Privacy Policy of animonda petcare GmbH

Welcome to the animonda website! We appreciate your interest in our company and our products. The protection of your personal data is very important to us. Therefore, we strictly adhere to all applicable data protection laws, in particular the General Data Protection Regulation (GDPR).

This Privacy Policy explains what data we collect when you visit our website, what we use it for, and what rights you have. We have tried to explain everything as clearly and understandably as possible.

1. General information affecting every website visitor

1.1 Who is responsible for this website?

animonda petcare GmbH is responsible for the collection and processing of data on this website. You can find the exact contact details in our Legal Notice (Impressum).

1.2 For which websites does this Privacy Policy apply?

This Privacy Policy applies to all services offered by animonda petcare GmbH (hereinafter referred to as "animonda"). It does not apply to websites of other providers to which we merely provide links.

1.3 What is personal data?

Personal data refers to all information relating to an identified or identifiable natural person. This can be your name, address, email address, telephone number, or even your IP address. Data with which your identity cannot be determined (e.g. your gender or the browser used, without reference to your person) is not considered personal data.

1.4 Do I remain anonymous on the animonda website?

Yes, in principle you remain anonymous as long as you do not voluntarily provide us with personal data (e.g. when you order something in the shop or sign up for the newsletter). The only exception is the temporary storage of your IP address, which we need to protect our systems. You can find out more about this in the next section.

1.5 What data is automatically collected when visiting the website?

When you visit our website, certain information is automatically collected and stored in so-called log files on our web server. This includes: • Your IP address: This is stored for a maximum of seven days to protect our systems from misuse. The legal basis for this is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Afterwards, the IP address is deleted or anonymised. • The browser and operating system you are using. • The websites you have visited.

This data is generally not used to identify you personally. Should we wish to use these log files to create usage profiles (e.g. for advertising or market research), the IP addresses will be anonymised beforehand.

2. How else we use your data (special cases)

We only collect, process, or use your personal data if you voluntarily provide it to us and it is permitted by law or you have given your express consent. This typically happens in the following situations:

2.1 Subscribing to the newsletter and CRM (HubSpot)

If you wish to subscribe to our email newsletter, we process your email address. The newsletter is only sent with your express consent (Art. 6 (1) lit. a GDPR).

• Central CRM and Newsletter Dispatch (HubSpot): We use the service HubSpot (HubSpot Ireland Limited, HubSpot House, One Sir John Rogerson’s Quay, Dublin 2, Ireland) for sending our newsletters and as a central Customer Relationship Management (CRM) system. HubSpot replaces our previous tool, Birdsview. • Functionality: HubSpot allows us to manage our customer contacts centrally, organise newsletter dispatch, and analyse marketing measures (e.g. opening and click rates). The data you enter (e.g. when registering for the newsletter or in contact forms) is stored on HubSpot's servers. • Data Transfer: As HubSpot is a US company, data may also be transferred to the USA. We have concluded Standard Contractual Clauses (SCCs) with HubSpot to ensure an appropriate level of data protection. • Revocation: You can revoke your consent at any time and unsubscribe from the newsletter, e.g. via the unsubscribe link in every newsletter email. The lawfulness of the processing carried out until the revocation remains unaffected.

2.2 Shopping in the Online Shop

If you wish to order products from our online shop, we require your contact details. You can register or order as a guest. The processing of this data is carried out for the performance of a contract (Art. 6 (1) sentence 1 lit. b GDPR). • Collected data: First name, surname, email address, billing address, delivery address, payment method, order history. • Purpose: Your data is used exclusively to process your orders. We use your email address for notifications regarding the status of your order (e.g. order confirmation, sending the invoice). • Deletion: If you have a registered customer account, you can change or delete your profile at any time. The data will then be removed from our system, unless statutory retention periods exist or the data is still required for outstanding claims.

2.3 Creating a customer account (Access-protected area)

To use our access-protected area, registration (customer account) is necessary. In doing so, we collect only the data required for registration (Art. 6 (1) sentence 1 lit. b GDPR) or process it based on our legitimate interest in providing these services to you (Art. 6 (1) lit. f GDPR). • Voluntary information: Further data that you provide voluntarily is based on your consent (Art. 6 (1) sentence 1 lit. a GDPR). • Unsubscribing: You can delete your customer account at any time.

