Commercial and business services

We process data from our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to answer inquiries respond.

We process this data to fulfill our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as the business organization. We only pass on the data of the contractual partners to third parties within the framework of the applicable law to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations or with the consent of the contractual partners (e.g. to telecommunications, transport and other auxiliary services as well as subcontractors involved , Banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.

We inform the contractual partners before or as part of the data collection, e.g. in online forms, by special labeling (e.g. colors) or symbols (e.g. asterisks or similar), or personally, which data are required for the aforementioned purposes.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e. basically after 4 years, unless the data is stored in a customer account, e.g. as long as it has to be kept for archiving reasons for legal reasons (e.g. for Tax purposes usually 10 years). We delete data that has been disclosed to us by the contractual partner in the context of an order in accordance with the specifications of the order, generally after the end of the order.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Economic analyzes and market research: For business reasons and in order to be able to recognize market trends, wishes of the contractual partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc., whereby contractual partners, interested parties, customers, Visitors and users of our online offer can fall.

The analyzes are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). In doing so, we can, if available, take into account the profiles of registered users including their details, e.g. on services used. The analyzes serve us alone and are not disclosed externally, unless they are anonymous analyzes with summarized, i.e. anonymized, values. Furthermore, we take the privacy of the users into account and process the data for analysis purposes as pseudonymously and, if possible, anonymously (e.g. as summarized data).

Shop and e-commerce: We process the data of our customers in order to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and delivery or execution.

The information required is marked as such in the context of the order or comparable purchase process and includes the information required for delivery or provision and billing as well as contact information in order to be able to hold any consultation.

• Processed data types:  Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact details (e.g. e-mail, telephone numbers), contract data (e.g. subject matter of the contract, duration, customer category), usage data (e.g. websites visited, interest in content, access times) , Meta / communication data (e.g. device information, IP addresses).

• Affected people:  Interested parties, business and contractual partners, customers.

• Purposes of processing:  Contractual services and services, contact inquiries and communication, office and organizational procedures, administration and answering inquiries, evaluation of visits, interest-based and behavior-related marketing, profiling (creation of user profiles), security measures.

• Legal basis:  Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR), legitimate interests (Art . 1 lit.f. GDPR).

Use of online marketplaces for e-commerce

We offer our services on online platforms operated by other service providers. In this context, in addition to our data protection notices, the data protection notices of the respective platforms apply. This applies in particular with regard to the methods used on the platforms for range measurement and interest-based marketing.

• Processed data types:  Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact details (e.g. e-mail, telephone numbers), contract data (e.g. subject matter of the contract, duration, customer category), usage data (e.g. websites visited, interest in content, access times) , Meta / communication data (e.g. device information, IP addresses).

• Affected people:  Customers.

• Purposes of processing:  Contractual services and services.

• Legal basis:  Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Used services and service providers:

• Amazon:  Online marketplace for e-commerce; Service providers: Amazon Europe Core S.à.rl, Amazon EU S.à.rl, Amazon Services Europe S.à.rl and Amazon Media EU S.à.rl, all four located at 38, avenue John F. Kennedy, L-1855 Luxembourg, and Amazon Instant Video Germany GmbH, Domagkstr. 28, 80807 Munich (together "Amazon Europe"), parent company: Amazon.com, Inc., 2021 Seventh Ave, Seattle, Washington 98121, USA; Website:  https://www.amazon.de/ ; Data protection:  https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010 ; Privacy Shield (ensuring the level of data protection when processing data in the USA):  https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active .

Payment service provider

In the context of contractual and other legal relationships, due to legal obligations or otherwise based on our legitimate interests, we offer the data subjects efficient and secure payment options and use other payment service providers in addition to banks and credit institutions (collectively "payment service providers").

The data processed by the payment service provider includes inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. In other words, we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. The data may be transmitted to credit agencies by the payment service provider. The purpose of this transmission is to check your identity and creditworthiness. For this we refer to the terms and conditions and the data protection information of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers, which can be called up within the respective websites or transaction applications, apply to payment transactions. We also refer to these for the purpose of further information and the assertion of rights of revocation, information and other data subjects.

• Processed data types:  Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. subject matter of the contract, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information , IP addresses).

• Affected people:  Customers, prospects.

• Purposes of processing:  Contractual services and services.

• Legal basis:  Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Used services and service providers:

• Mastercard:  Payment services; Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Website:  https://www.mastercard.de/de-de.html ; Data protection:  https://www.mastercard.de/de-de/datenschutz.html .

• PayPal:  Payment services and solutions (e.g. PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg; Website:  https://www.paypal.com/de ; Data protection:  https://www.paypal.com/de/webapps/mpp/ua/privacy-full .

