Privacy policy
The protection of your data is important to us. We handle your data responsibly.
Data protection at a glance
Cookie Settings
> Customise cookie settings here
Thank you for your interest in our website. The protection of your privacy is very important to us. Below we inform you in detail about how we handle your data.
This privacy policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer www.stex24.com and the associated websites, functions and content as well as external online presences, such as our social media profile. (hereinafter collectively referred to as "Online Offer"). With regard to the terms used, such as "personal data" or their "processing", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
1. General information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our data protection declaration listed below this text.
a. Data collection on this website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Responsible party:
Company: Stecker Express GmbH
Street property no.: Lembergstraße 52
Postcode, City, Country: 72766 Reutlingen, Germany
Commercial register no.: DE 264 855 636
Managing directors: Max Ritter, Patrick Ritter
E-mail address: datenschutz@stecker-express.de
Data Protection Officer
E-mail address: datenschutz@stecker-express.de
b. Types of data processed
- Inventory data
- Contact details
- Content data
- Contract data
- Payment data
- Usage data
- Meta/communication data
Processing of special categories of data (Art. 9 para. 1 GDPR):
In principle, no special categories of data are processed unless they are provided by the user for processing, e.g. entered in online forms.
Categories of data subjects affected by the processing:
Visitors and users of the online offer. In the following, we also refer to the data subjects collectively as "users".
c. Relevant legal bases
In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfil our services and implement contractual measures and respond to enquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
d. Changes and updates to the privacy policy
We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
e. Purpose of the processing
Provision of the online offer, its contents and functions.
Provision of contractual services, service and customer care.
Answering contact enquiries and communicating with users.
Marketing, advertising and market research.
Safety measures.
f. How do we collect your data?
On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.
Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.
g. What do we use your data for?
Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyse your user behaviour.
h. What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time if you have further questions on the subject of data protection.
Analysis tools and tools from third-party providers
When you visit this website, your surfing behaviour may be statistically evaluated. This is primarily done using so-called analysis programmes. Detailed information on these analysis programmes can be found in the following privacy policy.
2. Hosting
We host the content of our website with the following providers:
a. Hetzner
The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner).
Details can be found in Hetzner's privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz.
The use of Hetzner is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Order processing: We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
b. Strato
The provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter referred to as "Strato"). When you visit our website, Strato collects various log files including your IP addresses. Further information can be found in Strato's privacy policy: https://www.strato.de/datenschutz/. Strato is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Order processing: We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
3 General notes and mandatory information
a. Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
b. Reference to the responsible body
The controller responsible for data processing on this website is
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
P.O. Box 10 29 32, 70025 Stuttgart
Königstraße 10a, 70173 Stuttgart
Phone: 0711 6155410
E-mail: poststelle@lfdi.bwl.de
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).
c. Storage period
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.
d. General information on the legal basis for data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is also carried out on the basis of Section 25 (1) of the GDPR. Consent can be revoked at any time. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfil a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.
e. Data Protection Officer
We have appointed a data protection officer.
E-mail: datenschutz@stecker-express.de
f. Note on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may process, analyse and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.
g. Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
h. Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).
IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).
i. Right to lodge a complaint with the competent supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.
j. Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.
k. Information, erasure and rectification
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction or deletion of this data. You can contact us at any time if you have further questions on the subject of personal data.
l. Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do this. The right to restriction of processing exists in the following cases:
If you dispute the accuracy of your personal data stored by us, we generally need time to check this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.
If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.
If you have lodged an objection in accordance with Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
m. SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
n. Encrypted payment transactions on this website
If there is an obligation to provide us with your payment data (e.g. account number for direct debit authorisation) after the conclusion of a chargeable contract, this data is required for payment processing.
Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
With encrypted communication, the payment data you transmit to us cannot be read by third parties.
o. Objection to advertising e-mails
We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
4. data collection on this website
Cookies
Our Internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies can be used to analyse user behaviour or for advertising purposes.
Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
You can find out which cookies and services are used on this website in this privacy policy.
Consent with econda Analytics
Pseudonymised data is collected and stored by solutions and technologies from econda GmbH (Zimmerstraße 6, 76137 Karlsruhe, www.econda.de) and user profiles are created from this data using pseudonyms in order to design and optimise this website in line with requirements. econda works on our behalf. The data will not be passed on to third parties or transferred to third countries.
Data processing purposes:
- Analytics
- Optimisation
Without your opt-in, the econda solutions work in anonymous mode based on the current session. No personal data, such as IP address, customer or order numbers, are stored. No cookies are set. You will not be recognised in subsequent visits and profiling is not possible. With your opt-in, cookies are used for the purpose described above, which enable an Internet browser to be recognised. However, user profiles are not merged with data about the bearer of the pseudonym without the express consent of the visitor. In particular, IP addresses are made unrecognisable immediately after receipt, which means that it is not possible to assign usage profiles to IP addresses. You can of course revoke your consent at any time.
