Privacy policy

Privacy policy

As the responsible party in the sense of the data protection regulations, we inform you below about the processing of your personal data by us.

I. The term personal data and other important terms

In simple terms, personal data is any information that relates to you personally as a data subject. Provisions on what the term "personal data" means and what other terms important for the following data protection information mean can be found in Article 4 of the DS-GVO (General Data Protection Regulation).

II. Name and contact details of the person responsible; contact details of the data protection officer

In simple terms, the controller is the person who alone or jointly with others determines the purposes and means of the processing of personal data. The name and contact details of the person responsible can be found in our provider identification / imprint.

III. Purposes of the processing of your personal data; legal basis for the processing

We process your personal data within the scope of our activities for the purposes listed below in accordance with the legal bases stated in each case.

• 1. To carry out pre-contractual measures based on an inquiry from you, the processing of your personal data is based on your consent pursuant to Article 6 (1) (a) DS-GVO or on the basis of Article 6 (1) (b) DS-GVO.
• 2. In order to safeguard our legitimate interest in responding to inquiries and in taking other measures based on an inquiry from you, the processing of your personal data is based on the consent you have given us pursuant to Article 6 (1) (a) DS-GVO or on the basis of Article 6 (1) (f) DS-GVO.
• 3. For the performance of a contract to which you are a party, the processing of your personal data is based on the consent given by you pursuant to Article 6 (1) (a) DS-GVO or on the basis of Article 6 (1) (b) DS-GVO.
• 4. For the implementation of measures for the purpose of advertising, the processing of your personal data will be carried out either on the basis of the consent given by you pursuant to Article 6 (1) (a) DS-GVO or on the basis of Article 6 (1) (f) DS-GVO.
• 5. In order to protect our legitimate interest in maintaining the proper operation of our website, in providing the most user-friendly functions possible and in analyzing the use of our website, the processing of your personal data is based on Article 6 (1) (f) DS-GVO.
• 6. In order to protect our legitimate interest in enforcing our rights and defending ourselves against claims, the processing of your personal data is based on Article 6 (1) (f) DS-GVO.

   

Our systems are secured in accordance with the state of the art by technical and organizational measures to protect your personal data against access, alteration or dissemination by unauthorized persons and against loss and destruction.

Information on the processing of your personal data for the individual processing purposes can be found in the corresponding further notes within the scope of this privacy policy.

IV. Transfer of your personal data to third parties; categories of recipients of your personal data

Insofar as this is necessary to achieve the purposes of the processing of your personal data, we transfer your personal data to third parties within the framework of the legal requirements. Detailed information on the transfer of your personal data to third parties for the individual processing purposes can be found in the corresponding further notes within the scope of this privacy policy. In cases where your personal data is transferred to third parties, the scope of the transferred data is limited to the minimum necessary.

V. Scope of the processing of your personal data for the individual processing purposes

 

Below, we inform you in detail about the processing of your personal data for the various processing purposes.

 

Your personal data will be deleted when it is no longer needed for processing for the respective processing purpose, unless we are allowed to continue processing the data for another processing purpose within the scope of the legal requirements and in accordance with the information provided in this privacy policy.

1. Use of our internet presence for information purposes

If you visit our website without sending us any information, we only process the personal data that your browser transmits to our server. This is the following data, which is technically necessary to display our Internet presence to you and to ensure stability and security:

• the page you called up
• date and time of the request
• amount of data transferred
• source or reference from where you came to the page
• the browser you are using
• operating system used by you
• your IP adress

Your personal data is processed on the basis of Article 6 (1) (f) DS-GVO to protect our legitimate interest in maintaining the proper operation of our website.

Your personal data will be deleted after 6 months, unless it is further required for the assertion of rights or the enforcement of claims due to measures against the proper operation of our Internet presence. In this case, the deletion will take place immediately after the conclusion of the corresponding proceedings.

