imprint

imprint

Obligation to provide information according to Section 5 TMG.

Wohnstahl David Köhler
Düper Str. 64,
27753 Delmenhorst,
Germany

Email: info@wohnstahl.de

EU dispute settlement

In accordance with the Regulation on Online Dispute Resolution in Consumer Affairs (ODR Regulation), we would like to inform you about the Online Dispute Resolution Platform (ODR Platform).
Consumers have the opportunity to submit complaints to the European Commission's online dispute resolution platform at http://ec.europa.eu/odr?tid=321181747 . The necessary contact details can be found above in our legal notice.

However, we would like to point out that we are not willing or obliged to participate in dispute resolution proceedings before a consumer arbitration board.

Liability for contents of this website

We are constantly developing the content of this website and strive to provide correct and up-to-date information. According to Section 7 (1) of the Telemedia Act (TMG), we as service providers are liable for our own information that we make available for use in accordance with general law. Unfortunately, we cannot accept any liability for the correctness of all content on this website, especially for that provided by third parties. As service providers within the meaning of Sections 8 to 10, we are not obligated to monitor the information transmitted or stored by them or to search for circumstances that indicate illegal activity.

Our obligations to remove information or to block the use of information in accordance with general laws due to court or administrative orders remain unaffected even in the event of our non-liability under Sections 8 to 10.

If you notice any problematic or illegal content, please contact us immediately so that we can remove the illegal content. You can find the contact details in the imprint.

Liability for links on this website

Our website contains links to other websites for whose content we are not responsible. We are not liable for linked websites because we had and have no knowledge of any illegal activities, have not noticed any such illegalities to date and would remove links immediately if we became aware of any illegalities.

If you notice any illegal links on our website, please contact us. You can find the contact details in the imprint.

Copyright notice

All content on this website (images, photos, texts, videos) is subject to the copyright of the Federal Republic of Germany. Please ask us before you distribute, copy or use the content of this website, such as republishing it on other websites. If necessary, we will legally pursue the unauthorized use of parts of the content of our site.

If you find any content on this website that violates copyright, please contact us.

Photo credits

The images, photos and graphics on this website are protected by copyright.

The image rights belong to the following photographers and companies:

Residential steel David Köhler

Data protection

Introduction and overview

We have drawn up this privacy policy (version 23.11.2022-312341941) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the responsible party - and the processors commissioned by us (e.g. providers) - process, will process in the future and what legal options you have. The terms used are to be understood as gender-neutral.

In short: We provide you with comprehensive information about the data we process about you.

Data protection statements usually sound very technical and use legal jargon. This data protection statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. As far as it promotes transparency, technical terms are explained in a reader-friendly manner , links to further information are provided and graphics are used. We are thus informing you in clear and simple language that we only process personal data as part of our business activities if there is a corresponding legal basis. This is certainly not possible if you give statements that are as brief, unclear and legal-technical as possible, as is often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is some information in there that you did not know before.

If you still have any questions, please contact the responsible body named below or in the imprint, follow the links provided and look at further information on third-party websites. You can of course also find our contact details in the imprint.

scope of application

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (contract processors). By personal data we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person's name, email address and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

all online presences (websites, online shops) that we operate

Social media presence and email communication mobile apps for smartphones and other devices

In short: This privacy statement applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned. Should we

If we enter into legal relations with you through these channels, we will inform you separately if necessary.

Legal basis

In the following privacy policy we provide you with transparent information on the legal principles and regulations, i.e. the legal basis of the General Data Protection Regulation, which enable us to process personal data.

As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this EU General Data Protection Regulation online on EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679 .

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6 paragraph 1 letter a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.

2. Contract (Article 6 paragraph 1 letter b GDPR): We process your data in order to fulfil a contract or pre-contractual obligations with you. For example, if we conclude a purchase contract with you, we need personal information in advance.

3. Legal obligation (Article 6 paragraph 1 lit. c GDPR): We process your data if we are subject to a legal obligation. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.

4. Legitimate interests (Article 6 paragraph 1 letter f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Other conditions such as the taking of recordings in the public interest and the exercise of public authority as well as the protection of vital interests do not generally apply to us. If such a legal basis should be applicable, it will be indicated in the appropriate place.

In addition to the EU regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Natural Persons with Regard to the Processing of Personal Data ( Data Protection Act ), or DSG for short . In Germany, the Federal Data Protection Act , or BDSG for short , applies .

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the person responsible

If you have any questions about data protection or the processing of personal data, you will find the contact details of the responsible person or body below:

DKS24

David Koehler

Tegelweg 198, 22159 Hamburg, Germany Email: welcome@dks-24.de

Phone: +49 176 64969888 Imprint: https://www.dks-24.de/impressum/

Storage period

Our general rule is that we only store personal data for as long as it is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose no longer applies, for example for accounting purposes.

If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as quickly as possible and unless there is an obligation to store it.

We will inform you below about the specific duration of each data processing operation, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we inform you of the following rights to which you are entitled in order to ensure fair and transparent data processing:

According to Article 15 GDPR, you have the right to know whether we process data about you. If this is the case, you have the right to receive a copy of the data and to be informed of the following information:

for what purposes we carry out the processing; the categories, i.e. the types of data that are processed;

who receives this data and, if the data is transferred to third countries, how security can be guaranteed;

how long the data is stored;

the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;

that you can complain to a supervisory authority (links to these authorities can be found below);

the origin of the data if we did not collect it from you;

whether profiling is carried out, i.e. whether data is automatically evaluated in order to

to get a personal profile of you.

You have the right to rectification of data according to Article 16 GDPR, which means that we must correct data if you find any errors.

According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you can request that your data be deleted.

According to Article 18 GDPR, you have the right to restrict processing, which means that we may only store the data but not use it any further. According to Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.

According to Article 21 GDPR, you have the right to object, which, once enforced, will result in a change in the processing.

If the processing of your data is based on Article 6 Paragraph 1 Letter e (public interest, exercise of official authority) or Article 6 Paragraph 1 Letter f (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.

If data is used to conduct direct advertising, you can object to this type of data processing at any time. We may no longer use your data for direct marketing after this.

If data is used to carry out profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling after this.

According to Article 22 GDPR, you may have the right not to be subjected to a decision based solely on automated processing (e.g. profiling).

According to Article 77 of the GDPR, you have the right to complain. This means that you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: you have rights – do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/ . In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) . The following local data protection authority is responsible for our company:

Hamburg Data Protection Authority

State Commissioner for Data Protection: Prof. Dr. Johannes Caspar Address: Ludwig-Erhard-Str. 22 7th floor, 20459 Hamburg Telephone number: 040/428 54-40 40

Email address: mailbox@datenschutz.hamburg.de Website: https://datenschutz-hamburg.de/

Data transfer to third countries

We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if this is required by law or contractually necessary and in any case only to the extent that this is generally permitted. Your consent is in most cases the most important reason why we have data processed in third countries. Processing personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. In addition, it may happen that collected data is linked to data from other services of the same provider, provided you have a corresponding user account. Where possible, we try to use server locations within the EU if this is offered.

We will provide you with more detailed information about data transfer to third countries, where applicable, at the appropriate points in this privacy policy.

Security of data processing

We have implemented both technical and organizational measures to protect personal data. Where possible, we encrypt or pseudonymize personal data. In this way, we make it as difficult as possible for third parties to derive personal information from our data.

Art. 25 GDPR speaks of “data protection through technology design and through data protection-friendly default settings” and means that both software (e.g. forms) and hardware (e.g. access to the server room) are always considered and appropriate measures are taken. In the following, we will go into specific measures where necessary.

TLS encryption with https

TLS, encryption and https sound very technical and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transfer data securely over the Internet.

This means that the complete transmission of all data from your browser to our web server is secured – no one can “eavesdrop”.

We have thus introduced an additional security layer and comply with data protection through technology design ( Article 25 Paragraph 1 GDPR ). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.

You can recognise the use of this data transfer security by the small lock symbol in the top left of the browser, to the left of the Internet address (e.g. examplepage.de) and the use of the https scheme (instead of http) as part of our Internet address.

If you want to know more about encryption, we recommend doing a Google search for “Hypertext Transfer Protocol Secure wiki” to get good links to further information.

communication

Communication Summary

Affected persons: All those who communicate with us by telephone, email or online form

Processed data: e.g. telephone number, name, email address, entered

Form data. You can find more details in the contact type used

Purpose: Handling communication with customers, business partners, etc.

Storage period: Duration of the business case and the legal regulations

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. b GDPR

(Contract), Art. 6 Para. 1 lit. f GDPR (Legitimate Interests)

If you contact us and communicate by telephone, email or online form, personal data may be processed.

The data will be processed to process and handle your question and the related business transaction. The data will be stored for as long as required by law.

Affected people

The above-mentioned processes affect everyone who contacts us via the communication channels we provide.

phone

When you call us, the call data is stored pseudonymously on the respective device and by the telecommunications provider used. In addition, data such as name and telephone number can be sent by email afterwards and stored to answer your query. The data is deleted as soon as the business transaction has been completed and legal requirements permit it.

e-mail

If you communicate with us by e-mail, data may be stored on the respective device (computer, laptop, smartphone,...) and

Data on the email server. The data will be deleted as soon as the business transaction has been completed and legal requirements permit it.

Online forms

If you communicate with us using an online form, data will be stored on our web server and, if necessary, forwarded to an email address of ours. The data will be deleted as soon as the business transaction has been completed and legal requirements permit it.

Legal basis

The processing of the data is based on the following legal bases:

Art. 6 para. 1 lit. a GDPR (consent): You give us your consent to

store and further use for purposes related to the business case;

Art. 6 (1) (b) GDPR (contract): There is a need to fulfil a contract with you or a processor such as the telephone provider or we have to process the data for pre-contractual activities, such as preparing an offer;

Art. 6 (1) (f) GDPR (legitimate interests): We want to handle customer inquiries and business communication in a professional setting. For this, certain technical facilities such as email programs, exchange servers and mobile phone operators are necessary in order to be able to conduct communication efficiently.

Data processing agreement (DPA)

In this section, we would like to explain to you what a data processing agreement is and why it is needed. Because the word “data processing agreement” is quite a tongue twister, we will often use the acronym AVV in the text. Like most companies, we do not work alone, but also use the services of other companies or individuals ourselves. By involving various companies or service providers, we may pass on personal data for processing. These partners then act as data processors with whom we conclude a contract, the so-called data processing agreement (AVV). The most important thing for you to know is that the processing of your personal data is carried out exclusively in accordance with our instructions and must be regulated by the AVV.

Who are data processors?

As a company and website owner, we are responsible for all data that we process from you. In addition to the responsible parties, there may also be so-called processors. This includes any company or person that processes personal data on our behalf. More precisely and according to the GDPR definition: any natural or legal person, public authority, institution or other body that processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers or large companies such as

for example Google or Microsoft.

To better understand the terminology, here is an overview of the three roles in the GDPR:

Affected party (you as a customer or interested party) → Responsible party (we as a company and client) → Processor (service provider such as web host or cloud provider)

Content of a data processing contract

As already mentioned above, we have concluded an AVV with our partners who act as data processors. This stipulates above all that the data processor processes the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, but in this context, electronic contract conclusion is also considered "written". The personal data is only processed on the basis of the contract. The contract must contain the following:

Commitment to us as responsible

Duties and rights of the controller

Categories of data subjects

Type of personal data

Type and purpose of data processing Subject matter and duration of data processing Place of data processing

The contract also contains all the obligations of the processor. The most important obligations are:

Measures to ensure data security

to take possible technical and organizational measures to protect the rights of the data subject

to maintain a data processing register

to cooperate with the data protection supervisory authority upon request

to carry out a risk analysis in relation to the personal data received Sub-processors may only be commissioned with the written consent of the controller

You can find out what such an AVV looks like at

https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarb eitung.html . A sample contract is presented here.

Cookies Summary

Affected: Visitors to the website

Purpose: depends on the cookie. You can find more details below or

with the manufacturer of the software that sets the cookie.

Data processed: Depends on the cookie used. More details can be found

You can find out more below or from the manufacturer of the software that sets the cookie.

Storage period: depends on the cookie, can range from hours to years

vary

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR

(Legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: cookies are really useful little helpers. Almost all websites use cookies. To be more precise, they are HTTP cookies, as there are other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser sends the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie back from the server, which the browser uses again when another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (eg Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "malware". Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga

Value: GA1.2.1326744211.152312341941-9 Purpose: Differentiation of website visitors Expiry date: after 2 years

A browser should be able to support these minimum sizes:

At least 4096 bytes per cookie

At least 50 cookies per domain

At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point we would like to briefly explain the different types of HTTP cookies.

There are 4 types of cookies:

Essential cookies

These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues browsing on other pages and only later goes to the checkout. These cookies do not

deleted, even if the user closes his browser window.

Purposeful cookies

These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and behavior of the website in different browsers.

Targeted cookies

These cookies improve user experience. For example, entered locations, font sizes or form data are stored.

Advertising cookies

These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.

Typically, when you first visit a website, you will be asked which of these types of cookies you would like to allow. And of course, this decision will also be stored in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265 , the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the cookie in question. You can find more details below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are little helpers for a variety of tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the data processed or stored in the following data protection declaration.

Storage period of cookies

The storage period depends on the respective cookie and is specified below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You also have influence over the storage period. You can delete all cookies manually at any time via your browser (see also “Right of objection” below). Furthermore, cookies based on consent will be deleted at the latest after you revoke your consent, whereby the legality of storage remains unaffected until then.

Right to object – how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option of deleting, deactivating or only partially allowing cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Delete and manage cookies

If you do not want cookies at all, you can set up your browser so that it always informs you when a cookie is about to be placed. This way you can decide for each individual cookie whether you want to allow the cookie or not. The procedure varies depending on the browser. The best thing to do is to search for instructions on Google using the search term “delete cookies Chrome” or “deactivate cookies Chrome” in the case of a Chrome browser.

Legal basis

The so-called "cookie guidelines" have been in place since 2009. They state that the storage of cookies requires your consent (Article 6 Paragraph 1 Letter a of GDPR). However, there are still very different reactions to these guidelines within the EU countries. In Austria, however, this guideline was implemented in Section 96 Paragraph 3 of the Telecommunications Act (TKG). In Germany, the cookie guidelines were not implemented as national law. Instead, this guideline was largely implemented in Section 15 Paragraph 3 of the Telemedia Act (TMG).

For absolutely necessary cookies, even if no consent has been given, there are legitimate interests (Article 6 Paragraph 1 Letter f of GDPR), which in most cases are of an economic nature. We want to give visitors to the website a pleasant user experience and for this, certain cookies are often absolutely necessary.

If cookies that are not absolutely necessary are used, this only happens with your consent. The legal basis in this respect is Art. 6 Para. 1 lit. a GDPR.

In the following sections you will be informed in more detail about the use of cookies, provided that the software used uses cookies.

Customer data

Customer data summary

Affected parties: customers or business and contractual partners

Purpose: Provision of contractually or pre-contractually agreed services

including related communications

Data processed: name, address, contact details, email address, telephone number,

Payment information (such as invoices and bank details), contract data (such as

Term and subject of the contract), IP address, order data

Storage period: the data will be deleted as soon as they are no longer required to provide our

are no longer required for business purposes and there is no legal

There is a retention obligation.

Legal basis: Legitimate interest (Art. 6 Para. 1 lit. f GDPR), contract (Art. 6 Para. 1 lit.

b GDPR)

What is customer data?

In order to be able to offer our service or our contractual services, we also process data from our customers and business partners. This data always includes personal data. Customer data is all information that is processed on the basis of a contractual or pre-contractual collaboration in order to be able to provide the services offered. Customer data is therefore all information that we collect and process about our customers.

Why do we process customer data?

There are many reasons why we collect and process customer data. The most important is that we simply need various data to provide our services. Sometimes your email address is enough, but if you purchase a product or service, we also need data such as your name, address, bank details or contract details. We also use the data for marketing and sales optimization so that we can improve our service for our customers overall. Another important point is our customer service, which is always very important to us. We want you to be able to come to us at any time with questions about our offers and for that we need at least your email address.

What data is processed?

At this point, the exact data that is stored can only be shown in categories. This always depends on the services you receive from us. In some cases, you only give us your email address so that we can, for example, contact you or answer your questions. In other cases, you purchase a product or service from us and for this we need significantly more information, such as your contact details, payment details and contract details.

Here is a list of possible data that we receive and process from you:

Surname

Contact address

E-mail address

Telephone number

birth date

Payment data (invoices, bank details, payment history, etc.) Contract data (term, content)

Usage data (websites visited, access data, etc.) Metadata (IP address, device information)

How long will the data be stored?

As soon as we no longer need the customer data to fulfill our contractual obligations and our purposes and the data is also not required for possible warranty and liability obligations, we delete the relevant customer data. This is the case, for example, when a business contract ends. After that, the limitation period is usually 3 years, although longer periods are possible in individual cases. Of course, we also adhere to the statutory retention periods. Your customer data will definitely not be passed on to third parties unless you have explicitly given your consent.

Legal basis

The legal basis for the processing of your data is Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. b GDPR (contract or pre-contractual measures), Art. 6 Para. 1 lit. f GDPR (legitimate interests) and in special cases (e.g. medical services) Art. 9 Para. 2 lit. a. GDPR (processing of special categories).

In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9 (2) (c) GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector, personal data is processed in accordance with Art. 9 (2) (h) GDPR. If you voluntarily provide special category data, processing is carried out on the basis of Art. 9 (2) (a) GDPR.

Registration

Registration Summary

Affected persons: All persons who register, create an account, log in and

to use.

Processed data: E-mail address, name, password and other data collected during registration,

Registration and account usage are collected.

Purpose: Providing our services. Communication with customers in connection

with the services.

Storage period: As long as the company account linked to the texts exists and thereafter usually for 3 years.

Legal basis: Art. 6 Para. 1 lit. b GDPR (contract), Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para.

1 lit. f GDPR (legitimate interests)

If you register with us, personal data may be processed if you enter personally identifiable data or if data such as your IP address is recorded during processing. You can read what we mean by the rather cumbersome term “personal data” below.

Please only enter data that we need for registration and for which you have the approval of a third party if you are registering on behalf of a third party. If possible, use a secure password that you do not use anywhere else and an email address that you check regularly.

Below we will inform you about the exact type of data processing, because we want you to feel comfortable with us!

What is registration?

When you register, we collect certain data from you and then enable you to easily log in online later and use your account with us. An account with us has the advantage that you do not have to enter everything again each time. This saves time, effort and ultimately prevents errors in the provision of our services.

Why do we process personal data?

In short, we process personal data to enable the creation and use of an account with us.

If we didn't do that, you would have to enter all the data every time, wait for approval from us and enter everything again. We and many, many customers wouldn't like that. How would you feel about that?

What data is processed?

All data that you provided during registration, when logging in or when managing your data in your account.

When you register, we process the following types of data:

First name Last name Email address Company name

Street + house number

Place of residence Postal code Country

When you register, we process the data you enter when registering, such as your user name and password, and data collected in the background, such as device information and IP addresses.

When you use your account, we process data that you enter during your account use and which is created when you use our services.

Storage period

We store the data entered at least for as long as the data

linked account exists and is used with us as long as contractual obligations

between us and, when the contract ends, until the respective claims arising from it become time-barred

In addition, we store your data as long as and to the extent that we are legally obliged

subject to storage. We then retain booking documents relating to the contract

(Invoices, contract documents, bank statements, etc.) 10 years (§ 147

AO) as well as other relevant business documents for 6 years (§ 247 HGB) after they arise.

Right to object

You have registered, entered data and would like to revoke the processing? No problem. As you can read above, the rights according to the General Data Protection Regulation also apply during and after registration, login or account with us. Contact the person responsible for data protection listed above to exercise your rights. If you already have an account with us, you can easily view or manage your data and texts in your account.

Legal basis

By completing the registration process, you are approaching us in a pre-contractual manner in order to conclude a user agreement via our platform (although a payment obligation does not automatically arise). You invest time to enter data and register, and we offer you our services after logging into our system and viewing your customer account. We also fulfill our contractual obligations. Finally, we must keep registered users informed of important changes by email. This means that Art. 6 Para. 1 lit. b GDPR (implementation of pre-contractual measures, fulfillment of a contract) applies.

If necessary, we will also obtain your consent, e.g. if you voluntarily provide more data than is absolutely necessary or if we are allowed to send you advertising. Art. 6 paragraph 1 letter a of the GDPR (consent) therefore applies.

We also have a legitimate interest in knowing who we are dealing with in order to be able to contact you in certain cases. We also need to know who is using our services and whether they are being used in the way our terms of use stipulate, so Art. 6 (1) (f) GDPR (legitimate interests) applies.

Note: the following sections must be checked by users (as required):

Registration with real name

Since we need to know who we are dealing with in business operations, registration

only possible with your real name (full name) and not with pseudonyms.

Registration with pseudonyms

Pseudonyms can be used when registering, which means that you do not have to register with us using your real name. This ensures that we cannot process your name.

Storage of the IP address

During registration, login and account usage, we store the IP address in the background for security reasons in order to be able to determine lawful use.

Public Profile

The user profiles are publicly visible, which means that parts of the profile can be viewed on the Internet without providing a user name and password.

2-factor authentication (2FA)

Two-factor authentication (2FA) offers additional security when logging in, as it prevents people from logging in without a smartphone, for example. This technical measure to secure your account protects you from the loss of data or unauthorized access, even if your username and password are known. You can find out which 2FA is used when you register, log in, and in the account itself.

Webhosting Introduction

Webhosting Summary

Affected: Visitors to the website

Purpose: professional hosting of the website and securing its operation

Processed data: IP address, time of website visit, browser used and

further data. You will find more details below or in the respective

Web hosting providers.

Storage period: depends on the respective provider, but usually 2 weeks

Legal basis: Art. 6 para. 1 lit.f GDPR (legitimate interests)

What is web hosting?

