Thank you for your interest in our website. The protection of your privacy and your data is very important to us. In the course of using this website, your personal data will be processed by us as the data controller and stored for the period of time required to fulfill the specified purposes and legal obligations.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall be in line with the requirements of the of the General Data Protection Regulation (GDPR) and in accordance with the applicable country-specific data protection provisions. In accordance with Art. 4 No. 1 of the General Data Protection Regulation (GDPR), personal data are any information relating to an identified or identifiable natural person.
The following statement provides you with an overview of the type of data that are collected, in which way these data are used and passed on, which security measures we take to protect your data and how you can obtain information about the information given to us and which rights you can assert.
All data transmitted by you personally will be encrypted using the generally accepted and secure standard TLS (Transport Layer Security). You can recognize a secure TLS connection by, among other things, the appended s at the http (i.e. ..) in the address bar of your browser or the lock symbol in the lower area of your browser.
Responsible for data processing is:
Weinbergstrasse 2 7
Johannes von Gleichenstein
Telefon: +49 761 76668587
Applicable legal basis
In the following, we inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, the national data protection regulations of your or our country of residence and domicile may apply. Furthermore, should more specific legal bases be relevant in individual cases, we will inform you of these in the data protection declaration.
Consent (Art. 6 para. 1 p. 1 lit. a of the GDPR)
The data subject has given consent to the processing of personal data one or more specific purposes.
Performance of a contract and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. of the GDPR)
The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6 para. 1 p. 1 lit. c. of the GDPR)
Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6 para. 1 p. 1 lit. f. of the GDPR)
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
National data protection provisions in Germany
In addition to the data protection provisions of the General Data Protection Regulation, national data protection provisions apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG).
Transmission and disclosure of personal data
In the course of our processing of personal data, it may happen that the data is transferred or disclosed to other offices, companies, legally independent organizational units or persons. The recipients of this data may include e.g. payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate agreements that serve the protection of your data with the recipients of your data.
Data processing in third countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of using third-party services or disclosing or transferring data to other persons, entities or companies, this will only be done in accordance with legal requirements.
Subject to explicit consent or contractually or legally required by law transfer, we process the data or have the data processed only in third countries with a recognized level of data protection, which includes U.S. processors certified under the Privacy Shield, or on the basis of special guarantees, such as contractual obligation through so-called EU Commission standard protection clauses, the existence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: International dimension of data protection ).
Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. The primary purpose of a cookie is to store information about a user during or after his or her visit within an online offer. The stored information may include, for example, the language settings on a website, the login status, a shopping cart or the place where a video was watched. The term "cookies" also includes other technologies that perform the same functions as cookies (e.g., when information about users is stored using pseudonymous online identifiers, also referred to as "user IDs").
The following cookie types and functions are distinguished:
Temporary cookies (also: session cookies)
Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users used for range measurement or marketing purposes can be stored in such a cookie.
First-party cookies are set by ourselves.
Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
Necessary (also: essential or absolutely necessary) cookies
On the one hand, cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user input or for security reasons).
General information on revocation and objection (opt-out)
Processing of personal data and purposes of processing
Contractual and business services
We process data of our contractual and business partners, e.g. customers and prospective customers (collectively referred to as the "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the course of communication with the contractual (or pre-contractual) partners, e.g., to answer inquiries.
We process these data to fulfil our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as for business organization. Within the framework of the applicable law, we only pass on the data of the contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or with the consent of the contractual partners (e.g. to involved telecommunication, transport and other auxiliary services as well as to subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.
We inform the contractual partners before or in the course of data collection, which data is required for the aforementioned purposes e.g. in online forms, by means of special marking (e.g. colours) or symbols (e.g. asterisks or similar), or in person.
We delete the data after the expiry of legal warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons (e.g., for tax purposes generally 10 years). Data that has been disclosed to us in the context of an order by the contractual partner within the scope of an order, will be deleted in accordance with the specifications of the order, generally after the end of the order.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Economic analyses and market research
For business management reasons and in order to be able to recognize market trends, wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc., whereby the group of data subjects may include contractual partners, interested parties, customers, visitors and users of our online offer.
