill its task. The legal basis for this is Art. 6 Para. 1 lit. b GDPR.

If you have given your corresponding consent according to Art. 6 Para. 1 lit. a GDPR, we will transmit your email address to the transport company responsible for delivery so that it can inform you by email about the shipping status of your order; you may revoke this consent at any time.

Payment Services

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g., name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of payment processing. The use of payment service providers is based on Art. 6 Para. 1 lit. b GDPR (contract processing) and in the interest of a smooth, convenient, and secure payment process (Art. 6 Para. 1 lit. f GDPR).

We use the following payment services in the context of this website:

PayPal

Provider: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

When paying via PayPal, the following data is transmitted, among others: first and last name, address, email address, telephone number, IP address, and data necessary for order processing. This data is transmitted, among other reasons, for identity verification, fraud prevention, and creditworthiness assessment by PayPal. Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission.

Skrill

Provider: Skrill Limited, Floor 27, 25 Canada Square, London, E14 5LQ, United Kingdom.

When paying via Skrill, the following data is transmitted, among others: first and last name, address, email address, account details, information about the purchase made, and IP address. This data is transmitted for identity verification and fraud prevention.

Apple Pay

Provider: Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA.

Google Pay

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

American Express

Provider: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany. American Express may transmit data to its parent company in the USA. Data transfer to the USA is based on American Express’s Binding Corporate Rules.

Mastercard

Provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium. Mastercard may transmit data to its parent company in the USA, based on Mastercard’s Binding Corporate Rules.

VISA

Provider: Visa Europe Services Inc., Branch London, 1 Sheldon Square, London W2 6TT, United Kingdom. VISA may transmit data to its parent company in the USA. Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission.

11. Your Rights Under the GDPR

According to the GDPR, you have the following rights, which you may assert at any time with the responsible party named in Section 2 of this privacy policy:

Right to Information (Art. 15 GDPR): You may request information about your personal data processed by us.
Right to Correction (Art. 16 GDPR): You may request the correction of inaccurate data or the completion of your data stored with us.
Right to Deletion (Art. 17 GDPR): You may request the deletion of your personal data stored with us, provided no obligation to continue storing it exists.
Right to Restriction of Processing (Art. 18 GDPR): You may request the restriction of processing of your personal data.
Right to Data Portability (Art. 20 GDPR): You have the right to receive data that we process on the basis of your consent or in fulfillment of a contract in an automated manner.
Right to Object (Art. 21 GDPR): You may at any time object to the processing of your personal data for the purposes of advertising and data analysis.
Right to Revoke Consent (Art. 7 Para. 3 GDPR): You may revoke any consent you have previously given to us at any time.
Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR): If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority.

Please direct your objection or inquiries to the contact address of the responsible party indicated above.

12. Technical and Organizational Security Measures

We implement technical and organizational security measures in accordance with the current state of the art to comply with data protection law requirements and to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.

13. Timeliness and Amendment of This Privacy Policy

This privacy policy is currently valid and as of March 2026. Due to changed legal or regulatory requirements or new services on our website, it may become necessary to amend this privacy policy. The current privacy policy can be retrieved on the website at any time.