Privacy Policy & Data Security
Privacy Policy & Data Security at a glance
1. General information
The following notices provide a simple overview of what happens to your personal data when you visit this website, contact us or instruct us. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.
This data protection policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as “online offer”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Provider/Operator/We/Our/Responsible Party.
For simplified readability, the phrases provider, operator, controller or “we/us” are used. For more detailed information, please refer to the section “Responsible party” or the imprint.
Maximilian Topp
Märkische Str. 165
44141 Dortmund
Germany
Data collection of the online offer
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find his contact details in the section “Note on the responsible party” in this privacy policy. In the case of external online presences, such as social media profiles or stores, the respective provisions of the external providers also apply.
How do we collect your data?
On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form, communicate to us by message/email or telephone. Other data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g. Internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Some of the data is collected to ensure error-free provision of the website and order processing. Other data may be used to analyze your user behavior and optimize advertising. In addition, to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time.
Analysis tools and third-party tools
When visiting this website, your surfing behavior may be statistically analyzed. This is done primarily with so-called analysis programs. Detailed information on these analysis programs can be found in the following data protection declaration.
Definitions
Our data protection declaration is based on the terms used by the European Directive and Ordinance Maker when issuing the Basic Data Protection Regulation (DSGVO). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
We use the following terms, among others, in this data protection declaration:
Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
Controller or person responsible for processing
The controller or data processor is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient
Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.
Third Party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
Consent
Consent is any expression of will in the form of a statement or other unambiguous affirmative act, given voluntarily by the data subject for the specific case in an informed manner and unambiguously, by which the data subject indicates that he or she consents to the processing of personal data concerning him or her.
2. Hosting
Strato
We host our website with Strato. The provider is Strato AG, Pascalstraße 10, 10587 Berlin, Germany
(hereinafter “Strato”). When you visit our website, Strato collects various log files including your IP addresses. For more information, please refer to Strato’s privacy policy: https://www.strato.de/datenschutz/.
The use of Strato is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a DSGVO and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
Order processing
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
3 General notes and mandatory information
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how
and for what purpose this is done.
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
Note on the responsible office
The responsible party for data processing on this website is:
Maximilian Topp
Märkische Str. 165
44141 Dortmund
Germany
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
Storage period
Unless a more specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
General information about the legal basis for data processing on this Website
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO, if special categories of data are processed in accordance with Art. 9(1) DSGVO. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1) a DSGVO. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. The consent can be revoked at any time. If your data is required for the performance of a contract or for the execution of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b DSGVO. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c DSGVO Furthermore, data processing may be based on our legitimate interest according to Art. 6 para. 1 lit. f DSGVO. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.
Legitimate interests in processing pursued by the controller or a third party
If the processing of personal data is based on Art. 6(1)(f) DSGVO, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.
Legal basis of processing
Article 6 (1) lit. a DSGVO serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 (1) lit. b DSGVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 (1) lit. c DSGVO. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 (1) lit. d DSGVO. Finally, processing operations could be based on Art. 6(1)(f) DSGVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2 of the GDPR).
Legal or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision.
We inform you that the provision of personal data is sometimes required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.
Notification of changes
Changes in the law or changes in our internal processes may make it necessary to adapt this privacy policy. In the event of such a change, we will notify you no later than six weeks before it takes effect. You generally have a right of revocation with regard to the consent you have given. Please note that (unless you exercise your right of revocation) the current version of the data protection declaration is the valid one.
Note on data transfer to the USA and other third countries
We use, among other things, tools from companies based in the USA or other third third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Rights of the data subjects
Every data subject has the right granted by the European Directive and Regulation to obtain confirmation from the controller as to whether personal data concerning him or her are being processed. If a data subject wishes to exercise this right, he or she may, at any time, contact our Data Protection Officer or another employee of the controller.
Each data subject concerned by the processing of personal data has the right granted by the European Directive and Regulation to obtain at any time from the controller, free of charge, information about the personal data stored about him or her and a copy of that information. Furthermore, the European Directive and Regulation has granted the data subject access to the following information:
– the purposes of processing
– the categories of personal data processed
– the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
– if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
– the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or to obtain the restriction of processing by the controller, or a right to object to such processing
– the existence of a right of appeal to a supervisory authority
– if the personal data are not collected from the data subject: any available information on the origin of the data
– the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
Information, erasure and rectification
Furthermore, the data subject has a right to information as to whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right of access, he or she may, at any time, contact our data protection officer or another employee of the controller.
Every data subject affected by the processing of personal data has the right granted by the European Directive and Regulation to request the immediate rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data – also by means of a supplementary declaration – taking into account the purposes of the processing.
If a data subject wishes to exercise this right to rectify, he or she may, at any time, contact our Data Protection Officer or another employee of the controller.
Any data subject concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following reasons applies and insofar as the processing is not necessary:
– The personal data were collected or otherwise processed for such purposes for which they are no longer necessary.
– The data subject revokes his or her consent on which the processing was based pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO and there is no other legal basis for the processing.
– The data subject objects to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) DSGVO.
– The personal data have been processed unlawfully.
– The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
– The personal data has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to arrange for the deletion of personal data stored by the provider, he or she may, at any time, contact our data protection officer or another employee of the controller. The data protection officer of the provider or another employee shall arrange for the erasure request to be complied with immediately.
If the personal data have been made public by the provider and our enterprise as the controller is obliged to erase the personal data pursuant to Article 17 (1) of the Data Protection Regulation, the provider shall take reasonable measures, including technical measures, to ensure that other data controllers process the published personal data and that the data subject has requested from those other data controllers the erasure of all links to the personal data or copies or replications of the personal data, taking into account the available technology and implementation costs, unless the processing is necessary. The Data Protection Officer of the provider or another employee will arrange the necessary in individual cases.
Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to obtain from the controller the restriction of processing if one of the following conditions is met:
– The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
– The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
– The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
– The data subject has objected to the processing pursuant to Article 21 (1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by the provider, he or she may, at any time, contact our data protection officer or another employee of the controller. The data protection officer of the provider or another employee will arrange the restriction of the processing.
Any person affected by the processing of personal data has the right, granted by the European Directive and Regulation, to receive the personal data concerning him or her, which have been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance from the controller to whom the personal data were provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising the right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to obtain that the personal data be transferred directly from one controller to another controller where technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals. In order to assert the right to data portability, the data subject may at any time contact the data protection officer appointed by the provider or another employee.
Right to object to the collection of data in special cases as well as to Direct marketing (Art. 21 GDPR).
Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the DSGVO. This also applies to profiling based on these provisions. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY.
The Provider shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims. (OBJECTION PURSUANT TO ART. 21 PARA. 1 DSGVO).
If the provider processes personal data for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data processed for such marketing. This also applies to profiling, insofar as it is related to such direct marketing. If the data subject objects to the provider to the processing for direct marketing purposes, the provider will no longer process the personal data for these purposes. (OBJECTION PURSUANT TO ART. 21 PARA. 2 DSGVO).
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her which is carried out by the provider for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
In order to exercise the right to object, the data subject may directly contact the Data Protection Officer of the Provider or another employee. The data subject is also free, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise his or her right to object by means of automated procedures using technical specifications.
Any person concerned by the processing of personal data shall have the right, granted by the European Directive and the Regulation, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision is necessary for entering into, or the performance of, a contract between the data subject and the controller, or is permitted by Union or Member State law to which the controller is subject, and that law contains suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or is based on the data subject’s explicit consent. If the decision is necessary for entering into, or the performance of, a contract between the data subject and the controller, or if it is made with the data subject’s explicit consent, the provider shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a controller, to express his or her point of view and contest the decision.
Right of appeal to the competent supervisory authority
In the event of violations of the GDPR, data subjects have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. The right of appeal is without prejudice to other administrative or judicial remedies.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties without further ado.
4. data collection on this website and online offer
Cookies
Our Internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser. In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising. Cookies that are necessary to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) lit. f DSGVO, unless another legal basis is specified.
The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited. Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the scope of this data protection declaration and, if necessary, request your consent.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
– browser type and browser version
– Operating system used
– referrer URL
– Host name of the accessing computer
– Time of the server request
– IP address
This data is not merged with other data sources.
The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website -for this purpose, the server log files must be collected.
Contact Form
If you send us inquiries via the contact form, the information you provide in the contact form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested; the consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.
Inquiry via message on social media or external stores, e-mail, WhatsApp, telephone or fax.
If you contact us via message on social media or external stores, e-mail, WhatsApp, telephone or fax, your inquiry including all personal data resulting from it (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent. The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested; the consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). User information may be stored in a customer relationship management system (“CRM system”) or comparable request organization. We delete the inquiries if they are no longer necessary. We review the necessity every two years; furthermore, the statutory archiving obligations apply. Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Provision of our statutory and business services
We process the data of our members, supporters, interested parties, customers or other persons in accordance with Art. 6 para. 1 lit. b. DSGVO, insofar as we offer them contractual services or act within the scope of existing business relationships, e.g. towards members, or are ourselves recipients of services and benefits. Otherwise, we process the data of data subjects pursuant to Art. 6 para. 1 lit. f. DSGVO on the basis of our legitimate interests, e.g. when administrative tasks or public relations are involved. The data processed in this context, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. In principle, this includes inventory and master data of persons (e.g., name, address, etc.), as well as contact data (e.g., e-mail address, telephone, etc.), contract data (e.g., services used, content and information provided, names of contact persons) and, if we offer payable services or products, payment data (e.g., bank details, payment history, etc.). We delete data that is no longer required to fulfill our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we retain the data for as long as they may be relevant for business processing, as well as with regard to any warranty or liability obligations. The necessity of retaining the data is reviewed every three years; otherwise, the statutory retention obligations apply.
Security measures
In accordance with Article 32 of the GDPR, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons; the measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to it, input, disclosure, ensuring availability and its separation. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Article 25 of the GDPR).
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (order processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called “order processing agreement”, this is done on the basis of Art. 28 DSGVO.
Administration, financial accounting, office organization, contact management.
We process data in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities. In this context, we disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers. Furthermore, based on our business interests, we store information on suppliers, event organizers and other business partners, e.g. for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.
Data processing for order processing
In order to process your order, we work together with the service provider(s) listed below, who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the framework of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 (1) lit. b DSGVO.
To fulfill our contractual obligations to our customers, we work with external shipping partners. We pass on your name as well as your delivery address exclusively for purposes of the delivery of goods Art. 6 para. 1 lit. b DSGVO to a shipping partner selected by us.
Use of special service providers for order processing and handling
Transfer of personal data to shipping service providers
– DHL
If the delivery of the goods is carried out by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany), we will pass on your e-mail address to DHL in accordance with Art. 6 Para. 1 lit. a DSGVO before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent for this in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b DSGVO. The disclosure is made only to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with DHL or delivery notification is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the transport service provider DHL.
– Hermes
If the delivery of the goods is carried out by the transport service provider Hermes (Hermes Germany GmbH, Essener Straße 89, D-22419 Hamburg), we will pass on your e-mail address to Hermes in accordance with Art. 6 Para. 1 lit. a DSGVO before the delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent for this in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to Hermes for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b DSGVO. The disclosure is made only to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with Hermes or delivery notification is not possible.
The consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the transport service provider Hermes.
Verwendung von Paymentdienstleistern (Zahlungsdiensten)
– Paypal
Bei Zahlung via PayPal, Kreditkarte via PayPal, Lastschrift via PayPal oder – falls angeboten – „Kauf auf Rechnung“ oder „Ratenzahlung“ via PayPal geben wir Ihre Zahlungsdaten im Rahmen der Zahlungsabwicklung an die PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (nachfolgend „PayPal“), weiter. Die Weitergabe erfolgt gemäß Art. 6 Abs. 1 lit. b DSGVO und nur insoweit, als dies für die Zahlungsabwicklung erforderlich ist.
PayPal behält sich für die Zahlungsmethoden Kreditkarte via PayPal, Lastschrift via PayPal oder – falls angeboten – „Kauf auf Rechnung“ oder „Ratenzahlung“ via PayPal die Durchführung einer Bonitätsauskunft vor. Hierfür werden Ihre Zahlungsdaten gegebenenfalls gemäß Art. 6 Abs. 1 lit. f DSGVO auf Basis des berechtigten Interesses von PayPal an der Feststellung Ihrer Zahlungsfähigkeit an Auskunfteien weitergegeben. Das Ergebnis der Bonitätsprüfung in Bezug auf die statistische Zahlungsausfallwahrscheinlichkeit verwendet PayPal zum Zweck der Entscheidung über die Bereitstellung der jeweiligen Zahlungsmethode. Die Bonitätsauskunft kann Wahrscheinlichkeitswerte enthalten (sog. Score-Werte). Soweit Score-Werte in das Ergebnis der Bonitätsauskunft einfließen, haben sie ihre Grundlage in einem wissenschaftlich anerkannten mathematisch-statistischen Verfahren. In die Berechnung der Score-Werte fließen unter anderem, aber nicht ausschließlich, Anschriftendaten ein. Weitere datenschutzrechtliche Informationen, unter anderem zu den verwendeten Auskunfteien, entnehmen Sie bitte der Datenschutzerklärung von PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Sie können dieser Verarbeitung Ihrer Daten jederzeit durch eine Nachricht an PayPal widersprechen. Jedoch bleibt PayPal ggf. weiterhin berechtigt, Ihre personenbezogenen Daten zu verarbeiten, sofern dies zur vertragsgemäßen Zahlungsabwicklung erforderlich ist.