When you visit websites these days, certain information - including personal data - is automatically created and saved, including on this website. This data should be processed as sparingly as possible and only with justification. By website we mean the entirety of all web pages on a domain, ie everything from the start page (homepage) to the very last subpage (like this one). By domain we mean example.de or musterbeispiel.com, for example.

If you want to view a website on a computer, tablet or smartphone,

To do this, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. We call them browsers or web browsers for short.

To display the website, the browser must connect to another computer where the website code is stored: the web server. Operating a web server is a complicated and time-consuming task, which is why it is usually handled by professional providers. They offer web hosting and ensure that website data is stored reliably and error-free. A lot of technical terms, but please stay tuned, it gets better!

When the browser connects to your computer (desktop, laptop, tablet or smartphone) and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must also store data for a while to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the Internet and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and securing its operation

2. to maintain operational and IT security

3. Anonymous evaluation of access behavior to improve our offer and if necessary.

for criminal prosecution or pursuit of claims

What data is processed?

Even while you are currently visiting our website, our web server, which is the computer on which this website is stored, usually automatically stores data such as

the complete Internet address (URL) of the website accessed, browser and browser version (e.g. Chrome 87), the operating system used (e.g. Windows 10), the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/ )

the hostname and IP address of the device from which access is made (e.g.

COMPUTERNAME and 194.23.43.121)

Date and Time

in files, the so-called web server log files

How long is data stored?

As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass this data on, but cannot rule out that this data will be viewed by authorities in the event of illegal behavior.

In short: Your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not share your data without your consent!

Legal basis

The legality of the processing of personal data in the context of web hosting arises from Art. 6 (1) (f) GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the company on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims arising from this if necessary.

There is usually a contract for order processing between us and the hosting provider in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

Website Modular Systems Introduction

Website Modular Systems Privacy Policy Summary

Affected: Visitors to the website

Purpose: Optimization of our service

Data processed: Data such as technical usage information such as

Browser activity, clickstream activities, session heatmaps as well as contact details, IP address

or your geographical location. More details can be found further down in this

Storage period: depends on the provider

Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interests), Art. 6 Para. 1 lit. a

GDPR (consent)

What are website builder systems?

We use a website construction kit system for our website. Construction kit systems are special forms of a content management system (CMS). With a construction kit system, website operators can create a website very easily and without any programming knowledge. In many cases, web hosts also offer construction kit systems. By using a construction kit system, personal data can also be collected, stored and

In this privacy policy we provide you with general information about data processing by modular systems. You can find more information in the provider's privacy policy.

Why do we use website builders for our website?

The biggest advantage of a modular system is its ease of use. We want to offer you a clear, simple and well-organized website that we can easily operate and maintain ourselves - without external support. A modular system now offers many helpful functions that we can use even without programming knowledge. This allows us to design our web presence according to our wishes and offer you an informative and pleasant time on our website.

What data is stored by a modular system?

Which data is stored depends, of course, on the website construction kit system used. Each provider processes and collects different data from website visitors. However, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider and the date of your website visit are usually collected. Tracking data (e.g. browser activity, clickstream activities, session heatmaps, etc.) can also be processed. Personal data can also be collected and stored. This usually includes contact data such as email address, telephone number (if you have provided this), IP address and geographical location data. You can find out exactly which data is stored in the provider's privacy policy.

How long and where is the data stored?

We will inform you about the duration of data processing below in connection with the website modular system used, provided we have further information about it. You can find detailed information about this in the provider's privacy policy. In general, we only process personal data for as long as it is absolutely necessary to provide our services and products. It is possible that the provider stores your data according to its own specifications, over which we have no influence.

Right to object

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can contact the person responsible for the website modular system used at any time. You can find contact details either in our privacy policy or on the website of the relevant provider.

You can delete, deactivate or manage cookies that providers use for their functions in your browser. This works in different ways depending on which browser you use. Please note, however, that not all functions may then work as usual.

Legal basis

We have a legitimate interest in using a website construction kit system to optimize our online service and present it to you in an efficient and user-friendly manner. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use the construction kit if you have given your consent.

If the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent. This particularly applies to tracking activities. The legal basis in this respect is Art. 6 Para. 1 lit. a GDPR.

With this privacy policy, we have provided you with the most important general information about data processing. If you would like more detailed information on this, you can find further information - if available - in the following section or in the provider's privacy policy.

Web Analytics Introduction

Web Analytics Privacy Policy Summary

Affected: Visitors to the website

Purpose: Evaluation of visitor information to optimize the website.

Processed data: Access statistics, which include data such as access locations, device data,

Access duration and time, navigation behavior, click behavior and IP addresses.

You can find more details in the web analytics tool you use.

Storage period: depends on the web analytics tool used

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR

(Legitimate interests)

What is Web Analytics?

We use software on our website to evaluate the behavior of website visitors, known as web analytics or web analysis for short. This involves collecting data that the respective analytic tool provider (also known as a tracking tool) stores, manages and processes. The data is used to create analyses of user behavior on our website and make them available to us as website operators. In addition, most tools offer various testing options. For example, we can test which offers or content are most popular with our visitors. To do this, we show you two different offers for a limited period of time. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as for other analytics procedures, user profiles can also be created and the data stored in cookies.

Why do we use web analytics?

With our website we have a clear goal in mind: we want to provide the best web offering on the market for our industry. To achieve this goal, we want to be the best

and most interesting offers and, on the other hand, to ensure that you feel completely comfortable on our website. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our web offering for you and us. For example, we can see how old our visitors on average are, where they come from, when our website is most visited or which content or products are particularly popular. All of this information helps us to optimize the website and thus adapt it as best as possible to your needs, interests and wishes.

What data is processed?

Which data is stored depends, of course, on the analysis tools used. However, as a rule, for example, what content you view on our website, which buttons or links you click, when you visit a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website or which computer system you use is stored. If you have agreed that location data may also be collected, this can also be processed by the web analysis tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored pseudonymously (i.e. in an unrecognizable and shortened form). For the purposes of testing, web analysis and web optimization, no direct data such as your name, age, address or email address is stored. All of this data, if collected, is stored pseudonymously. This means that you cannot be identified as a person.

The following example shows schematically how Google Analytics works as an example of client-based web tracking with JavaScript code.

How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website again, other cookies can store data for several years.

Duration of data processing

Right to object

You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 Paragraph 1 Letter a of GDPR (consent), this consent represents the legal basis for the processing of personal data, as may occur when data is collected using web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offering technically and economically. With the help of web analytics, we can detect errors on the website, identify attacks and improve profitability. The legal basis for this is Art. 6 Para. 1 lit. f GDPR (legitimate interests) . However, we only use the tools if you have given your consent.

Since web analytics tools use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Information on special web analytics tools – if available – can be found in the following sections.

Email Marketing Introduction

Email Marketing Summary

Affected: Newsletter subscribers

Purpose: Direct marketing by email, notification of system-relevant events

Processed data: Data entered during registration, but at least the email address. You can find more details in the email marketing tool used.

Storage period: Duration of the subscription

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR

(legitimate interests)

What is email marketing?

In order to keep you up to date, we also use email marketing. If you have agreed to receive our emails or newsletters, your data will also be processed and stored. Email marketing is a sub-area of online marketing. News or general information about a company, products or services is sent by email to a specific group of people who are interested in them.

If you want to participate in our email marketing (usually via newsletter), you normally just have to register with your email address. To do this, you fill out an online form and send it off. However, we may also ask you for your title and name so that we can write to you personally.

Basically, registering for newsletters works using the so-called "double opt-in process". After you have registered for our newsletter on our website, you will receive an email confirming your newsletter registration. This ensures that the email address belongs to you and that no one has registered with someone else's email address. We or a notification tool we use logs every single registration. This is necessary so that we can prove that the registration process was legally correct. The time of registration, the time of registration confirmation and your IP address are usually saved. In addition, it is also logged if you make changes to your stored data.

Why do we use email marketing?

We naturally want to stay in touch with you and always present you with the most important news about our company. To do this, we use email marketing - often referred to as just a "newsletter" - as an essential part of our online marketing. If you agree to this or it is permitted by law, we will send you newsletters, system emails or other notifications by email. When we use the term "newsletter" in the following text, we mainly mean emails that are sent regularly. Of course, we do not want to bother you in any way with our newsletter. That is why we really always try to offer only relevant and interesting content. For example, you can find out more about our company, our services or products. Since we are always improving our offers, you will always find out about any news or special, lucrative promotions via our newsletter. If we use a service provider who has a professional

If we commission a third party that offers a shipping tool for our email marketing, we do this so that we can offer you fast and secure newsletters. The purpose of our email marketing is basically to inform you about new offers and also to get closer to our business goals.

What data is processed?

If you subscribe to our newsletter via our website, you will confirm your membership in an email list by email. In addition to your IP address and email address, your title, name, address and telephone number may also be saved. However, only if you agree to this data storage. The data marked as such is necessary so that you can participate in the service offered. Providing this information is voluntary, but failure to provide it will prevent you from using the service. In addition, information about your device or your preferred content may also be saved on our website. You can find out more about how data is saved when you visit a website in the “Automatic data storage” section. We record your declaration of consent so that we can always prove that it complies with our laws.

Duration of data processing

If you remove your email address from our email/newsletter mailing list, we may store your address for up to three years based on our legitimate interests so that we can still prove that you gave your consent at the time. We may only process this data if we need to defend ourselves against any claims.

However, if you confirm that you have given us your consent to subscribe to the newsletter, you can submit an individual deletion request at any time. If you permanently revoke your consent, we reserve the right to save your email address in a blocked list. As long as you have voluntarily subscribed to our newsletter, we will of course also keep your email address.

Right to object

You have the option to cancel your newsletter subscription at any time. All you have to do is revoke your consent to the newsletter subscription. This usually only takes a few seconds or one or two clicks. You will usually find a link at the end of every email to cancel your newsletter subscription. If you really cannot find the link in the newsletter, please contact us by email and we will cancel your newsletter subscription immediately.

Legal basis

Our newsletter is sent based on your consent (Article 6 Paragraph 1 Letter a of GDPR). This means that we may only send you a newsletter if you have previously actively registered for it. If necessary, we may also send you advertising messages based on Section 7 Paragraph 3 of the German Unfair Competition Act (UWG), provided that you have become our customer and consent to the use of your e-mail address.

Email address for direct advertising have not objected.

Information about specific email marketing services and how they process personal data can be found – if available – in the following sections.

Messenger & Communication Introduction

Messenger & Communication Privacy Policy Summary

Affected: Visitors to the website

Purpose: Contact requests and general communication between us and you

Data processed: Data such as name, address, email address, telephone number, general content data, if applicable IP address. Further details can be found in the respective tools used.

Storage period: depends on the messenger & communication functions used

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests), Art. 6 Para. 1 S. 1 lit. b. GDPR (contractual or pre-contractual obligations)

What are messenger & communication functions?

We offer various options on our website (such as messenger and chat functions, online or contact forms, email, telephone) to communicate with us. Your data will also be processed and stored to the extent necessary to answer your query and our subsequent measures.

In addition to traditional means of communication such as email, contact forms or telephone, we also use chats or messengers. The messenger function that is currently used most frequently is WhatsApp, but there are of course many different providers that offer messenger functions specifically for websites. If content is end-to-end encrypted, this is indicated in the individual data protection texts or in the data protection declaration of the respective provider. End-to-end encryption means nothing other than that the content of a message is not visible even to the provider. However, information about your device, location settings and other technical data can still be processed and stored.

Why do we use messenger & communication functions?

Communication options with you are very important to us. After all, we want to talk to you and answer all possible questions about our service in the best possible way. Good communication is an important part of our service. With the practical messenger and communication functions, you can always choose the ones you prefer. In exceptional cases, however, it may also happen that we do not answer certain questions via chat or messenger. This is the case when it concerns internal contractual matters, for example. In these cases, we recommend other communication options such as email or telephone.

We generally assume that we remain responsible for data protection even when we use the services of a social media platform. However, the European Court of Justice has

decided that in certain cases the operator of the social media platform can be jointly responsible with us within the meaning of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis of an agreement to this effect. The essence of the agreement is reproduced below for the platform in question.

Please note that when using our built-in elements, your data may also be processed outside the European Union, as many providers, such as Facebook Messenger or WhatsApp, are American companies. This may mean that you will no longer be able to easily demand or enforce your rights with regard to your personal data.

What data is processed?

Exactly which data is stored and processed depends on the respective provider of the messenger and communication functions. Basically, this includes data such as name, address, telephone number, email address and content data such as all information that you enter in a contact form. Information about your device and the IP address are usually also stored. Data that is collected via a messenger and communication function is also stored on the provider's servers.

If you want to know exactly which data is stored and processed by the respective providers and how you can object to data processing, you should read the respective company's data protection declaration carefully.

How long is data stored?

How long the data is processed and stored depends primarily on the tools we use. You can find out more about how the individual tools process data below. The providers' privacy policies usually state exactly which data is stored and processed for how long. In principle, personal data is only processed for as long as it is necessary to provide our services. When data is stored in cookies, the storage period varies greatly. The data can be deleted immediately after you leave a website, but it can also be stored for several years. You should therefore look at each individual cookie in detail if you want to know more about data storage. You can usually find informative information about the individual cookies in the privacy policies of the individual providers.

Right to object

Since cookies may be used in messenger and communication functions,

We also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented that your data can be processed and stored through integrated messenger and communication functions, this consent serves as the legal basis for data processing (Art. 6 Para. 1 lit. a GDPR) . We process your request and manage your data within the framework of contractual or pre-contractual relationships in order to fulfil our pre-contractual and contractual obligations or to answer inquiries. The basis for this is Art. 6 Para. 1 S. 1 lit. b. GDPR . In principle, if you have given your consent, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners.

Social Media Introduction

Social Media Privacy Policy Summary

Affected: Visitors to the website

Purpose: Presentation and optimization of our service, contact with visitors,

Interested parties, advertising

Data processed: Data such as telephone numbers, email addresses, contact details,

Data on user behavior, information about your device and your IP address. You can find more details on this in the social media tool used.

Storage period: depends on the social media platforms used

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR

(Legitimate interests)

What is social media?

In addition to our website, we are also active on various social media platforms. User data can be processed so that we can specifically address users who are interested in us via social networks. In addition, elements of a social media platform can also be embedded directly in our website. This is the case, for example, if you click on a so-called social button on our website and are redirected directly to our social media presence. So-called social media or social media refers to websites and apps through which registered members can produce content, exchange content openly or in specific groups, and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and get in touch online. With our social media presence, we can bring our products and services closer to prospective customers. The social media elements integrated into our website help you to access our social media content quickly and without complications.

can change.

The data that is stored and processed through your use of a social media channel primarily serves the purpose of being able to carry out web analyses. The aim of these analyses is to be able to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the evaluated data can be used to draw conclusions about your interests and create so-called user profiles. This also enables the platforms to present you with customized advertisements. Cookies are usually placed in your browser for this purpose, which store data about your usage behavior.

We generally assume that we remain responsible for data protection, even if we use the services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis of an agreement to this effect. The essence of the agreement is then reproduced below for the platform in question.

Please note that when using the social media platforms or our built-in elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. This may make it more difficult for you to claim or enforce your rights with regard to your personal data.

What data is processed?

Exactly which data is stored and processed depends on the respective provider of the social media platform. But it is usually data such as telephone numbers, email addresses, data that you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Especially if you have a profile on the social media channel you visit and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the providers' servers. This means that only the providers have access to the data and can provide you with the appropriate information or make changes.

If you want to know exactly which data is stored and processed by the social media providers and how you can object to data processing, you should read the respective company's privacy policy carefully. If you have any questions about data storage and processing or want to assert corresponding rights, we recommend that you contact the provider directly.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. However, customer data that is compared with the company's own user data is deleted within two days. In general, we only process personal data for as long as it is absolutely necessary to provide our services and products. If it is required by law, as in the case of accounting, for example, this storage period can also be exceeded.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party services such as embedded social media elements at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented that your data can be processed and stored by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 Para. 1 lit. a GDPR) . In principle, if consent is given, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text about cookies carefully and view the data protection declaration or cookie guidelines of the respective service provider.

Information about specific social media platforms – if available – can be found in the following sections.

Facebook Privacy Policy

Facebook Privacy Policy Summary

Affected: Visitors to the website

Purpose: Optimization of our service

Data processed: Data such as customer data, data on user behavior, information about your device and your IP address. You can find more details about this in the privacy policy below.

Storage period: until the data is no longer useful for Facebook’s purposes

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What are Facebook tools?

We use selected tools from Facebook on our website. Facebook is a social media network operated by Meta Platforms Inc. or, in Europe, by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These tools enable us to offer you and people who are interested in our products and services the best possible service.

If data is collected and forwarded from you via our embedded Facebook elements or via our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for this. Facebook is solely responsible for the further processing of this data. Our joint obligations have also been anchored in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum . This states, for example, that we must clearly inform you about the use of Facebook tools on our site. We are also responsible for ensuring that the tools are securely integrated into our website in accordance with data protection law. Facebook, on the other hand, is responsible for the data security of Facebook products, for example. If you have any questions about data collection and processing by Facebook, you can contact the company directly. If you address the question to us, we are obliged to forward it to Facebook.

Below we provide an overview of the different Facebook tools, which data is sent to Facebook and how you can delete this data.

In addition to many other products, Facebook also offers the so-called “Facebook Business Tools”. This is the official name of Facebook. However, since the term is hardly known, we have decided to simply call them Facebook tools. These include:

Facebook Pixel

social plug-ins (such as the “Like” or “Share” button) Facebook Login

AccountKit

APIs (application programming interfaces)

SDKs (collection of programming tools) Platform integrations

Plug-ins

Code

Specifications Documentation

Technologies and services

Through these tools, Facebook expands its services and has the ability to obtain information about user activities outside of Facebook.

Why do we use Facebook tools on our website?

We only want to show our services and products to people who are really interested in them. With the help of advertisements (Facebook Ads) we can reach exactly these people. In order to show users suitable advertisements, however, Facebook needs information about people's wishes and needs.

Companies are provided with information about user behavior (and contact details) on our website. This allows Facebook to collect better user data and show interested people the appropriate advertising about our products or services. The tools thus enable customized advertising campaigns on Facebook.

Facebook calls data about your behavior on our website "event data." This is also used for measurement and analysis services. Facebook can create "campaign reports" on our behalf about the impact of our advertising campaigns. Furthermore, analyses give us a better insight into how you use our services, website or products. As a result, we use some of these tools to optimize your user experience on our website. For example, you can use the social plug-ins to share content on our site directly on Facebook.

What data are stored by Facebook tools?

By using individual Facebook tools, personal data (customer data) can be sent to Facebook. Depending on the tools used, customer data such as name, address, telephone number and IP address can be sent.

Facebook uses this information to compare the data with the data it has about you (if you are a Facebook member). Before customer data is sent to Facebook, a process known as "hashing" takes place. This means that a data set of any size is transformed into a character string. This also serves to encrypt data.

In addition to contact data, "event data" is also transmitted. "Event data" refers to the information we receive about you on our website. For example, which subpages you visit or which products you buy from us. Facebook does not share the information it receives with third parties (such as advertisers) unless the company has explicit permission or is legally obliged to do so. "Event data" can also be linked to contact data. This enables Facebook to offer better personalized advertising. After the matching process mentioned above, Facebook deletes the contact data again.

In order to be able to deliver advertisements in an optimized manner, Facebook only uses the event data if it has been combined with other data (that was collected by Facebook in another way). Facebook also uses this event data for security, protection, development and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files that are used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, different numbers of cookies will be created in your browser. In the descriptions of the individual Facebook tools, we go into more detail about individual Facebook cookies. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies .

How long and where is the data stored?

Basically, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers all over the world where its data is stored. However, customer data is deleted within 48 hours after it has been compared with its own user data.

How can I delete my data or prevent data storage?

According to the General Data Protection Regulation, you have the right to information, rectification, portability and erasure of your data.

The data will only be completely deleted if you completely delete your Facebook account. Here's how to delete your Facebook account:

1) On the right side of Facebook, click Settings.

2) Then click on “Your Facebook information” in the left column.

3) Now click “Deactivation and deletion”.

4) Now select “Delete account” and then click “Continue and delete account”

5) Now enter your password, click “Next” and then “Delete account”

The data that Facebook receives via our site is stored, among other things, via

Cookies (e.g. social plugins). In your browser you can block individual or all cookies

deactivate, delete or manage. Depending on which browser you use,

This in different ways. Under the section “Cookies” you will find the

corresponding links to the respective instructions of the most popular browsers.

If you do not want cookies at all, you can set your browser to always inform you when a cookie is about to be placed. This way you can decide for each individual cookie whether you want to allow it or not.

Legal basis

If you have consented that your data can be processed and stored by integrated Facebook tools, this consent serves as the legal basis for data processing (Art. 6 Para. 1 lit. a GDPR) . In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our data protection text about cookies carefully and view Facebook's privacy policy or cookie guidelines.

Facebook processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

Facebook uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Facebook undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing conditions, which correspond to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing .

We hope we have provided you with the most important information about the use and data processing by Facebook tools. If you would like to learn more about how Facebook uses your data, we recommend that you read the data guidelines at https://www.facebook.com/ about/privacy/update .

Facebook Login Privacy Policy

We have integrated the practical Facebook login on our website. This means you can easily log in with your Facebook account without having to create another user account. If you decide to register using the Facebook login, you will be redirected to the social media network Facebook. There you can log in using your Facebook user data. This login process stores data about you and your user behavior and transmits it to Facebook.

Facebook uses various cookies to store the data. Below we show you the most important cookies that are set in your browser or already exist when you log in to our site using Facebook Login:

Name: fr

Value: 0jieyh4c2GnlufEJ9..Bde09j…1.0.Bde09j

Purpose: This cookie is used to ensure that the social plugin on our website functions as well as possible.

