Pri­va­cy policy

Your rights:

A

Under Arti­cle 15 of the GDPR, you have a right of access to the personal data about you that we process. In par­tic­u­lar, you can access information about the pur­pos­es of pro­cess­ing, the cat­e­gories of personal data, the cat­e­gories of recip­i­ents to whom your data has been or will be dis­closed, the planned dura­tion of stor­age, the exis­tence of a right to rec­ti­fi­ca­tion, a right to era­sure, a right to restric­tion of pro­cess­ing or a right to object, the exis­tence of the right to lodge a com­plaint, the origin of your data, pro­vid­ed we did not col­lect it, the exis­tence of auto­mat­ed deci­sion-making, includ­ing pro­fil­ing, and if applic­a­ble, mean­ing­ful information on these details.

B

Under Arti­cle 16 of the GDPR, you have the right to obtain, with­out undue delay, the rec­ti­fi­ca­tion of inac­cu­rate or incom­plete personal data about you that we store.

C

Under Arti­cle 17 of the GDPR, you have the right to request the era­sure of personal data about you that we store, pro­vid­ed that pro­cess­ing is not required for exer­cis­ing the right to free­dom of expres­sion and information, for com­pli­ance with a legal oblig­a­tion, on grounds of public inter­est or for the estab­lish­ment, exer­cise or defence of legal claims.

The

Under Arti­cle 18 of the GDPR, you have the right to request the restric­tion of pro­cess­ing of your personal data, pro­vid­ed you con­test the accu­ra­cy of the data, pro­cess­ing is unlaw­ful but you oppose the era­sure of the personal data and we no longer need the data for the pur­pos­es of pro­cess­ing and you nonethe­less need it for the estab­lish­ment, exer­cise or defence of legal claims or you have object­ed to pro­cess­ing pur­suant to Arti­cle 21 of the GDPR.

E

Under Under Arti­cle 20 of the GDPR, you have the right to receive your personal data, which you pro­vid­ed to us, in a struc­tured, com­mon­ly used and machine-read­able format or to request it be trans­mit­ted to anoth­er con­troller.

F

Under Arti­cle 7 (3) of the GPPR, you have the right, at any time, to revoke the con­sent you gave us. This means we will not be per­mit­ted to con­tin­ue with data pro­cess­ing based on this con­sent in the future.

G

Under Arti­cle 77 of the GDPR, you have the right to lodge a com­plaint with a super­vi­so­ry author­i­ty. In gen­er­al, you may con­tact the super­vi­so­ry author­i­ty in your habit­u­al place of res­i­dence or place of work, or our company’s reg­is­tered office.

If your personal data is being processed based on legit­i­mate inter­ests pur­suant to the first sen­tence of Arti­cle 6 (1) (f) of the GDPR, you have the right under Arti­cle 21 GDPR to object to the pro­cess­ing of your personal data on grounds relat­ing to your par­tic­u­lar sit­u­a­tion or to object to pro­cess­ing of your personal data for direct mar­ket­ing pur­pos­es. In the latter case, you have a gen­er­al right to object; we will apply this with­out a spe­cif­ic sit­u­a­tion being stated.

A

We take state-of-the-art organ­i­sa­tion­al, con­trac­tu­al and tech­ni­cal secu­ri­ty mea­sures to ensure that the reg­u­la­tions set out in data pro­tec­tion law are com­plied with and to pro­tect the data we process from acci­den­tal or inten­tion­al manip­u­la­tion, loss, destruc­tion or access by unau­tho­rised indi­vid­u­als.

B

In par­tic­u­lar, these secu­ri­ty mea­sures include encrypt­ed data trans­fer between your brows­er and our server.

A

A Data is only dis­closed to third par­ties as per­mit­ted by law. In this case, we only dis­close users’ data to third par­ties if doing so is required for con­trac­tu­al pur­pos­es based on Arti­cle 6 (1) (a) of the GDPR, for instance, or based on our legit­i­mate inter­ests in eco­nom­i­cal­ly Arti­cle 6 (1) (a) of the GDPR.

B

If we engage sub­con­trac­tors to pro­vide our ser­vices, we take suit­able legal pre­cau­tions and appro­pri­ate tech­ni­cal and organ­i­sa­tion­al mea­sures to pro­tect personal data in line with the rel­e­vant legal require­ments.

C

If, in the context of this pri­va­cy policy, con­tent, tools or other resources made avail­able by other providers (here­inafter referred to col­lec­tive­ly as ‘third-party providers’) are used and their reg­is­tered office is locat­ed in a third coun­try, it is to be assumed that data is trans­ferred to the coun­tries in which the third-party providers’ reg­is­tered offices are locat­ed. Third coun­tries are nations in which the GDPR does not apply direct­ly (i.e. coun­tries out­side of the EU and the Euro­pean Eco­nom­ic Area, in prin­ci­ple). Data is trans­ferred to third coun­tries either if there is an ade­quate level of data pro­tec­tion, the user has grant­ed their con­sent to this effect or there is oth­er­wise legal per­mis­sion to do so.

