Privacy Policy

Privacy and data security are of utmost priority for Yatego. Therefore, please read the following privacy policy carefully.

The responsible party according to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is:

Yatego GmbH
Schwenninger Straße 20
78052 Villingen-Schwenningen
Fax: +49 (0)7721 402 907-11

1. Basic Information on Data Processing and Legal Bases

1.1. This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within our online offer and the associated websites, functions, and content (hereinafter collectively referred to as “online offer” or “website”). The privacy policy applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) on which the online offer is executed.

1.2. The terms used, such as “personal data” or their “processing,” refer to the definitions in Art. 4 of the GDPR.

1.3. The personal data of users processed within the framework of this online offer includes inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of clerks, payment information), usage data (e.g., the pages of our online offer visited, interest in our products), and content data (e.g., entries in the contact form).

1.4. The term “user” includes all categories of persons affected by data processing. These include our business partners, customers, prospects, and other visitors to our online offer. The terms used, such as “user,” are to be understood gender-neutral.

1.5. We process users’ personal data only in compliance with the relevant data protection regulations. This means that users’ data is only processed if there is a legal permission. That is, especially if the data processing is necessary or legally required for the provision of our contractual services (e.g., processing of orders) and online services, or is required by law, or if consent has been obtained, as well as due to our legitimate interests (i.e., interest in the analysis, optimization, and economic operation and security of our online offer in the sense of Art. 6 para. 1 lit. f. GDPR, especially in the measurement of reach, creation of profiles for advertising and marketing purposes, collection of access data, and use of third-party services).

1.6. We note that the legal basis of the consents is Art. 6 para. 1 lit. a. and Art. 7 GDPR, the legal basis for processing for the fulfillment of our services and carrying out contractual measures is Art. 6 para. 1 lit. b. GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c. GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f. GDPR.

2. Security Measures

2.1. We implement organizational, contractual, and technical security measures according to the state of the art, to ensure compliance with data protection laws and thus protect the data we process from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.

2.2. To ensure maximum security, Yatego’s servers are located in a German data center, the “Telemaxx Data Center” in Karlsruhe. The connection between your computer and our servers is secured with 256-bit SSL encryption. This is the same standard trusted by banks for online banking and payment service providers for credit card transactions.

3. Transfer of Data to Third Parties and Third-Party Providers

3.1. Data transfer to third parties occurs only within the scope of legal regulations. We only transfer users’ data to third parties if this is necessary for contractual purposes based on Art. 6 Para. 1 lit. b) GDPR, or on the basis of legitimate interests according to Art. 6 Para. 1 lit. f. GDPR in the economic and effective operation of our business.

3.2. For contract fulfillment, we also transfer data to Yatego merchant shops and to the shipping company responsible for delivery, as far as this is necessary for the delivery of ordered goods. For payment processing, we transfer the necessary payment data to the payment service provider responsible for the payment, or to the payment service selected by the user in the ordering process, see “9. Use of Payment Service Providers (Payment Services)”.

3.3. If we employ subcontractors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to protect personal data in accordance with the relevant legal regulations.

3.4. If, within the scope of this privacy policy, content, tools, or other means from other providers (hereinafter collectively referred to as “third-party providers”) are used and their named headquarters are located in a third country, it is to be assumed that a data transfer to the states of the third-party providers takes place. Third countries are countries where the GDPR is not a directly applicable law, i.e., generally countries outside the EU or the European Economic Area. The transmission of data to third countries occurs either if an adequate level of data protection, user consent, or other legal permission is available.

4. Performance of Contractual Services

4.1. As the operator of the Yatego marketplace and as a technical service provider for the Yatego merchant shops, we collect personal data when users provide it to us in the context of their order, when contacting us or a connected merchant shop (e.g., via contact form or email), or when opening a user account. The data collected (such as name, address, email, birth date) is evident from the respective input forms. We collect, store, and process the data for the processing of a purchase, including any subsequent warranty claims and the assertion of any claims against the user, for our service services, technical administration, and, if applicable, our own marketing purposes.

4.2. Users can optionally create a user account to view their orders, among other things. During the registration process, the required mandatory information is communicated to the users. User accounts are not public and cannot be indexed by search engines. When users have terminated their user account, their data with respect to the user account will be deleted, subject to their retention being necessary for commercial or tax reasons according to Art. 6 Para. 1 lit. c GDPR. It is the users’ responsibility to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the contract period.

4.3. As part of the registration and renewed logins and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A transfer of these data to third parties does not generally take place unless it is required to pursue our claims or there is a legal obligation in accordance with Art. 6 Para. 1 lit. c GDPR.

4.4. We process usage data (e.g., the visited web pages of our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, to show the user e.g., product notes based on their previously used services.

4.5. When setting up a Yatego merchant shop, we collect and store data for the fulfillment of the contract according to Art. 6 lit. b GDPR. Mandatory information necessary for the processing of the contract is marked accordingly, other information is voluntary.

5. Contacting Us

5.1. When contacting us or one of the Yatego merchant shops connected to us (via contact form or email), users’ details are processed for the processing of the contact request and its handling according to Art. 6 Para. 1 lit. b) GDPR.

5.2. Users’ details may be stored in our Customer Relationship Management System (“CRM System”) or comparable request organization.

6. Comments and Contributions

6.1. When users leave comments or other contributions, their IP addresses are stored for seven days based on our legitimate interests as defined in Art. 6 Para. 1 lit. f. GDPR.

6.2. This is for our security, in case someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In such cases, we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author.

7. Collection of Access Data and Log Files

7.1. Based on our legitimate interests as defined in Art. 6 Para. 1 lit. f. GDPR, we collect data on every access to the server hosting this service (so-called server log files). Access data includes the name of the retrieved website, file, date and time of retrieval, transferred data volume, report of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

7.2. Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum period of seven days and then deleted. Data whose further retention is required for evidentiary purposes are exempted from deletion until the final clarification of the incident.

8. Cookies & Reach Measurement

8.1. Cookies are information that is transferred from our web server or third-party web servers to the users’ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.

8.2. We use “session cookies”, which are only stored for the duration of the current visit to our online presence (e.g., to enable the storage of your login status or the shopping cart function and thus the use of our online offer in the first place). A session cookie stores a randomly generated unique identification number, a so-called session ID. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and, for example, log out or close the browser.

8.3. Users are informed about the use of cookies in the context of pseudonymous reach measurement within the scope of this privacy policy.

8.4. If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. Excluding cookies can lead to functional limitations of this online offer.

8.5. You can object to the use of cookies that serve reach measurement and advertising purposes via the opt-out page of the Network Advertising Initiative (, and additionally the US website ( or the European website (

9. Use of Payment Service Providers (Payment Services)

9.1. Credit Card, Direct Debit

If you choose a payment method offered by the payment service provider “Stripe”, the payment processing will be carried out by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will pass on your information provided during the ordering process together with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) according to Art. 6 Para. 1 lit. b GDPR. The transfer of your data is solely for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information on Stripe’s data protection can be found at the following internet address:

9.2. PayPal

When paying via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”) for the purpose of payment processing according to Art. 6 Para. 1 lit. b GDPR, and only to the extent necessary. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by installments” via PayPal. For this purpose, your payment data may be passed on to credit agencies according to Art. 6 Para. 1 lit. f GDPR based on PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Further data protection information, including the used credit agencies, can be found in PayPal’s privacy policy: You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if it is necessary for contractual payment processing.


When selecting the payment method “SOFORT”, payment processing is carried out via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (“SOFORT”), to whom we pass on your information provided during the ordering process together with information about your order according to Art. 6 Para. 1 lit. b GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transfer of your data is solely for the purpose of payment processing with the payment service provider SOFORT and only to the extent necessary. Further information about the data protection regulations of SOFORT can be found at the following internet address:

10. Google Analytics

10.1. Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering as per Art. 6 Para. 1 lit. f. GDPR), we use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offering by users is usually transmitted to a Google server in the USA and stored there.

10.2. Google is certified under the Privacy Shield Agreement, providing a guarantee to comply with European data protection law (

10.3. Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offering, and to provide us with further services associated with the use of this online offering and the Internet. Pseudonymous user profiles can be created from the processed data.

10.4. We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

10.5. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and related to their use of the online offering, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: Alternatively, within browsers on mobile devices, please click the following link to set an opt-out cookie that will prevent future collection by Google Analytics within this website (this opt-out cookie works only in this browser and only for this domain; if you delete your cookies in this browser, you must click this link again): Disable Google Analytics

10.6. Further information on data usage by Google, setting and objection options can be found on Google’s websites: (“Data use by Google when you use our partners’ sites or apps”), (“Data use for advertising purposes”), (“Manage information that Google uses to show you ads”).

11. Google AdWords Conversion Tracking

This website uses the online advertising program “Google AdWords” and, as part of Google AdWords, conversion tracking. The conversion tracking cookie is set when a user clicks on an ad served by Google. These cookies are small text files stored on your computer system. These cookies lose their validity after 90 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Therefore, cookies cannot be tracked via the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics. Further information on Google’s privacy policy can be found at the following Internet address:

12. Use of Google Apps for Work

We use “Google Apps for Business” by Google, Inc. (“Google”). This involves transferring emails and files containing personal data to Google servers, which may be located outside the EU. This transfer is encrypted, the data is not shared with third parties unless legally required, and only selected Google employees have access to the servers. By contractual agreement based on EU standard contractual clauses, it is ensured that the transferred data is subject to the necessary level of data protection. For more information, please visit Google’s privacy policy can be found at

13. Newsletter

13.1. With the following information, we will inform you about the contents of our newsletter as well as the registration, dispatch, and statistical evaluation process, as well as your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.

13.2. Content of the newsletter: We send newsletters, emails, and other electronic notifications containing advertising information (hereinafter “newsletters”) only with the consent of the recipients or a legal permission. If the contents of a newsletter are specifically described during the registration process, they are decisive for the consent of the users. Our newsletters contain information about our products, offers, promotions, and our company.

13.3. Double opt-in and logging: The registration for our newsletter takes place in a so-called double opt-in procedure. This means you will receive an email asking you to confirm your registration after signing up. This confirmation is necessary so that nobody can register with email addresses that are not their own. The registrations for the newsletter are logged to be able to prove the registration process according to the legal requirements. This includes storing the registration and confirmation time, as well as the IP address. Changes to your data stored with the shipping service provider are also logged.

13.4. Shipping service provider: The newsletter is dispatched by Mapp Digital Germany GmbH, Dachauer Straße 63, 80335 Munich, Germany, hereinafter referred to as “shipping service provider”. The privacy policy of the shipping service provider can be viewed here:

13.5. Furthermore, according to its own information, the shipping service provider may use these data in pseudonymous form, i.e., without assignment to a user, to optimize or improve its own services, e.g., for technical optimization of the dispatch and the presentation of newsletters or for statistical purposes to determine from which countries the recipients come. However, the shipping service provider does not use the data of our newsletter recipients to write to them or pass the data on to third parties.

13.6. Registration data: To register for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name and salutation for personal address in the newsletter.

13.7. Statistical collection and analyses – The newsletters contain a so-called “web beacon”, i.e., a pixel-sized file that is retrieved from the server of the shipping service provider when the newsletter is opened. During this retrieval, initially technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behavior, using their locations of retrieval (which can be determined using the IP address) or access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our aim nor that of the shipping service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

13.8. The use of the shipping service provider, the performance of statistical surveys and analyses, and the logging of the registration process are based on our legitimate interests according to Art. 6 Para. 1 lit. f GDPR. Our interest is in the use of a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of the users.

13.9. Termination/Revocation – You can terminate the receipt of our newsletter at any time, i.e., revoke your consents. This also simultaneously extinguishes your consents to its dispatch by the shipping service provider and the statistical analyses. A separate revocation of the dispatch by the shipping service provider or the statistical evaluation is unfortunately not possible. A link to cancel the newsletter can be found at the end of each newsletter. If users have only registered for the newsletter and have cancelled this registration, their personal data will be deleted.

14. Integration of Services and Content of Third Parties

14.1. Within our online offer, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f GDPR), we use content or service offers from third-party providers to incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is thus required for the presentation of this content. We endeavor to use only those contents whose respective providers use the IP address solely for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, among other things, technical information about the browser and operating system, referring web pages, visit time as well as other information regarding the use of our online offer, and can also be connected with such information from other sources.

14.2. The following presentation offers an overview of third-party providers and their content, along with links to their privacy policies, which contain further information on data processing and, as mentioned here, possibilities to object (so-called opt-out):

  • If our customers use third-party payment services (e.g., PayPal, Stripe, or Sofortüberweisung), the terms and conditions and privacy notices of the respective third-party providers apply, which can be accessed within the respective websites or transaction applications.
  • External fonts from Google, Inc., (“Google Fonts”). The integration of Google Fonts is done by a server call at Google (usually in the USA). Privacy policy:, Opt-Out:
  • Email management tool, service chat, and knowledge database of the service “Freshdesk” from the third-party provider Freshworks GmbH, Alte Jakobstraße 85/86, Hof 3, Haus 6, 10179 Berlin. Privacy policy:
  • Maps of the service “Google Maps” from the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:, Opt-Out:
  • External code of the JavaScript framework “jQuery”, provided by the third-party provider jQuery Foundation,
  • We use the web analytics service Hotjar from Hotjar Ltd (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel.: +1 (855) 464-6788) on this website. This tool allows us to trace movements on our web pages (so-called heatmaps). For example, it is recognizable how far you scroll and how often you click which buttons. Thus, we gain necessary information to make our websites faster and more user-friendly. Our legitimate interest lies in the interest-oriented design of our website and marketing purposes. The legal basis is Art. 6 Para. 1 lit. a GDPR, namely your explicit consent. Areas of the website that display personal data from you or third parties are automatically hidden by Hotjar and are not analyzed. You can prevent the use of the tool Hotjar by using a “Do Not Track header”. This is a setting supported by all common browsers in current versions. If you use our website with different browsers, you must set up the “Do Not Track header” for each of these browsers/computers separately. Detailed instructions with information about your browser can be found here: Further information about Hotjar Ltd. and the Hotjar tool can be found here: https://www.hotjar.comThe data transfer is based on the EU Commission’s standard contractual clauses. Details can be found here: privacy policy of Hotjar Ltd. can be found here:

15. Facebook, Custom Audiences and Facebook Marketing Services

15.1. Within our online offer, due to our legitimate interests in analysis, optimization, and economic operation of our online offer and for these purposes, the so-called “Facebook Pixel” of the social network Facebook, which is operated by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are located in the EU, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used.

15.2. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (

15.3. With the help of the Facebook Pixel, it is possible for Facebook to determine the visitors to our online offer as a target group for the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook Pixel to display the Facebook Ads we have placed only to those Facebook users who have shown an interest in our online offer or who have certain characteristics (e.g., interests in specific topics or products determined based on the visited websites) that we transmit to Facebook (so-called „Custom Audiences“). With the help of the Facebook Pixel, we also want to ensure that our Facebook Ads correspond to the potential interest of users and do not appear annoying. With the help of the Facebook Pixel, we can further track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advertisement (so-called „Conversion“).

15.4. The Facebook Pixel is directly integrated by Facebook when calling up our web pages and can store a so-called cookie, i.e., a small file, on your device. If you subsequently log in to Facebook or visit Facebook in the logged-in state, the visit to our online offer is noted in your profile. The data collected about you is anonymous for us, so it does not provide us with any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we should transmit data to Facebook for matching purposes, this data is locally encrypted in the browser and then sent to Facebook via a secure https connection. This is done solely with the purpose of a match with the likewise encrypted data by Facebook.

15.5. The processing of data by Facebook is carried out in the context of Facebook’s Data Use Policy. Accordingly, general information on the display of Facebook Ads can be found in Facebook’s Data Use Policy: Specific information and details about the Facebook Pixel and how it works can be found in the Facebook help area:

15.6. You can object to the collection by the Facebook Pixel and the use of your data for the display of Facebook Ads. To set which types of ads are shown to you within Facebook, you can visit the page set up by Facebook and follow the instructions for settings based on usage-based advertising: The settings are platform-independent, i.e., they are applied to all devices, such as desktop computers or mobile devices.

15.7. You can also object to the use of cookies for reach measurement and advertising purposes via the opt-out page of the Network Advertising Initiative (, and additionally the US website ( or the European website (

16. User Rights

16.1. Users have the right to obtain information free of charge upon request about the personal data that we have stored about them.

16.2. In addition, users have the right to correct inaccurate data, restrict processing, and delete their personal data, if applicable, to assert their rights to data portability, and in the event of unlawful data processing, to file a complaint with the competent supervisory authority.

16.3. Similarly, users can revoke consents, generally with effect for the future.

17. Deletion of Data

17.1. The data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and there are no legal retention obligations to the contrary. If the users’ data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. That is, the data will be blocked and not processed for other purposes. This applies, for example, to data of users that must be kept for commercial or tax reasons.

17.2. According to legal requirements, the retention is for 6 years in accordance with § 257 Abs. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting documents, etc.) as well as for 10 years in accordance with § 147 Abs. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

18. Right to Object

Users can object to the future processing of their personal data in accordance with legal requirements at any time. The objection can be made particularly against processing for purposes of direct advertising.

19. Changes to the Privacy Policy

19.1. We reserve the right to change the privacy policy in order to adapt it to changed legal situations, or in the event of changes to the service or data processing. However, this only applies with regard to statements on data processing. If user consents are required or if parts of the privacy policy contain regulations of the contractual relationship with the users, changes will only be made with the consent of the users.

19.2. Users are asked to regularly inform themselves about the content of the privacy policy.