Last updated: 30 December 2025
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit atom-billard.de, contact us, or use our products and services. We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable national laws.
1. Controller (Data Controller)
atom-billard.de GmbH
Responsible: Thomas Gollowitsch
Address: Am Birkfeld 18, 86453 Dasing, Germany
Phone: +49 8205 5011593
Email: info@atom-billard.de
2. Definitions
“Personal data” means any information relating to an identified or identifiable natural person.
“Processing” means any operation performed on personal data (e.g., collection, storage, use, disclosure).
“GDPR” refers to Regulation (EU) 2016/679.
3. What Data We Collect and Why
3.1 Server Log Files (Website Access)
When you visit our website, our servers (or the servers of our hosting/IT providers) automatically collect and store log data, including:
visited page/URL, date and time of access
IP address
transferred data volume
referrer URL and requesting provider
browser and device information
Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in ensuring the secure and stable operation of our website and improving our services).
3.2 Contacting Us (Email or Contact Form)
If you contact us by email or via the contact form, we process:
name, email address, message content
any additional information you provide voluntarily
Purpose: Responding to your inquiry, customer support, and pre-contractual communication.
Legal basis:
Art. 6(1)(b) GDPR (pre-contractual steps or contract performance), or
Art. 6(1)(f) GDPR (legitimate interests in handling inquiries) when not relating to a contract.
You have the right to object to processing under Art. 6(1)(f) GDPR for reasons relating to your particular situation.
We use your email address only to process your request. Data are deleted in accordance with legal retention periods unless you consent to further use.
3.3 Customer Account
If you open a customer account, we process the personal data you provide to manage your account and simplify the ordering process.
Legal basis: Art. 6(1)(a) GDPR (your consent).
You may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. Upon withdrawal, your account will be deleted.
3.4 Orders (Purchase & Fulfilment)
For orders, we process personal data necessary to fulfill and manage your purchase and respond to related inquiries.
Purpose: Contract performance and order handling.
Legal basis: Art. 6(1)(b) GDPR.
Data sharing: We may share relevant data with shipping companies, dropshipping/fulfilment providers, payment services, order processing services, and IT service providers. We limit data sharing to the minimum necessary and comply with legal requirements.
3.5 Newsletter (Brevo / Sendinblue)
If you subscribe to our newsletter, we process your email address (and any optional data you provide) to send information and offers.
We use Brevo (Sendinblue GmbH) as our processor for newsletter delivery and analytics. Our newsletters may include a tracking pixel or tracking links to measure opens and clicks. The data collected may include IP address, browser/device information, and time of opening. Pseudonymous usage profiles may be created; these are not used to identify you personally.
Legal basis: Art. 6(1)(a) GDPR (your consent).
You can unsubscribe at any time via the link in each newsletter or by contacting us. We may store your email in a suppression list (blacklist) to prevent future mailings — legal basis: Art. 6(1)(f) GDPR (legitimate interest in honoring opt-outs).
More information: https://www.brevo.com/de/legal/privacypolicy/
3.6 Payment Services (PayPal)
We offer PayPal Express and PayPal Check-Out (including card payments via PayPal, direct debit via PayPal, “Pay Later” via PayPal).
Purpose: Execute payment and contractual obligations.
Legal bases:
For certain payment methods, PayPal may conduct credit checks using recognized mathematical-statistical procedures and external agencies. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in fraud prevention when PayPal or partners advance payments). You may object for reasons relating to your situation by contacting PayPal.
More information: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
PayPal entity: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg.
3.7 External ERP / Order Processing (JTL)
For contract processing we use an external ERP system provided by:
JTL-Software-GmbH, Rheinstr. 7, 41836 Hückelhoven, Germany.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
4. Cookies and Consent Management
4.1 Cookies
We use cookies and similar technologies to provide essential site functionality and, where consented, for analytics and advertising.
You can control cookies through your browser settings and delete them at any time. Disabling certain cookies may affect website functionality.
Instructions for major browsers:
Legal bases:
4.2 Consentmanager (CMP)
We use Consentmanager AB (Håltegelvägen 1b, 72348 Västerås, Sweden) to manage consent for cookies and trackers.
Purpose: Obtain and document consent to meet legal obligations.
Data processed may include: date/time, browser/device data, anonymized IP, opt-in/opt-out events.
Legal basis: Art. 6(1)(c) GDPR (legal obligation).
More information: https://www.consentmanager.net/privacy.php
5. Analytics and Advertising
5.1 Google Analytics 4
We use Google Analytics 4 (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for website analytics, marketing and performance insights. IP addresses are shortened within the EU/EEA. Data may be combined with other Google data (e.g., search history, accounts, multi-device usage).
Legal basis: Art. 6(1)(a) GDPR (your consent).
Transfers to the USA may occur under the EU-U.S. Data Privacy Framework (DPF); Google is certified under DPF.
More info:
5.2 Matomo (Cloud)
We use Matomo (InnoCraft Ltd., 150 Willis St, Wellington 6011, New Zealand) to analyze website usage without cookies, using privacy-friendly fingerprinting (visitor ID rotates within 24 hours). Pseudonymous profiles may be created; not used to identify individuals. Data may be transferred to a third country with an adequacy decision.
Legal basis: Art. 6(1)(a) GDPR (your consent).
More info:
5.3 Google Ads Conversion Tracking
We use Google Ads conversion tracking to measure campaign performance. A cookie is stored when you click a Google ad; it is not used to identify you personally.
Legal basis: Art. 6(1)(a) GDPR (your consent).
Potential transfers to the USA under DPF (Google certified).
Privacy: https://www.google.com/policies/privacy/
5.4 Google AdSense
We use Google AdSense to serve interest-based ads on our website. AdSense uses cookies and may transfer data to the USA under DPF.
Legal basis: Art. 6(1)(a) GDPR (your consent).
More info:
5.5 Google Remarketing / Similar Audiences
We use Google Remarketing to show ads aligned with visitor interests across the Google Display Network. Cookies track anonymous usage; no storage of personally identifying visitor data.
Legal basis: Art. 6(1)(a) GDPR (your consent).
More info: https://www.google.com/privacy/ads/
6. Tag Management, Maps, Video, Fonts
6.1 Google Tag Manager
We use Google Tag Manager (Google Ireland Limited) to manage tags for analytics and marketing tools. Tag Manager itself does not store cookies, but may trigger tags that process personal data.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in efficient website management).
6.2 Google Maps
We embed Google Maps to visualize locations. When loading Maps, Google may process visitor data and transfer data to the USA under DPF.
Legal basis: Art. 6(1)(a) GDPR (your consent).
Privacy: https://www.google.com/privacypolicy.html
6.3 YouTube (Enhanced Privacy Mode)
We embed videos from YouTube (Google Ireland Limited) using “Enhanced Privacy Mode”. No information is stored by YouTube until you play a video. Playing a video may transfer data to the USA under DPF.
Legal basis: Art. 6(1)(a) GDPR (your consent).
Privacy: https://www.youtube.com/t/privacy
6.4 Google Fonts
We use Google Fonts to provide consistent typography. Loading fonts connects to Google servers; browser and IP information may be processed and transferred to the USA under DPF.
Legal basis: Art. 6(1)(a) GDPR (your consent).
More info:
7. Data Recipients and International Transfers
We share personal data only as necessary for the purposes stated above with:
hosting/IT providers, analytics and advertising partners (where consented)
shipping, fulfilment, ERP and order-processing providers
payment service providers (e.g., PayPal)
newsletter services (Brevo / Sendinblue)
Where data is transferred outside the EU/EEA, we rely on appropriate safeguards such as adequacy decisions (e.g., EU-U.S. DPF), Standard Contractual Clauses (SCCs), or other GDPR-compliant mechanisms.
8. Retention Periods
We store personal data only as long as necessary for the purposes described:
Contract data: retained for the duration of the warranty and thereafter according to statutory retention periods (especially tax and commercial law).
Inquiry data: deleted after handling your request unless you consent to further processing or statutory retention applies.
Consent records: retained to demonstrate compliance with legal obligations.
9. Your Rights as a Data Subject
Under Articles 15–20 GDPR, you have the rights to:
Access your personal data
Rectification of inaccurate data
Erasure (“right to be forgotten”)
Restriction of processing
Data portability
You also have the right to object under Art. 21(1) GDPR to processing based on Art. 6(1)(f) GDPR (legitimate interests), and to object to processing for direct marketing at any time.
To exercise your rights, please contact us at info@atom-billard.de.
10. Complaints to a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR).
Our competent authority:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
Tel: +49 981 1800930
Fax: +49 981 180093800
Email: poststelle@lda.bayern.de
11. Legal Bases Overview
Art. 6(1)(a) GDPR – consent (e.g., newsletter, analytics, ads, maps, YouTube, fonts)
Art. 6(1)(b) GDPR – contract performance (orders, payments, ERP)
Art. 6(1)(c) GDPR – legal obligation (consent documentation via CMP)
Art. 6(1)(f) GDPR – legitimate interests (site security/stability, essential cookies, tag management, honoring unsubscribes, offering multiple payment methods)
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our processing activities or legal requirements. The current version will always be available on this page.
Optional Add‑Ons (tell me if you want these sections included):
Data Processing Agreements (DPAs) summary
Exact cookie list with names, providers, durations, and purposes
Records of Processing Activities (ROPA) reference
Children’s data statement (if relevant)