2. Processing of inquiries

If you contact us with an inquiry or a request, we process the personal data and information/documents you provide. Regardless of the way in which you send us your inquiry or request, this may include:

• date and time of contact
• Name data
• Contact data
• Data on inquiry/concern
• Transmitted information/documents
  
  

Depending on the content of your inquiry or request, the processing of your personal data and the transmitted information/documents is based on your consent pursuant to Article 6 para. 1 letter a) DS-GVO to respond to your inquiry or on Article 6 para. 1 letter b) DS-GVO to carry out pre-contractual measures or on Article 6 para. 1 letter b) DS-GVO for the performance of a contract to which you are a party or on the basis of Article 6 para. 1 letter f) DS-GVO to protect our legitimate interest in responding to inquiries/concerns and in taking other measures in connection with the processing of inquiries/concerns.

Insofar as we provide a contact form and you contact us via this contact form, you grant consent with the following content by sending your message, about which you will be informed separately in the contact form: "I consent to the processing of my e-mail address and the other personal data provided by me for the purpose of responding to my message. I can revoke this consent at any time and without giving reasons with effect for the future. The lawfulness of the processing carried out until the revocation remains unaffected in the event of revocation."

You can revoke your consent at any time and without giving reasons with effect for the future. For this purpose, it is sufficient to send a corresponding message to the responsible person, whose contact details you can find in the information on the responsible person. The lawfulness of the processing carried out until the revocation remains unaffected in the event of revocation.

Insofar as this is necessary for the processing of your inquiry/request, we transmit your personal data to third parties within the scope of the legal requirements. In cases where your personal data is transferred to third parties, the scope of the transferred data is limited to the minimum necessary.

Your personal data will be deleted when your inquiry/concern has been resolved, unless we are allowed to continue processing the data for another processing purpose within the framework of the legal requirements and in accordance with the information in this privacy policy.

3. Complaint management

The personal data you provide will be processed exclusively for the purpose of handling your complaint. The data collected via the complaint form is mandatory in order to process your complaint.

The data will only be processed if you consent to this (Art. 6 para. 1 sentence 1 a) GDPR) or if we have a legitimate interest in processing your data (Art. 6 para. 1 sentence 1 f) GDPR). Our legitimate interest lies in responding to your request. If you wish to complain about a product purchased from us, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

After final processing of your request, your data will be stored in accordance with the statutory retention obligations and then deleted.

4. Customer account

When opening a customer account, we collect your personal data to the extent specified therein. The data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is based on Art. 6 para. 1 lit. a DSGVO with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of the consent until the revocation. Your customer account will then be deleted.

5. Fulfillment of contracts

If you provide us with personal data for the purpose of concluding a contract or in connection with the creation of a customer account, we process the data you provide for the purpose of fulfilling the contract. These are your customer data (e.g. your name and address) and the contract data (e.g. details of the products covered by the contract and payment and delivery information).

The processing of your personal data is based on Article 6 (1) (b) DS-GVO for the performance of a contract to which you are a party.

Insofar as this is necessary for the performance of the contract with you, we transmit your personal data to third parties within the framework of the legal requirements. This transfer is made to the service providers involved in the performance of the contract. These are the providers of the processing tools used by us. Furthermore, these are the companies commissioned with the transport.

In cases where your personal data is transferred to third parties, the scope of the transferred data is limited to the minimum required.

Your personal data will be deleted after the expiry of the retention periods of 6 or 10 years under tax and commercial law, unless we are allowed to continue processing the data for another processing purpose within the scope of the legal requirements and in accordance with the information in this privacy policy.

6. Advertising by letter post

We process the personal data you provide on first and last name and address, if necessary, for sending information on our offers by letter post.

In this respect, the processing of your personal data is carried out on the basis of Article 6 (1) (f) DS-GVO for the protection of our legitimate interest in carrying out advertising measures by letter post.

 

You can object to the processing of your personal data for the purpose of carrying out advertising measures by letter post at any time. For this purpose, it is sufficient to send a corresponding message to the responsible person, whose contact details you can find in the information on the responsible person.