2.4 Payment processing

Payment processing in our online shop is carried out via the payment service provider Mollie B.V. (Keizersgracht 126, 1015 Amsterdam, Netherlands). The personal data entered by you during checkout (e.g. name, address, payment details) is transmitted directly to Mollie via an encrypted SSL or TLS connection. Mollie is responsible for forwarding your data to the financial service provider you have selected. We do not store or process payment data ourselves, but merely the information about the payment method chosen for your order. The processing of this data is carried out for the performance of a contract (Art. 6 (1) sentence 1 lit. b GDPR) or with your consent (Art. 6 (1) sentence 1 lit. a GDPR). We use the following payment methods, which are processed via Mollie: • Klarna • PayPal • EPS (only available in Austria) • Credit Card • ApplePay • GooglePay

2.5 Address verification

To avoid errors in deliveries and ensure that your contact details are valid, we use the service provider Endereco, Balthasar-Neumann-Straße 4b, 97236 Randersacker, Germany, for real-time verification of address data in our forms. • Processed data: Address (country, city, postcode, street, house number), email address, telephone number. • Purpose: Error checking of inputs. • Legal basis: Performance of the contract or implementation of pre-contractual measures (Art. 6 (1) lit. b GDPR). • Data storage: The data is processed separately and deleted after 30 days at the latest, as soon as the status of the data has been determined and storage in the webshop is complete.

3. Analysis and Marketing

We use various technologies to make our website more user-friendly, optimise our offer, and display relevant content and advertising to you. Many of these services use cookies.

3.1 What are cookies and how can I manage them?

Cookies are small text files stored on your device when you visit our website. They help us recognise your browser and store certain information. • Session cookies: These are technically necessary for session control and are deleted as soon as you close your browser. They do not contain any personal data. Processing is based on Art. 6 (1) lit. f GDPR to optimise user guidance. • Marketing cookies and tracking technologies: For other cookies containing personal data or used for marketing and analysis purposes, we obtain your express consent in advance (Art. 6 (1) lit. a GDPR).

How to generally prevent cookies: You can set your browser to automatically block cookies or warn you before a cookie is stored. However, please note that this may restrict the functionality of our and other websites. You can also delete cookies at any time via your browser settings.

3.2 Consent Management

We use the consent management tool Cookiebot (Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark) to manage your consent for setting cookies and to comply with legal requirements (Art. 6 (1) lit. c GDPR). • Processed data: Anonymised IP address, date and time of consent, browser information, the URL of our site from which you gave your consent, a random and encrypted key, the consent status. • Storage duration: Cookie consents are stored for 12 months.

3.3 Google Analytics

We use Google Analytics (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to create pseudonymous usage profiles and understand how our website is used. This helps us tailor our offer to needs. Data processing is based on Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest). • Cookies: Google Analytics uses cookies stored on your device. • Improved privacy via Server-Side Tagging (SST): To ensure the best possible data protection for you and meet GDPR requirements, we use Server-Side Tagging (SST). This means your IP address is shortened on our servers within the European Union before it is transferred to Google in the USA. This ensures that Google never receives your full IP address. We have also concluded a Data Processing Agreement with Google Inc. • Objection: You can object to processing at any time by: o Preventing the storage of cookies in your browser settings. o Downloading and installing the available browser plugin from Google.

3.4 Google Marketing Services (Google Ads, Google Tag Manager)

We use the marketing and remarketing services of Google Marketing Services (Google Inc.) such as Google Ads and Google Tag Manager. These services are deactivated by default and are only activated if you have given us your consent to set tracking cookies (Art. 6 (1) lit. a GDPR). • Purpose: Enables us to display advertisements more specifically that potentially correspond to your interests (remarketing). • Functionality: When accessing our and other websites where Google Marketing Services are active, a Google code is executed and (re)marketing tags (cookies or similar technologies) are stored on your device. These store information about your website visits, interests, clicked offers, as well as technical information about your browser and device. Your IP address is anonymised. • Pseudonymisation: The data is processed pseudonymously, i.e. Google does not store your name or email address. • Objection: You can object to collection by Google Marketing Services via the settings and opt-out options provided by Google.

3.5 Microsoft Clarity

We use Microsoft Clarity (Microsoft Corporation), an analysis tool to improve our website and adapt it to your needs. The collected data (clicks, scrolling behaviour, visited pages) is anonymised. • Legal basis: Your consent via the cookie banner (Art. 6 (1) sentence 1 lit. a GDPR). • Revocation: You can revoke your consent at any time by clicking on the Cookiebot icon in the bottom left corner of the screen. • Data processing: We have concluded a Data Processing Agreement with Microsoft. • Storage duration: The collected data is stored for one year.