Technologies used:
- Cookie
- Local memory
Anonymised tracking is used in accordance with Article 6(1)(f) GDPR. The company has a legitimate interest in measuring reach in order to continuously optimise its online presence. Personalised tracking only takes place if you have given your consent (Article 6(1)(a) GDPR).
The following data is recorded:
- Information on the device used
- Information on pages viewed during the website visit
- Information as part of the ordering process
- Information on access data
- Customer data for login or access
The data is only processed and stored for the period of time required to achieve the respective processing purpose or for as long as a statutory retention period (in particular under commercial and tax law) exists. Once the purpose has been achieved or the retention obligation has expired, the corresponding data is routinely deleted.
Order processing: We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
3. Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - the server log files must be recorded for this purpose.
4. Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.
5. Enquiry by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your enquiry including all personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
6.
Communication via WhatsApp
For the WhatsApp messaging service, STECKER EXPRESS (‘STECKER EXPRESS’) uses the technical platform and services of WhatsApp, Inc, 1601 Willow Road, Menlo Park, California 94025, USA with the privacy policy available at https://www.whatsapp.com/legal/#privacy-policy. WhatsApp is part of the Facebook group of companies. In this context, STECKER EXPRESS itself is only a user of the services and functions provided by WhatsApp. We have no influence over the terms and conditions under which WhatsApp does this. This also applies in particular with regard to the data protection conditions associated with the use of WhatsApp. If you contact us via WhatsApp, this means that not only we come into contact with all the personal data that you disclose in this context, but also WhatsApp.
Data processing by WhatsApp
We have no influence on the type and scope of the data processed by the provider, the type of processing and use or the transfer of this data to third parties, in particular to countries outside the European Union where an adequate level of data protection cannot be guaranteed. Information about which data is processed by the provider and for what purposes it is used can be found in the service's privacy policy, which can be viewed here: www.whatsapp.com/legal/
Essentially, this involves the following data
- Registration data, such as profile name and mobile phone number
- Telephone numbers in the mobile phone address book
- Usage and log information (information on the use of the service)
- Transaction data (e.g. payment receipts)
- Connection data, such as mobile phone network details,
- Connection and device information, such as operating system, device ID,
- device location (if location functions are used), mobile phone or internet provider
- Internet provider, browser type, IP address, browser type
- Status information (‘last online’ status)
Whatsapp Business:
WhatsApp is used on the basis of our legitimate interest in communicating as quickly and effectively as possible with customers, interested parties and other business and contractual partners (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the data processing takes place exclusively on the basis of the consent; this can be revoked at any time with effect for the future.
The communication content exchanged between and on WhatsApp will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
We use WhatsApp in the ‘WhatsApp Business’ version.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.whatsapp.com/legal/business-data-transfer-addendum.
We have set up our WhatsApp accounts so that it does not automatically synchronise data with the address book on the smartphones in use.
Whatsapp Newsletter
Data processing by STECKER EXPRESS and purpose of data processing
By sending the ‘START’ message to the mobile phone number provided or by registering via the registration form provided on the website, you consent to STECKER EXPRESS processing your personal data as described below: STECKER EXPRESS processes your following personal data in order to send you information about the company and its products: Your telephone number, your profile picture, your Messanger ID and any messages sent to STECKER EXPRESS. The service described is aimed exclusively at persons who have reached the age of sixteen.
Cancellation
You have the right to withdraw your consent at any time and unsubscribe from the WhatsApp newsletter. All you need to do is send a message with ‘Delete all data’ ‘STOP’ to the mobile phone number provided. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The personal data will be deleted if you send a message with ‘Delete all data’ ‘STOP’ to the mobile phone number provided. The provision of the aforementioned personal data is neither legally nor contractually required. You are not obliged to provide the personal data. However, failure to provide it would mean that STECKER EXPRESS would not be able to send you the above information via WhatsApp.
6. declaration of consent to the credit check
When using invoice payment, a credit check may be carried out and the result saved. For this purpose, the data required for a credit check is transmitted to Creditreform. The information provided by Creditreform will be used for a decision on the conclusion of a contractual relationship. This consent also applies to all subsequent purchases with this payment method until it is cancelled.
7. Google Forms
We have integrated Google Forms on this website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google).
Google Forms enables us to create online forms to record messages, enquiries and other input from our website visitors in a structured manner. All entries you make are processed on Google's servers. Google Forms stores a cookie in your browser that contains a unique ID (NID cookie). This cookie stores various information such as your language settings.
The use of Google Forms is based on our legitimate interest in determining your request in the most user-friendly way possible (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
We will retain the data you provide on the form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.
Further information can be found in Google's privacy policy at https://policies.google.com/.
8. Use of chatbots
We use chatbots to communicate with you. Chatbots are able to respond to your questions and other input without human assistance. In addition to your input, the chatbots analyse other data to provide suitable answers (e.g. names, email addresses and other contact details, customer numbers and other identifiers, orders and chat histories). Your IP address, log files, location information and other metadata may also be collected via the chatbot. This data is stored on the chatbot provider's servers.