If you object to the processing of your personal data for the purpose of carrying out advertising measures by letter post, the personal data you have provided regarding first name, surname and address will be deleted immediately, unless we may continue to process the data for another processing purpose within the scope of the legal requirements and in accordance with the information in this data protection declaration.

7. Newsletter

We use your e-mail address independently of the contract processing exclusively for our own advertising purposes for sending newsletters, provided that you have expressly consented to this. The processing is based on Art. 6 para. 1 lit. a DSGVO with your consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation. To do so, you can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your e-mail address will then be removed from the distribution list.

Your data will be passed on to a service provider for e-mail marketing within the scope of order processing. Your data will not be passed on to any other third parties.

8. Cookies

We use so-called cookies on our website. These are small files that are stored on your device and through which certain information is transmitted to us. The use of cookies serves to enable you to use certain functions and to make our offer more user-friendly overall.

Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device even after the end of the browser session, i.e. after you close your browser, and enable us or our partner companies (third-party cookies) to recognize you the next time you visit our website (so-called persistent cookies).

Some of the cookies we use are technically necessary to enable you to use certain functions. This is the case, for example, with regard to the storage of entries in connection with the use of the shopping cart function. In this respect, your personal data is processed on the basis of Article 6 (1) (b) DS-GVO for the implementation of pre-contractual measures that take place at your request as a data subject or on the basis of Article 6 (1) (b) DS-GVO for the performance of a contract to which you are a party or on the basis of Article 6 (1) (f) DS-GVO to protect our legitimate interest in providing the most user-friendly functions possible. Insofar as we or our partner companies use cookies for the purpose of range measurement or for marketing purposes, you can find detailed information on this, if applicable, in the corresponding further notes within the scope of this data protection declaration. For cookies for marketing and analysis purposes, your consent pursuant to Art.6 (1) (A) DS-GVO serves as the legal basis. Consent given can be revoked at any time with effect for the future.

You can prevent the storage of cookies by selecting the appropriate settings on your browser software. If necessary, please refer to the program help for the browser you are using to see how the corresponding setting can be made. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent. By way of example, we refer to the information on the following common browsers:

• Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
• Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
• Opera: http://help.opera.com/Windows/10.20/de/cookies.html
• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
• Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

VI. Information on service providers used

To operate this website, we integrate external services to make our website more user-friendly, effective and secure. This is our legitimate interest according to Art 6 para. 1 p. 1 f) DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

1. Cookie Consent Manager CCM19

To control cookies and obtain the necessary consent, we use the Cookie Consent Manager CCM19 from Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, on our website. This tool allows you to allow or deny cookies.

We use the consent management tool on the basis of Art. 6 (1) (1) (c) GDPR. The processing of this data is necessary to be able to prove consent given.

Information on the processing of the transferred data can be found here: https://www.ccm19.de/datenschutzerklaerung.html

2. Merchandise management system

We use an enterprise resource planning system for contract and payment processing as part of order processing. For this purpose, your personal data collected in the context of the order will be transmitted to Step Ahead GmbH, Riesstraße 17, 80992 Munich.

 

The processing is based on Art. 6, Para. 1 lit b) DS-GVO and is necessary for the processing of the contract.

3. Sendinblue

For sending our newsletter, we use the service Sendinblue of the provider SendinBlue SAS, 55 rue d'Amsterdam, 75008 Paris, France. With the help of this service, we organize the dispatch of our newsletter. The e-mail address you provide to order the newsletter is stored on SendinBlue's servers. Server location is Germany. In addition, Sendinblue enables us to analyze the behavior of newsletter recipients. Here, for example, it can be traced how many recipients have opened our newsletter.

If you do not want Sendinblue to analyze your data, you can unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message. Furthermore, you can also revoke your consent at any time with effect for the future by sending an e-mail to the address given in our imprint. The e-mail address you provide for the purpose of sending the newsletter will be stored until you unsubscribe. After unsubscribing from the newsletter, the e-mail address will be deleted from our system, as well as from the provider's system. Data that has been collected for other purposes, e.g. for ordering, remains unaffected.

