Privacy Policy

This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") in the context of the provision of our services and within our online offer and the associated websites, functions and contents as well as external online presentations, such as our social media profile (hereinafter referred to as "online offer"). We refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Types of processed data

– stock data (e.g., personal data, names or addresses).
– Contact details (e.g., e-mail, telephone numbers).
– Content data (e.g., text files, photographs, videos).
– Usage data (e.g., visited websites, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).

Categories of affected persons

Visitors and users of the online offer (followingly, we also refer to the affected persons as "users").

Purpose of processing

– Provision of the online offer, its functions and content.
– Answering contact requests and communication with users.
– Security measures.
– Range measurement/marketing

Definitions used

‘personal data’ means any information relating to an identified or identifiable natural person (‘the person concerned’); is considered to be identifiable as a natural person which can be identified directly or indirectly, in particular by assigning to an identifier such as a name, to a identification number, to location data, to an online identifier (e.g. cookie) or to one or more special features which are the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
‘processing’ means any process carried out with or without the aid of automated procedures or any such series of operations relating to personal data. The term extends far and covers virtually any handling of data.
‘Pseudonymisation’ means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the addition of additional information, provided that such additional information is kept separately and subject to technical and organisational measures which ensure that the personal data is not assigned to an identified or identifiable natural person.
‘profiling’ means any kind of automated processing of personal data that consists in using this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behavior, place of residence or place of residence of that natural person.
The term "responsible" shall be the natural or legal person, authority, body or other body which, alone or jointly with others, decides on the purposes and means of processing personal data.
‘order processor’ means a natural or legal person, authority, body or other body that processes personal data on behalf of the controller.

Legal basis

In accordance with Art. 13 GDPR we inform you of the legal basis of our data processing. The following applies to users from the scope of the General Data Protection Regulation (GDPR), i.e. the EU and the EEC, unless the legal basis in the Privacy Policy is specified:
The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR;
The legal basis for the processing for the performance of our services and implementation of contractual measures as well as answering requests is Art. 6 para. 1 lit. b GDPR;
The legal basis for the processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR;
In the event that vital interests of the data subject or another natural person require processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis.
The legal basis for the necessary processing to carry out a task in the public interest or in the exercise of public authority delegated to the controller is Art. 6 para. 1 lit. e GDPR.
The legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f GDPR.
The processing of data for purposes other than those for which it was collected is determined in accordance with the requirements of Art. 6 para. 4 GDPR.
Processing of special categories of data (corresponding to Art. 9 para. 1 GDPR) is determined according to the requirements of Art. 9 para. 2 GDPR.

Security measures

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing, as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons.
The measures include, in particular, safeguarding confidentiality, integrity and availability of data by controlling physical access to data, as well as access, input, disclosure, availability and separation. Furthermore, we have set up procedures that ensure the perception of data subject rights, erasure of data and reaction to the risk of data. We also take into account the protection of personal data already in development, or Selection of hardware, software and procedures, according to the principle of data protection by technology design and by data protection-friendly defaults.

Cooperation with processors, joint controllers and third parties

If we disclose data to other persons and companies (order processors, jointly responsible persons or third parties) within the scope of our processing, transmit it to them or otherwise provide them with access to the data, this is done only on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for fulfilling the contract), if users have consented to a legal obligation to do so or on the basis of our legitimate interests (e.
If we disclose, transmit or otherwise grant access to data to other companies of our group of companies, this takes place, in particular for administrative purposes, as a legitimate interest and, moreover, on a basis corresponding to legal requirements.

Transmissions to third countries

Insofar as we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation), or in the context of the use of third-party services or disclosure, or Transmission of data to other persons or companies takes place only if it takes place to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to express consent or contractually required transmission, we process or process the data only in third countries with a recognised level of data protection, including the U.S. processors certified under the "Privacy Shield" or process it on the basis of special guarantees, such as contractual obligation by so-called standard safeguard clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, Information page of the EU Commission).

Rights of the persons concerned

You have the right to request a confirmation of whether relevant data is processed and information about this data as well as further information and copy of the data in accordance with the legal requirements.
You've got it. the legal requirements of the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
You have the right to demand that the data concerned be deleted immediately, or alternatively to request a restriction of the processing of the data in accordance with the statutory requirements.
You have the right to request that the data concerning you, which you have provided to us, be received in accordance with the statutory requirements and to request their transmission to other controllers.
They also have the right to lodge a complaint with the competent supervisory authority in accordance with the legal requirements.

Right of withdrawal

You have the right to revoke granted consent with effect for the future.

Right of appeal

You may object to the future processing of the data concerning you at any time in accordance with the statutory requirements. The objection can be made in particular against the processing for direct marketing purposes.