• Visa:  Payment services; Service provider: Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, GB; Website:  https://www.visa.de ; Data protection:  https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html .

Provision of the online offer and web hosting

In order to be able to provide our online offer safely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we can use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.

The data processed in the context of the provision of the hosting offer can include all information relating to the users of our online offer that is generated in the context of use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or from websites.

E-mail dispatch and hosting: The web hosting services we use also include the dispatch, receipt and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of e-mails (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data can also be processed for the purpose of recognizing SPAM. We ask you to note that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted on the transport route, but (if no so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the e-mails between the sender and the receipt on our server.

Collection of access data and log files: We (or our web hosting provider) collect data on every access to the server (so-called server log files). In addition to the server log files, the address and name of the websites and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP Addresses and the requesting provider belong.

The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the server (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the load on the server and its stability.

• Processed data types:  Content data (e.g. text input, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses).

• Affected people:  Users (e.g. website visitors, users of online services).

• Purposes of processing:  Contractual services and services.

• Legal basis:  Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Used services and service providers:

• Wix:  Hosting platform for websites; Service provider: Wix.com ltd., Tel Aviv, 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA; Website:  https://www.wix.com ; Data protection:  https://de.wix.com/about/privacy ; Privacy Shield (ensuring the level of data protection when processing data in the USA):  https://www.privacyshield.gov/participant?id=a2zt0000000GnbGAAS&status=Active .

Newsletter and  Broad communication

We send newsletters, e-mails and other electronic notifications (hereinafter "newsletter") only with the consent of the recipient or legal permission. If the content of the newsletter is specifically described when registering for the newsletter, it is decisive for the consent of the user. Incidentally, our newsletters contain information about our services and us.

To register for our newsletters, it is generally sufficient to provide your email address. However, we can ask you to provide a name for the purpose of addressing you personally in the newsletter, or to provide further information if this is necessary for the purposes of the newsletter.

Double opt-in procedure:  Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with someone else's e-mail address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

Deletion and restriction of processing:  We can store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time. In the event of obligations to permanently observe contradictions, we reserve the right to store the e-mail address in a blacklist for this purpose alone.

The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving that it has proceeded properly. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.

Notes on legal bases:  The newsletter is sent on the basis of the recipient's consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g. in the case of advertising to existing customers. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded based on our legitimate interests to demonstrate that it was carried out in accordance with the law.

Content: Information about us, our services, promotions and offers.

Success measurement: The newsletters contain a so-called "web beacon", ie a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from its server Information such as information about the browser and your system, as well as your IP address and the time of access, are collected. 

This information is used for the technical improvement of our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our aim nor, if used, that of the shipping service provider to observe individual users. Rather, the evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The evaluation of the newsletter and the measurement of success take place, subject to the express consent of the user, on the basis of our legitimate interests for the purpose of using a user-friendly and secure newsletter system that serves both our business interests and the expectations of the users.

A separate revocation of the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be canceled or contradicted.

• Processed data types:  Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), meta / communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times).

• Affected people:  Communication partner.

• Purposes of processing:  Direct marketing (e.g. by email or post).

• Legal basis:  Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), Legitimate Interests (Art. 6 Para. 1 S. 1 lit.f. GDPR).

• Opposition option (opt-out):  You can cancel the receipt of our newsletter at any time, ie revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options given above, preferably e-mail.

​

Online marketing

We process personal data for online marketing purposes, which can include, in particular, the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users and the measurement of their effectiveness. 

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar processes are used, by means of which the user information relevant to the presentation of the aforementioned content is saved. This information can include content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, these can also be processed.

The IP addresses of the users are also saved. However, we use available IP masking procedures (ie, pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) are stored in the online marketing process, but pseudonyms. This means that we, as well as the providers of online marketing processes, do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or by means of similar processes. These cookies can later generally also be read out on other websites that use the same online marketing process, analyzed for the purpose of displaying content and supplemented with additional data and stored on the server of the online marketing process provider.

As an exception, clear data can be assigned to the profiles. This is the case if the users are, for example, members of a social network whose online marketing process we use and the network connects the profiles of the users in the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g. by giving their consent during registration.

In principle, we only have access to summarized information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e., for example, to a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures.

Notes on legal bases:  If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (ie interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this data protection declaration.

• Processed data types:  Usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses).

• Affected people:  Users (e.g. website visitors, users of online services), interested parties.

• Purposes of processing:  Tracking (e.g. interest / behavior-related profiling, use of cookies), remarketing, visitor action evaluation, interest-based and behavior-related marketing, profiling (creation of user profiles), conversion measurement (measurement of the effectiveness of marketing measures), range measurement (e.g. access statistics, recognition of returning visitors).