User profiles can be created on the basis of the data collected. The data can also be used to display interest-based advertising, provided that the other legal requirements (in particular consent) are met. For this purpose, the chatbots can be linked to analysis and advertising tools.
The data collected can also be used to improve our chatbots and their response behaviour (machine learning).
The data entered by you in the course of communication will remain with us or the chatbot operator until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
The legal basis for the use of chatbots is Art. 6 para. 1 lit. b GDPR, insofar as the chatbot is used to initiate a contract or in the context of contract fulfilment. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. In all other cases, the use is based on our legitimate interest in the most effective customer communication possible (Art. 6 para. 1 lit. f GDPR).
We use the following chatbots:
Userlike with extended data protection mode
We use Userlike (hereinafter referred to as "Userlike") to process user enquiries via our support channels or via live chat systems. The provider is Userlike UG (haftungsbeschränkt), Probsteigasse 44 - 46, 50670 Cologne.
Messages that you send to us can be saved in the Userlike ticket system or answered by our employees in live chat. When you communicate with us via Userlike, we and Userlike store, among other things, your name and e-mail address, if you have provided them, and your chat history. This data is summarised in a profile.
The messages sent to us will remain with us until you ask us to delete them or the purpose for data storage no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
The use of Userlike is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in processing your enquiries as quickly, reliably and efficiently as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Further information can be found in Userlike's privacy policy: https://www.userlike.com/de/data-privacy and https://www.userlike.com/de/blog/live-chat-software-datenschutz-dsgvo.
Order processing: We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
9. Registration on this website
You can register on this website in order to use additional functions on the site. We will only use the data you enter for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will refuse your registration.
In the event of important changes, for example to the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.
The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for the initiation of further contracts (Art. 6 para. 1 lit. b GDPR).
The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.
10. Registration with Google
Instead of registering directly on this website, you can register with Google. The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
To register with Google, you only need to enter your Google name and password. Google will identify you and confirm your identity to our website.
When you log in with Google, we may be able to use certain information in your account to complete your profile with us. You can decide whether and what information this is as part of your Google security settings, which you can find here: https://myaccount.google.com/security and https://myaccount.google.com/permissions.
The data processing associated with Google registration is based on our legitimate interest in making the registration process as simple as possible for our users (Art. 6 para. 1 lit. f GDPR). Since the use of the registration function is voluntary and the users themselves can decide on the respective access options, no conflicting overriding rights of the data subjects are apparent.
11. registration with Facebook Connect
Instead of registering directly on this website, you can register with Facebook Connect. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
If you decide to register with Facebook Connect and click on the "Login with Facebook"/"Connect with Facebook" button, you will be automatically redirected to the Facebook platform. There you can log in with your user data. This will link your Facebook profile with this website or our services. This link gives us access to your data stored on Facebook. These are above all
- Facebook name
- Facebook profile and cover picture
- Facebook cover picture
- E-mail address stored with Facebook
- Facebook ID
- Facebook friends lists
- Facebook Likes ("Like" information)
- Birthday
- Gender
- Country
- Language
This data is used to set up, provide and personalise your account.
Registration with Facebook Connect and the associated data processing operations are based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time with effect for the future.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.
Further information can be found in the Facebook terms of use and the Facebook privacy policy. These can be found at: https://de-de.facebook.com/about/privacy/ and https://de-de.facebook.com/legal/terms/.
12. Comment function on this website
For the comment function on this page, in addition to your comment, information about the time the comment was created, your e-mail address and, if you are not posting anonymously, the user name you have chosen will be saved.
Storage of the IP address
Our comment function stores the IP addresses of users who post comments. As we do not check comments on this website before they are activated, we need this data in order to be able to take action against the author in the event of legal violations such as insults or propaganda.
Storage duration of the comments
The comments and the associated data are stored and remain on this website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments).
Legal basis
The comments are stored on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. All you need to do is send us an informal email. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.
13. Trusted Shops Trustbadge
23.1 The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and the collected reviews as well as to offer Trusted Shops products to buyers after an order. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in the optimal marketing of our offer in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
When you access the Trustbadge, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. This access data is not analysed and is automatically overwritten no later than seven days after the end of your visit to the site. Further personal data is only transferred to Trusted Shops if you have consented to this, have decided to use Trusted Shops products after completing an order or have already registered to use them. In this case, the contractual agreement concluded between you and Trusted Shops applies.
The use of Trusted Shops is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in presenting customer reviews in a way that is as comprehensible as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Sending of evaluation reminders by e-mail by Trusted Shop
If you have given us your express consent to this during or after your order in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will send your e-mail address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www.trustedshops.de) so that they can send you a rating reminder by e-mail. This consent can be revoked at any time by sending a message to the contact option described above or directly to Trusted Shops.
14. Social media
a. Facebook
Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
You can find an overview of the Facebook social media elements here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
When the social media element is active, a direct connection is established between your end device and the Facebook server. Facebook receives the information that you have visited this website with your IP address. If you click on the Facebook "Like" button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation.
If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.
b. Twitter
Functions of the Twitter service are integrated on this website. These functions are offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
When the social media element is active, a direct connection is established between your device and the Twitter server. Twitter thereby receives information about your visit to this website. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. Further information on this can be found in Twitter's privacy policy at: https://twitter.com/de/privacy.
If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
You can change your data protection settings on Twitter in the account settings at https://twitter.com/account/settings.
c. Instagram
Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.
Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram after forwarding is not part of the joint responsibility. The joint obligations incumbent on us have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
Further information on this can be found in Instagram's privacy policy: https://instagram.com/about/legal/privacy/.
d. Tumblr
This website uses buttons and other elements of the Tumblr service. The provider is Tumblr, Inc, 35 East 21st St, 10th Floor, New York, NY 10010, USA.
When the social media element is active, a direct connection is established between your device and the Tumblr server. Tumblr thereby receives information about your visit to this website.
The Tumblr buttons allow you to share a post or a page on Tumblr or to follow the provider on Tumblr. When you visit one of our websites with a Tumblr button, the browser establishes a direct connection to Tumblr's servers. We have no influence on the scope of the data that Tumblr collects and transmits with the help of this plugin. According to the current status, the IP address of the user and the URL of the respective website are transmitted.
If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.
Further information on this can be found in Tumblr's privacy policy at: https://www.tumblr.com/privacy/de.
e. LinkedIn
This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Each time you access a page on this website that contains elements from LinkedIn, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click on the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to this website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.
If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de
Further information on this can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.
f. XING
This website uses elements of the XING network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Each time one of our pages containing XING elements is accessed, a connection to XING servers is established. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored and usage behaviour is not evaluated.
If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.
Further information on data protection and the XING Share button can be found in XING's privacy policy at: https://www.xing.com/app/share?op=data_protection.
g. Pinterest
On this website, we use elements of the social network Pinterest, which is operated by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
When you access a page that contains such an element, your browser establishes a direct connection to the Pinterest servers. This social media element transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your use of Pinterest and cookies.
If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.
Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights in this regard and options for protecting your privacy can be found in Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy.
15. Analysis tools and advertising
a. Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
b. Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor.
We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the recorded data records and uses machine learning technologies for data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.
Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
c. Google signals
We use Google signals. When you visit our website, Google Analytics records your location, search history, YouTube history and demographic data (visitor data), among other things. This data can be used for personalised advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalised advertising messages. The data is also used to compile anonymised statistics on the user behaviour of our users.
Order processing: We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
d. Google Analytics e-commerce measurement
This website uses the "e-commerce measurement" function of Google Analytics. With the help of e-commerce measurement, the website operator can analyse the purchasing behaviour of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device.
e. Google Ads
The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display adverts in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). Furthermore, targeted adverts can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
f. Google Ads Remarketing
This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently show them interest-based advertising in the Google advertising network (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have a Google account, you can object to personalised advertising by clicking on the following link: https://www.google.com/settings/ads/onweb/.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de.
Target group formation with customer matching
Among other things, we use Google Ads Remarketing customer matching to create target groups. Here, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and are logged into their Google account, they are shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).
g. Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, Google and we can recognise whether the user has carried out certain actions. For example, we can analyse which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our adverts and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
You can find more information about Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de.
h. Google DoubleClick
This website uses functions of Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter "DoubleClick").
DoubleClick is used to show you interest-based adverts throughout the Google advertising network. The adverts can be targeted to the interests of the respective viewer with the help of DoubleClick. For example, our adverts can be displayed in Google search results or in advertising banners linked to DoubleClick.
In order to be able to display interest-based advertising to users, DoubleClick must be able to recognise the respective viewer and assign the websites visited, clicks and other information on user behaviour to them. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). The information collected is summarised in a pseudonymous user profile in order to display interest-based advertising to the user concerned.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
For more information on how to object to the adverts displayed by Google, please see the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.
i. Meta Pixel (formerly Facebook Pixel)
This website uses the Facebook/Meta visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
This allows the behaviour of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.
The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://de-de.facebook.com/about/privacy/). This enables Facebook to place adverts on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
You can find further information on protecting your privacy in Facebook's data protection information: https://de-de.facebook.com/about/privacy/.
You can also deactivate the remarketing function "Custom Audiences" in the settings for adverts at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
j. Facebook Conversion API
We have integrated Facebook Conversion API on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
Facebook Conversion API enables us to record the website visitor's interactions with our website and pass them on to Facebook in order to improve advertising performance on Facebook.
In particular, the time of the call, the website called up, your IP address and your user agent as well as any other specific data (e.g. products purchased, value of the shopping basket and currency) are recorded. You can find a complete overview of the data that can be collected here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
You can find further information on protecting your privacy in Facebook's data protection information: https://de-de.facebook.com/about/privacy/.
Order processing: We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
k. Facebook Custom Audiences
We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
When you visit or use our websites and apps, take advantage of our free or paid offers, transmit data to us or interact with our company's Facebook content, we collect your personal data. If you give us your consent to use Facebook Custom Audiences, we will transmit this data to Facebook, which Facebook can use to display suitable advertising to you. Your data can also be used to define target groups (lookalike audiences).