Expiry date: after 3 months

Name: datr

Value: 4Jh7XUA2312341941SEmPsSfzCOO4JFFl

Purpose: Facebook sets the “datr” cookie when a web browser accesses facebook.com, and the cookie helps identify login activities and protect users. Expiry date: after 2 years

Name: _js_datr Value: deleted

Purpose: Facebook sets this session cookie for tracking purposes, even if you do not have a Facebook account or are logged out.

Expiry date: after end of session

Note: The cookies listed are only a small selection of the cookies available to Facebook. Other cookies include _ fbp, sb or wd. A complete list is not possible because Facebook has a large number of cookies and uses them variably.

The Facebook Login offers you a quick and easy registration process, and it also gives us the opportunity to share data with Facebook. This allows us to better tailor our offerings and promotions to your interests and needs. Data that we receive from Facebook in this way is public data such as

Your Facebook name

Your profile picture

a stored email address friends lists

Button information (e.g. “Like” button)

Date of birth Language Place of residence

In return, we provide Facebook with information about your activities on our website. This includes information about the device you use, which subpages you visit on our website or which products you have purchased from us.

By using Facebook Login you consent to data processing. You can revoke this agreement at any time. If you would like more information about the

If you would like to learn more about Facebook's data processing, we recommend that you read the Facebook privacy policy at https://www.facebook.com/policy.php?tid=312341941 .

If you are logged in to Facebook, you can change your ad settings yourself at https://www.facebook.com/adpreferences/advertisers/?entry_product=ad_settings_screen .

Facebook Social Plug-ins Privacy Policy

Our website contains so-called social plug-ins from the company Meta Platforms Inc. You can recognise these buttons by the classic Facebook logo, such as the "Like" button (the hand with the thumb raised) or by a clear "Facebook plug-in" label. A social plug-in is a small part of Facebook that is integrated into our site. Each plug-in has its own function. The most commonly used functions are the well-known "Like" and "Share" buttons.

The following social plug-ins are offered by Facebook:

“Save” button

Like, Share, Send and Quote

Page Plugin Comments Messenger Plugin

Embedded Posts and Video Player Group Plugin

You can find more information on how the individual plug-ins are used at https://developers.facebook.com/docs/plugins . We use the social plug-ins on the one hand to offer you a better user experience on our site and on the other hand because they enable Facebook to optimize our advertisements.

If you have a Facebook account or have already visited https://www.facebook.com/ , Facebook has already set at least one cookie in your browser. In this case, your browser sends information to Facebook via this cookie as soon as you visit our page or interact with social plug-ins (e.g. the "Like" button).

The information received is deleted or anonymized within 90 days. According to Facebook, this data includes your IP address, which website you visited, the date, time and other information relating to your browser.

To prevent Facebook from collecting a lot of data during your visit to our website and linking it to the Facebook data, you must log out of Facebook during your website visit.

If you are not logged in to Facebook or do not have a Facebook account, your browser will send less information to Facebook because you have fewer Facebook cookies. However, data such as your IP address or which website you visit can still be sent to Facebook.

We would like to expressly point out that we do not know the exact contents of the data. However, we will try to inform you as best as possible about data processing based on our current knowledge. You can also read how Facebook uses the data in the company's data guidelines at https://www.facebook.com/about/privacy/update .

At a minimum, the following cookies are set in your browser when you visit a website with social plug-ins from Facebook:

Name: dpr

Value: not specified

Purpose: This cookie is used to enable the social plug-ins on our website to function.

Expiry date: after end of session

Name: fr

Value: 0jieyh4312341941c2GnlufEJ9..Bde09j…1.0.Bde09j

Purpose: The cookie is also necessary for the plug-ins to function properly. Expiry date: after 3 months

Note: These cookies were set after a test, even if you are not a Facebook member.

If you are logged in to Facebook, you can change your ad settings yourself at https://www.facebook.com/adpreferences/advertisers/ . If you are not a Facebook user, you can generally manage your usage-based online advertising at https://www.youronlinechoices.com/de/praferenzmanagement/?tid=312341941 . There you have the option of deactivating or activating providers.

If you would like to learn more about Facebook’s privacy practices, we recommend that you read the company’s own data policy at https://www.facebook.com/policy.php?tip=312341941 .

Facebook Fanpage Privacy Policy

We also have a Facebook fan page for our website. The service provider is the American company Meta Platforms Inc. The company Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region.

The basis for data processing by recipients located in third countries (outside the

European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there, Facebook uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR). Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Facebook undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing conditions, which correspond to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing .

You can find out more about the data processed through the use of Facebook in the Privacy Policy at https://www.facebook.com/about/privacy .

Instagram Privacy Policy

Instagram Privacy Policy Summary

Affected: Visitors to the website

Purpose: Optimization of our service

Data processed: Data such as data on user behavior, information about your device and your IP address. You can find more details about this in the privacy policy below.

Storage period: until Instagram no longer needs the data for its purposes

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What is Instagram?

We have integrated Instagram functions on our website. Instagram is a social media platform of the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and is one of the Facebook products. Embedding Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos or videos from Instagram directly on our website. When you visit websites on our website that have an integrated Instagram function, data is transmitted to, stored and processed by Instagram. Instagram uses the same systems and technologies as Facebook. Your data is therefore processed across all Facebook companies.

In the following, we want to give you a more detailed insight into why Instagram collects data, what data it is and how you can largely control the data processing. Since Instagram belongs to Meta Platforms Inc., we get our information from the Instagram guidelines on the one hand, but also from the Meta privacy guidelines on the other.

himself.

Instagram is one of the most popular social media networks in the world. Instagram combines the advantages of a blog with the advantages of audiovisual platforms such as YouTube or Vimeo. You can upload photos and short videos to "Insta" (as many users casually call the platform), edit them with various filters and share them on other social networks. And if you don't want to be active yourself, you can just follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has really taken off in recent years. And of course we have also responded to this boom. We want you to feel as comfortable as possible on our website. That's why it's a matter of course for us to present our content in a varied way. The embedded Instagram functions allow us to enrich our content with helpful, funny or exciting content from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also be useful for personalized advertising on Facebook. This means that our advertisements are only shown to people who are really interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We get aggregated statistics and thus more insight into your wishes and interests. It is important to note that these reports do not identify you personally.

What data does Instagram store?

If you come across one of our pages that has Instagram functions (such as Instagram images or plugins) built in, your browser automatically connects to Instagram's servers. Data is sent to Instagram, stored and processed, regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases made, advertisements you see and how you use our services. The date and time of your interaction with Instagram are also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook differentiates between customer data and event data. We assume that this is also the case with Instagram. Customer data includes names, addresses, telephone numbers and IP addresses. These customer data will only be transmitted to Instagram if they have been "hashed" beforehand. Hashing means that a data set is converted into a character string. This allows the contact details to be encrypted. The "event data" mentioned above is also transmitted. Facebook - and consequently Instagram - understands "event data" to mean data about your user behavior. It can also happen that contact details are combined with event data. The contact details collected are compared with the data that Instagram already has about you.

Small text files (cookies), which are usually placed in your browser, are used to

collected data is transmitted to Facebook. Depending on the Instagram functions used and whether you have an Instagram account yourself, different amounts of data are stored.

We assume that data processing on Instagram works in the same way as on Facebook. This means that if you have an Instagram account or have visited www.instagram.com , Instagram has at least set a cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram function. This data is deleted or anonymized after 90 days at the latest (after comparison). Although we have looked intensively into Instagram's data processing, we cannot say exactly which data Instagram collects and stores.

Below we show you the cookies that are set in your browser at least when you click on an Instagram function (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged in to Instagram, significantly more cookies will of course be set in your browser.

These cookies were used in our test:

Name: csrftoken Value: “”

Purpose: This cookie is most likely set for security reasons to prevent requests from being forged. However, we were unable to find out more details.

Expiry date: after one year

Name: mid Value: “”

Purpose: Instagram uses this cookie to optimize its own services and offers on and off Instagram. The cookie sets a unique user ID.

Expiry date: after the end of the session

Name: fbsr_312341941124024 Value: not specified

Purpose: This cookie stores the log-in request for users of the Instagram app. Expiry date: after the end of the session

Name: rur Value: ATN

Purpose: This is an Instagram cookie that ensures functionality on Instagram.

Expiry date: after the end of the session

Name: urlgen

Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe312341941” Purpose: This cookie is used for Instagram’s marketing purposes.

Expiry date: after the end of the session

Note: We cannot claim to be complete here. Which cookies are set in individual cases depends on the embedded functions and your use of Instagram.

How long and where is the data stored?

Instagram shares the information it receives between the Facebook companies, with external partners, and with people you connect with around the world. The data processing is carried out in compliance with its own data policy. Your data is distributed across Facebook servers around the world, partly for security reasons. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation, you have the right to information, portability, correction and deletion of your data. You can manage your data in the Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

And this is how to delete your Instagram account:

First, open the Instagram app. On your profile page, scroll down and click on "Help Center." This will take you to the company's website. On the website, click on "Manage Account" and then "Delete Your Account."

If you delete your account entirely, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you is not part of your account and will not be deleted.

As mentioned above, Instagram primarily stores your data via cookies. You can manage, deactivate or delete these cookies in your browser. Depending on your browser, the management always works a little differently. Under the "Cookies" section you will find the relevant links to the respective instructions for the most popular browsers.

You can also set up your browser so that you are always informed when a cookie is to be placed. You can then always decide individually whether you want to accept the cookie or not.

Legal basis

If you have consented that your data can be processed and stored through integrated social media elements, this consent is considered the legal basis for data processing (Art. 6 Para. 1 lit. a GDPR) . In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners.

processed. However, we only use the integrated social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our privacy policy on cookies carefully and view the privacy statement or cookie policy of the respective service provider.

Instagram and Facebook also process data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

Facebook uses standard contractual clauses approved by the EU Commission (= Art. 46, Paragraphs 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. These clauses oblige Facebook to comply with the EU data protection level when processing relevant data, even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here: https://germany.representation.ec.europa.eu/index_de .

We have tried to provide you with the most important information about data processing by Instagram. At https://help.instagram.com/519522125107875

you can learn more about Instagram’s data policies.

TikTok Privacy Policy

We also use TikTok, a social media and video channel. The service provider is the Chinese company Beijing Bytedance Technology Ltd. The Irish company TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, is responsible for Europe.

TikTok processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can entail various risks for the legality and security of data processing.

TikTok uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, TikTok undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find out more about the standard contractual clauses and the data processed through the use of TikTok Pixel in the Privacy Policy at https://www.tiktok.com/legal/privacy-policy-eea?lang=de or https: //ads.tiktok.com/i18n/official/policy/controller-to-controller .

Online Marketing Introduction

Online Marketing Privacy Policy Summary

Affected: Visitors to the website

Purpose: Evaluation of visitor information to optimize the website.

Processed data: Access statistics, which include data such as access locations, device data,

Access duration and time, navigation behavior, click behavior and IP addresses.

Personal data such as name or email address may also be processed.

You can find more details in the online marketing tool you use.

Storage period: depends on the online marketing tools used

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR

(Legitimate interests)

What is online marketing?