• Safety measures:  IP masking (pseudonymization of the IP address).

• Legal basis:  Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), Legitimate Interests (Art. 6 Para. 1 S. 1 lit.f. GDPR).

• Opposition option (opt-out):  We refer to the data protection notices of the respective providers and the possibilities of objection given to the providers (so-called "opt-out"). Unless an explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this can restrict the functions of our online offer. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas: a) Europe:  https://www.youronlinechoices.eu . b) Canada:  https://www.youradchoices.ca/choices . c) USA:  https://www.aboutads.info/choices . d) Cross-regional:  http://optout.aboutads.info .

Used services and service providers:

• Google Analytics:  Online marketing and web analysis; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website:  https://marketingplatform.google.com/intl/de/about/analytics/ ; Data protection:  https://policies.google.com/privacy ; Privacy Shield (ensuring the level of data protection when processing data in the USA):  https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ; Opposition option (opt-out): Opt-out plug-in:  http://tools.google.com/dlpage/gaoptout?hl=de , settings for the display of advertisements:  https://adssettings.google.com/authenticated .

Plugins and embedded functions as well as content

We incorporate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be graphics, videos or social media buttons as well as posts (hereinafter uniformly referred to as "content").

The integration always presupposes that the third-party providers of this content process the IP address of the user, since without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of this content or functions. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, the websites to be referred to, the time of visit and other information about the use of our online offer, as well as being linked to such information from other sources.

Notes on legal bases:  If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (ie interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this data protection declaration.

• Processed data types:  Usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses), inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries , Photographs, videos).

• Affected people:  Users (e.g. website visitors, users of online services), communication partners.

• Purposes of processing:  Provision of our online offer and user-friendliness, contractual services and services, security measures, administration and answering of inquiries, contact inquiries and communication, direct marketing (e.g. by email or post), tracking (e.g. interest / behavioral profiling, use of cookies), interest-based and behavioral marketing, profiling (creation of user profiles).

• Legal basis:  Legitimate interests (Art. 6 Para. 1 S. 1 lit.f. GDPR), consent (Art. 6 Para. 1 S. 1 lit. lit.b.DSGVO).

Used services and service providers:

• Google Maps:  We integrate the maps of the “Google Maps” service provided by Google. The processed data may include, in particular, the users' IP addresses and location data, which, however, are not collected without their consent (usually within the framework of the settings of their mobile devices). Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website:  https://maps.google.de ; Data protection:  https://policies.google.com/privacy ; Privacy Shield (ensuring the level of data protection when processing data in the USA):  https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active ; Opposition option (opt-out): Opt-out plug-in:  http://tools.google.com/dlpage/gaoptout?hl=de , settings for the display of advertisements:  https://adssettings.google.com/authenticated .

• YouTube:  Videos; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website:  https://www.youtube.com ; Data protection:  https://policies.google.com/privacy ; Privacy Shield (ensuring the level of data protection when processing data in the USA):  https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ; Opposition option (opt-out): Opt-out plug-in:  http://tools.google.com/dlpage/gaoptout?hl=de , settings for the display of advertisements:  https://adssettings.google.com/authenticated .

• Vimeo:  Video platform; Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Website:  https://vimeo.com ; Data protection:  https://vimeo.com/privacy ; Opposition option (opt-out): We point out that Vimeo can use Google Analytics and refer to the data protection declaration ( https://policies.google.com/privacy ) and the opt-out options for Google Analytics ( http : //tools.google.com/dlpage/gaoptout? hl = de ) or Google's settings for data use for marketing purposes (https://adssettings.google.com/ ).

Change and update of the data protection declaration

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

​

Rights of data subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 GDPR:

• Right of objection: You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data relating to you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

• Right to withdraw consent:  You have the right to withdraw your consent at any time.

• Right of providing information:  You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements.

• Right to rectification:  In accordance with the legal requirements, you have the right to request the completion of the data relating to you or the correction of incorrect data relating to you.

• Right to deletion and restriction of processing:  In accordance with the legal requirements, you have the right to request that the data relating to you be deleted immediately or, alternatively, to request a restriction on the processing of the data in accordance with the legal requirements.

• Right to data portability:  You have the right to receive data concerning you that you have provided to us in accordance with the legal requirements in a structured, common and machine-readable format or to request that it be transmitted to another person responsible.

• Complaint to the supervisory authority:  Furthermore, in accordance with the legal requirements, you have the right to contact a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged violation, if you are of the opinion that the processing of your personal data violates the GDPR .

Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke