Data protection

We take privacy seriously.

Your trust is important to us, which is why we protect your privacy when processing personal data. So that you can get an overview of our data protection declaration, we explain below how your personal data is processed and protected.

I. Responsible

The Internet portal www.coverest.com is managed by the

SunWay Europe GmbH,
Wrangelstraße 100
10997 Berlin
(hereinafter SunWay“, we” or us"), operated.

SunWay is responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

You can also contact our data protection officer at any time for any questions on the subject of data protection. He can be reached at the following contact details:

Frau Shana Surdo
Wrangelstraße
10997 Berlin
Email: shana@sunwayeurope.com

II. No disclosure of your personal data

SunWay remains responsible for your personal data at all times. Your data will only be passed on if necessary for our service and only on the basis of legal permission:
• if you have consented to the transmission of your data in accordance with Article 6 (1) (a) GDPR,
• if this is necessary to fulfill the contract in accordance with Art. 6 Para. 1 lit. b GDPR (this includes, for example, data transmissions to payment and logistics service providers, transport companies and suppliers if they supply you directly), or
• if this is necessary to fulfill a legal obligation pursuant to Article 6 (1) (c) GDPR, or
• due to our legitimate interest or the legitimate interest of a third party in accordance with Art. 6 Para. 1 lit. f GDPR (this includes, for example, data transmissions in the context of the assignment of claims or to credit agencies for the purpose of credit assessments).

III. General information

1. Personal Data

Personal data is data about you. In particular, we process the following personal data (“collectively: “data”):
• Your name, address, e-mail address, gender, telephone number, your encrypted customer account password and, if applicable, your date of birth,
• Your order details, the products you have purchased, the services you have used, payment information, your preferences in relation to product types,
• Your data, which arise when using our online offer,
• Data that we receive from our service providers in certain cases (e.g. from credit agencies or payment service providers)
• Information regarding the first interactions on our website (e.g. the date of your first registration)
• Data of your behavior in connection with surfing on our website (e.g. clicking on a product)
• Data of your behavior in connection with actions in our newsletter (e.g. clicking on a link in the newsletter)
• Login data (date and time when you logged into our website)

2. Purposes of Processing

We only process your data if you have given your consent (Art. 6 Para. 1 lit. a) GDPR), we have a legitimate interest in the processing (Art. 6 Para. 1 lit. f GDPR), we use it for the Fulfillment of the contract with you according to Art. 6 Para. 1 b) DSGVO, or this is necessary to fulfill a legal obligation (Art. 6 Para. 1 lit. c DSGVO) in order to offer you the best possible shopping experience on our website .

Specifically, this means that we process personal data in the following cases:
• when you visit our website (Section IV),
• if you set up a user account with us (Section V.)
• if you order from us (Section VI).
• for contacting us (Section VII),
• for advertising purposes (Section VIII),
• if we use cookies (Section IX)

If we also want to collect and process data from you, we will inform you of this separately, including the explanation of the legal basis, before the collection and processing and, if necessary, obtain your consent.

At no time do we process special categories of personal data (e.g. health data).

3. Duration of Storage & Deletion

In principle, we only store your data for as long as is necessary for the respective purpose of processing, as required by law (e.g. under commercial and tax law) or until you inform us that your customer account should be deleted.

Your customer data (first name, last name, middle name, name changes, postal address) will remain stored with us as long as there is an active member account or you ask for this data to be deleted beforehand.

We store your order data, invoices and related information for ten years, as required by law.

Data of your behavior in connection with surfing on our website (e.g. clicking on a product), data of your behavior in connection with actions in our newsletter (e.g. clicking on a link in the newsletter) as well as login data (date and time, when you have logged in to our website) we store it for up to 25 months after it has been collected in order to improve your shopping experience. The data collected is then anonymized in such a way that it can no longer be assigned to you as a person.

IV. Data processing when visiting our website

When you visit our website, the provider of our website collects and stores the following information in so-called server log files, which your browser automatically transmits to us:

• the IP address of your internet service provider,
• the website from which you visit us and the websites you visit on our site
• Information about the browser used and the operating system
• If applicable, your e-mail address that you use to register on our website
• Identification numbers that we store on your end device. We can use this identification number to recognize your end device on the website. Technically, these identification numbers are stored in so-called cookies or eTags.

This information is absolutely necessary for the technical transmission of the website and secure server operation. When you visit our website, we assign you an individual customer ID, which we only merge with your e-mail address for forensic reasons if an error occurs on the website. The server log files are stored for 365 days and then deleted.

The processing takes place in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

V. Data processing when setting up a user account

To set up your personal user account, we need an e-mail address and a password that you have chosen. The e-mail address serves as the access code for the user account. After successful registration you will automatically receive a confirmation by e-mail. In addition, you can store your personal information in your user account and thus conveniently shop on our website. The information can be updated at any time in the personal area of the user account ("My Account"). We use this data, among other things, to process orders, to offer payment options and to process payments and any refunds.

We would like to make your visit to our website as pleasant as possible by means of the "Stay logged in" function. This feature allows you to use our services without having to log in again each time. Technically, a cookie is stored on your end device, which is used so that you do not have to log in again on subsequent visits to our website. This function is not available to you if you have deactivated this cookie when you set your cookie settings or if you have deleted the cookie in your browser settings after you have logged out of our website. We also recommend that you do not use the "keep me signed in" feature if the computer is used by multiple users. The legal basis for the associated data processing is Art. 6 Para. 1 b) GDPR (performance of contract).

VI. Data processing to process your order

If you order something from us, the processing of your data serves to conclude and execute the contract and to process your order, including payment and delivery. We delete your personal data processed in the context of orders at the latest after the statutory storage obligations have expired.

1. Choice of payment method

After choosing the payment method, you will be asked for the data required for using the respective payment service provider. This payment information is forwarded directly to the respective payment service provider and is not stored by us. We store the data you provide for the billing and (possibly different) delivery address in your user account so that you do not have to enter them again the next time you make a purchase. You can change this data at any time for the future.

If you do not agree with the payment method(s) offered to you, you can inform us in writing by email service@coverest.comcommunicate. We will then review the decision again, taking into account their point of view.

2. Credit card payment

In the case of a credit card payment, we receive the so-called payment ID and the last four digits of your credit card number from our payment provider. This serves us to authenticate and assign your order and thus for your security. The personal data required to carry out the payment is collected directly by the payment service provider. The legal basis for the above data processing is Art. 6 Para. 1 b) GDPR (performance of contract for the implementation and processing of contracts) and Art. 6 Para. 1 f) GDPR (weighing of interests, based on our interest in offering you a secure credit card payment option).

3. Purchase on account

In order to be able to offer you purchase on account, you will be asked in the ordering process to agree to the transmission of the data required for processing the payment and an identity and credit check to Billpay GmbH. If you give your consent, your data (first and last name, street, house number, postal code, city, date of birth, telephone number) and the data in connection with your order will be transmitted to Billpay GmbH.

For the purpose of their own identity and creditworthiness check, Billpay GmbH or partner companies commissioned by Billpay GmbH transmit data to credit agencies (credit agencies) and receive information and, if necessary, creditworthiness information from them on the basis of mathematical-statistical processes, the calculation of which includes address data, among other things. Detailed information on this and the credit agencies used can be found in the data protection regulations of Billpay GmbH: https://www.billpay.de/de/datenschutz-de/ refer to.

Furthermore, Billpay GmbH may use third-party tools to detect and prevent fraud. Data obtained with these tools may be stored in encrypted form by third parties so that they can only be read by Billpay GmbH. This data will only be used if you select the payment method purchase on account, otherwise the data will automatically expire after 30 minutes.

The legal basis for the credit check described above is Art. 6 Para. 1 f) GDPR (balancing of interests, based on SunWay’s interest in not suffering payment defaults).

Reasons why a purchase on account cannot be offered may be, among other things, that the delivery and billing address are different, a Packstation or a parcel depot was specified as the billing and/or delivery address, or there are payment difficulties with previous orders.

4. PayPal

If you choose the "PayPal" payment method, your personal data (first and last name, delivery address, e-mail address, telephone number, the amount to be paid and the IP address) will be sent to Paypal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, so that you can authorize the payment to us via PayPal. You need a PayPal account for this. With this payment method, you can pay with one click without having to log in to PayPal with all your data every time you make a purchase. The legal basis for this is Art. 6 (1) 1 lit. b GDPR.

PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. The legal basis for the associated data processing is Article 6 Paragraph 1 Letter b GDPR, i.e. the processing of your data is required to fulfill the agreement on paying for your purchase via PayPal. The data transmitted to PayPal may be transmitted by PayPal to credit agencies. This transmission serves to check identity and creditworthiness. You can find more information about data protection at PayPal on the PayPal website at https://www.paypal.com/de/webapps/mpp/ua/privacy-full. The legal basis for the associated data processing is Art. 6 Para. 1 lit. f GDPR (balancing of interests, based on our interest in offering you effective and secure payment options and preventing fraud in this context).

5. Sofortüberweisung

Payments by immediate transfer are made via Payment Network AG, Fußbergstr. 1, 82131 Gauting (entered in the commercial register of the district court of Munich under HRB 161963, board of directors: Christoph Klein, Dr. Jens Lütcke, Georg Schardt).

6. Direct Debit

If you choose the SEPA direct debit payment method, you will be asked to send us your account number and sort code or your IBAN and BIC. By submitting this data, you give SunWay a SEPA mandate to collect the corresponding invoice amount from the account you specified. You can revoke the SEPA mandate at any time in text form (e.g. email). The direct debit amount will be collected from five (5) working days after completing the order process. With the order confirmation, we will inform you once again about the time at which the direct debit amount will be debited (advance information). The deadline for providing advance notice before debiting is reduced to five (5) business days. You must reimburse SunWay for the costs of a chargeback that arise due to insufficient funds in the account, incorrect bank details or an unjustified objection to the debit on your part, insofar as you are responsible for them.

7. Securing Your Order

In order to avoid payment defaults, we check common fraud patterns and abnormalities. For this purpose, order and payment data (e.g. address, article, payment method) and device information (e.g. device, browser) are processed. The legal basis is Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in protection against misuse.

Further information on the payment methods offered can be found in our General Terms and Conditions (GTC).

VII. Data processing when contacting us

You have various options for contacting us. You can use our customer service:
• by telephone,
• by mail,
• by E-Mail,
• via contact form, or

In order to be able to process your request, we collect your name, your e-mail address, your telephone number, your customer, order and article number, as well as the other information that you transmit to us. The legal basis for this is Art. 6 Art. 1 b) GDPR (performance of the contract - the processing of the user's data is necessary for the fulfillment of the agreement on answering the questions or concerns) or Art. 6 Para. 1 f) GDPR (balancing of interests - based on our interest in processing inquiries from users of our website).

VIII. Data processing for advertising purposes

1. Newsletter

The legal basis for sending our newsletter is your consent in accordance with Article 6 (1) (a) GDPR. We use the so-called double opt-in procedure to send the newsletter, i.e. we will only send you a newsletter by e-mail if you have previously expressly confirmed to us that we should activate the newsletter service. We will then send you a notification email and ask you to confirm that you wish to receive our newsletter by clicking on a link contained in this email. When you register for our newsletter, we save your IP address and the date of registration. This storage serves solely as proof in the event that a third party misuses your e-mail address to register you for receiving the newsletter without your knowledge or authorization. If you later no longer wish to receive newsletters from us, you can object to this at any time without incurring any costs other than the transmission costs according to the basic tariffs.

In our newsletters, we use commercially available technologies with which the interactions in the newsletter can be measured (e.g. opening of the e-mail, clicked links). We use this data for general statistical evaluations and to optimize and further develop our content and customer communication. This is done with the help of small graphics embedded in the newsletter (so-called pixels). The legal basis for this is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our newsletter is an integral part of our shopping community, through which we want to offer our customers relevant content. If you do not wish usage behavior to be analysed, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program by default.

IX. Cookies

We use cookies on our website. Cookies are small text files that are transferred from an Internet server to your browser and stored on its hard drive. There are so-called session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored on your end device for a longer period of time or indefinitely.


Depending on the selection of the cookies you want, the next time you visit the website with the same device, the information stored in the cookies will be sent to our website or to another website to which the cookie belongs. This helps us to optimally design and display our website according to your preferences.
You can use the "Cookie settings" button to determine which cookies you want to allow at any time. Basically, we distinguish between four different cookie categories:

1. Strictly Necessary Cookies

enable basic functions and are required for the proper functioning of the website. They are used, for example, to ensure that you, as a registered user, always remain logged in when accessing various subpages of our website and do not have to re-enter your login data every time you call up a new page. The legal basis for the use of absolutely necessary cookies on our website is Art. 6 Para. 1 lit f) GDPR (legitimate interest, here in the technically flawless provision of our website and the services offered via it). The use of absolutely necessary cookies is possible and permissible without your prior consent.

You can also visit our website without accepting cookies that are absolutely necessary. If you do not want your computer to be recognized on your next visit, you can also refuse the use of cookies by changing the settings in your browser to "refuse cookies". The respective procedure can be found in the operating instructions of your respective browser. However, if you refuse the use of cookies, there may be restrictions on the use of some areas of our website.

In addition, we use the following cookies, which we only use if you have given us your consent:

2. Functional Cookies

enable our website to save information that has already been provided (e.g. registered name) and to offer you improved and more personal functions. If you do not allow these cookies, some of these services may not work properly.

3. Performance Cookies

allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us answer questions about which pages are most popular, which are least used, and how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we cannot know when you have visited our website.

4. Marketing Cookies

can be set via our website by our advertising partners. They are used to collect information about the websites you visit or to present ads tailored to you. They do not store directly personally identifiable information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

5. Details of each cookie

5.1. GOOGLE RECAPTCHA

We use Google's reCAPTCHA service. A query can be made through the service, which serves to distinguish whether the input is made by a human or abusively by automated, machine processing. The query includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input will be transmitted to Google and used there. If IP anonymization is activated on this website, however, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by your browser as part of reCaptcha will not be merged with other Google data. The deviating data protection regulations of the company Google apply to this data. For more information about Google's privacy policy, visit: https://www.google.com/intl/de/policies/privacy/.

5.2. GOOGLE GOOGLEADSERVICES / GOOGLE ADWORDS CONVERSION TRACKING

Our website uses cookies for so-called "conversion tracking" when you click on an ad placed by Google. This serves to recognize whether a visitor has come across our website via a Google ad. Google uses cookies, which are stored on your computer and enable an analysis of the use of the website. If you want to learn more about these methods, click here: https://www.google.com/settings/u/0/ads/authenticated.

5.3. GOOGLE DOUBLECLICK

Doubleclick by Google is a service provided by Google that uses cookies to show you advertisements that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser in order to check which ads were displayed in your browser and which ads were viewed. The cookies do not contain any personal information. The use of DoubleClick cookies enables Google and its partner websites to place ads based on previous visits to our or other websites on the Internet. A transfer of the data by Google to third parties only takes place due to legal regulations or within the scope of order data processing. Under no circumstances will Google combine your data with other data collected by Google.

5.4. GOOGLE WEB FONTS

Google web fonts (http://www.google.com/webfonts/) used. The web fonts are transferred to the browser cache when the website is called up so that they can be used for the display. If the browser does not support Google Webfonts or prevents access, the text will be displayed in a standard font. Data that is transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. You can set your browser so that the fonts are not loaded from the Google servers (e.g. by installing add-ons such as NoScript or Ghostery for Firefox.) If your browser does not support Google Fonts or you do not have access to the Prevent Google server, the text is displayed in the system default font. Information on the data protection conditions of Google Webfonts can be found at: https://developers.google.com/fonts/faq#Privacy.

5.5. GOOGLE ANALYTICS WITH ANONYMOUS FUNCTION

We use cookies from Google Analytics, a web analysis service from Google, on our website. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices. Google Analytics uses cookies, which enable an analysis of your use of the website. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. We would like to point out that on this website Google Analytics has been expanded to include IP anonymization in order to ensure that IP addresses are recorded anonymously (so-called IP masking). The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can find more information on the terms of use and data protection under https://policies.google.com/. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The legal basis for the use of Google Analytics is your consent in accordance with Article 6 Paragraph 1 Letter a) GDPR. The recipient of the collected data is Google. The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month. As with all cookies, you can revoke your consent at any time, see Section XI. In addition, you can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google https://tools.google.com/dlpage/gaoptout to install. Opt-out cookies prevent future collection of your data when you visit this website. To prevent Google Analytics from collecting data across different devices, you must opt out on all systems used.

5.6. GOOGLE REMARKETING

This website uses Google's remarketing function. The function is used to present interest-based advertisements to website visitors within the Google advertising network. The technology enables us to place automatically generated, target group-oriented advertising after your visit to our website. The advertisements are based on the products and services that you clicked on when you last visited our website. Google usually stores information such as your web request, IP address, browser type, browser language, and the date and time of your request. This information is used to associate the web browser on a specific computer. On the pages of the Google advertising network, the visitor can then be presented with advertisements that refer to content that the visitor has previously accessed on websites that use Google's remarketing function. If you are under https://www.google.com/settings/u/0/ads/authenticated If you have consented to the use of Google linking your browser history to your Google account and using information from your Google account to personalize ads, the remarketing function also works across devices. Your Google ID is collected by Google and used for the purpose of cross-device recognition. According to its own statements, Google does not collect any personal data during this process. For more information on how Google uses cookies, see Google's privacy policy.

5.7. GOOGLE ANALYTICS (GA) AUDIENCE

Our website uses GA Audience, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: GA Audience). GA Audience uses cookies, among other things, which are stored on your computer and other mobile devices (e.g. smartphones, tablets, etc.) and which enable an analysis of the use of the corresponding devices. Some of the data is evaluated across devices. Google Audience receives access to the cookies created as part of the use of Google Adwords and Google Analytics. Further information on data protection when using GA Audience can be found under the following link: https://support.google.com/analytics/answer/2700409?hl=en&ref_topic=2611283.

X. Secure data transmission and data security

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted during transmission. This means that your data cannot be misused by third parties. Our security precautions are subject to a constant improvement process and our data protection declarations are constantly being revised.

XI. Your rights

You have the right to information, correction, deletion or restriction of the processing of your stored data at any time, a right to object to the processing and a right to data portability and a right to lodge a complaint in accordance with the requirements of data protection law.

• Right to information
You can request information from us as to whether and to what extent we process your data.

• Right to Rectification
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

• Right to Erasure
You can request us to delete your data if we are processing it unlawfully or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of statutory retention requirements. Irrespective of whether you exercise your right to deletion, we will delete your data immediately and completely, provided that there is no legal or legal obligation to retain it.

• Right to restriction of processing
You can ask us to restrict the processing of your data if
- you dispute the accuracy of the data, for a period that enables us to verify the accuracy of the data.
- the processing of the data is unlawful, but you refuse to delete it and instead request a restriction of data use,
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- you have objected to the processing of the data.

• Right to data portability
You can request that we provide you with the data that you have provided to us in a structured, common and machine-readable format and that you can transmit this data to another person responsible without hindrance from us, provided that - we use this data on the basis of revocable consent given by you or for the performance of a contract between us, and - this processing is carried out using automated procedures. If it is technically feasible, you can request that we transfer your data directly to another person in charge.

• Right to object
If we process your data out of legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

• Right to Complain
If you are of the opinion that we are violating German or European data protection law when processing your data, we ask you to contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert one of the rights mentioned against us, please contact our data protection officer. If in doubt, we may request additional information to confirm your identity.

XII. CHANGES TO THIS PRIVACY STATEMENT

We reserve the right to change our privacy policy if this should be necessary due to new technologies. If fundamental changes are made to this data protection declaration, we will announce them on our website.

Status: February 2022