A

We process gen­er­al data (e.g. users’ names, address­es and con­tact details) and con­tract data (e.g. ser­vices used, names of con­tacts, pay­ment information) for the pur­pose of ful­fill­ing our con­trac­tu­al oblig­a­tions and ser­vices pur­suant to Arti­cle 6 (1) (b) of the GDPR.

B

As part of reg­is­tra­tion and repeat­ed login, and the util­i­sa­tion of our online ser­vices, we store the IP address and the time of the user’s action in ques­tion. Die Spe­icherung erfol­gt auf Grund­lage unser­er berechtigten Inter­essen, als auch der Nutzer an Schutz vor Miss­brauch und son­stiger unbefugter Nutzung. Such stor­age is under­tak­en based on both our and the user’s legit­i­mate inter­ests in pre­vent­ing abuse and other unau­tho­rised access. In prin­ci­ple, this data is not dis­closed to third par­ties unless doing so is required for pur­su­ing our claims or there is a legal oblig­a­tion in this respect pur­suant to Arti­cle 6 (1) (a) of the GDPR.

A

When users con­tact us (using the con­tact form or by email), their details are processed for han­dling and pro­cess­ing the con­tact request pur­suant to Arti­cle 6 (1) (a) of the GDPR or based on your vol­un­tary con­sent under Arti­cle 6 (1) (a) of the GDPR. The personal data we col­lect for use of the con­tact form and the personal data you trans­fer by email is erased as soon as it is no longer required for its pur­pose.

B
Die Angaben der Nutzer können in unserem Cus­tomer-Rela­tion­ship-Management System (“CRM System”) oder ver­gle­ich­bar­er Anfragenor­gan­i­sa­tion gespe­ichert werden.

A

We col­lect data on every instance of access to the server that our ser­vices are locat­ed on (known as ‘server log files’); we do so based on our legit­i­mate inter­ests under Arti­cle 6 (1) (a) of the GDPR. This access data includes the name of the web­site accessed, the file, the date and time of access, the quan­ti­ty of data trans­ferred, noti­fi­ca­tion of successful access, the brows­er type and ver­sion, the user’s oper­at­ing system, the refer­rer URL (the page vis­it­ed pre­vi­ous­ly), the IP address and the provider making the request.

B

Log file information is stored on secu­ri­ty grounds (e.g. to clar­i­fy abu­sive or fraud­u­lent actions) for a max­i­mum of 14 days, after which it is erased. Data that needs to be retained for a longer period of time for evi­dence pur­pos­es is exclud­ed from such era­sure until the case in ques­tion has been defin­i­tive­ly clar­i­fied.

A

Cook­ies are pieces of information that are trans­ferred from our web server or third-party web servers to users’ web browsers, where they are stored and can be sub­se­quent­ly accessed. Cook­ies may be small files or other forms of information stor­age.

B

We use what are known as ‘ses­sion cook­ies’, which are only stored for the dura­tion of your cur­rent visit to our online pres­ence (e.g. to save your login status or the shop­ping basket fea­ture, which thus enable our online pres­ence to be used in the first place). ses­sion cookie stores a ran­dom­ly gen­er­at­ed, unique iden­ti­fi­ca­tion number, known as a ‘ses­sion ID’. A cookie also con­tains information about its origin and the stor­age period. These cook­ies cannot store any other information. Ses­sion cook­ies are delet­ed when you have fin­ished using our online pres­ence and either log out or close the brows­er.

C

This pri­va­cy policy pro­vides users with information on the use of cook­ies during pseu­do­nymised reach mea­sure­ment.

The

If users object to the stor­age of cook­ies on their com­put­er, they are request­ed to dis­able the rel­e­vant option in their browser’s system set­tings. Stored cook­ies can be erased using the browser’s system set­tings. Exclud­ing cook­ies can limit the func­tion­al­i­ty of this online pres­ence.

E

You can object to the use of cook­ies to mea­sure reach and for advertising pur­pos­es using the NAI opt-out page (http://optout.networkadvertising.org/). You can also do this using the US web­site (http://www.aboutads.info/choices) or the Euro­pean web­site (http://www.youronlinechoices.com/uk/your-ad-choices/).

A

We use Google Ana­lyt­ics, a web ana­lyt­ics ser­vice pro­vid­ed by Google, Inc. (‘Google’), based on our legit­i­mate inter­ests (i.e. our inter­est in analysing, opti­mis­ing and eco­nom­i­cal­ly oper­at­ing our online pres­ence under Arti­cle 6 (1) (f) of the GDPR). Google uses cook­ies. The information that the cookie gen­er­ates on how users use the online pres­ence is gen­er­al­ly trans­ferred to and stored on a Google server in the USA.

B

B Google is cer­ti­fied under the EU-US Pri­va­cy Shield and there­fore guar­an­tees it will comply with Euro­pean data pro­tec­tion law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

C

Google will use this information on our behalf to eval­u­ate how users use our online pres­ence, to com­pile reports on activ­i­ties within this online pres­ence and to pro­vide us with fur­ther ser­vices asso­ci­at­ed with the use of this online pres­ence and the inter­net. Pseu­do­nymised user pro­files may be cre­at­ed from the data processed for this pur­pose.