Further information on data protection can be found here: https://de.sendinblue.com/legal/privacypolicy/  By concluding an order processing agreement, we have obliged the provider SendinBlue to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.

4. Google Tag Manager

The Google Tag Manager service is used on our website to control the display of services. This service is offered by the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Please read here how Google complies with the data protection requirements also with regard to the transmission to the USA: https://policies.google.com/privacy?hl=en

We use Google Tag Manager on the basis of Art. 6 para 1. p. 1 f) DSGVO. Our legitimate interest lies in being able to effectively play out services on our site.

As soon as this service is called up on our site, Google receives your IP address. The service itself does not store any other data or cookies, but only controls the playout of services that are listed in this privacy policy.

5. Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google". Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about the use of this website by site visitors can be transmitted to a Google server in the USA and stored there.

We use Google Analytics on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR and § 25 para. 1 TTDSG. Any consent given can be revoked at any time with effect for the future. The purpose of this use is to operate our website economically.

Google has submitted to the Data Privacy Framework concluded between the European Union and the USA and has been certified. Google thereby undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
Data Privacy Framework

Please read here how Google complies with data protection regulations, including with regard to transmission to the USA:
Data Protection Law Compliance - Business Data Responsibility

We have activated IP anonymisation on this website (anonymiseIp). However, this means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on our behalf to analyse your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the transmission of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: Download-Seite für das Browser-Add-on zur Deaktivierung von Google Analytics.

As an alternative to the browser plugin or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click this link again): Deactivate Google Analytics

6. Google Adwords Conversion Tracking

We use the online advertising programme "Google AdWords" on our website and conversion tracking as part of Google AdWords. Google Conversion Tracking is an analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; "Google") in order to be able to assess the effectiveness of adverts.

If you click on an advert placed via Google, a cookie for conversion tracking is stored on your computer. These cookies do not contain any personal data. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognise that you have clicked on the ad and have been redirected to this page. 

We use this marketing function on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR and § 25 para. 1 TDDDG. Any consent given can be revoked at any time with effect for the future.

The use serves to optimise the marketing of our products.

Google has submitted to the Data Privacy Framework concluded between the European Union and the USA and has been certified. Google thereby undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:
https://www.dataprivacyframework.gov/s

Please read here how Google complies with data protection regulations, including with regard to transfers to the USA: 
https://policies.google.com/privacy?hl=de

7. Google Ads / AdSense

The Google Ads service is used on our website to display adverts on external websites that draw attention to our offer. This service is provided by the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use Google Ads on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR and § 25 para. 1 TDDDG. Any consent given can be revoked at any time with effect for the future.

The purpose of this service is to display adverts that are tailored to the interests of our target group and to make our offer more attractive.

As soon as this service is called up on our site, a connection to Google is established, through which your IP address is transmitted to Google. Google stores a cookie on your computer. This cookie is not used to identify a natural person but contains statistical values.

We receive analyses of the campaigns from Google that do not contain any personal data.

Google has submitted to the Data Privacy Framework concluded between the European Union and the USA and has been certified. Google thereby undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:

Data Privacy Framework

Please read here how Google complies with data protection regulations, including with regard to transfers to the USA: Datenschutzerklärung – Datenschutzerklärung & Nutzungsbedingungen – Google

8. Use of Hotjar

We use the analysis tool of Hotjar Ldt (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julians STJ1000, Malta; “Hotjar”) on our website. The purpose of data processing is the needs-based design, optimization and analysis of our website. The tool is used to randomly record the movements of site visitors on the website. This creates a log of mouse movements, scrolling behavior, length of stay and clicks on the website (so-called heatmap). Hotjar uses cookies, among other things, for this purpose. The following information may be collected in the process IP address (in anonymized form), information about the device you are using (screen size, devices, unique device identifier), information about the browser you are using, location data (country only), preferred language for displaying the website, operating system used. Detailed information on the cookies used, their function and storage duration can be found here: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies.

