Data protection

Here we describe what happens with your data, which we (could) acquire during your visit to our website. When you visit our website, we could gather and analyse extensive information about the device you are using, your physical location, and a great deal more. We do not do this, however, and neither do we permit the analysis of your data by third parties.


We take your privacy extremely seriously. What we do (or refrain from doing) in order to protect your privacy can be summed up in these three basic principles:
– We do not share any of your data with third parties without your express consent.
– We do not load any data from third parties without informing you and anonymising your data.
– We do not permanently store any data about your visit to our internet pages unless this is essential for displaying and managing these pages.

For us, it’s the little things that matter where your privacy is concerned. For example, we refrain from incorporating external fonts, social media buttons and analytics tools. This does not always ensure the most attractive user experience, but we have decided to apply the highest possible standards in order to protect your personal data.

If you voluntarily provide us with data, such as your email address when using our contact form, for example, we use this data solely for dealing with the matter in connection with which you gave us this data. Your data will never be processed for any other purpose and will not be shared.

If you visit other internet pages by following external links from our website, you are then outside our sphere of influence. The pages you then visit are subject to the provisions of their operator.

Below is our full Privacy Policy in conformity with the European General Data Protection Regulation (EU GDPR in the original wording):

Privacy Policy

Basic information on data processing and legal bases

This Privacy Policy explains the nature, scope and purpose of the processing of personal data in connection with our website and the related internet pages, functions and content (hereinafter referred to collectively as “website”) . The Privacy Policy shall apply irrespective of the domain, system, platform or device (e.g. desktop or mobile phone) on which the website is used.

For a definition of terms such as “personal data” and “processing”, please see Art. 4 General Data Protection Regulation (GDPR).

The user’s personal data that is processed in relation to this website includes basic information (e.g. customer’s name and address), contract information (e.g. services utilised, names of contacts, payment information), usage data (e.g. pages visited on our website, interest in our website) and content data (e.g. information entered in the contact form).

The term “User” covers all categories of persons affected by data processing. These include our partners, customers, prospective customers and other visitors to our website. Terms used, such as “user”, should be regarded as gender-neutral.

We process users’ personal data only in compliance with the relevant data protection regulations. This means that users’ data is processed only if legal permission has been granted, in particular if the data processing is essential or required by law for the provision of our contractually agreed services (e.g. handling requests for quotes), if consent has been given by users, and on the grounds of our legitimate interests (e.g. analytics, optimisation, and the cost-effective operation and security of our website pursuant to Art. 6(1)(f) GDPR, especially with respect to measuring reach and collecting access data.

Please note that the legal basis of consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing for the provision of our services and the performance of a contract is Art. 6(1)(b) GDPR, the legal basis for processing in order to comply with our legal obligations is Art. 6(1)(c), and the legal basis for processing for the purposes of our legitimate interests is Art. 6(1)(f) GDPR.

Security measures

We undertake organisational, contractual and technical security measures as per the state of the art to ensure compliance with the provisions of the data protection laws and to protect the data processed by us from accidental or intentional manipulation, loss, destruction and access by unauthorised persons.

In particular, these security measures include the encrypted transmission of data between your browser and our server.

Sharing data with third parties and third-party providers

Data is shared with third parties only in compliance with the legal requirements. We share users’ data with third parties only if this is necessary for the performance of a contract, for example, pursuant to Art. 6(1)(b) GDPR, or for the purposes of our legitimate interests pursuant to Art. 6(1)(f) GDPR, to ensure the cost-efficient and effective operation of our business operations.

If we use subcontractors to provide our services, we take suitable legal precautions and appropriate technical and organisational measures to ensure the protection of personal data in accordance with the applicable statutory provisions.

If content, tools or other resources from other providers (hereinafter collectively referred to as “third-party providers”) are used, and such providers are based in a third country, it can be assumed that data will be transferred to the countries in which these providers are based. “Third countries” are countries in which the GDPR is not a directly applicable law, i.e. generally speaking countries outside the EU or the European Economic Area. The transfer of data to third countries shall take place either if a reasonable level of data protection is in place, the user has given consent, or other legal permission has been given.

Performance of services under a contract

We process basic information data (e.g. user’s name, address and contact details), contract data (e.g. services utilised, names of contacts, payment information) in order to fulfil our contractual obligations and perform our contractual services pursuant to Art. 6(1)(b) GDPR.

Users have the option of creating a user account, where they can view their member data. When users register, they are informed about what information they will be required to submit. User accounts are not public and cannot be indexed by search engines. If a user closes their user account, the data relating to the user account will be deleted, unless it needs to be kept for commercial or legal tax reasons pursuant to Art. 6(1)(c) GDPR. It is the user’s responsibility to secure their data if terminating before the end of the contract. We are entitled to irretrievably delete all the user’s data stored during the term of the contract.

During registration, repeat logins and the utilisation of our online services, we store the IP address and the time of the user action. The above storage is based on our legitimate interests and the user’s need for protection from misuse and other unauthorised use. This data is fundamentally not shared with third parties, unless this is necessary in order to pursue our claims or in the case of a legal obligation pursuant to Art. 6(1)(c) GDPR.


If the user contacts us (via the contact form or email), the user’s data is processed in order to handle the enquiry pursuant to Art. 6(1)(b) GDPR.

Collection of access data and log files

We collect data each time a user makes a request to the server providing this service (so-called server log files) for the purposes of our legitimate interests pursuant to Art. 6(1)(f) GDPR. This access data includes the name of the website visited, the file, date and time of the visit, the volume of data transferred, notification that the website was opened successfully, the browser type and version, the user’s operating system, the referrer URL (the page previously visited), the IP address and requesting provider.