Online marketing refers to all measures that are carried out online to achieve marketing goals such as increasing brand awareness or closing a deal. Our online marketing measures also aim to draw people's attention to our website. We therefore carry out online marketing in order to be able to show our offer to many interested people. This usually involves online advertising, content marketing or search engine optimization. Personal data is also stored and processed so that we can use online marketing efficiently and in a targeted manner. On the one hand, the data helps us to only show our content to those people who are actually interested in it, and on the other hand, we can measure the advertising success of our online marketing measures.

Why do we use online marketing tools?

We want to show our website to everyone who is interested in what we have to offer. We are aware that this is not possible without taking conscious measures. That is why we do online marketing. There are various tools that make our work on our online marketing measures easier and also provide suggestions for improvement based on data. This allows us to target our campaigns more precisely at our target group. The purpose of these online marketing tools is ultimately to optimize our offer.

What data is processed?

In order for our online marketing to work and the success of the measures to be measured, user profiles are created and data is stored, for example, in cookies (these are small text

files). With the help of this data, we can not only place advertising in the traditional sense, but also present our content directly on our website the way you like it best. There are various third-party tools that offer these functions and also collect and store data from you. The cookies named store, for example, which web pages you visited on our website, how long you viewed these pages, which links or buttons you clicked, or which website you came to us from. Technical information can also be stored. For example, your IP address, which browser you use, which device you use to visit our website, or the time when you accessed our website and when you left it again. If you have consented that we may also determine your location, we can also store and process this.

Your IP address is stored in pseudonymized form (i.e. shortened). Unique data that directly identifies you as a person, such as name, address or email address, are also only stored in pseudonymized form as part of the advertising and online marketing processes. We cannot identify you as a person, but we only have the pseudonymized, stored information stored in the user profiles.

The cookies may also be deployed, analyzed and used for advertising purposes on other websites that work with the same advertising tools. The data may then also be stored on the servers of the advertising tool providers.

In exceptional cases, unique data (name, email address, etc.) can also be stored in the user profiles. This storage occurs, for example, if you are a member of a social media channel that we use for our online marketing measures and the network links previously received data with the user profile.

For all advertising tools we use that store your data on their servers, we only receive aggregated information and never data that identifies you as an individual. The data simply shows how well the advertising measures worked. For example, we can see which measures prompted you or other users to come to our website and purchase a service or product there. Based on the analyses, we can improve our advertising offer in the future and adapt it even more precisely to the needs and wishes of interested parties.

Duration of data processing

We will inform you below about the duration of data processing if we have further information. In general, we only process personal data for as long as it is absolutely necessary to provide our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, others can be stored in your browser for several years. In the respective data protection declarations of the individual providers you will usually find precise information about the individual cookies that the provider uses.

Right to object

Since online marketing tools can usually use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to the use of third-party providers, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) lit. a GDPR (consent), this consent represents the legal basis for the processing of personal data, as may occur when collected using online marketing tools.

We also have a legitimate interest in measuring online marketing measures in an anonymized form in order to optimize our offer and our measures using the data obtained. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests) . However, we only use the tools if you have given your consent.

Information on specific online marketing tools – if available – can be found in the following sections.

Facebook Custom Audiences Privacy Policy

We use Facebook Custom Audiences, a server-side event tracking tool, on our website. The service provider is the American company Meta Platforms Inc. The company Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region.

Facebook uses so-called standard contractual clauses (= Art. 46, paragraphs 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data is

comply with European data protection standards when they are transferred to third countries (such as the USA) and stored there. Through these clauses, Facebook undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing conditions, which correspond to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing .

You can find out more about the data processed through the use of Facebook Custom Audiences in the Privacy Policy at https://www.facebook.com/about/privacy .

Google Marketing Platform (formerly: DoubleClick) Privacy Policy

We use Google Marketing Platform products on our website. These include various marketing tools such as Data Studio, Surveys, Campaign Manager 360, Display & Video 360 or Search Ads 360. The service provider is the American company Google Inc. In Europe, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

Google uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/ .

More about the data collected through the use of Google Marketing Platform products

processed, please see the Privacy Policy at https://policies.google.com/privacy?hl=de .

Payment Provider Introduction

Payment Provider Privacy Policy Summary

Affected: Visitors to the website

Purpose: Enabling and optimizing the payment process on our website

Data processed: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data. You can find more details in the payment provider tool used.

Storage period: depends on the payment provider used

Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract)

What is a payment provider?

We use online payment systems on our website that enable us and you to make payments safely and smoothly. Personal data may also be sent to the respective payment provider, stored there and processed there. Payment providers are online payment systems that allow you to place an order via online banking. The payment is processed by the payment provider you have chosen. We then receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. There are hardly any banks that do not offer or accept such payment methods.

Why do we use payment providers on our website?

We naturally want to offer the best possible service with our website and our integrated online shop so that you feel comfortable on our site and use our offers. We know that your time is valuable and that payment processing in particular must work quickly and smoothly. For these reasons, we offer you various payment providers. You can choose your preferred payment provider and pay in the usual way.

What data is processed?

Which data is processed depends, of course, on the respective payment provider. However, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are generally stored. This is necessary data in order to be able to carry out a transaction at all. In addition, any contract data and user data, such as when you visit our website, which content you are interested in or which subpages you click on, can also be stored. Your IP address and information about the computer you are using are also stored by most payment providers.

The data is usually stored and processed on the payment providers' servers. We as website operators do not receive this data. We are only informed whether the

Payment worked or not. For identity and credit checks, payment providers may forward data to the relevant department. The business and data protection principles of the respective provider always apply to all payment transactions. Therefore, please always look at the general terms and conditions and the data protection declaration of the payment provider. You also have the right at any time, for example, to have data deleted or corrected. Please contact the respective service provider regarding your rights (right of withdrawal, right to information and right to be affected).

Duration of data processing

We will inform you about the duration of data processing below if we have further information. In general, we only process personal data for as long as it is absolutely necessary to provide our services and products. If it is required by law, such as in the case of accounting, this storage period can also be exceeded. For example, we keep accounting documents relating to a contract (invoices, contract documents, bank statements, etc.) for 10 years (Section 147 AO) and other relevant business documents for 6 years (Section 247 HGB) after they arise.

Right to object

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can contact the person responsible for the payment provider used at any time. You can find contact details either in our specific data protection declaration or on the website of the relevant payment provider.

You can delete, deactivate or manage cookies that payment providers use for their functions in your browser. This works in different ways depending on which browser you use. Please note, however, that the payment process may then no longer work.

Legal basis

In addition to traditional banking/credit institutions , we also offer other payment service providers for the processing of contractual or legal relationships (Art. 6 Para. 1 lit. b GDPR) . The privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay or Discover) provide you with a detailed overview of data processing and data storage. In addition, you can always address any questions you may have about data protection-related issues to the responsible persons.

Information about the specific payment providers – if available – can be found in the following sections.

American Express Privacy Policy

We use American Express, a global financial services provider, on our website. The service provider is the American company American Express Company.

The company responsible for the European area is American Express Europe SA (Avenida Partenón 12-14, 28042, Madrid, Spain).

American Express processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

American Express uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, American Express undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more information about American Express’s standard contractual clauses in the “European Implementing Principles” ( https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-p rinciples/ ).

You can find out more about the data processed through the use of American Express in the Privacy Policy on

https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklar ung/ .

giropay privacy policy

We use the online payment provider giropay on our website. The service provider is the German company paydirekt GmbH, Stephanstraße 14-16, 60313 Frankfurt am Main, Germany.

You can find out more about the data processed through the use of giropay in the privacy policy at https://www.giropay.de/agb/index.html .

Google Pay Privacy Policy

We use the online payment provider Google Pay on our website. The service provider is the American company Google Inc. In Europe, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The data processing terms for Google advertising products (Google Ads Controller-Controller Data Protection Terms), which refer to the standard contractual clauses, can be found at https://business.safety.google/adscontrollerterms/ .

You can find out more about the data processed through the use of Google Pay in the Privacy Policy at https://policies.google.com/privacy .

Klarna Checkout Privacy Policy

Klarna Checkout Privacy Policy Summary

Affected: Visitors to the website

Purpose: Optimization of the payment process on our website

Data processed: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data. You can find more details about this further down in this privacy policy.

Storage period: Data will be stored as long as Klarna needs it for the processing purpose

needed.

Legal basis: Art. 6 Para. 1 lit. c GDPR (legal obligation), Art. 6 Para. 1 lit. f

GDPR (Legitimate Interests)

What is Klarna Checkout?

We use the online payment system Klarna Checkout from the Swedish company Klarna Bank AB on our website. Klarna Bank has its headquarters at Sveavägen 46, 111 34 Stockholm, Sweden. If you choose to use this service, personal data will be sent to Klarna, stored and processed. In this privacy policy we would like to give you an overview of the data processing by Klarna.

Klarna Checkout is a payment system for orders in an online shop. The user selects the payment method and Klarna Checkout takes over the entire payment process. Once a user has made a payment via the checkout system and entered the relevant data, future online purchases can be made even faster and easier. The Klarna system then recognizes the existing customer as soon as the email address and postcode are entered.

Why do we use Klarna Checkout for our website?

Our goal with our website and our integrated online shop is to offer you the best possible service. In addition to the overall experience on the website and our offers, this also includes smooth, fast and secure payment processing for your orders. To ensure this, we use the Klarna Checkout payment system.

What data is stored by Klarna Checkout?

As soon as you choose the Klarna payment service and pay using the Klarna Checkout payment method, you also transmit personal data to the company. On the Klarna Checkout page, technical data such as browser type, operating system, our Internet address, date and time, language settings, time zone settings and IP address are collected from you and transmitted to Klarna's servers and stored there. This data is stored even if you have not yet completed an order.

If you order a product or service through our shop, you must enter your personal data in the fields provided. This data is processed by Klarna for payment processing. The following personal data (as well as general product information) may be stored and processed by Klarna for credit and identity checks:

Contact information: name, date of birth, national ID number, title, billing and shipping address, email address, telephone number, nationality or salary.

Payment information such as credit card details or your account number

Product information such as tracking number, type of item and price of the product

There is also data that can be collected optionally, provided you consciously decide to do so. These include political, religious or ideological beliefs or various health data.

In addition to the data mentioned above, Klarna may also collect data on the goods or services you buy or order, either itself or through third parties (such as us or public databases). This may include, for example, the shipment number or the type of item ordered, but also information about your creditworthiness, your income or credit approvals. Klarna may also pass on your personal data to service providers such as software providers, data storage providers or us as a retailer.

When data is automatically entered into a form, cookies are always involved. If you do not want to use this function, you can deactivate these cookies at any time.

Further down in the text you will find instructions on how to delete, deactivate or manage cookies in your browser. Our tests have shown that Klarna does not set any cookies directly. If you choose the payment method "Klarna Sofort" and click on "Order", you will be redirected to the Sofort website. After successful payment you will be taken to our thank you page. There, sofort.com sets the following cookie:

Name : SOFUEB

Value: e8cipp378mdscn9e17kajlfhv7312341941-4 Purpose: This cookie stores your session ID. Expiry date: after the end of the browser session

How long and where is the data stored?