These data are used to create user profiles under a pseudonym. The data is not used to personally identify the visitor to the website and is not merged with personal data of the bearer of the pseudonym. Hotjar is contractually prohibited from selling the collected data to other third parties. Your data may be transferred to the USA. There is no adequacy decision by the EU Commission for the USA. Data is transferred on the basis of appropriate protective measures, among other things. Hotjar will provide you with further information on the measures taken on request. The use of cookies or comparable technologies takes place with your consent on the basis of § 15 para. 3 sentence 1 DDG i.V.m. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR.

You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Further information on data protection when using Hotjar can be found here: https://www.hotjar.com/legal/policies/privacy#enduserenglish.

9. Use of tracking tools from trbo GmbH

Our website uses technologies from trbo GmbH, Leopoldstr. 41, 80802 Munich, https://www.trbo.com/ (hereinafter referred to as “trbo”) to optimize our online offering, measure the effectiveness of our online advertising and display personalized offers.

If you have given us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we use tracking tools (in particular so-called “cookies” and “web beacons”). The data collected and used in this context is only ever stored under a pseudonym (e.g. a random identification number) and is not merged with other personal data about you (e.g. name, address, etc.). The data is deleted as soon as it is no longer required for the purpose for which it was collected. Data is deleted at user and event level no later than 14 months after it is collected. You can revoke your consent to the processing of personal data via trbo for the above-mentioned purposes at any time with effect for the future or change your selected preferences. To do this, call up the cookie settings again via this link Privacy Settings.

We have concluded an order processing contract with trbo, in which we oblige the provider to protect our customers' data and not to pass it on to third parties.

Further information on data protection at trbo can be found here: https://www.trbo.com/datenschutz/

10. Use of HubSpot

We use the integrated software solution “HubSpot” for our own marketing, lead generation, our sales processes and for customer service purposes. HubSpot includes

• the provision of the CMS (content management system) for the design and publication of our websites, blog posts and landing pages,
• e-mail marketing, which regulates the sending of newsletters and automated mailings (e.g. to provide downloads),
• the social media publishing and ad management tool, which we use to publish social media posts and manage our social media ads,
• the form tool with which we offer, for example, forms for newsletter registration, content downloads, event registrations, the contact form and for support forms,
• the CRM system (Customer Relationship Management system) for contact management and user segmentation, sales and support, and
• the reporting tool for analyzing all collected data.

Content is stored on servers of HubSpot's service providers. Hosting takes place in data centers at the EU Frankfurt site. HubSpot, Inc. is a software company from the USA (HubSpot, Inc. Two Canal Park, USA, Cambridge, MA 02141, USA). Our contractual partner is the subsidiary HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin (VAT: DE312070441; https://legal.hubspot.com/de/impressum). This software provider works on our behalf and can therefore also view (receive) your data to the extent necessary. An order processing agreement has been concluded with HubSpot (https://legal.hubspot.com/dpa).

HubSpot, Inc. has submitted to and certified itself under the Data Privacy Framework concluded between the European Union and the USA. As a result, HubSpot, Inc. undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.dataprivacyframework.gov/s/

Further information on data protection at HubSpot can be found at: https://legal.hubspot.com/de/privacy-policy
An overview of HubSpot's policies, technologies and certifications can be found in the Trust Center at: https://trust.hubspot.com/

An overview of the subcontractors used by HubSpot can be found at: https://legal.hubspot.com/sub-processors-page

The transmission of the data is based on your consent in accordance with Art. 6 para. 1 a) GDPR.

11. Use of Hubspot Inc. for Hubspot Analytics

We use the integrated software solution "HubSpot" as a website analysis tool to optimise our offering.

HubSpot includes:

• the provision of the CMS (content management system) for the design and publication of our websites, blog posts and landing pages,
• the reporting tool (Hubspot Analytics) for analysing all collected data.

Content is stored on servers of HubSpot's service providers. Hosting takes place in data centres in Frankfurt in the EU.

HubSpot, Inc. is a software company from the USA (HubSpot, Inc. Two Canal Park, USA, Cambridge, MA 02141, USA). Our contractual partner is the subsidiary HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin (VAT: DE312070441; https://legal.hubspot.com/de/impressum).

This software provider works on our behalf and can therefore also view (receive) your data to the extent necessary. An order processing agreement has been concluded with HubSpot (https://legal.hubspot.com/dpa).

HubSpot, Inc. has submitted to the Data Privacy Framework concluded between the European Union and the USA and has certified itself. By doing so HubSpot, Inc. undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry:

https://www.dataprivacyframework.gov/s/

Further information on data protection at HubSpot can be found at: https://legal.hubspot.com/de/privacy-policy.

An overview of HubSpot's policies, technologies and certifications can be found in the Trust Centre at: https://trust.hubspot.com/

You can find an overview of the subcontractors used by HubSpot at: https://legal.hubspot.com/sub-processors-page

The transmission of the data is based on your consent in accordance with Art. 6 para. 1 a) GDPR.

12. Use of CLOUDFLARE (Subcontractor of HubSpot)

Our website content is played out via servers of a subcontractor of HubSpot called Cloudflare (https://legal.hubspot.com/sub-processors-page). Cloudflare (by Cloudflare Inc.) is one of the largest networks on the Internet that ensures the security and performance of web applications. Cloudflare provides a content delivery network, Internet security services and distributed DNS services.

Due to the way in which Cloudflare's functions are integrated into our website infrastructure, the service filters all data traffic taking place via our website, i.e. the communication taking place via our website and the user's browser, and at the same time enables the collection of analytical data that our website contains. Cloudflare sets functional cookies that cannot be deselected when accessing our website.

Cloudflare, Inc. is a software company from the USA (Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA); https://www.cloudflare.com/trust-hub/.

According to the information in HubSpot's list of subcontractors, subcontracted processing takes place in the USA in the case of a US data center location (https://legal.hubspot.com/sub-processors-page). With the transfer of personal data by HubSpot to affiliated companies and sub-service providers in countries outside the EU and the EEA, further protective mechanisms are required to ensure the data protection level of the GDPR.

For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. Cloudflare, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR are also agreed. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information on data protection at Cloudflare can be found at: https://www.cloudflare.com/privacypolicy/
An overview of Cloudflare's policies, technologies and certifications can be found in the Trust Hub at: https://www.cloudflare.com/de-de/trust-hub/

13. Use of Microsoft Clarity

To improve the usability of our website and detect problems, we use the Microsoft Clarity service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For this purpose, sessions can be recorded and heat maps can be used to find out how far users scroll on our pages. We use Microsoft Clarity on the basis of our legitimate interest in accordance with Art. 6 para. 1 sentence 1 f) GDPR. Our legitimate interest lies in troubleshooting and thus optimising our website. Microsoft has submitted to the Data Privacy Framework concluded between the European Union and the USA and has been certified. Microsoft thereby undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.dataprivacyframework.gov/s/

Further information on data protection, transmission to the USA and the cookies used by Microsoft and Clarity can be found on the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement

14. Use of UNPKG.com

We use the content delivery network unpkg.com on our website. This is an open source project. Javascript libraries are delivered from this network. For this purpose, your IP is forwarded to Cloudflare to deliver the corresponding packages. We use unpkg.com on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR and § 25 para. 1 TTDSG. Any consent given can be revoked at any time with effect for the future. They are used to optimise the presentation of our website and thus make it more appealing to customers.

15. Use of etrusted

On our website, etrusted.com is used for the evaluation of our products by customers. It is a portal for customer reviews.

Registered office of the company:

Trusted Shops SE
Colonius Carré
Subbelrather Street 15c
50823 Cologne

This seal is an offer of the company AUBI GmbH, Alsterufer 34, 20354 Hamburg, Germany. For more information, please visit https://www.ausgezeichnet.org/datenschutz/.

We use this marketing function on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR and § 25 para. 1 TDDDG. Any consent given can be revoked at any time with effect for the future.

As soon as this service is called up on our site, the provider receives your IP address. In addition, a cookie is stored on your computer that does not contain any personal data.