3.6 Facebook Pixel and TikTok Pixel

Within our online offer, the Facebook Pixel (Facebook Inc. / Facebook Ireland Ltd.) and the TikTok Pixel (TikTok Technology Limited) are used. Both are deactivated by default and are only activated with your consent to set tracking cookies (Art. 6 (1) lit. a GDPR). • Purpose: Enables Facebook and TikTok to determine visitors to our website as a target group for advertisements and to track the effectiveness of our ads. • Functionality: When accessing our website, the pixels are integrated and can store a cookie on your device. Your visit is assigned to your respective profile if you are logged in there. • Anonymisation: The data collected about you is anonymous to us. • Objection: You can object to collection by the pixels and the use of your data for the respective platform via the settings for usage-based advertising.

3.7 swat.io

We use swat.io (swat.io GmbH, Schottenfeldgasse 85/3, 1070 Vienna, Austria) to manage our social media channels and interact with you. • Processed data: Your social media username/profile name, content of your comments/messages/posts, publicly available information from your social media profile. • Purpose: Efficient and centralised management of our social media presence. • Legal basis: Our legitimate interest (Art. 6 (1) lit. f GDPR). • Data processing: We have concluded a Data Processing Agreement with swat.io GmbH. • Data transfer: swat.io is based in Austria (EU). A transfer to third countries does not generally take place.

3.8 Linkster Influencer Tracking

We use the tracking technology of Linkster GmbH, Colonnaden 5, 20354 Hamburg, Germany, to measure the efficiency of partnerships and advertising channels and to settle advertising successes. • Functionality: When you click on an advertising integration, cookies are set in your browser. Your browser sends an HTTP request to the Linkster server at every touch-point with information such as URL, browser ID, anonymised IP address, HTTP header, time of request, and cookie content. • Stored data: A 24-digit, anonymous ID in the cookie, linked to encrypted touch-point data in the database (e.g. when an advertising medium was displayed or clicked). For action requests, order number, basket value, customer number, new customer feature, age, and gender can also be transmitted and stored. • Storage duration: Linkster cookies are deleted after 30 days at the latest. • Legal basis: Our legitimate interest in correct attribution of advertising success and billing (Art. 6 (1) sentence 1 lit. f GDPR). • Objection: You can deactivate the storage of cookies in your browser settings or deactivate data collection and processing via a tracking opt-out link.

3.9 Findologic for Product Discovery

To improve product search and navigation in our shop, we use the services of Findologic GmbH, Jakob-Haringer-Str. 5a, 5020 Salzburg, Austria. • Processed data: Cookies to store information about the user; transmitted data includes IP address, browser identification, and associated behavioural data (search queries, visited categories, selected filters, viewed and purchased products). • Purpose: Understanding product interests and optimising the shopping experience. • Data processing: A contract for commissioned processing has been concluded with Findologic. • Storage duration: Stored IP addresses are anonymised after 6 months.

3.10 trbo

We use the service of trbo GmbH, Leopoldstr. 41, 80802 Munich, Germany, a tracking tool for the optimal design of our website. • Purpose: Control and improvement of our online offers by measuring the usage and effectiveness of our online advertising. Insights into which pages and products interest our customers. • Technology: Use of "Marketing Cookies" and "Web Beacons" to collect information (visited pages, search queries, clicks, orders). • Pseudonymisation: The collected data is always stored under a pseudonym and not merged with personal data (name, address). • Data processing: External service providers only receive access to data on our behalf and under our control.

3.11 Shopware Analytics

Purpose of processing: We evaluate certain information of our customer base together with our shop software service provider under joint responsibility (e.g. customer group, visited pages, click paths, date and time of visit, information about the device used (resolution, resolution density, operating system), referrer URL, information of the browser used, locale, search queries, and time zone). This information is processed by an external service provider and forwarded to us in approximately real-time so that we can monitor the use of our website and improve our offers. Legal basis: Art. 6 (1) lit. f GDPR Data categories: Derivations from master and contact data (customer group, no individual customer data), usage data, connection data. Recipients of data: shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany (as joint controller), IT service providers. Essence of the joint controllership: The joint responsibility exists between us and shopware AG; the data is collected on our shop and then transferred to servers of Shopware or their service providers; with the exception of obtaining your consent for the use of cookies or comparable technologies and fulfilling these information obligations, all obligations, in particular the implementation of data subject rights, lie with shopware AG, which you can reach at legal@shopware.com. You can also assert your data subject rights with us; we will then forward your request accordingly to shopware AG. Shopware AG can derive behaviours on our store from the collected data, but cannot assign this data to you as a person. Intended third-country transfer: None. Do we store personal data on your terminal device based on your consent or read such data? Yes, see details in 3.2 Consent Management.