The analyses are carried out for the purpose of business management evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users including their details, e.g. on services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarized, i.e. anonymized values. Furthermore, we take the privacy of the users into consideration and process the data for the analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g. as aggregated data).
Store and e-commerce
We process the data of our customers to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and delivery or execution. The required data are marked as such in the context of the order or comparable purchase process and include the data required for delivery, or provision and billing as well as contact information, in order to be able to hold possible consultation.
Provisioning of the online offer and web hosting
In order to be able to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.
The data processed in the course of providing the hosting service may include all data concerning the users of our online offer, which is collected in the course of use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the contents of online offers to browsers, as well as all entries made within our online offer or from websites.
Collection of access data and log files
We ourselves (or our web hosting provider) collect data on each access to the server (so-called server log files). The server log files may include the address and name of the web pages and files accessed, date and time of access, transferred data volumes, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.
The server log files may be used for security purposes, e.g., to avoid an overload of the server (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability.
When contacting us (e.g. via contact form, e-mail, telephone or via social media) the information of the inquiring persons is processed, insofar as this is necessary to answer the contact requests and any requested measures.
The response to the contact requests in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual requests and furthermore on the basis of legitimate interests in responding to the requests.
Payment service provider
Within the scope of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and, in addition to banks and credit institutions, we use other payment service providers (collectively, "payment service providers").
The data processed by the payment service providers include inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The details are required to carry out the transactions. However, the data entered is processed and stored only by the payment service providers. I.e., we do not receive any account- or credit card-related information, but only information with confirmation of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check the identity and creditworthiness. In this regard, we refer to the terms and conditions and the data protection information of the payment service providers.
For payment transactions, the terms and conditions and data protection notices of the respective payment service providers apply, which are available on the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other data subject rights.
Services used and service providers
Klarna / Instant bank transfer
Payment services; service provider: Mastercard Europe SA, Chaussee de Tervuren. 198A, B-1410 Waterloo, Belgium; Website: www.mastercard.de/de-de.html;
privacy notice: https://www.mastercard.de/de-de/datenschutz.html.
Communication via Messenger
We use messengers for communication purposes and therefore request that you read the following the following information on the functionality of the messenger, on encryption, on the use of the metadata of the communication and to your objection options.
You can also contact us in alternative ways, e.g. via telephone or e-mail. Please use the contact options provided to you or the contact options provided within our online offer.
In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages is not viewable, not even by the messenger providers themselves. You should always use an up-to-date version of the messenger with encryption enabled, so that the encryption of the message content is ensured.
However, we additionally point out to our communication partners that although the messenger providers cannot view the content, they can learn that and when communication partners communicate with us as well as process technical information about the device used by the communication partners and, depending on the settings of their device, also location information (so-called metadata).
Services used and service providers
Presence in social networks
We maintain online presences within social networks and process in this context data of users in order to communicate with the users active there or to offer information about us.
We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. With regard to U.S. providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we point out that they thereby undertake to comply with EU data protection standards.
Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, user profiles can be created on the basis of the user behaviour and the interests of the users can be used to create usage profiles. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks which presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's behaviour and interests are stored. Furthermore, the usage profiles may also contain data may also be stored in the usage profiles, irrespective of the devices used by the users (in particular, if the users are members of the respective platforms and are logged in to them).
For a detailed presentation of the respective forms of processing and the opt-out options, please refer to the data protection notices and information of the operators of the respective networks.
In the case of requests for information and the assertion of data subjects' rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. Should you nevertheless require assistance, you can contact us.
Services used and service providers
Social network; service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Facebook, 1 Hacker Way, Menlo Park, CA.
We process personal data for online marketing purposes, which includes in particular the marketing of advertising space or display of advertising and other content (collectively, "content") based on the potential interests of users and the measurement of their effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used, by means of which the information relevant to the presentation of the relevant for the presentation of the aforementioned content are stored. This information includes content viewed, web pages visited, online networks used, but also communication partners and technical communication partners and technical information, such as the browser used, the computer system used computer system used as well as information on usage times. If users have consented to the collection of their location data, this can also be processed.
The IP addresses of users are also stored. However, we use the available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect the users. In general, within the framework of the online marketing process, no clear user data (such as e-mail addresses or names) is stored, but pseudonyms. This means that we as well as the providers of the online marketing procedures do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can later generally be read on other websites that use the same online marketing procedure and analysed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider.
Exceptionally, clear data can be assigned to the profiles. This is the case if, for example, the users are members of a social network whose online marketing process we use and the network associates the users' profiles with the aforementioned data. We ask that you note that users may enter into additional agreements with the providers, e.g. by giving their consent as part of the registration process.
In principle, we only receive access to summarized information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e., for example, to a conclusion of a contract with us. The conversion measurement is used solely to analyse the success of our marketing measures.
Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.
Opt-out option: We refer to the data protection notices of the respective providers and the opt-out options given for the providers (so-called \"opt-out\").
If no explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this may restrict functions of our online offer.
Services used and service providers
Online marketing and web analysis; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre
Plugins and embedded functions and content
We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or social media buttons as well as posts (hereinafter uniformly referred to as "content").
The integration always requires that the third-party providers of this content process the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the presentation of these contents or functions. We strive to use only such content, whose respective providers use the IP address only to deliver the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Through the "pixel tags" information such as visitor traffic on the pages of this website, can be evaluated. The pseudonymous information may further be stored in cookies on the users' devices and may contain, among other things, technical information on the browser and the operating system, referring websites, the time of the visit and other information on the use of our online offer and may also be linked to such information from other sources.
Services used and service providers
privacy shield (ensuring level of data protection when processing data in the USA): https ://www.privacyshieId.gov/participant?id=a2zt0000000TRkEAAW&status=Active;
Opt-out option: opt-out plugin: tools.google.com/dlpage/gaoptout, settings for display of ads: adssettings.google.com/authenticated.
Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g., if the purpose of the processing of this data has ceased to apply or if it is not required for the purpose).
If the data are not deleted because they are required for other and legally permissible purposes their processing will be limited to these purposes. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person.
Further information on the deletion of personal data can also be found in the context of the individual data protection notes of this data protection declaration.
Links to other websites
Our website contains links to the content of other providers. These can be identified by explicit links, by corresponding notes in the text or by marking them with the arrow symbol. In addition, external links are opened in a separate browser window. The use of these external contents may be subject to other regulations than those presented here.
Rights of the data subject
You have the right:
1) in accordance with Art. 7 (3) GDPR, to withdraw your consent, once given, to us at any time. This has the consequence that we may no longer continue the data processing, which was based on this consent;
2) in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
3) in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or completion of your personal data stored by us;
4) in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or to or for the assertion, exercise or defence of legal claims;
5) in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, insofar as the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing pursuant to Art. 21 GDPR;
6) in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format, or to request its transfer to another responsible person;
7) in accordance with Art. 21 GDPR, to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you carried out on the basis of Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing based on a balance of interests); this also applies to profiling based on this provision of Article 4(4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of assertion, exercise or defence of legal claims.
If your objection is directed against processing of data for the purpose of direct marketing, we will immediately stop the processing. In this case, it is not necessary to specify a particular situation. This also applies to profiling, insofar as it is related to such direct advertising. If you wish to exercise your right to object, an e-mail to: firstname.lastname@example.org is sufficient;
8) in accordance with Art. 77 GDPR, to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or of our company headquarters.
Amendment and updating of the data protection declaration
If we provide addresses and contact information of companies and organizations in this privacy statement, please note that the addresses may change over time. and we ask you to check the information before contacting us.