16. Use of LuigisBox - Luigi’s Box, s.r.o. (EN)

Our search results are displayed via the servers of a subcontractor of Luigi's Box, the company Luigi's Box, s.r.o., which uses Amazon Web Services for load balancing. This involves the storage of various cookies, which you can view at Cookie-Liste - Luigi's Box Luigi's Box provides a content delivery network to process our website search queries.

Due to the way in which the functions of Luigi's Box are integrated into our website, the IP address and search query are transferred to the Luigi's Box network when search queries are made.

The company is based at Vysoká 34, Staré Mesto, 811 06, Bratislava, Slovakia.

We use the content delivery network in the context of a legitimate interest in accordance with Art. 6 Para. 1. P. 1 c) GDPR. The processing of this data is necessary to process the search queries.

Further information on data processing can be found at: Datenschutzrichtlinie - Luigi's Box

17. Microsoft Ads (Bing Ads)

Our website uses the remarketing function “Bing Ads” of Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA. (“Microsoft Advertising”). If you have reached our website via a Microsoft Bing ad, Microsoft Bing Ads will store a cookie on your computer. This allows us to determine the total number of users who have clicked on our Bing ad. We use Bing Ads on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR and § 25 para. 1 TDDDG. Any consent given can be revoked at any time with effect for the future.

The use serves to analyze user behavior in order to optimize both its website and our advertising. Microsoft has submitted to the Data Privacy Framework concluded between the European Union and the USA and is certified. As a result, Microsoft undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.dataprivacyframework.gov/s Further information on data protection, transmission to third countries and the cookies used by Microsoft and Bing Ads can be found on the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement

---

X. Data subject rights and storage period

1. Duration of storage

After the contract has been fully processed, the data will initially be stored for the duration of the warranty period, thereafter taking into account statutory, in particular tax and commercial law retention periods, and then deleted after expiry of the period, unless you have consented to further processing and use.

2. Rights of the data subject

In order to ensure fair and transparent processing of personal data, you as the data subject are entitled to the following rights in accordance with data protection law:

• the right to obtain information in accordance with Article 15 DS-GVO,
• the right to rectification in accordance with Article 16 DS-GVO,
• the right to deletion according to Article 17 DS-GVO,
• the right to restriction of processing pursuant to Article 18 DS-GVO,
• the right to data portability according to Article 20 DS-GVO
• the right to revoke consent given at any time in accordance with Article 7 (3) DS-GVO,
• the right to object to processing pursuant to Article 21 DS-GVO, about which we will inform you separately below
• and the right to lodge a complaint with the supervisory authority persuant to Article 77 DS-GVO, about which we will inform you separately below
• Your right to object to processing

 

THE PROCESSING OF PERSONAL DATA IS PERMITTED IF THE PROCESSING IS NECESSARY FOR THE PURPOSES OF THE LEGITIMATE INTERESTS OF THE CONTROLLER OR A THIRD PARTY, UNLESS SUCH INTERESTS ARE OVERRIDDEN BY THE INTERESTS OR FUNDAMENTAL RIGHTS AND FREEDOMS OF THE DATA SUBJECT WHICH REQUIRE THE PROTECTION OF PERSONAL DATA, IN PARTICULAR WHERE THE DATA SUBJECT IS A CHILD, ART. 6 ABS. 1(F) DS-GVO.

YOU, AS THE DATA SUBJECT, HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU WHICH IS CARRIED OUT ON THE BASIS OF ART. 6 ABS. 1 LETTER F) DS-GVO; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS AS A DATA SUBJECT, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU AS THE DATA SUBJECT HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU, AS THE DATA SUBJECT, OBJECT TO THE PROCESSING FOR THE PURPOSES OF DIRECT MARKETING, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR SUCH PURPOSES.

XII. Changes to this Privacy Policy

 

If new services or providers are used to operate this website, we reserve the right to adapt this data protection declaration in order to comply with the legal circumstances. This adjusted privacy policy will then apply to your revisiting this website.