3.12 AWIN Affiliate Programme

We participate in the affiliate partner programme of AWIN (AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany). • Purpose: We use AWIN to place advertisements on partner websites (affiliates) and to make the success of these advertisements measurable. This enables correct settlement of commissions to our partners. • Functionality: If you click on an advertisement on a partner site, a cookie is set in your browser. If you subsequently make a purchase in our shop, we and AWIN recognise via this cookie that you came to us via the partner. • Stored data: No personal data is stored in the cookies, only the identification number of the partner as well as the reference number of the visitor to a website and the clicked advertising medium. This data is merged with your order number upon completion of an order. • Legal basis: Our legitimate interest in the implementation and billing of affiliate marketing campaigns (Art. 6 (1) lit. f GDPR).

4. Our Social Media Pages

4.1 Facebook/Instagram, TikTok and LinkedIn pages of animonda

animonda operates official Facebook/Instagram, TikTok and LinkedIn pages. We point out that we do not collect, store or process personal data of our users on these pages. • Note: The respective platforms use their own web tracking methods. It cannot be ruled out that they use your profile data to evaluate your habits and interests. We have no influence on the data processing by these providers.

5. External Service Providers to Improve our Operations

5.1 Use of Zendesk

We use the Zendesk service to improve our customer service management. • Purpose: Efficient management and answering of customer inquiries, improvement and optimisation of customer service, ensuring reliable communication. • Processed data: Contact details (name, email address, telephone number), communication content (emails, chat messages), usage data (duration and frequency of interactions). • Legal basis: Our legitimate interest in offering effective and high-quality customer service (Art. 6 (1) lit. f GDPR). • Data processing: We have concluded a Data Processing Agreement with Zendesk. • Server location: Data processing takes place on servers within the European Union (EU).

5.2 Cloudflare

Cloudflare is a service provider that helps us make our websites safer and faster. • Purpose: Protection against DDoS attacks and other malicious activities, improvement of loading speed and content delivery (CDN), ensuring availability. • Processed data: IP addresses, connection information (browser type, language settings, access time), usage data (activities on the website for traffic analysis and security measures). • Legal basis: Our legitimate interest in operating our website securely and efficiently (Art. 6 (1) lit. f GDPR). • Transfer of data: Cloudflare may pass data to third parties if required by law or if third parties process data on behalf of Cloudflare. Cloudflare is committed to compliance with the GDPR.

6. Security of Your Data

animonda takes technical and organisational security measures to protect your personal data against loss and misuse. Your data is stored in a secure operating environment that is not accessible to the public. Note on emails: If you contact us via email, please note that the confidentiality of the transmitted information is not always guaranteed (similar to postcards, emails can be viewed by third parties). For confidential information, we recommend using the postal service.

7. Your Rights as a User of the Websites (GDPR)

As a user of our website, you have certain rights regarding the processing of your personal data: • Right of access (Art. 15 GDPR): You have the right to know whether we process personal data about you and what this is. • Right to rectification and erasure (Art. 16 and 17 GDPR): You can request the rectification of incorrect data and the deletion of your data if the legal requirements are met (e.g. if the data is no longer necessary for the purposes for which it was collected). • Right to restriction of processing (Art. 18 GDPR): You can request the restriction of the processing of your data if certain conditions are met (e.g. if you contest the accuracy of the data, for the duration of the verification). • Right to data portability (Art. 20 GDPR): In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format or to request transmission to a third party. • Right to object (Art. 21 GDPR): If data is processed based on our legitimate interest (Art. 6 (1) lit. f GDPR), you can object at any time for reasons arising from your particular situation. We will then stop the processing unless we can demonstrate compelling legitimate grounds that override your interests. • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): If you believe that the processing of your data violates data protection regulations, you have the right to lodge a complaint with a data protection supervisory authority.

8. Changes to this Privacy Policy

The rapid development of the Internet and changes in data protection laws may make it necessary to adjust our privacy policy. Please therefore always note the currently applicable version. This Privacy Policy is valid as of 27/10/2025.

9. Data Protection Officer

Our corporate Data Protection Officer is available to answer your questions or suggestions regarding data protection: ds² Unternehmensberatung GmbH & Co. KG Falkenstraße 10 33775 Versmold, Germany Email: datenschutzbeauftragter-heristo@ds-quadrat.de

10. Who can I contact?

If you wish to assert your rights of access or have general questions about this privacy policy or our data protection behaviour on the web, please contact us at: