Privacy policy
Privacy policy
As the responsible party in the sense of the data protection regulations, we inform you below about the processing of your personal data by us.
I. The term personal data and other important terms
In simple terms, personal data is any information that relates to you personally as a data subject. Provisions on what the term "personal data" means and what other terms important for the following data protection information mean can be found in Article 4 of the DS-GVO (General Data Protection Regulation).
II. Name and contact details of the person responsible; contact details of the data protection officer
In simple terms, the controller is the person who alone or jointly with others determines the purposes and means of the processing of personal data. The name and contact details of the person responsible can be found in our provider identification / imprint.
III. Purposes of the processing of your personal data; legal basis for the processing
We process your personal data within the scope of our activities for the purposes listed below in accordance with the legal bases stated in each case.
- 1. To carry out pre-contractual measures based on an inquiry from you, the processing of your personal data is based on your consent pursuant to Article 6 (1) (a) DS-GVO or on the basis of Article 6 (1) (b) DS-GVO.
- 2. In order to safeguard our legitimate interest in responding to inquiries and in taking other measures based on an inquiry from you, the processing of your personal data is based on the consent you have given us pursuant to Article 6 (1) (a) DS-GVO or on the basis of Article 6 (1) (f) DS-GVO.
- 3. For the performance of a contract to which you are a party, the processing of your personal data is based on the consent given by you pursuant to Article 6 (1) (a) DS-GVO or on the basis of Article 6 (1) (b) DS-GVO.
- 4. For the implementation of measures for the purpose of advertising, the processing of your personal data will be carried out either on the basis of the consent given by you pursuant to Article 6 (1) (a) DS-GVO or on the basis of Article 6 (1) (f) DS-GVO.
- 5. In order to protect our legitimate interest in maintaining the proper operation of our website, in providing the most user-friendly functions possible and in analyzing the use of our website, the processing of your personal data is based on Article 6 (1) (f) DS-GVO.
- 6. In order to protect our legitimate interest in enforcing our rights and defending ourselves against claims, the processing of your personal data is based on Article 6 (1) (f) DS-GVO.
Our systems are secured in accordance with the state of the art by technical and organizational measures to protect your personal data against access, alteration or dissemination by unauthorized persons and against loss and destruction.
Information on the processing of your personal data for the individual processing purposes can be found in the corresponding further notes within the scope of this privacy policy.
IV. Transfer of your personal data to third parties; categories of recipients of your personal data
Insofar as this is necessary to achieve the purposes of the processing of your personal data, we transfer your personal data to third parties within the framework of the legal requirements. Detailed information on the transfer of your personal data to third parties for the individual processing purposes can be found in the corresponding further notes within the scope of this privacy policy. In cases where your personal data is transferred to third parties, the scope of the transferred data is limited to the minimum necessary.
V. Scope of the processing of your personal data for the individual processing purposes
Below, we inform you in detail about the processing of your personal data for the various processing purposes.
Your personal data will be deleted when it is no longer needed for processing for the respective processing purpose, unless we are allowed to continue processing the data for another processing purpose within the scope of the legal requirements and in accordance with the information provided in this privacy policy.
1. Use of our internet presence for information purposes
If you visit our website without sending us any information, we only process the personal data that your browser transmits to our server. This is the following data, which is technically necessary to display our Internet presence to you and to ensure stability and security:
- the page you called up
- date and time of the request
- amount of data transferred
- source or reference from where you came to the page
- the browser you are using
- operating system used by you
- your IP adress
Your personal data is processed on the basis of Article 6 (1) (f) DS-GVO to protect our legitimate interest in maintaining the proper operation of our website.
Your personal data will be deleted after 6 months, unless it is further required for the assertion of rights or the enforcement of claims due to measures against the proper operation of our Internet presence. In this case, the deletion will take place immediately after the conclusion of the corresponding proceedings.