Klarna endeavours to only store your data within the EU or the European Economic Area (EEA). However, it may also happen that data is transferred outside the EU/EEA. If this happens, Klarna ensures that data protection is in line with the GDPR and that the third country has an adequacy decision by the European Union. The data is always stored as long as Klarna needs it for the processing purpose.

How can I delete my data or prevent data storage?

You can withdraw your consent for Klarna to process personal data at any time. You also always have the right to information, correction and deletion of your personal data. To do this, you simply need to contact the company or the company's data protection team by email at datenschutz@klarna.de . You can also contact Klarna directly via the Klarna website "My data protection request" .

You can delete, deactivate or manage cookies that Klarna may use for its functions in your browser. This works in different ways depending on which browser you use. Under the "Cookies" section you will find the relevant links to the respective instructions for the most popular browsers.

Legal basis

In addition to conventional banking/credit institutions, we also offer the payment service provider Klarna Checkout for the processing of contractual or legal relationships (Art. 6 Para. 1 lit. b GDPR) .

We hope we have given you a good overview of data processing by Klarna. If you would like to learn more about how your data is handled, we recommend reading Klarna's privacy policy at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy .

PayPal Privacy Policy

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal Europe (S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European region.

PayPal processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

PayPal uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, PayPal undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information about the standard contractual clauses and the data processed through the use of PayPal, please see the privacy policy at https://www.paypal.com/webapps/mpp/ua/privacy-full .

Paysafecard Privacy Policy

We use the payment provider Paysafecard on our website. The service provider is the Irish company Paysafe Prepaid Services Limited, 3rd floor, Kilmore House, Spencer Dock, Dublin 1, Ireland.

You can find out more about the data processed through the use of Paysafecard in the Privacy Policy at https://www.paysafecard.com/de/datenschutzmitteilung-1/

Visa Privacy Policy

We use Visa, a global payment provider, on our website. The service provider is the American company Visa Inc. The company responsible for Europe is Visa Europe Services Inc. (1 Sheldon Square, London W2 6TT, Great Britain).

Visa processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can entail various risks for the legality and security of the

data processing.

Visa uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Visa undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information about Visa’s standard contractual clauses, please visit

https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zusta ndigkeitsfragen-fur-den-ewr.html .

You can find out more about the data processed through the use of Visa in the Privacy Policy at https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html .

External online platforms Introduction

External online platforms Privacy Policy Summary

Affected parties: visitors to the website or visitors to external online platforms

Purpose: Presentation and optimization of our service, contact with visitors,

interested persons

Data processed: Data such as telephone numbers, email addresses, contact details,

Data on user behavior, information about your device and your IP address. You can find more details on the platform used.

Storage period: depends on the platforms used

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR

(Legitimate interests)

What are external online platforms?

In order to be able to offer our services or products outside of our website, we also use external platforms. These are usually online marketplaces such as Amazon or eBay. In addition to our responsibility for data protection, the data protection regulations of the external platforms we use also apply. This is especially the case when our products are purchased via the platform. In other words, when there is a payment process. Furthermore, most platforms also use your data to optimize their own marketing measures. For example, the platform can use the data collected to tailor advertisements precisely to the interests of customers and website visitors.

Why do we use external online platforms?

In addition to our website, we also want to offer our services on other platforms in order to make our services more accessible to more customers. External online marketplaces such as Amazon, eBay or Digistore24 offer large sales websites that offer our products to people who may not know our website. It can also happen that built-in elements on our site lead to an external online platform. Data that is processed and stored by the online platform used is used by the company to log the payment process on the one hand, but also to carry out web analyses on the other.

The aim of these analyses is to be able to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a platform, the evaluated data can be used to draw conclusions about your interests and create so-called user profiles. This also enables the platforms to present you with customized advertisements or products. Cookies are usually placed in your browser for this purpose, which store data about your usage behavior.

Please note that when using the platforms or our built-in elements, your data may also be processed outside the European Union, as online platforms such as Amazon or eBay are American companies. This may make it more difficult for you to claim or enforce your rights with regard to your personal data.

What data is processed?

Exactly which data is stored and processed depends on the respective external platform. But it is usually data such as telephone numbers, email addresses, data that you enter in a contact form, user data such as which buttons you click, when you visited which pages, information about your device and your IP address. Very often most of this data is stored in cookies. If you have your own profile on an external platform and are logged in there, data can be linked to the profile. The data collected is stored on the servers of the platforms used and processed there. You can find out exactly how an external platform stores, manages and processes data in the respective data protection declaration. If you have any questions about data storage and data processing or want to assert corresponding rights, we recommend that you contact the platform directly.

Duration of data processing

We will inform you below about the duration of data processing if we have further information. For example, Amazon stores data until it is no longer required for its own purposes. In general, we only process personal data for as long as it is absolutely necessary to provide our services and products.

Right to object

You also have the right and the option to revoke your consent to the use of cookies at any time. This works either via our cookie management tool or via opt-out functions on the respective external platform. You can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.

Since cookies may be used, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective external platforms.

Legal basis

If you have consented that your data can be processed and stored by external platforms, this consent is the legal basis for data processing (Art. 6 Para. 1 lit. a GDPR) . In principle, if consent is given, your data will also be stored and processed on the basis of a legitimate interest (Art. 6 Para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. If we have integrated elements of external platforms on our website, we will only use them if you have given your consent.

Information about specific external platforms – if available – can be found in the following sections.

Alibaba Privacy Policy

We use the online trading platform Alibaba. The service provider is the Asian company Alibaba.com Hong Kong Limited, 26/F Tower One, Times Square, 1 Matheson Street, Causeway Bay, Hong Kong.

The service may transfer data to Hong Kong. We would like to point out that Hong Kong is a third country that is not subject to the scope of the GDPR. This may result in restrictions on data protection and data security.

You can learn more about the data processed through the use of Alibaba in the Privacy Policy at https://rule.alibaba.com/rule/detail/2034.htm .

Amazon (Europe) Privacy Policy

We also use the online trading platform Amazon (Europe). The service provider is the American company Amazon Inc. The company responsible for Europe is Amazon Europe Core S.à rl (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg.

Amazon processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

Amazon uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Amazon undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Amazon data processing terms (AWS GDPR DATA PROCESSING), which correspond to the standard contractual clauses, can be found at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf .

You can find out more about the data processed through the use of Amazon in the privacy policy at https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010&ref_=footer_privacy .

eBay Privacy Policy

We use the online trading platform eBay. The service provider is the American company eBay Inc., 2025 Hamilton Avenue, San Jose, CA 95125, USA.

eBay also processes data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

eBay uses standard contractual clauses approved by the EU Commission (= Art. 46, paragraphs 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. These clauses oblige eBay to comply with the EU data protection level when processing relevant data, even outside the EU.

These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here: https://germany.representation.ec.europa.eu/index_de

You can find out more about the data processed through the use of eBay in the privacy policy on

https://www.ebay.com/help/policies/member-behaviour-policies/user-privacy-notice-privacy-policy? id=4260 .

Etsy Privacy Policy

We use the online trading platform Etsy. The service provider is the American company Etsy Inc. In Europe, the company Etsy Ireland UC (66/67 Great Strand Street, Dublin 1, Ireland) is responsible for all Google services.

Etsy processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

Etsy uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Etsy undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information about the standard contractual clauses and the data processed through the use of Etsy, please see the Privacy Policy at https://www.etsy.com/legal/privacy/ .

shopify privacy policy

We use the online marketplace Shopify. The service provider is the American company Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Shopify processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.

Shopify uses so-called standard contractual clauses (= Art. 46, paragraphs 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are required by the EU

Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Shopify undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information about the standard contractual clauses and the data processed through the use of Shopify, please see the Privacy Policy at https://www.shopify.de/legal/datenschutz or https://help.shopify.com/en/manual/your-account/privacy/GDPR/gdpr-faq#will-shopify-sign-standa rd-contractual-clauses .

Rating platforms Introduction

Rating platforms summary

Affected persons: visitors to the website or a rating platform

Purpose: Feedback on our products and/or services

Processed data: IP address, email address, name, etc. You can find more details

below or on the respective rating platforms used.

Storage period: depends on the respective platform

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR

(Legitimate interests),

What are review platforms?

You can rate our products or services on various rating platforms. We participate in some of these platforms so that we can get feedback from you and thus optimize our offering. If you rate us via a rating platform, the privacy policy and the general terms and conditions of the respective rating service apply. Very often you also have to register to submit a rating. Rating technologies (widgets) can also be integrated into our website. By using such an integrated tool, data is also transferred to the relevant provider, processed and stored.

Many of these integrated programs work on a similar principle. After you have ordered a product from us or used a service, you will be asked to submit a review by email or on the website. You will usually be redirected to a review page via a link, where you can quickly and easily create a review. Some review systems also offer an interface to various social media channels to make the feedback accessible to more people.

Why do we use review platforms?

Rating platforms collect feedback and ratings about our offers. Your ratings enable us to quickly receive appropriate feedback and improve our products and/or services much more efficiently. The ratings therefore help us to optimize our offers on the one hand and give you and all our future customers a good overview of the quality of our products and services on the other.

What data is processed?

With your consent, we transmit information about you and the services you have used to the relevant rating platform. We do this to ensure that you have actually used one of our services. Only then can you give real feedback. The data transmitted is only used to identify the user. Which data is stored and processed depends, of course, on the providers used. In most cases, personal data such as IP address, email address or your name are also made available to the rating platforms. After you have submitted your rating, order information such as the order number of an item purchased is also forwarded to the relevant platform. If your email address is transmitted, this is done so that the rating platform can send you an email after you have purchased a product. So that we can also integrate your rating into our website, we also give the providers the information that you have accessed our site. The rating platform used is responsible for the personal data collected.

How long and where is the data stored?

You can find out more about the duration of data processing below in the relevant data protection declaration of the provider, if we have further information about it. In general, we only process personal data for as long as it is absolutely necessary to provide our services and products. Personal data mentioned in a review is usually anonymized by employees of the platform used and is therefore only visible to administrators of the company. The data collected is stored on the providers' servers and, for most providers, deleted after the end of the order.

Right to object

Legal basis

If you have consented to the use of a rating platform, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) lit. a GDPR (consent), this consent represents the legal basis for the processing of personal data, as may occur when data is collected by a rating portal.

We also have a legitimate interest in using a rating platform to optimize our online service. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use a rating platform if you have given your consent.

We hope we have been able to provide you with the most important general information about data processing by rating platforms. You can find more information below in the data protection texts or in the linked data protection declarations of the company.

Google Customer Reviews Privacy Policy

We also use the Google Customer Reviews rating platform for our website. The service provider is the American company Google Inc. In Europe, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The data processing terms for Google advertising products (Google Ads Controller-Controller Data Protection Terms), which refer to the standard contractual clauses, can be found at

https://business.safety.google/intl/de/adsprocessorterms/

You can find out more about the data processed through the use of Google in the privacy policy at https://policies.google.com/privacy?hl=de .

Web design introduction

Web Design Privacy Policy Summary

Affected: Visitors to the website

Purpose: Improve user experience

Processed data: Which data is processed depends largely on the data used

services. Usually this includes IP address, technical data,

Language settings, browser version, screen resolution and browser name. More

Details can be found in the web design tools used.