Log file information is saved for a maximum period of seven days for security reasons (e.g. to investigate abusive or fraudulent activities), and is then deleted. Data that is required to be kept as evidence shall not be deleted until the investigation of the incident has been concluded.

Rights of the data subject

If your personal data is processed, you are a data subject as defined by the GDPR and you have the following rights in relation to the data controller:

Right to information

You can ask the data controller to confirm whether your personal data is processed by us.

If this data is processed, you can request the following information from the controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to which your personal data has been or will be disclosed;
(4) the planned period for which your personal data will be stored or, if that is not possible, the criteria used to determine that period;
(5) the existence of the right to rectify or erase your personal data, to restrict processing by the controller, or to object to this processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information about the origin of the data, if the personal data was not collected from the data subject;
(8) the existence of automated decision-making, including profiling pursuant to Art. 22(1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You are entitled to request information on whether your personal data will be transferred to a third country or an international organisation. In this connection, you can ask to be notified about the appropriate safeguards pursuant to Art. 46 GDPR in connection with this transfer.

Right to rectification

You are entitled to obtain from the controller the rectification and/or completion of your personal data, insofar as this data is incorrect or incomplete. The controller shall undertake the rectification without delay.

Right to restriction of processing

You are entitled to obtain from the controller the restriction of processing of your personal data where one of the following applies:
(1) you are contesting the accuracy of your personal data, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims;
(4) you have objected to processing pursuant to Art. 21(1) GDPR pending clarification of whether the legitimate grounds of the controller override your grounds.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

If you have obtained restriction of processing pursuant to the above requirements, you shall be informed by the controller before the restriction of processing is lifted.

Right to erasure

You are entitled to obtain from the controller the erasure your personal data without undue delay, and the controller shall be obligated to erase this data without undue delay where one of the following grounds applies:
(1) your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
(2) you withdraw your consent on which the processing is based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal ground for the processing;
(3) you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;
(4) your personal data has been processed unlawfully;
(5) your personal data has to be erased to ensure compliance with a legal obligation under Union or Member State law to which the controller is subject;
(6) your personal data has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

Information to third parties

Where the controller has made your personal data public and is obliged to erase it pursuant to Art. 17(1) GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers that are processing the personal data that you as the data subject have requested that they erase any links to, or copy or replication of, this personal data.


The right to erasure shall not apply insofar as the processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation that requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing;
(5) for the establishment, exercise or defence of legal claims.

Right to notification

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obligated to communicate any rectification or erasure of personal data or restriction of processing to all recipients to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort.

You are entitled to be informed about these recipients by the controller.

Right to data portability

You are entitled to receive your personal data, which you have made available to the controller, in a structured, commonly used and machine-readable format. Furthermore, you are entitled to transfer this data to another controller without hindrance from the controller to which you made the personal data available, where:
(1) the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR; and
(2) the processing is carried out by automated means.

Furthermore, in exercising this right, you are entitled to have your personal data transferred directly from one controller to another, where technically feasible. This shall not impair the rights and freedoms of other persons.

The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object

You are entitled to object at any time, on grounds relating to your particular situation, to processing of your personal data taking place on the basis of Art. 6(1)(e) or (f) GDPR, including profiling based on these provisions.

The controller shall no longer process your personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is for the purpose of the establishment, exercise or defence of legal claims.

Where your personal data is processed for direct marketing purposes, you shall be entitled to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Right to withdraw consent

You are entitled to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Automated individual decision-making, including profiling

You are entitled not to be subject to a decision based solely on automated processing, including profiling, which has a legal or similarly significant adverse effect on you. This shall not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and the controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests;
(3) is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including as a minimum the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Erasure of data

The data we have stored shall be deleted when it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage obligations. If the user’s data is not deleted because it is necessary for other legally permitted purposes, its processing shall be restricted, i.e. the data will be blocked and not processed for other purposes. This shall apply to user data that has to be kept for commercial or tax purposes.

As required by law, data shall be stored for six years pursuant to section 257(1) German Commercial Code (trading books, inventories, opening balance sheets, annual financial statements, trade letters, accounts statements, etc.) and for ten years pursuant to section 147(1) German Fiscal Code (accounts, records, situation reports, accounts statements, trade and business letters, documents relevant to taxation, etc.).

Right to object

Users may object to the future processing of their personal data at any time in accordance with the legal provisions. In particular, users may object to processing for the purposes of direct marketing. This objection is free of charge (with the exception of possible costs such as the fees of a telephone service provider for a phone call) and can be submitted in any form to the Data Protection Officer named below.

Changes to the Privacy Policy

We reserve the right to change this Privacy Policy in order to adapt it to new legislation or in the event of changes to the service or to data processing. This shall only apply in respect of the policy on data processing, however. Where the user’s consent is required or elements of the Privacy Policy incorporate provisions from the contractual agreement with the user, changes shall only be made with the user’s consent.

We ask users to refer to the content of the Privacy Policy regularly.

Data Protection Officer

If you have any questions or if, despite our utmost efforts and care in compiling this website, you have noticed an error in data processing or in this Privacy Policy, our Data Protection Officer is available to answer your questions and correct any mistakes:

Victoria Collection GmbH
Herr Dennis Reindl
Augustenstr. 55
70178 Stuttgart
d.reindl at

Version: 2020-08-25

Third-party services

The involvement of third-party services is ubiquitous. Website users are often unaware of how many third-party services and programs are loaded when they open a web page. However, because each page that loads a program, image or other information is informed about your internet behaviour, we try to keep this involvement to a minimum. We are currently using the service of hCaptcha (a service of Intuition Machines, Inc. ) to prevent inquiries initiated by automation via contact forms. We have consciously chosen this service because the privacy and privacy standards here are high and your activities are not monitored and monetized. The underlying terms of use must be accepted in order to use a contact form. Version: 2020-08-25