Facebook processes this data as our processor. Details can be found in the Facebook user agreement: https://www.facebook.com/legal/terms/customaudience.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing.
16. Newsletter and postal advertising
a. Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter. With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.
Content of the newsletter: We only send newsletters, emails and other electronic notifications with advertising information (hereinafter "newsletter") with the consent of the recipient or legal authorisation. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the user's consent. Our newsletters also contain information about our products, offers, promotions and our company.
Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people's e-mail addresses. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the mailing service provider are also logged.
Dispatch service provider: The newsletter is sent by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, hereinafter referred to as the "dispatch service provider". You can view the data protection provisions of the dispatch service provider here: https://www.brevo.com/de/legal/privacypolicy/
Registration data: To subscribe to the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter a name so that we can address you personally in the newsletter.
Performance measurement - The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from the server of the mailing service provider when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our endeavour nor that of the mailing service provider to observe individual users. The analyses serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The newsletter is sent and its success measured on the basis of the recipient's consent in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with Section 7 para. 2 no. 3 UWG or on the basis of legal authorisation in accordance with Section 7 para. 3 UWG.
The logging of the registration process is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR and serves as proof of consent to receive the newsletter.
Cancellation/revocation - You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. If users have only registered for the newsletter and cancelled this registration, their personal data will be deleted.
b. Email advertising without subscribing to the newsletter and your right to object
If we receive your e-mail address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly send you offers for similar products to those already purchased from our range by e-mail on the basis of Section 7 (3) UWG. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in a promotional approach to our customers.
You can object to this use of your e-mail address at any time by sending a message to the contact option described above or via a link provided for this purpose in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic rates.
Order processing: We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
c. Postal advertising
We use your address in compliance with all legal provisions for sending postal advertising (postal advertising).
The legal basis for this is our legitimate interest in direct advertising in accordance with Art. 6 para. 1 lit. f in conjunction with recital 47 GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time. More specific regulations may be communicated to you in the context of data collection and take precedence over this regulation.
Your address will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to postal advertising, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply. The advertising mailings are provided as part of processing on our behalf by a service provider to whom we pass on your data for this purpose. You can object to the storage and use of your data for these purposes at any time by sending a message to the contact option described below.
17 . Plugins and tools
a. YouTube
This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.
Furthermore, YouTube can store various cookies on your end device or use comparable technologies to recognise you (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent attempts at fraud.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Further information on the handling of user data can be found in YouTube's privacy policy at: https://policies.google.com/privacy?hl=de.
b. Google Fonts (local hosting)
This site uses so-called Google Fonts, which are provided by Google, for the standardised display of fonts. The Google fonts are installed locally. There is no connection to Google servers.
Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.
c. Google Maps
This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of standardising the display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
You can find more information on the handling of user data in Google's privacy policy: https://policies.google.com/privacy?hl=de.
d. Google reCAPTCHA
We use "Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The data is stored and analysed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
Userlike with extended data protection mode
We use Userlike (hereinafter referred to as "Userlike") to process user enquiries via our support channels or via live chat systems. The provider is Userlike UG (haftungsbeschränkt), Probsteigasse 44 - 46, 50670 Cologne.
Messages that you send to us can be stored in the Userlike ticket system or answered by our employees in live chat. When you communicate with us via Userlike, we and Userlike store, among other things, your name and e-mail address, if you have provided them, and your chat history. This data is summarised in a profile.
The messages sent to us will remain with us until you ask us to delete them or the purpose for data storage no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
The use of Userlike is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in processing your enquiries as quickly, reliably and efficiently as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Further information can be found in Userlike's privacy policy: https://www.userlike.com/de/data-privacy and https://www.userlike.com/de/blog/live-chat-software-datenschutz-dsgvo.
Order processing: We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
e. LeadRebel
We analyse our visitor data with the help of an external service provider. For this purpose, we pass on the data obtained from the use of IP research to Pulserio AG, Schellenrainstrasse 13, 6210 Sursee, Switzerland, https://leadrebel.io/imprint. The categories of data subjects are website visitors and users of our web services. The purpose of the processing is to analyse the data obtained from IP research in order to generate leads. If the visitors to our website are asked for consent, the legal basis for the processing of the data is consent within the meaning of Art. 6 para. 1 lit. a GDPR. Otherwise, the data is processed on the basis of our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in lead generation by analysing the data obtained with the help of IP research. On this page: https://leadrebel.io/optout you have an opt-out option. If you opt out, your data will no longer be collected by LeadRebel.
Order processing: We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
f. Amazon Cloudfront
We use the Amazon CloudFront content delivery network (CDN) from Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (AWS) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 para. 1 lit. f GDPR). A CDN is a network of [globally] distributed servers that is able to deliver optimised content to the website user. For this purpose, personal data may be processed in server log files by AWS. Please refer to the explanations under "Hosting". In addition, we store anonymised log files to ensure the stability and security of our website.
AWS is the recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR not to operate a content delivery network ourselves. You have the right to object to the processing. Whether the objection is successful must be determined as part of a balancing of interests. The processing of the data specified in this section is not required by law or contract. The functionality of the website is not guaranteed without the processing. Your personal data will be stored by AWS for as long as is necessary for the purposes described.
Further information on objection and removal options vis-à-vis AWS can be found at: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf
AWS has implemented compliance measures for international data transfers. These apply to all global activities where AWS processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). Further information can be found at: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
AppNexus
In some areas of our website, we use AppNexus, a service for the display of usage-based advertising from AppNexus Inc, 28 W. 23rd Street New York, New York, 10010, USA. Among other things, AppNexus uses cookies that enable the use of the website to be analysed in order to display targeted, interest-based advertising. During use, your data, in particular your IP address and user activities, may be transmitted to an AppNexus server and stored there.
The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Further information on data protection can be found here in the AppNexus privacy policy at https://www.appnexus.com/en/company/platform-privacy-policy-de.
Outbrain
In some areas of our website, we use the technology of the provider Outbrain UK Ltd, Outbrain UK Limited, 5 New Bridge Street, London, EC4V 6JAUK. With the help of a so-called widget, users are referred to further content within our website and on third-party websites that may also be of interest to you. The content displayed in the Outbrain widget is automatically controlled and delivered by Outbrain in terms of content and technology.
The reading recommendations usually integrated below an article are determined on the basis of the content previously read by the user. Outbrain uses cookies, which are stored on the user's end device or browser, to display this further interest-related content. Outbrain collects the source of the device, the browser type and the user's IP address, the last octet of which is deleted for anonymisation purposes. Outbrain assigns a so-called Universally Unique Identifier (UUID), which can identify the user by device when they visit a website on which the Outbrain widget is implemented. Outbrain creates user profiles in which user interactions (e.g. page views and clicks) of a browser or end device are aggregated in order to derive the preferences of the UUID.
The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
You can prevent Outbrain from tracking the display of interest-based recommendations at any time by clicking on the "Opt-Out" field in Outbrain's privacy policy, available at http://www.outbrain.com/de/legal/privacy. Here you will also find further information on data protection at Outbrain UK Ltd. The opt-out only applies to the device you are using and also loses its validity,
Mouseflow
This website uses Mouseflow. The provider is Mouseflow Ltd, Flaesketorvet 68, 1711 Copenhagen V, Denmark (Europe) (Website: https://www.mouseflow.com).
Mouseflow is a tool for analysing your user behaviour on this website. Mouseflow allows us to record your mouse and scroll movements and clicks, among other things. Mouseflow can also determine how long you remain with the mouse pointer in a certain position. Mouseflow uses this information to create so-called heat maps, which can be used to determine which website areas are favoured by website visitors. We can also determine how long you stayed on a page and when you left it. We can also determine at which point you cancelled your entries in a contact form (so-called conversion funnels). Mouseflow can also be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings. Mouseflow uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or the use of device fingerprinting). The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Deactivating Mouseflow
If you wish to deactivate data collection by Mouseflow, click on the following link and follow the instructions there: https://www.mouseflow.com/de/opt-out Please note that Mouseflow must be deactivated separately for each browser or end device. For more information about Mouseflow and the data collected, please refer to Mouseflow's privacy policy at the following link: https://www.mouseflow.com/de/privacy
Order processing
We have concluded an order processing contract (AVV) with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Loadbee
On some of our Internet pages, we use the loadbee platform to display high-quality product information. The loadbee platform is operated by loadbee GmbH, headquartered in 70771 Leinfelden-Echterdingen, Nikolaus-Otto-Str. 13, Germany. When you access a web page on our website that features the loadbee platform, a connection is established to the loadbee servers in order to display the relevant product information to you. Your IP address is forwarded to loadbee for this communication and to determine your geo-location. We do not transmit any personal data other than your IP address to loadbee. loadbee uses your IP address exclusively to provide the product information and to determine your geo-location. After the product information has been displayed and the geo-location has been determined, your IP address is deleted by loadbee so that no personal data about you is stored. Your IP address will only be forwarded by loadbee to technology companies that support loadbee in providing the product information. The legal basis for the aforementioned processing of your IP address is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in data processing lies in the optimisation of the product presentation on our website and a detailed product description. There is no impairment of your own interests that outweighs our interests, as only your IP address is processed and this alone does not allow any conclusions to be drawn about your identity. As this data processing is absolutely necessary for the presentation of our products on our website, you cannot object to this processing.
Bing Ads
The website uses the remarketing function "Bing Ads" of Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA. ("Microsoft Advertising"). Microsoft Bing Ads stores a cookie on your computer if you have reached our website via a Microsoft Bing advert. In this way, Microsoft Bing and we can recognise that someone has clicked on an ad, has been redirected to our website and has reached a predetermined target page (conversion page). We only learn the total number of users who clicked on a Bing advert and were then forwarded to the conversion page. No personal information about the identity of the user is disclosed.