5. Social Media
Online presence on social media platforms
We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.
Facebook Plugins (Like & Share Button)
Plugins of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. You can recognize the Facebook plugins by the Facebook logo or the “Like button” (“Like”) on this website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
When you visit this website, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website on your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook’s privacy policy at:
https://de-de.facebook.com/privacy/explanation.
If you do not want Facebook to be able to associate your visit to this website with your Facebook user account, please log out of your Facebook user account.
The use of Facebook plugins is based on Art. 6 para. 1 lit. f DSGVO. The
website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook. The data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://de-de.facebook.com/help/566994660333381 und
https://www.facebook.com/policy.php
Twitter plugin
On this website, functions of the service Twitter are integrated. These functions are
offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. In the process, data is also transferred to Twitter. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. For more information, please refer to Twitter’s privacy policy at:
https://twitter.com/de/privacy.
The use of the Twitter plugin is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in ensuring the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
You can change your privacy settings on Twitter in the account settings at https://twitter.com/account/settings.
Instagram plugin
On this website, functions of the service Instagram are integrated. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland integrated.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram. The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and Section 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook or Instagram products. You can assert data subject rights (e.g., requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://help.instagram.com/519522125107875 und
https://de-de.facebook.com/help/566994660333381.
For more information, please see Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.
Pinterest Plugin
On this website, we use social plugins of the social network Pinterest, which is operated by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. When you call up a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest functions, type and settings of the browser, date and time of the request, your use of Pinterest and cookies. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. Further information on the purpose, scope and further processing and use of the data by Pinterest, as well as your rights in this regard and options for protecting your privacy, can be found in Pinterest’s privacy policy:
https://policy.pinterest.com/de/privacy-policy
6. Analytic Tools and Advertising
Google Analytics
Insofar as you have given your consent, this website uses Google Analytics, a web analytics service provided by Google Ireland Limited (“Google”). The use includes the operating mode “Universal Analytics”. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze the activities of a user across devices. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. We would like to point out that on this website Google Analytics has been extended by IP anonymization to ensure anonymized collection of IP addresses (so-called IP masking). The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de.
Purposes of processing
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
Legal basis
The legal basis for the use of Google Analytics is your consent pursuant to Art. 6 para. 1 p.1 lit. a DSGVO.
Recipients / categories of recipients: The recipient of the collected data is Google.
Transfer to third countries
Personal data is transferred to the USA under the EU-US Privacy Shield based on the adequacy decision of the European Commission. You can access the certificate here.
Duration of data storage
The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
Data subject rights
You can revoke your consent at any time with effect for the future by preventing the storage of cookies through a corresponding setting of your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent collection by Universal Analytics across different devices, you must perform the opt-out on all systems used. If you click here, the opt-out cookie will be set:
Created with www.datenschutzbeauftragter-info.de
Pinterest tag
We use a Pinterest tag on our website. This is a technology of Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). This tag is a pixel file that is embedded on our website and tells Pinterest which subpages of our website you have visited. Pinterest uses this information to show you targeted advertisements on Pinterest. This data processing is necessary to protect our overriding legitimate interest (Art. 6 (1) f DS-GVO) to show visitors to our website on Pinterest only ads for products in which the user is also interested.
Amazon affiliate program
Based on our legitimate interests (i.e. interest in the economic operation of our online offer), we are participants in the affiliate program of Amazon, which was designed to provide a medium for websites, by means of which through the placement of advertisements and links to Amazon advertising fees can be earned (so-called affiliate system). I.e. as an Amazon partner we earn on qualified purchases.
Amazon uses cookies when you access the external site to track the origin of orders. Among other things, Amazon can recognize that you have clicked the affiliate link on this website and subsequently purchased a product from Amazon.
For more information about Amazon’s use of data and ways to object, please see the company’s privacy policy: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.
Note: Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or one of its affiliates.
7. plugins and tools
YouTube with enhanced data protection
This website embeds videos of YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in the extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube – regardless of whether you watch a video
YouTube connects to the Google DoubleClick network. As soon as you start a YouTube video on this website, a connection to YouTube’s servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.
If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
For more information about data protection at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.
Embedded videos and images from external websites
Some of our pages contain embedded content from Instagram. When merely calling up a page from our website with embedded videos or images from our Instagram channel, no personal data, with the exception of the IP address, is transmitted. The IP address is transmitted to Instagram Inc, 181 SouthPark Street Suite 2 San Francisco, California 94107, USA (“Instagram”). For more information, please see Instagram’s privacy policy: https://instagram.com/about/legal/privacy/
Source:
https://www.e-recht24.de