2. Processing of inquiries
If you contact us with an inquiry or a request, we process the personal data and information/documents you provide. Regardless of the way in which you send us your inquiry or request, this may include:
- date and time of contact
- Name data
- Contact data
- Data on inquiry/concern
- Transmitted information/documents
Depending on the content of your inquiry or request, the processing of your personal data and the transmitted information/documents is based on your consent pursuant to Article 6 para. 1 letter a) DS-GVO to respond to your inquiry or on Article 6 para. 1 letter b) DS-GVO to carry out pre-contractual measures or on Article 6 para. 1 letter b) DS-GVO for the performance of a contract to which you are a party or on the basis of Article 6 para. 1 letter f) DS-GVO to protect our legitimate interest in responding to inquiries/concerns and in taking other measures in connection with the processing of inquiries/concerns.
Insofar as we provide a contact form and you contact us via this contact form, you grant consent with the following content by sending your message, about which you will be informed separately in the contact form: "I consent to the processing of my e-mail address and the other personal data provided by me for the purpose of responding to my message. I can revoke this consent at any time and without giving reasons with effect for the future. The lawfulness of the processing carried out until the revocation remains unaffected in the event of revocation."
You can revoke your consent at any time and without giving reasons with effect for the future. For this purpose, it is sufficient to send a corresponding message to the responsible person, whose contact details you can find in the information on the responsible person. The lawfulness of the processing carried out until the revocation remains unaffected in the event of revocation.
Insofar as this is necessary for the processing of your inquiry/request, we transmit your personal data to third parties within the scope of the legal requirements. In cases where your personal data is transferred to third parties, the scope of the transferred data is limited to the minimum necessary.
Your personal data will be deleted when your inquiry/concern has been resolved, unless we are allowed to continue processing the data for another processing purpose within the framework of the legal requirements and in accordance with the information in this privacy policy.
3. Complaint management
The personal data you provide will be processed exclusively for the purpose of handling your complaint. The data collected via the complaint form is mandatory in order to process your complaint.
The data will only be processed if you consent to this (Art. 6 para. 1 sentence 1 a) GDPR) or if we have a legitimate interest in processing your data (Art. 6 para. 1 sentence 1 f) GDPR). Our legitimate interest lies in responding to your request. If you wish to complain about a product purchased from us, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
After final processing of your request, your data will be stored in accordance with the statutory retention obligations and then deleted.
4. Customer account
When opening a customer account, we collect your personal data to the extent specified therein. The data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is based on Art. 6 para. 1 lit. a DSGVO with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of the consent until the revocation. Your customer account will then be deleted.
5. Fulfillment of contracts
If you provide us with personal data for the purpose of concluding a contract or in connection with the creation of a customer account, we process the data you provide for the purpose of fulfilling the contract. These are your customer data (e.g. your name and address) and the contract data (e.g. details of the products covered by the contract and payment and delivery information).
The processing of your personal data is based on Article 6 (1) (b) DS-GVO for the performance of a contract to which you are a party.
Insofar as this is necessary for the performance of the contract with you, we transmit your personal data to third parties within the framework of the legal requirements. This transfer is made to the service providers involved in the performance of the contract. These are the providers of the processing tools used by us. Furthermore, these are the companies commissioned with the transport.
In cases where your personal data is transferred to third parties, the scope of the transferred data is limited to the minimum required.
Your personal data will be deleted after the expiry of the retention periods of 6 or 10 years under tax and commercial law, unless we are allowed to continue processing the data for another processing purpose within the scope of the legal requirements and in accordance with the information in this privacy policy.
6. Advertising by letter post
We process the personal data you provide on first and last name and address, if necessary, for sending information on our offers by letter post.
In this respect, the processing of your personal data is carried out on the basis of Article 6 (1) (f) DS-GVO for the protection of our legitimate interest in carrying out advertising measures by letter post.
You can object to the processing of your personal data for the purpose of carrying out advertising measures by letter post at any time. For this purpose, it is sufficient to send a corresponding message to the responsible person, whose contact details you can find in the information on the responsible person.
If you object to the processing of your personal data for the purpose of carrying out advertising measures by letter post, the personal data you have provided regarding first name, surname and address will be deleted immediately, unless we may continue to process the data for another processing purpose within the scope of the legal requirements and in accordance with the information in this data protection declaration.
7. Newsletter
We use your e-mail address independently of the contract processing exclusively for our own advertising purposes for sending newsletters, provided that you have expressly consented to this. The processing is based on Art. 6 para. 1 lit. a DSGVO with your consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation. To do so, you can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your e-mail address will then be removed from the distribution list.
