Privacy policy

Privacy Policy
Glow Fire GmbH, Lilienthalstr. 10, 15344 Strausberg, email: kontakt@glow-fire.com (hereinafter: "Glow Fire") takes the protection of personal data very seriously. The following statement informs you about which personal data we collect and how we process and use it.
 
Controller
The controller responsible for the collection, processing, and use of your personal data is Glow Fire GmbH, Lilienthalstr. 10, 15344 Strausberg. Unless already permitted by statutory provisions, we collect, process, and use personal data only with your consent.
 
Customer account
We collect and process your personal data for the establishment, performance, and handling of the contract concluded with you. If you register with us, we will set up a password-protected customer account for you. Your master data will be stored there. This includes in particular:
• First and last name
• Billing and delivery address
• Email address
• Telephone number (if provided)
• Payment information
• Order history
You can use your customer account to view completed, open, or recently shipped orders, as well as manage your address and payment details.
Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR (performance of a contract).
You are obliged to keep your login credentials confidential and protect them against access by unauthorized third parties. We do not accept liability for passwords used improperly unless this is due to fault on our part

Contact regarding incomplete orders
If an order process started by you is not completed, we reserve the right to contact you by telephone or email. This contact is solely for the purpose of:
• identifying technical problems,
• ensuring the functionality of our website,
• clarifying possible errors in cooperation with payment providers.
For this purpose, we use only the contact details you entered during the ordering process. The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in ensuring an uninterrupted ordering process and optimizing our technical systems.

Order processing
To process an order, we require the following data:
• Your name
• Your billing and delivery address
• Payment data
• Your email address
We use your email address to confirm receipt of your order, to confirm shipment, and for further communication related to contract processing. The legal basis for processing is Art. 6 para. 1 lit. b GDPR

Newsletter
We inform you about news (products, services, and certain events from our range of services and the services offered by our corporate group) by email. You may also receive emails from us as part of customer surveys.
To send a newsletter, we use the so-called double opt-in procedure, i.e. we will only send you a newsletter by email once you have expressly confirmed in advance that we should activate the newsletter service. We will then send you a notification email and ask you to confirm, by clicking a link contained in that email, that you wish to receive our newsletter.
If you no longer wish to receive newsletters from us later on, you can object at any time. Of course, every newsletter also contains an unsubscribe link.
 
Disclosure of data
We use the data you provide to fulfill and process your order. For contract performance, we pass your data on to:
• the shipping company commissioned with the delivery,
• the credit institution commissioned with payment processing,
• payment providers commissioned by us,
• the payment service provider selected by you during the ordering process.
In addition, we work with:
• credit card companies
• banks
• BillPay
• PayPal
• mobile communications services
• debt collection agencies
• IT service providers (data centres, hosting providers, backup services, database services)
• analytics and marketing service providers (e.g. Google, Facebook)
These service providers receive access to personal data only to the extent necessary to perform their respective tasks. Where required, data processing agreements pursuant to Art. 28 GDPR are in place.
 
In the event that Glow Fire, companies controlled by Glow Fire, individual subsidiaries, or parts of the business are sold, your customer information will generally be transferred together with the part of the business to be transferred. However, your data will of course remain subject in this case as well to this privacy policy and the applicable data protection laws.
 
Cooperation with Trusted Shops
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and any collected reviews, as well as to offer Trusted Shops products to buyers after an order.
 
This serves to safeguard our overriding legitimate interests in the optimal marketing of our offer as part of a balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
 
When the Trustbadge is called up, the web server automatically stores a so-called server log file, which contains, for example, your IP address, date and time of retrieval, amount of data transferred, and the requesting provider (access data), and documents the retrieval. This access data is not evaluated and is automatically overwritten no later than seven days after the end of your visit to the site.
 
Further personal data is transmitted to Trusted Shops only if you have consented to this, decide after completing an order to use Trusted Shops products, or have already registered for such use. In this case, the contractual agreement concluded between you and Trusted Shops applies.
 
Cooperation with payment service providers
If you choose one of the payment options offered by our partner Billpay GmbH, you will be asked during the ordering process to consent to the transfer of the data required for payment processing and for an identity and credit check to Billpay. If you give your consent, your data (first and last name, street, house number, postal code, city, date of birth, telephone number and, in the case of purchase by direct debit, the bank account details provided) as well as the data relating to your order will be transmitted to Billpay.

For the purpose of its own identity and credit check, Billpay or partner companies commissioned by Billpay transmit data to credit agencies and receive information from them as well as, where applicable, creditworthiness information based on mathematical-statistical procedures, into the calculation of which address data is included, among other things. Detailed information on this and on the credit agencies used can be found in the privacy policy of Billpay GmbH at https://www.billpay.de/allgemein/datenschutz/. In addition, Billpay may use third-party tools to detect and prevent fraud. Data obtained with these tools may be stored in encrypted form by third parties so that it can only be read by Billpay. This data is used only if you select a payment method of our cooperation partner Billpay; otherwise, the data expires automatically after 30 minutes.
 
If you choose one of the payment options offered by our partner PayPal (Europe) S.à r.l. et Cie, S.C.A. ("PayPal"), you will be redirected to the PayPal payment window during the ordering process. After logging into your customer account, PayPal accesses your account. Your payment data is sent to the bank stored with PayPal so that your account is charged directly. We then receive confirmation of payment. Payment via PayPal is a direct service of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Contact options for PayPal can be found at https://www.paypal.com/de/webapps/mpp/imprint. Information on data protection at PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-prev?locale.x=de_DE.
 
If you choose one of the payment options offered by our partner. ("AmazonPay"), you will be redirected to the Amazon login window during the ordering process. After logging into your customer account, your account will be accessed and the data stored there will be transmitted to Kaminlicht for payment and order processing.
 
Payment by credit card is a direct service of Skrill Ltd, Floor 27, 25 Canada Quare, London, E14 5LQ ("Skrill"). Contact options for Skrill can be found at https://www.skrill.com/de/siteinformation/ueber-uns/. Information on data protection at Skrill can be found at https://www.skrill.com/de/fusszeile/datenschutzbestimmungen/.

Customer service and support - use of Zendesk
We use the Zendesk ticketing system, a service provided by Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA, to process customer inquiries. If you contact us by email, contact form, telephone, or in any other way, your details will be stored and processed in our Zendesk system. In particular, the following data may be processed:
• Name
• Email address
• Telephone number
• Order information
• Content of your inquiry
• Communication history
• Technical metadata (e.g. IP address, timestamp)
Processing is carried out for the purpose of the structured handling of customer inquiries, quality assurance, and documentation of support processes. The legal basis is:
• Art. 6 para. 1 lit. b GDPR (contractual communication)
• Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient customer support)
A data processing agreement pursuant to Art. 28 GDPR is in place with Zendesk.
Data may be transferred to third countries (e.g. USA) on the basis of the EU Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.

Disclosure and processing of personal data in connection with financing via BNP Paribas S.A. Niederlassung Deutschland
As part of the ordering process, we offer our customers the option of financing the purchase price through BNP Paribas S.A. Niederlassung Deutschland ("BANK"). If the customer opts for financing, the credit application and the conclusion of the credit agreement take place directly between the customer and the BANK using the online credit application process provided by us. The credit agreement is concluded exclusively between the customer and the BANK. To process the credit application and initiate the credit agreement, we transmit the personal data required for the application to the BANK insofar as this is necessary for processing the financing application. This may include in particular: first and last name, address, date of birth, contact details (email address, telephone number), order and shopping cart data, payment information, and, where applicable, other information requested as part of the application.
The transfer takes place exclusively for the purpose of reviewing and processing the financing.

The assessment of creditworthiness, the determination of the criteria for granting credit, and the credit decision are at the sole discretion of the BANK. The BANK is under no obligation to disclose or justify its decision to us as a partner. The BANK is entitled to change the criteria for granting credit at any time unilaterally and at its own discretion.

Insofar as we collect personal data and transmit it to the BANK as part of the online credit application process, this processing is carried out on behalf of the BANK. The purpose of this data processing - in particular through data collection and data transmission - is to
• enable the BANK to conclude and manage a loan agreement with the customer,
• support the implementation of pre-contractual measures,
• and ensure the fulfillment of the BANK's contractual, legal, and regulatory obligations.
This includes in particular:
• identification and verification of customers,
• prevention and combating of fraud,
• prevention of money laundering and terrorist financing,
• compliance with banking regulatory requirements.
The legal basis for data processing is Art. 6 para. 1 lit. b GDPR (initiation of a contract and performance of a contract) and Art. 6 para. 1 lit. c GDPR (compliance with legal obligations).

If qualified electronic signatures or legally required identification procedures are used in connection with the conclusion of the credit agreement (e.g. video identification or comparable procedures), corresponding processing of personal data may take place. This processing serves the legally effective signing of the contract as well as the legally required identity verification.

For the decision on the conclusion of the credit agreement and for the further processing of data in connection with the credit agreement, only the BANK is responsible under data protection law. Please refer to the BANK's privacy notices for further information on data processing by the BANK.

Identity and credit check / debt collection
For the initiation of business and to assess the risk of advance performance, we may obtain a credit report (probability of default) on you from EuroTreuhand Inkasso GmbH in Cologne and store it with us.
 
In the event of non-payment, it may be necessary for your data to be passed on to a debt collection service provider commissioned by us for the purpose of collecting the claim. In the area of debt collection, we work with EuroTreuhand Inkasso GmbH, Amsterdamer Straße 133B, 50735 Cologne. Information on data protection at EuroTreuhand Inkasso GmbH can be found at https://www.euro-treuhand-inkasso.de/datenschutz.html.

Shipping with DHL 2-person delivery (in-home service)
We work with DHL 2-Mann-Handling GmbH to deliver our goods. If, as part of your order, you choose delivery with in-home service (2-person handling, delivery into the home) or if this is necessary due to the nature of the goods, we transmit personal data to the commissioned shipping service provider. The data is transferred exclusively for the purpose of carrying out the delivery.

Depending on the type of order and delivery requirements, the following data in particular may be transmitted: first and last name, delivery address (including floor, door number, and, where applicable, any special accessibility details), telephone number, email address (if required for scheduling), order and shipment data, information about the goods (e.g. size, weight, special handling instructions).
The telephone number and/or email address are transmitted to the shipping service provider in particular for scheduling or announcing the delivery.

The data processing by the shipping service provider is carried out exclusively for:
• delivery of the goods
• carrying out the 2-person delivery into the home
• scheduling or delivery notification
• where applicable, coordination of special delivery conditions (e.g. restricted accessibility)
• documentation of proper handover

The legal basis for the data transfer is:
• Art. 6 para. 1 lit. b GDPR (performance of a contract), as processing is necessary for delivery of the ordered goods
• where applicable, Art. 6 para. 1 lit. f GDPR (legitimate interest), insofar as efficient and smooth delivery is ensured
Our legitimate interest lies in the proper fulfillment of the contract as well as customer-friendly and efficient logistics processing.

The shipping service provider processes the transmitted personal data exclusively for the purpose of carrying out the delivery. Insofar as the shipping service provider processes the data on our behalf, this is done on the basis of a data processing agreement pursuant to Art. 28 GDPR. If the shipping service provider independently decides on the purposes and means of processing (e.g. within the framework of statutory retention obligations), it is itself the controller within the meaning of the GDPR in this respect.

To coordinate a delivery date, the shipping service provider may contact you by telephone or email. This contact is solely for the purpose of carrying out the delivery.
Your contact details will not be used by the shipping service provider for advertising purposes beyond this.

The transmitted data will be stored by the shipping service provider only for as long as necessary to carry out the delivery and to fulfill statutory retention obligations. The provider's privacy policy can be found here: https://www.dhl.de/de/toolbar/footer/datenschutz.html.

Log files
Each time the pages of Kaminlicht are accessed, usage data is transmitted by the respective internet browser and stored in log files, known as server log files. The data records stored in this process contain the following data: date and time of access, name of the page accessed, IP address, referrer URL (origin URL from which you came to the Kaminlicht website), the amount of data transferred, as well as product and version information of the browser used. Users' IP addresses are deleted or anonymized after use has ended. We evaluate the log file records in anonymized form in order to identify sources of error and improve our offering and make it more user-friendly.
 
Google Analytics
This website uses Google Analytics, a web analytics service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Use includes the Universal Analytics operating mode. This makes it possible to assign data, sessions, and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices. This privacy notice is provided by https://www.intersoft-consulting.de.
 
Google Analytics uses so-called text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will first be truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide further services related to website use and internet use to the website operator. These purposes also constitute our legitimate interest in data processing. The legal basis for the insert of Google Analytics is Section 15 (3) TMG and Article 6 (1) lit. f GDPR respectively. The data sent by us and linked to cookies, user identifiers (e.g. user ID), or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month. Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html.
 
You can prevent the storage of cookies by adjusting your browser software settings accordingly; however, please note that in this case you may not be able to use all functions of this website in full. You can also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address), as well as Google's processing of this data, by downloading and installing https://tools.google.com/dlpage/gaoptout?hl=de. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent collection by Universal Analytics across different devices, you must perform the opt-out on all systems used. If you click here, the opt-out cookie will be set: Web tracking on this site is:
 
This website uses Google's remarketing technology. As a result, users who have already visited our websites and online services and shown an interest in our offers are addressed again and advertised to through targeted advertising on the pages of a Google partner network. The display of advertising takes place through the insert of cookies. These small text files are stored on the user's computer. With the aid of these text files, user behaviour when visiting the website can be analysed and subsequently used for targeted product recommendations and interest-based advertising.
 
Please note that Google has its own privacy policies, which are independent of ours. We assume no responsibility or liability for these policies and procedures. Please inform yourself about Google's privacy policy at http://www.google.de/intl/de/policies/privacy/ before using our website.
 