Cookies and right of objection for direct advertising

Cookies are small files that are stored on users' computers. Different data can be stored within the cookies. A cookie primarily serves to store the information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. As temporary cookies, or "session cookies" or "transient cookies", cookies are called which are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the content of a shopping cart can be stored in an online shop or a login status. Cookies are called "permanent" or "persistent" which remain stored even after the browser is closed. Thus, for example, the login status can be stored when the users visit it after several days. Likewise, in such a cookie the interests of the users that are used for range measurement or marketing purposes can be stored. The term "dhird party cookie" refers to cookies which are offered by other providers as the controller who operates the online offer (unless, if only its cookies are referred to as "first party cookies").
We can use temporary and permanent cookies and clarify them as part of our privacy policy.
If we ask the users to consent to the use of cookies (e.g. as part of a cookie consent), the legal basis of this processing is Art. 6 para. 1 lit. a. GDPR. Otherwise, the personal cookies of the user will be based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) or if the use of cookies is necessary for the provision of our contractual services, according to Art. 6 para. 1 lit. b. GDPR, or if the use of cookies is necessary for the performance of a task that is in public interest or in the exercise of public authority, pursuant to Art. 6 para. 1 lit. e. GDPR, processed.
If users do not want cookies to be stored on their computer, they are asked to disable the appropriate option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. The exclusion of cookies may lead to functional restrictions of this online offer.
A general contradiction to the use of cookies used for the purposes of online marketing can be found in a variety of services, especially in the case of tracking, via the US-American side. http://www.aboutads.info/choices/ or the EU side http://www.youronlinechoices.com/ to be explained. Furthermore, the storage of cookies can be achieved by means of their disconnection in the settings of the browser. Please note that all functions of this online offer may not be used.

Data deletion

The data processed by us are deleted or restricted in their processing in accordance with the statutory requirements. Unless expressly stated in this Privacy Policy, the data stored by us will be deleted as soon as they are no longer necessary for their purpose and no statutory retention obligations are precluded from erasing.
If the data is not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data which must be kept for commercial or tax reasons.

Changes and updates of the Privacy Policy

We ask you to inform you regularly about the content of our privacy policy. We adapt the privacy policy as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require you to participate (e.g. consent) or any other individual notification.

Business processing

We also process
– Contract data (e.g., contract subject, term, customer category).
– Payment data (e.g., bank account, payment history)
from our customers, interested parties and business partners to provide contractual services, service and customer care, marketing, advertising and market research.

Order processing in the online shop and customer account

We process the data of our customers as part of the ordering process in our online shop in order to select and order the selected products and services, as well as their payment and delivery, or to allow execution.
The processed data includes inventory data, communication data, contract data, payment data and persons affected by the processing include our customers, interested parties and other business partners. The processing is carried out for the purpose of providing contractual services in the context of the operation of an online shop, settlement, delivery and customer service. We use session cookies for storing the shopping cart content and permanent cookies for storing the login status.
The processing is carried out to fulfill our services and implement contractual measures (e.g. the execution of ordering operations) and to the extent that it is required by law (e.g., legally required archiving of transactions for trade and tax purposes). The information required to justify and fulfil the contract is necessary. We disclose the data to third parties only as part of the delivery, payment or as part of the legal permissions and obligations, as well as if this is done on the basis of our legitimate interests, which we inform you within the scope of this Privacy Policy (e.g., to legal and tax advisers, financial institutions, freight companies and authorities).
Users can optionally create a user account by viewing their orders in particular. In the course of registration, the required mandatory information is communicated to users. User accounts are not public and cannot be indexed by search engines. If users have cancelled their user account, their data will be deleted with regard to the user account, subject to their retention is necessary for commercial or tax reasons. Information in the customer account remains until its deletion with subsequent archiving in the event of a legal obligation or our legitimate interests (e.g., in the case of legal disputes). It is the responsibility of users to secure their data before the end of the contract when termination is made.
As part of the registration and re-registration as well as the use of our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as the user of protection against misuse and other unauthorized use. This data is generally not passed on to third parties unless it is necessary to pursue our legal claims as a legitimate interest or there is a legal obligation to do so.
The deletion takes place after the expiry of statutory warranty and other contractual rights or obligations (e.g., payment claims or service obligations arising from contracts to me customers), whereby the necessity of the storage of the data is checked every three years; in the case of storage due to statutory archiving obligations, the deletion takes place after the expiry of this.

Online presentations in social media

We maintain online presentations within social networks and platforms to communicate with the customers, interested parties and users active there and to inform them about our services.
We would like to point out that data from users outside the European Union can be processed. This allows users to take risks because, for example, the enforcement of user rights could be made more difficult. With regard to US providers certified under the Privacy Shield, we would like to point out that they are committed to complying with EU data protection standards.
Furthermore, the data of users is usually processed for market research and advertising purposes. For example, user profiles can be created from the usage behavior and the resulting interests of the users. The usage profiles can in turn be used to switch advertisements inside and outside the platforms that are supposed to correspond to the interests of users. For these purposes, cookies are usually stored on the users' computers in which the user's usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by users (especially if users are members of the respective platforms and are logged in to them).
The processing of the personal data of the users is carried out on the basis of our legitimate interests in an effective information of the users and communication with the users acc. Article 6(1)(f) GDPR. If the users are asked by the respective providers of the platforms to consent to the aforementioned data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.
For a detailed representation of the respective processing and the possibilities of opposition (Opt-Out), we refer to the following linked information of the providers.
In the case of requests for information and the assertion of user rights, we also point out that they can be most effectively asserted by the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you need help, please contact us.
– Facebook, Pages, Groups, (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) based on a Agreement on the common processing of personal data – Privacy Policy: https://www.facebook.com/about/privacy/, especially for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data , Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
– Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adsettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
– Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/ Opt-Out: http://instagram.com/about/legal/privacy/.
– Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy Policy: https://twitter.com/en/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
– Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy Policy/ Opt-Out: https://about.pinterest.com/en/privacy-policy.
– LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Policy https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
– Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – Privacy Policy/ Opt-Out: https://privacy.xing.com/en/data protection declaration.
– Wakalet (Wakelet Limited, 76 Quay Street, Manchester, M3 4PR, United Kingdom) – Privacy Policy/ Opt-Out: https://wakelet.com/privacy.html.
– Soundcloud (SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany) – Privacy Policy/ Opt-Out: https://soundcloud.com/pages/privacy.

Skip to content