1. General information about the collection of personal data 1.1. This Privacy Policy explains how we handle personal data that is transferred to us when you use our Internet presence or our services. Personal data refers to data that is personal to you, such as your name, address, email addresses or behavior as a user. 1.2. Data Controller pursuant to Art. 4 (7) GDPR: Manuel Lorenz Einhornallee 9 81377 Munich Germany Phone: +49 1577 3880301 Mail: mail@manuel-lorenz.de 2. Rights of data subjects 2.1. You have the following rights in relation to personal data that concerns you: ● Right to access (Art. 15 GDPR) your personal data that we process; ● Right to the rectification (Art. 16 GDPR) or completion of your personal data that we process; ● Right to the deletion (Art. 17 GDPR) of your personal data that we process, unless processing it is required by exception pursuant to Art. 17 (3) GDPR; ● Right to restrict processing (Art. 18 GDPR); ● Right to information (Art. 19 GDPR); ● Right to data portability (Art. 20 GDPR); ● Right to revoke consent granted to us (Art. 7 (3) GDPR). 2.2. You are also entitled to lodge a complaint with a data protection supervisory authority if you have the opinion that our processing your personal data is unlawful. These are the state commissioners for data protection. You can find the data protection commissioner responsible for you under the following URL, as an example: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html (in German only) 2.3. Objecting to your data being processed

As far as we process your personal data on the basis of a balance of interests, you can object to it being processed. This is the case if processing your data is in particular not required for fulfilling a contract with you, which we will show in each case in the relevant description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way we have done. In the event of a justified objection on your part, we will review the situation and either discontinue or modify the data processing or show you our compelling legitimate grounds based on which we will continue the processing. You can, of course, object to your personal data being processed for the purposes of advertising and data analysis at any time. You can inform us of your objection to advertising using the following contact details: Manuel Lorenz, Einhornallee 9, 81377 Munich, Germany, Phone: +49 1577 3880301, Mail: mail@manuel-lorenz.de 3. Data Security We consider the security of your data important, so your personal data is transferred using a secure SSL or TLS encryption/connection. TLS (Transport Layer Security) or the legacy version SSL (Secure Socket Layer) is a protocol for encrypting data transfers over the Internet. This allows us to protect your personal data from unauthorized access. You can recognize the encrypted connection in the browser line by the character string "https//:" and the lock symbol. We also secure our Internet presence and other systems using technical and organizational measures against the loss, destruction, access, modification or dissemination of your data by unauthorized persons. However, despite regular monitoring taking place, complete protection against all threats is impossible. 4. Visiting our Internet presence If you merely use our Internet presence for informative reasons, i.e. you do not register or otherwise provide us with information, we only collect the personal data that your browser transfers to our server. As soon as you request a file from our Internet presence, access data is collected and saved by default. This data record is comprised of: ● The page where the request came from, ● The name of the file, ● The date and time of the request, ● The volume of data transferred, ● The access status/HTTP status code (i.e. whether the file was transferred or possibly not found etc.), ● A description of the type and version of the web browser used, ● The operating system installed and the resolution set, ● The IP address used. We require this data to display our Internet presence to visitors and guarantee its stability and security. This data is also evaluated for internal statistical purposes and for the technical administration of the Internet presence. 1 The legal basis for this is formed by Art. 6 (1) (1) (f) GDPR. Our legitimate interest stems from the data collection stated above. 5. Using our online store 5.1. If you would like to place an order in our online store, you are required to provide personal data as part of the ordering process. The data collected for this purpose can be seen from the respective input masks, whereby the requisite obligatory data is clearly marked in each case. All other information is voluntary. Providing your personal data serves the purpose and is necessary to the extent that it is required for concluding the contract and processing your order. The legal basis for this is formed by Art. 6 (1) (1) (b) GDPR. 5.2. The option is available to you to create a customer account. The data you provide is stored and processed revocably for the purpose of using your personal data for further, subsequent orders. The legal basis for this is formed by Art. 6 (1) (1) (b) GDPR. 5.3. Due to the commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. Your data will therefore not be completely deleted even if storage is no longer required for the contract concluded. However, processing will be limited to the extent necessary to comply with our statutory obligations. The legal basis for this is formed by Art. 6 (1) (1) (c) GDPR. 5.4. We use the data you have transferred to us in the course of placing your order solely for the purpose of