Your data will be passed on to a service provider for e-mail marketing within the scope of order processing. Your data will not be passed on to any other third parties.
8. Cookies
We use so-called cookies on our website. These are small files that are stored on your device and through which certain information is transmitted to us. The use of cookies serves to enable you to use certain functions and to make our offer more user-friendly overall.
Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device even after the end of the browser session, i.e. after you close your browser, and enable us or our partner companies (third-party cookies) to recognize you the next time you visit our website (so-called persistent cookies).
Some of the cookies we use are technically necessary to enable you to use certain functions. This is the case, for example, with regard to the storage of entries in connection with the use of the shopping cart function. In this respect, your personal data is processed on the basis of Article 6 (1) (b) DS-GVO for the implementation of pre-contractual measures that take place at your request as a data subject or on the basis of Article 6 (1) (b) DS-GVO for the performance of a contract to which you are a party or on the basis of Article 6 (1) (f) DS-GVO to protect our legitimate interest in providing the most user-friendly functions possible. Insofar as we or our partner companies use cookies for the purpose of range measurement or for marketing purposes, you can find detailed information on this, if applicable, in the corresponding further notes within the scope of this data protection declaration. For cookies for marketing and analysis purposes, your consent pursuant to Art.6 (1) (A) DS-GVO serves as the legal basis. Consent given can be revoked at any time with effect for the future.
You can prevent the storage of cookies by selecting the appropriate settings on your browser software. If necessary, please refer to the program help for the browser you are using to see how the corresponding setting can be made. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent. By way of example, we refer to the information on the following common browsers:
- Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
- Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Opera: http://help.opera.com/Windows/10.20/de/cookies.html
- Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
VI. Information on service providers used
To operate this website, we integrate external services to make our website more user-friendly, effective and secure. This is our legitimate interest according to Art 6 para. 1 p. 1 f) DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
1. Cookie consent with Usercentrics
This website uses the cookie consent technology of Usercentrics to obtain your consent to store certain cookies on your terminal device or to use certain technologies and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").
When you enter our website, the following personal data is transferred to Usercentrics:
- Your consent(s) or revocation of your consent(s)
- Your IP address
- Informationen about your browser
- Informationen about your terminal devise
- time of your visit to the website
Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent(s) given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
Usercentrics is hosted by Google Cloud EMEA Ltd*, 70 Sir John Rogerson's Quay, Dublin 2, Ireland.
In principle, there is no data processing outside the European Union (EU), as the data centers are located in the EU.
Nevertheless, there are theoretical access possibilities through Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
In this context, we would like to point out that due to the US CLOUD Act of 2018, there is a theoretical access possibility for US authorities to data of US IT companies and cloud providers that are stored outside the USA.
Transport encryption secures the transmission paths against unauthorized access.
Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c) DSGVO.
In addition, Art. 6 para. 1 lit. f) DSGVO serves as the legal basis. Our legitimate interest is to provide the website visitor with a user-friendly administration of consents.
Contract on order processing
We have concluded an order processing contract with Usercentrics. This is a contract required by data protection law, which ensures that Usercentrics only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
2. Merchandise management system
We use an enterprise resource planning system for contract and payment processing as part of order processing. For this purpose, your personal data collected in the context of the order will be transmitted to Step Ahead GmbH, Riesstraße 17, 80992 Munich.
The processing is based on Art. 6, Para. 1 lit b) DS-GVO and is necessary for the processing of the contract.
3. Sendinblue
For sending our newsletter, we use the service Sendinblue of the provider SendinBlue SAS, 55 rue d'Amsterdam, 75008 Paris, France. With the help of this service, we organize the dispatch of our newsletter. The e-mail address you provide to order the newsletter is stored on SendinBlue's servers. Server location is Germany. In addition, Sendinblue enables us to analyze the behavior of newsletter recipients. Here, for example, it can be traced how many recipients have opened our newsletter.
If you do not want Sendinblue to analyze your data, you can unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message. Furthermore, you can also revoke your consent at any time with effect for the future by sending an e-mail to the address given in our imprint. The e-mail address you provide for the purpose of sending the newsletter will be stored until you unsubscribe. After unsubscribing from the newsletter, the e-mail address will be deleted from our system, as well as from the provider's system. Data that has been collected for other purposes, e.g. for ordering, remains unaffected.
Further information on data protection can be found here: https://de.sendinblue.com/legal/privacypolicy/ By concluding an order processing agreement, we have obliged the provider SendinBlue to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.
4. Google Tag Manager
The Google Tag Manager service is used on our website to control the display of services. This service is offered by the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Please read here how Google complies with the data protection requirements also with regard to the transmission to the USA: https://policies.google.com/privacy?hl=en
We use Google Tag Manager on the basis of Art. 6 para 1. p. 1 f) DSGVO. Our legitimate interest lies in being able to effectively play out services on our site.
As soon as this service is called up on our site, Google receives your IP address. The service itself does not store any other data or cookies, but only controls the playout of services that are listed in this privacy policy.
5. Google Analytics
We use Google Analytics, a web analysis service of Google Inc (“Google”), on our website.
In this respect, your personal data is processed on the basis of Article 6(1)(f) GDPR to protect our legitimate interest in analyzing the use of our website.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable your use of our website to be analyzed. The information generated by the cookie about your use of our website is usually transmitted to a Google server in the USA and stored there. In this context, we would like to point out that the code “anonymizeIp” has been added to Google Analytics on our website. This ensures an anonymized collection of IP addresses (so-called IP masking), that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand in order to exclude a personal reference. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf to evaluate your use of our website, to compile reports on website activity and to provide us as the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by selecting the appropriate settings in your browser software. Please refer to the program help for the browser you are using to find out how to make the appropriate setting. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of our website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link. The current link is https://tools.google.com/dlpage/gaoptout?hl=de
Alternatively, you can prevent the future collection of your data by Google Analytics by setting an opt-out cookie. You can set this cookie by clicking on this link. Please note that the opt-out cookie only works in this browser and for this website. If you delete the cookies in your browser, you must click on the link again.
Further information on the terms of use between us and Google on data protection can be found at https://www.google.com/analytics/terms/de.html and further information on Google's data protection can be found at https://policies.google.com/?hl=de .
Google is subject to the Privacy Shield Agreement and thus guarantees compliance with European data protection law. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
6. Use of Hotjar
We use the analysis tool of Hotjar Ldt (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julians STJ1000, Malta; “Hotjar”) on our website. The purpose of data processing is the needs-based design, optimization and analysis of our website. The tool is used to randomly record the movements of site visitors on the website. This creates a log of mouse movements, scrolling behavior, length of stay and clicks on the website (so-called heatmap). Hotjar uses cookies, among other things, for this purpose. The following information may be collected in the process IP address (in anonymized form), information about the device you are using (screen size, devices, unique device identifier), information about the browser you are using, location data (country only), preferred language for displaying the website, operating system used. Detailed information on the cookies used, their function and storage duration can be found here: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies.
These data are used to create user profiles under a pseudonym. The data is not used to personally identify the visitor to the website and is not merged with personal data of the bearer of the pseudonym. Hotjar is contractually prohibited from selling the collected data to other third parties. Your data may be transferred to the USA. There is no adequacy decision by the EU Commission for the USA. Data is transferred on the basis of appropriate protective measures, among other things. Hotjar will provide you with further information on the measures taken on request. The use of cookies or comparable technologies takes place with your consent on the basis of § 15 para. 3 sentence 1 DDG i.V.m. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR.
You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Further information on data protection when using Hotjar can be found here: https://www.hotjar.com/legal/policies/privacy#enduserenglish.
7. Use of Mouseflow
We use the analysis tool of Mouseflow ApS (Flaesketorvet 68, 1711 Copenhagen, Denmark; “Mouseflow”) on our website. The data processing serves the purpose of personalizing and analyzing this website and its visitors. Mouseflow uses technologies such as cookies, tracking pixels and scripts. Cookies make it possible to recognize the Internet browser. The following information may be collected in the process: IP address, click path, information about the browser you are using and the operating system you are using, pages visited, time spent on our website, content viewed, location data. This data can be used to create user profiles under a pseudonym. The web tracking tool mouseflow records randomly selected individual visits (only with anonymized IP addresses). This creates a log of mouse movements and clicks with the intention of randomly playing back individual website visits and deriving potential improvements for the website from this. The data collected using mouseflow technologies will not be used to personally identify the visitor to this website and will not be merged with personal data about the bearer of the pseudonym without the separately granted consent of the person concerned. Your data may be transferred to the USA. An adequacy decision by the EU Commission is in place for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Mouseflow has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles. The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) lit. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can find more information on the collection and use of your data by Mouseflow at https://mouseflow.com/legal/visitor/.
8. Use of tracking tools from trbo GmbH
Our website uses technologies from trbo GmbH, Leopoldstr. 41, 80802 Munich, https://www.trbo.com/ (hereinafter referred to as “trbo”) to optimize our online offering, measure the effectiveness of our online advertising and display personalized offers.
If you have given us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we use tracking tools (in particular so-called “cookies” and “web beacons”). The data collected and used in this context is only ever stored under a pseudonym (e.g. a random identification number) and is not merged with other personal data about you (e.g. name, address, etc.). The data is deleted as soon as it is no longer required for the purpose for which it was collected. Data is deleted at user and event level no later than 14 months after it is collected. You can revoke your consent to the processing of personal data via trbo for the above-mentioned purposes at any time with effect for the future or change your selected preferences. To do this, call up the cookie settings again via this link Privacy Settings.
We have concluded an order processing contract with trbo, in which we oblige the provider to protect our customers' data and not to pass it on to third parties.
Further information on data protection at trbo can be found here: https://www.trbo.com/datenschutz/
9. Use of HubSpot
We use the integrated software solution “HubSpot” for our own marketing, lead generation, our sales processes and for customer service purposes. HubSpot includes
- the provision of the CMS (content management system) for the design and publication of our websites, blog posts and landing pages,
- e-mail marketing, which regulates the sending of newsletters and automated mailings (e.g. to provide downloads),
- the social media publishing and ad management tool, which we use to publish social media posts and manage our social media ads,
- the form tool with which we offer, for example, forms for newsletter registration, content downloads, event registrations, the contact form and for support forms,
- the CRM system (Customer Relationship Management system) for contact management and user segmentation, sales and support, and
- the reporting tool for analyzing all collected data.
Content is stored on servers of HubSpot's service providers. Hosting takes place in data centers at the EU Frankfurt site. HubSpot, Inc. is a software company from the USA (HubSpot, Inc. Two Canal Park, USA, Cambridge, MA 02141, USA). Our contractual partner is the subsidiary HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin (VAT: DE312070441; https://legal.hubspot.com/de/impressum). This software provider works on our behalf and can therefore also view (receive) your data to the extent necessary. An order processing agreement has been concluded with HubSpot (https://legal.hubspot.com/dpa).
HubSpot, Inc. has submitted to and certified itself under the Data Privacy Framework concluded between the European Union and the USA. As a result, HubSpot, Inc. undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.dataprivacyframework.gov/s/
Further information on data protection at HubSpot can be found at: https://legal.hubspot.com/de/privacy-policy
An overview of HubSpot's policies, technologies and certifications can be found in the Trust Center at: https://trust.hubspot.com/
An overview of the subcontractors used by HubSpot can be found at: https://legal.hubspot.com/sub-processors-page
The transmission of the data is based on your consent in accordance with Art. 6 para. 1 a) GDPR.
10. Use of CLOUDFLARE (Subcontractor of HubSpot)
Our website content is played out via servers of a subcontractor of HubSpot called Cloudflare (https://legal.hubspot.com/sub-processors-page). Cloudflare (by Cloudflare Inc.) is one of the largest networks on the Internet that ensures the security and performance of web applications. Cloudflare provides a content delivery network, Internet security services and distributed DNS services.
Due to the way in which Cloudflare's functions are integrated into our website infrastructure, the service filters all data traffic taking place via our website, i.e. the communication taking place via our website and the user's browser, and at the same time enables the collection of analytical data that our website contains. Cloudflare sets functional cookies that cannot be deselected when accessing our website.
Cloudflare, Inc. is a software company from the USA (Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA); https://www.cloudflare.com/trust-hub/.
According to the information in HubSpot's list of subcontractors, subcontracted processing takes place in the USA in the case of a US data center location (https://legal.hubspot.com/sub-processors-page). With the transfer of personal data by HubSpot to affiliated companies and sub-service providers in countries outside the EU and the EEA, further protective mechanisms are required to ensure the data protection level of the GDPR.
For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. Cloudflare, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR are also agreed. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
Further information on data protection at Cloudflare can be found at: https://www.cloudflare.com/privacypolicy/
An overview of Cloudflare's policies, technologies and certifications can be found in the Trust Hub at: https://www.cloudflare.com/de-de/trust-hub/
11. Use of Microsoft Clarity
To improve the usability of our website and detect problems, we use the Microsoft Clarity service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For this purpose, sessions can be recorded and heat maps can be used to find out how far users scroll on our pages. We use Microsoft Clarity on the basis of our legitimate interest in accordance with Art. 6 para. 1 sentence 1 f) GDPR. Our legitimate interest lies in troubleshooting and thus optimising our website. Microsoft has submitted to the Data Privacy Framework concluded between the European Union and the USA and has been certified. Microsoft thereby undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.dataprivacyframework.gov/s/
Further information on data protection, transmission to the USA and the cookies used by Microsoft and Clarity can be found on the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement
12. Use of UNPKG.com
We use the content delivery network unpkg.com on our website. This is an open source project. Javascript libraries are delivered from this network. For this purpose, your IP is forwarded to Cloudflare to deliver the corresponding packages. We use unpkg.com on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR and § 25 para. 1 TTDSG. Any consent given can be revoked at any time with effect for the future. They are used to optimise the presentation of our website and thus make it more appealing to customers.
X. Data subject rights and storage period
1. Duration of storage
After the contract has been fully processed, the data will initially be stored for the duration of the warranty period, thereafter taking into account statutory, in particular tax and commercial law retention periods, and then deleted after expiry of the period, unless you have consented to further processing and use.
2. Rights of the data subject
In order to ensure fair and transparent processing of personal data, you as the data subject are entitled to the following rights in accordance with data protection law:
- the right to obtain information in accordance with Article 15 DS-GVO,
- the right to rectification in accordance with Article 16 DS-GVO,
- the right to deletion according to Article 17 DS-GVO,
- the right to restriction of processing pursuant to Article 18 DS-GVO,
- the right to data portability according to Article 20 DS-GVO
- the right to revoke consent given at any time in accordance with Article 7 (3) DS-GVO,
- the right to object to processing pursuant to Article 21 DS-GVO, about which we will inform you separately below
- and the right to lodge a complaint with the supervisory authority persuant to Article 77 DS-GVO, about which we will inform you separately below
- Your right to object to processing
THE PROCESSING OF PERSONAL DATA IS PERMITTED IF THE PROCESSING IS NECESSARY FOR THE PURPOSES OF THE LEGITIMATE INTERESTS OF THE CONTROLLER OR A THIRD PARTY, UNLESS SUCH INTERESTS ARE OVERRIDDEN BY THE INTERESTS OR FUNDAMENTAL RIGHTS AND FREEDOMS OF THE DATA SUBJECT WHICH REQUIRE THE PROTECTION OF PERSONAL DATA, IN PARTICULAR WHERE THE DATA SUBJECT IS A CHILD, ART. 6 ABS. 1(F) DS-GVO.
YOU, AS THE DATA SUBJECT, HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU WHICH IS CARRIED OUT ON THE BASIS OF ART. 6 ABS. 1 LETTER F) DS-GVO; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS AS A DATA SUBJECT, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU AS THE DATA SUBJECT HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU, AS THE DATA SUBJECT, OBJECT TO THE PROCESSING FOR THE PURPOSES OF DIRECT MARKETING, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR SUCH PURPOSES.
XII. Changes to this Privacy Policy
If new services or providers are used to operate this website, we reserve the right to adapt this data protection declaration in order to comply with the legal circumstances. This adjusted privacy policy will then apply to your revisiting this website.