Use of Google AdWords Conversion Tracking
We use the online advertising program "Google AdWords" and, as part of Google AdWords, conversion tracking. Google Conversion Tracking is an analytics service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When you click on an ad placed by Google, a cookie for conversion tracking is stored on your computer. These cookies expire after 30 days, do not contain any personal data, and therefore do not serve to personally identify you.
 
If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page. Each Google AdWords customer receives a different cookie. It is therefore not possible to track cookies via the websites of AdWords customers.
 
The information collected using the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
 
If you do not wish to participate in tracking, you can object to this use by preventing the installation of cookies through a corresponding setting in your browser software (deactivation option). You will then not be included in the conversion tracking statistics. Further information and Google's privacy policy can be found at: http://www.google.com/policies/technologies/ads/, http://www.google.de/policies/privacy/.

Use of Facebook, Google+, Twitter, and Instagram plugins
Our website uses so-called social plugins ("plugins") from the social networks Facebook and Google+, and the microblogging services Twitter and Instagram. These services are offered by Facebook Inc., Google Inc., Twitter Inc., and Instagram LLC. ("providers").
 
Facebook is operated by Facebook Inc., 1601S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). An overview of Facebook plugins and what they look like can be found here: https://developers.facebook.com/docs/plugins
 
Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). An overview of Google plugins and what they look like can be found here: https://developers.google.com/+/web/
 
Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). An overview of Twitter buttons and what they look like can be found here: https://about.twitter.com/en_us/company/brand-resources.html
 
Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). An overview of Instagram buttons and what they look like can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges
When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the servers of Facebook, Google, Twitter, or Instagram. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. Through the integration of the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider in the USA and stored there.
 
If you are logged in to one of the services, the providers can directly assign your visit to our website to your profile on Facebook, Google+, Twitter, or Instagram. If you interact with the plugins, for example by pressing the "Like", "+1", "Tweet", or "Instagram" button, the corresponding information is also transmitted directly to a server of the providers and stored there. The information is also published in the social network or on your Twitter or Instagram account and displayed to your contacts there. Please refer to the privacy notices of the providers for the purpose and scope of data collection and the further processing and use of data by the providers, as well as your related rights and setting options to protect your privacy.
 
Facebook privacy notice: http://www.facebook.com/policy.php
Google privacy notice: http://www.google.com/intl/de/+/policy/+1button.html
Twitter privacy notice: https://twitter.com/privacy
Instagram privacy notice https://help.instagram.com/155833707900388/
 
If you do not want Google, Facebook, Twitter, or Instagram to directly assign the data collected via our website to your profile in the respective service, you must log out of the relevant service before visiting our website. You can also completely prevent the plugins from loading with add-ons for your browser, e.g. with the script blocker "NoScript" (http://noscript.net/).

Use of Facebook remarketing
We use the remarketing function "Custom Audiences" of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") on the website. Using this function, the provider can target visitors to the website with advertising by displaying personalized, interest-based Facebook ads to visitors of the website when they visit the social network Facebook. To carry out the function, Facebook's remarketing tag is implemented on the provider's website.
 
This tag establishes a direct connection to the Facebook servers when the website is visited. As a result, information is transmitted to the Facebook server about which of our web pages you have visited. Facebook assigns this information to your personal Facebook user account. More detailed information on the collection and use of data by Facebook, your related rights, and options for protecting your privacy can be found in Facebook's privacy notice at https://www.facebook.com/about/privacy/. If you do not want Facebook to directly assign the collected information to your Facebook user account, you can deactivate the remarketing function "Custom Audiences" here. To do so, you must be logged in to Facebook.
 
Cookies
Some of our services require us to use cookies. Cookies are small amounts of data that your internet browser stores on your computer. These cookies are generally automatically deleted from your hard drive after the end of your visit to our websites. However, some cookies may remain stored on your hard drive longer for technical reasons. Your internet browser can be set so that cookies are generally rejected or deleted on a case-by-case basis. If you do not want cookies to be stored or would like to delete individual cookies, please follow the instructions provided by your browser manufacturer. In this case, use of our web pages may not be possible or may only be possible to a limited extent for technical reasons.
 
Right to information, deletion, blocking
You have the right at any time to receive free information about your stored personal data, its origin and recipients, and the purpose of data processing, as well as a right to rectification, blocking, or deletion of this data. Our data protection officer will be happy to assist you with requests for information and any further questions on the subject of data protection:
 
Glow Fire GmbH, Lilienthalstr. 10, 15344 Strausberg
Email: datenschutz@glow-fire.com
As of: 19.02.2026