Storage period: depends on the tools used

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR

(Legitimate interests)

What is web design?

We use various tools on our website that serve our web design. Web design is not, as is often assumed, just about making our website look pretty, but also about functionality and performance. But of course the right look of a website is also one of the major goals of professional web design. Web design is a sub-area of media design and deals with both the visual and the structural and functional design of a website. The aim is to use web design to improve your experience on our website. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all the impressions and experiences that website visitors have on a website. A sub-point of user experience is usability. This is about the user-friendliness of a website. The main emphasis here is on ensuring that content, subpages or products are clearly structured and that you can find what you are looking for quickly and easily. In order to offer you the best possible experience on our website, we also use so-called web design tools from third parties. In this privacy policy, the category “web design” includes all services that improve the design of our website. These can be, for example, fonts, various plugins or other integrated web design functions.

Why do we use web design tools?

How you absorb information on a website depends very much on the structure, functionality and visual perception of the website. That is why good and professional web design has become increasingly important for us. We are constantly working on improving our website and see this as an extended service for you as a website visitor. Furthermore, a beautiful and functioning website also has economic advantages for us. After all, you will only visit us and use our services if you feel completely comfortable.

What data are stored by web design tools?

When you visit our website, web design elements may be integrated into our pages that can also process data. The exact data involved depends, of course, largely on the tools used. Below you can see exactly which tools we use for our website. For more information about data processing, we recommend that you read the respective privacy policy of the tools used. This is usually where you can find out which data is processed, whether cookies are used and how long the data is stored. Fonts such as Google Fonts, for example, also automatically transmit information such as language settings, IP address, browser version, browser screen resolution and browser name to Google servers.

Duration of data processing

How long data is processed is very individual and depends on the web design elements used. If cookies are used, for example, the storage period can be as short as a minute or as long as a few years. Please do your research on this. We recommend that you read our general text section on cookies and the privacy statements of the tools used. There you will usually find out which cookies are used exactly and what information is stored in them. Google font files, for example, are stored for a year. This is to improve the loading time of a website. In principle, data is only ever stored for as long as it is necessary to provide the service. If required by law, data can also be stored for longer.

Right to object

You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. This works either via our Cookie Management tool or via other opt-out functions. You can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser. However, there is also data under web design elements (mostly fonts) that cannot be deleted so easily. This is the case when data is automatically collected when a page is accessed and transmitted to a third-party provider (such as Google). In this case, please contact the support of the relevant provider. In the case of Google, you can reach support at https://support.google.com/?hl=de .

Legal basis

If you have consented to the use of web design tools, the legal basis for the corresponding data processing is this consent. According to Art. 6 Para. 1 lit. a GDPR (consent), this consent represents the legal basis for the processing of personal data, as may occur when it is collected by web design tools. We also have a legitimate interest in improving the web design on our website. After all, only then can we provide you with a beautiful and professional web offering. The corresponding legal basis for this is Art. 6 Para. 1 lit. f GDPR

(Legitimate interests). However, we only use web design tools if you have given your consent. We would like to emphasize this again here.

Information on specific web design tools – if available – can be found in the following sections.

Content Search Provider Introduction

Content Search Provider Privacy Policy Summary

Affected: Visitors to the website

Purpose: Improve user experience

Processed data: Which data is processed depends largely on the data used

Services. Usually this is IP address, search interests and/or technical data.

You can find more details in the respective tools used.

Storage period: depends on the tools used

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR

(Legitimate interests)

What is a content search provider?

We have now published a lot of content on our website. And of course we don't want it to be forgotten just because it can't be found. That's why we use a content search provider on our website. You're probably familiar with large search engines like Google. Content search providers are basically also search engines, but unlike Google, they don't search the entire web for content, just the website you're on. You can enter terms that match the content you're looking for in a text field and the search program will find the articles you're looking for. If you use the integrated search function, your personal data may also be processed.

Why do we use a content search provider?

If you look around our website, you will quickly notice how much useful content we have published over the years. There are real treasures there and we want you to find them quickly without having to click around for a long time. With a content search function directly on our website, you can quickly and easily find the content you are looking for using keywords that match the topic you are looking for. This feature is really practical and we also see it as our job to make your life on our website as pleasant and helpful as possible. That is why we have decided to integrate a content search program into our website.

What data is processed?

When you use the search function on our website, the integrated content search provider (such as Algolia Places or Giphy) can automatically receive and store data from you. This includes technical data about your browser as well as data such as

For example, your IP address, device ID and the search terms entered. Please note that IP addresses are personal data. The providers' privacy policies state that this information is collected and stored in order to increase security and improve their own services. The automatically collected usage data, which does not contain any personal data and is processed in an anonymized form, can also be used for analysis purposes. Some providers also pass this anonymized data on to third parties. To find out more about this, we recommend that you read the specific privacy policies of the individual providers carefully. To ensure that the services function properly, cookies are usually also set in your browser. You can find out more about cookies in our general "Cookies" section. You can find out whether and which cookies the individual search tools use - if available - below or in the corresponding privacy policies of the integrated tools.

How long and where is the data stored?

Basically, every content search provider processes different data. Therefore, this general section cannot go into detail about the data processing of the individual tools. Usually, however, the services only store personal data for as long as this is necessary for the tools to function properly. Some services (such as Giphy) also keep personal data for longer if this is required due to legal obligations. Most providers also keep data in depersonalized form for longer. Content search providers can also use cookies to store various data. You can find out more about this in our general section on cookies. If you want to know something about the specific cookies that a search provider uses, we recommend that you read the privacy policy of the providers we use. You can usually find an example list of the cookies used there.

Right to object

Always be aware: if you do not want this, no personal data may be processed about you. You always have the right to access your personal data and to object to its use. You can also withdraw your consent at any time using the cookie consent tool or other opt-out options. You can also easily manage, delete or deactivate cookies used yourself via your browser. If you delete cookies, some of the tool's functions may no longer work. So please do not be surprised. How you manage cookies in your browser also depends on the browser you use. In the "Cookies" section you will also find links to the instructions for the most important browsers.

Legal basis

If you have consented to the use of a content search provider, the legal basis for the corresponding data processing is this consent. According to Art. 6 Paragraph 1 Letter a of GDPR (consent), this consent is the legal basis for the processing of personal data as it occurs when collected by a content search provider

can occur.

We also have a legitimate interest in using a content search provider to optimize our service on our website. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use a content search provider if you have given your consent. We would like to make this clear again at this point.

Information about specific content search providers – if available – can be found in the following sections.

Custom Google Search Privacy Policy

Google Custom Search Privacy Policy Summary

Affected: Visitors to the website

Purpose: Optimization of our service

Processed data: Data such as IP address and entered search terms are stored by Google. You can find more details about this further down in this privacy policy.

Storage period: the storage period varies depending on the data stored

Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What is Google Custom Search?

We have integrated the Google plug-in for custom search on our website. Google is the largest and best-known search engine in the world and is operated by the US company Google Inc. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for the European region. Through the custom Google search, your data can be transferred to Google. In this privacy policy, we inform you why we use this plug-in, which data is processed and how you can manage or prevent this data transfer.

The plug-in for custom Google search is a Google search bar directly on our website. The search takes place like on www.google.com , only the search results focus on our content and products or on a limited search area.

Why do we use Google Custom Search on our website?

A website with lots of interesting content often becomes so large that you can lose track of it. Over time, we have also accumulated a lot of valuable material and, as part of our service, we want you to find our content as quickly and easily as possible. The custom Google search makes finding interesting content child's play. The built-in Google plug-in improves the overall quality of our website and makes searching easier for you.

What data is stored through custom Google search?

Through the custom Google search, data is only transferred from you to Google if you actively use the Google search built into our website. This means that only when you enter a search term in the search bar and then confirm this term (e.g. click on "Enter") will your IP address and the search term be sent to Google, saved and processed there. Based on the cookies set (such as 1P_JAR), it can be assumed that Google also receives data on website usage. If you search for content using the built-in Google search function during your visit to our website and are logged in with your Google account at the same time, Google can also assign the collected data to your Google account. As website operators, we have no influence on what Google does with the data collected or how Google processes the data.

The following cookies are set in your browser when you use the custom Google search and are not logged in with a Google account:

Name: 1P_JAR

Value: 2020-01-27-13312341941-5

Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. Expiry date: after one month

Name: CONSENT

Value: WP.282f52312341941-9

Purpose: The cookie stores the status of a user's consent to use various Google services. CONSENT is also used for security purposes to verify users and protect user data from unauthorized attacks.

Expiry date: after 18 years

Name: NID

Value: 196=pwIo3B5fHr-8

Purpose: NID is used by Google to tailor advertisements to your Google search. With the help of the cookie, Google "remembers" the search queries you have entered or your previous interaction with advertisements. This way, you always receive tailored advertisements. Expiry date: after 6 months

Note: This list cannot claim to be complete, as Google continually changes its choice of cookies.

How long and where is the data stored?

The Google servers are spread all over the world. Since Google is an American company, most of the data is stored on American servers. You can see exactly where the Google servers are at https://www.google.com/about/datacenters/locations/?hl=de .

Your data is distributed across different physical storage devices. This means that the data can be accessed more quickly and is better protected against possible manipulation. Google also has emergency programs for your data. If, for example, Google has internal technical problems and servers stop working as a result, the risk of service interruption and data loss remains low.

Depending on the type of data, Google stores it for different lengths of time. You can delete some data yourself, while other data is automatically deleted or anonymized by Google. However, there is also data that Google stores for longer if this is necessary for legal or business reasons.

How can I delete my data or prevent data storage?

Under European Union data protection law, you have the right to access, update, delete or restrict your data. There is some data that you can delete at any time. If you have a Google account, you can delete data about your web activity there or specify that it should be deleted after a certain period of time. In your browser, you also have the option of deactivating cookies, deleting them or managing them according to your wishes and preferences. Under the "Cookies" section, you will find the relevant links to the respective instructions for the most popular browsers.

Legal basis

If you have consented to the use of custom Google search, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) lit. a GDPR (consent), this consent represents the legal basis for the processing of personal data, as may occur when collected through custom Google search.

We also have a legitimate interest in using the custom Google search to optimize our online service. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests) . However, we only use the custom Google search if you have given your consent.

data protection level, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at

https://business.safety.google/intl/de/adsprocessorterms/

We hope we have been able to provide you with the most important information about data processing by Google. If you would like to find out more, we recommend reading Google's comprehensive privacy policy at https://policies.google.com/privacy?hl=de .

Closing words

Congratulations! If you are reading these lines, you have really "fought" your way through our entire privacy policy or at least scrolled down to here. As you can see from the scope of our privacy policy, we do not take the protection of your personal data lightly.

It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. We do not only want to tell you which data is processed, but also explain the reasons for using various software programs. Data protection declarations usually sound very technical and legal. However, since most of you are not web developers or lawyers, we wanted to take a different approach linguistically and explain the facts in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the data protection declaration.

If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible party. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are copyrighted.

Source: Created with the data protection generator from AdSimple

Cart

imprint