If you do not want information about your behaviour to be used by Microsoft as explained above, you can refuse the setting of a cookie required for this - for example, by using a browser setting that generally deactivates the automatic setting of cookies. You can also prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by clicking on the following link: http://choice.microsoft.com/de-DE/opt-out to declare your objection. Further information on data protection and the cookies used by Microsoft and Bing Ads can be found on the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement
JavaScript frameworks jQuery
We use external code from the JavaScript framework "jQuery", provided by the third-party provider jQuery Foundation, https://jquery.org.
18. Online marketing and partner programmes
a. Affiliate programmes on this website
We participate in affiliate partner programmes. In affiliate partner programmes, advertisements from one company (advertiser) are placed on the websites of other companies in the affiliate partner network (publisher). If you click on one of these affiliate adverts, you will be redirected to the advertised offer. If you subsequently make a certain transaction (conversion), the publisher receives a fee for this. In order to calculate this remuneration, it is necessary for the affiliate network operator to be able to track which advert brought you to the respective offer and which predefined transaction you carried out. Cookies or comparable recognition technologies (e.g. device fingerprinting) are used for this purpose.
The data is stored and analysed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the correct calculation of its affiliate remuneration. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
We participate in the following affiliate programmes:
Taboola
We use the Taboola service (16 Madison Square West, 7th Floor, New York, New York 10010) to optimise our campaigns and to target advertisements. Taboola uses pixels and similar technologies to collect information based on your browsing behaviour and create user-specific recommendations for content and advertisements using pseudonymous user profiles, which generally do not allow any conclusions to be drawn about personal data. Pseudonymous profiles are stored by Taboola for 13 months. The legal basis for the data processing is your consent in accordance with Art. 6 (1) point a GDPR. In addition to the general options for revocation, you have the option of revoking your consent (opting out) in order to prevent Taboola from collecting data within our website in the future. You can find the self-regulation of data protection in the service provider's data protection declaration: https://www.taboola.com/policies/privacy-policy As part of this service, data may be transferred to a third country, i.e. a country outside the European Union or the European Economic Area (e.g. Taboola, Inc To ensure that data from the European Economic Area (EEA) is adequately protected when transferred outside the EEA, Taboola states that it relies on the conclusion of EU standard contractual clauses for countries where no adequate level of data protection applies. For more information, please refer to Taboola's privacy policy.
AWINThe operator of the affiliate network is AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter "AWIN"). AWIN and the publisher are jointly responsible for data processing in connection with the affiliate programme. The obligations incumbent on them jointly have been set out in a joint processing agreement. According to this agreement, you can contact both controllers with your data protection concerns. The controller contacted first will respond to your enquiry. Each controller independently maintains data protection information in accordance with Art. 13, 14 and 26 GDPR and takes the necessary measures to protect personal data and to comply with the other GDPR regulations in their company. The joint processing agreement can be found in AWIN's GTC at the following link: https://s3.amazonaws.com/docs.awin.com/Legal/Publisher+Terms/2020/DE+Publisher+Terms+GDPR+Annex.pdf.
19. Commerce and payment providers
a. Processing of customer and contract data
We collect, process and use personal customer and contract data to establish, organise the content of and amend our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only insofar as this is necessary to enable the user to utilise the service or to bill the user. The legal basis for this is Art. 6 para. 1 lit. b GDPR.
The customer data collected will be deleted after completion of the order or termination of the business relationship and expiry of any existing statutory retention periods. Statutory retention periods remain unaffected.
b. Data transmission upon conclusion of contract for online shops, retailers and dispatch of goods
If you order goods from us, we will pass on your personal data to the transport company entrusted with the delivery and to the payment service provider commissioned to process the payment. Only the data required by the respective service provider to fulfil its task will be disclosed. The legal basis for this is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. If you have given your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will pass on your e-mail address to the transport company entrusted with the delivery so that it can inform you by e-mail about the dispatch status of your order; you can revoke your consent at any time.
c. Data transmission upon conclusion of a contract for services and digital content
We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution responsible for processing payments.
Further transmission of the data will not take place or will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
d. Order processing via dropshipping
If you order goods from us, it is possible for your order to be dispatched directly to you by our manufacturers (dropshipping). For this purpose, we will pass on your name, the delivery address and - if necessary for the delivery - your telephone number to the despatching company. This information is passed on solely for the purpose of delivering the goods.
The legal basis for data processing is Art. 6 para. 1 lit. b GDPR (fulfilment of contract) and our legitimate interest in the fastest and most effective possible purchase processing within the meaning of Art. 6 para. 1 lit. f GDPR.
e. Credit checks
In the case of a purchase on account or another payment method where we make advance payments, we may carry out a credit check (scoring). For this purpose, we transmit the data you enter (e.g. name, address, age or bank details) to a credit agency. The probability of a payment default is determined on the basis of this data. If the risk of non-payment is too high, we may refuse the type of payment in question.
The credit check is carried out on the basis of contract fulfilment (Art. 6 para. 1 lit. b GDPR) and to avoid payment defaults (legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR). If consent has been obtained, the credit check is carried out on the basis of this consent (Art. 6 para. 1 lit. GDPR); consent can be revoked at any time.
f. Payment services
We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment details (e.g. name, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. The payment service providers are used on the basis of Art. 6 para. 1 lit. b GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent can be revoked at any time for the future.
g. We use the following payment services / payment service providers on this website:
PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"). The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full. Details can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Apple Pay
The provider of the payment service is Apple Inc, Infinite Loop, Cupertino, CA 95014, USA. You can find Apple's privacy policy at: https://www.apple.com/legal/privacy/de-ww/.
Google Pay
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can find Google's privacy policy here: https://policies.google.com/privacy.
Klarna
The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as "Klarna"). Klarna offers various payment options (e.g. instalment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimise the use of the Klarna checkout solution. Details on the use of Klarna cookies can be found at the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
You can find details on this in Klarna's privacy policy at the following link: https://www.klarna.com/de/datenschutz/.
Instant bank transfer
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter referred to as "Sofort GmbH"). With the help of the "Sofortüberweisung" procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfil our obligations. If you have decided in favour of the "Sofortüberweisung" payment method, you transmit the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, your turnover, the credit limit of the overdraft facility and the existence of other accounts and their balances are also automatically checked. In addition to the PIN and TAN, the payment data you have entered and your personal data are also transmitted to Sofort GmbH. Your personal data includes your first and last name, address, telephone number(s), e-mail address, IP address and any other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent attempts at fraud. For details on payment with Sofortüberweisung, please see the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.
Amazon Pay
The provider of this payment service is Amazon Payments Europe S.C.A., 38 avenue J.F. Kennedy, L-1855 Luxembourg.
Details on how your data is handled can be found in Amazon Pay's privacy policy at the following link: https://pay.amazon.de/help/201212490?ld=APDELPADirect.
Mollie
The provider of this payment service is Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, the Netherlands (hereinafter referred to as "Mollie"). With the help of Mollie, we can integrate various payment methods on our website. Details can be found in Mollie's privacy policy: https://www.mollie.com/de/privacy.
giropay
The provider of this payment service is paydirekt GmbH, Stephanstraße 14 - 16, 60313 Frankfurt am Main (hereinafter referred to as "giropay").
Details can be found in giropay's privacy policy: https://www.paydirekt.de/agb/index.html.
American Express
The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter referred to as "American Express").
American Express may transfer data to its parent company in the USA. The data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/.
Further information can be found in the American Express privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.
Mastercard
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as "Mastercard").
Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
VISA
The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as "VISA").
The UK is considered a safe third country under data protection law. This means that the UK has a level of data protection that corresponds to the level of data protection in the European Union.
VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
Further information can be found in VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
20. Audio and video conferencing
Data processing
We use online conferencing tools, among others, to communicate with our customers. The individual tools we use are listed below. If you communicate with us by video or audio conference via the internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide/enter to use the tools (email address and/or your telephone number). The conference tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other "contextual information" in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data required to handle online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
If content is exchanged, uploaded or provided in any other way within the tool, it is also stored on the tool provider's servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.
Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used on the basis of this consent; consent can be withdrawn at any time with effect for the future.
Storage duration
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
a. Conference tools used
We use the following conference tools:
Google Hangouts
We use Google Hangouts. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on data processing can be found in the Google Hangouts privacy policy: https://policies.google.com/privacy?hl=de.
Webex
We use Webex. The provider of this service is Webex Communications Deutschland GmbH, Hansaallee 249 c/o Cisco Systems GmbH, 40549 Düsseldorf, Germany.
It cannot be ruled out that the data processed with WebEx will be transferred to third countries (e.g. the USA). Webex has Binding Corporate Rules (BCR) that have been approved by Dutch, Polish, Spanish and other relevant European data protection regulatory authorities. These are binding corporate rules that legitimise internal data transfers to third countries outside the EU and EEA. Details can be found here: https://www.cisco.com/c/de_de/about/trust-center/data-protection-and-privacy-policy.html and https://konferenzen.telekom.de/fileadmin/Redaktion/conference/cisco-webex/Webex_Compliance_Deutsch_V1.0.pdf.
Details on data processing can be found in Webex's privacy policy: https://www.cisco.com/c/de_de/about/legal/privacy-full.html.
21. Own services
a. Handling of applicant data
We offer you the opportunity to apply to us (e.g. by e-mail, post or online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that your data will be collected, processed and used in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.
Scope and purpose of data collection
If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.
Data retention period
If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The retention serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.
Data may also be stored for longer if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.
Inclusion in the applicant pool
If we do not make you a job offer, you may have the opportunity to be included in our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool so that you can be contacted in the event of suitable vacancies.
Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR). Giving consent is voluntary and is not related to the current application process. The data subject can withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.
The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.