processing your order. To process the order, we use the external service providers named below: (a) In order to deliver the goods, your address details need to be disclosed to our parcel service providers. They are obliged to treat your data confidentially and to store and use it exclusively for the purpose of delivery and to delete it again following successful delivery. The legal basis for sharing the data is formed by Art. 6 (1) (b) GDPR. (b) For payment processing purposes, your payment data is disclosed to the mandated credit institution or relevant payment service provider selected. The legal basis for sharing the data is formed by Art. 6 (1) (1) (b) GDPR. Your payment data is transferred to the corresponding payment service provider based on the payment method you have selected. The payment service provider is responsible for your payment data. You can obtain information, in particular about the payment service providers' data controller and the categories of personal data that the payment service providers process, at the Internet addresses listed below: ● giropay: If you pay by giropay, your data required for making payment is disclosed to paydirekt GmbH, An der Welle 4, 60322 Frankfurt on Main, Germany. For further information, please go to: https://www.giropay.de/agb/index.html (in German only) ● Sofortüberweisung: If you pay by "Sofortüberweisung" direct transfer using SOFORT GmbH, your data required for making payment is disclosed to SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany ("SOFORT"). Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden ("Klarna"). You can find more information about data protection at Klarna under the following Internet address: (4) We use the data you have transferred to us in the course of placing your order solely for the purpose of processing your order. To process the order, we use the external service providers named below: (a) In order to deliver the goods, your address details need to be disclosed to our parcel service providers. They are obliged to treat your data confidentially and to store and use it exclusively for the purpose of delivery and to delete it again following successful delivery. The legal basis for sharing the data is formed by Art. 6 (1) (b) GDPR. (b) For payment processing purposes, your payment data is disclosed to the mandated credit institution or relevant payment service provider selected. The legal basis for sharing the data is formed by Art. 6 (1) (1) (b) GDPR. Your payment data is transferred to the corresponding payment service provider based on the payment method you have selected. The payment service provider is responsible for your payment data. You can obtain information, in particular about the payment service providers' data controller and the categories of personal data that the payment service providers process, at the Internet addresses listed below: https://www.klarna.com/sofort/datenschutz (in German only) 7. Plausible Analytics This Internet presence uses Plausible Analytics, a web analytics service from OÜ Plausible Insights, Västriku tn 2, Tartu 50403, Estonia ("Plausible"). Scope and purpose This service is used to analyze and regularly improve the use of our Internet presence. For this purpose, the date and time of your visit, title and URL of the pages visited, incoming links, the country you are in and the user agent for your browser software are collected.

All personal data (e.g. your IP address) is fully anonymized. Plausible does not use or store any "cookies" on your personal device. For more information on the purpose and scope of data collection and how Plausible processes it, please go to https://plausible.io/data-policy. Legal Basis The legal basis for processing your data is formed by your consent pursuant to Art. 6 (1) (1) (a) GDPR. This means that this tool is only used after you have granted your consent. Consent/withdrawal You can grant your consent "Cookie Notice" (Link). You have the right to withdraw your consent at any time. Withdrawing your consent does not affect the lawfulness of any processing performed based on the consent you granted until withdrawal took place. You can withdraw your consent at any time under "Cookie Notice" (Link). 8. Retention period for personal data The storage period for personal data depends on the respective statutory retention period (e.g. retention periods under commercial and tax law). When the legal retention periods have expired, we delete the corresponding personal data as long as and insofar as the personal data is not required for fulfilling or initiating a contract or we no longer have a legitimate interest in storing it. 9. Disclosure of data in other cases 9.1. In some cases, we use external service providers, such as hosting service providers, to process your data and stage this Internet presence. These have been carefully selected and contracted by us, are bound by our instructions and are regularly audited. The legal basis for this is formed by Art. 28 GDPR. 9.2. We will only disclose your personal data to third parties in the following cases: ● If you have granted us your express consent to do so pursuant to Art. 6 (1) (1) (a) GDPR, or, ● If there is a legal obligation to pass on the data pursuant to Art. 6 (1) (1) (c) GDPR, e.g. in the context of criminal proceedings or in the event of a criminal offence. e.g. in the context of criminal prosecution or ● If disclosure is necessary under Article 6 (1) (1) (f) for the purpose of asserting or defending legal claims or exercising rights, and it cannot be assumed that disclosure is contrary to an overriding interest of the data subject that merits protection.