The

D We only use Google Ana­lyt­ics with IP anonymi­sa­tion acti­vat­ed. This means that Google trun­cates users’ IP address­es within Member States of the Euro­pean Union or in other states that are party to the Agree­ment on the Euro­pean Eco­nom­ic Area. Only in excep­tion­al cases will the full IP address be trans­ferred to and trun­cat­ed on a Google server in the USA.

E

The IP address trans­ferred by the user’s brows­er is not merged with any other data that Google holds. Users can pre­vent the set­ting of cook­ies by chang­ing their brows­er set­tings accord­ing­ly. Addi­tion­al­ly, users can also pre­vent Google’s col­lec­tion and pro­cess­ing of the information the cookie gen­er­ates about their use of the online pres­ence by down­load­ing and installing the brows­er plugin avail­able at: http://tools.google.com/dlpage/gaoptout?hl=en.
As an alter­na­tive to the brows­er add-on or for browsers on mobile devices, please click on the hyper­link below to pre­vent Google Ana­lyt­ics from col­lect­ing data within this web­site in future: Google Ana­lyt­ics opt-out (the opt-out only works within the brows­er and only for this domain).

F

Please refer to Google’s web­sites – https://policies.google.com/technologies/partner-sites?hl=en (‘How Google uses information from our part­ners’ web­sites or apps), http://www.google.com/policies/technologies/ads (‘Using data for advertising pur­pos­es’), http://www.google.en/settings/ads (‘Man­ag­ing information that Google uses to show you advertising) – for fur­ther information on how Google uses data, set­tings and opting out.

A

Within our online pres­ence, we use con­tent or ser­vices offered by third-party providers to inte­grate their con­tent and ser­vices (e.g. videos or fonts) (here­inafter referred to col­lec­tive­ly as ‘con­tent’). We do so based on our legit­i­mate inter­ests (i.e. our inter­est in analysing, opti­mis­ing and eco­nom­i­cal­ly oper­at­ing our online pres­ence under Arti­cle 6 (1) (f) of the GDPR). This always requires the third-party providers of this con­tent to know users’ IP address­es, as they cannot send the con­tent to their browsers with­out the IP address­es. As a result, an IP address is required for this con­tent to be dis­played. We strive only to use con­tent from providers that use the IP address to exclu­sive­ly deliv­er this con­tent. Fur­ther­more, third-party providers may use what are known as ‘pixel tags’ (invis­i­ble graph­ics, also known as ‘web bea­cons’) for sta­tis­ti­cal or mar­ket­ing pur­pos­es. The pixel tags enable eval­u­a­tion of information, such as vis­i­tor traf­fic to this website’s pages. The pseu­do­nymised information may also be stored in cook­ies on the users’ devices and may con­tain tech­ni­cal information about the brows­er and oper­at­ing system, web­sites referred to, the length of the visit and fur­ther details on how our online pres­ence is used, along with other pieces of data. It may also be asso­ci­at­ed with information of this nature from other sources.

B

The list below pro­vides an overview of third-party providers and their con­tent, along with links to their pri­va­cy poli­cies, which con­tain fur­ther details on data pro­cess­ing and opt-out options, some of which are listed here:

• • Exter­nal fonts from Google, Inc., https://www.google.com/fonts (‘Google Fonts’). Google Fonts are inte­grat­ed by means of retrieval from Google’s server (gen­er­al­ly in the USA). Pri­va­cy policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.

• • Maps from the ‘Google Maps’ ser­vice pro­vid­ed by the third-party provider Google, Inc., of 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA. Pri­va­cy policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.

• • • Videos from the plat­form ‘YouTube’ pro­vid­ed by the third-party provider Google, Inc., of 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA. Pri­va­cy policy: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.

12. Era­sure of data

A

The data we store is erased as soon as it is no longer required for its pur­pose and such era­sure does not con­flict with any statu­to­ry reten­tion require­ments. Pro­vid­ed that users’ data is not erased because it is required for other, legal­ly per­mis­si­ble pur­pos­es, pro­cess­ing of the same will be lim­it­ed. This means the data will be blocked and not processed for other pur­pos­es. This applies to user data that needs to be retained under com­mer­cial or tax law, for exam­ple.

B

Under the legal require­ments, data is retained for six years pur­suant to Sec­tion 257 (1) of the German Com­mer­cial Code (com­mer­cial records, inven­to­ries, open­ing bal­ance sheets, annual finan­cial state­ments, com­mer­cial let­ters, vouch­ers for account­ing entries, etc.) and for ten years pur­suant to Sec­tion 147 (1) of the German Fiscal Code (accounts and records, sit­u­a­tion reports, account­ing records, trade and busi­ness let­ters, doc­u­ments of relevance for tax­a­tion, etc.).

A

We reserve the right to modify the pri­va­cy policy to take reg­u­la­to­ry changes, changes to the ser­vice and changes to data pro­cess­ing into account. How­ev­er, this only applies in respect of dec­la­ra­tions regard­ing data pro­cess­ing. Pro­vid­ed users’ con­sent is required or com­po­nents of the pri­va­cy policy include pro­vi­sions on the con­trac­tu­al rela­tion­ship with users, the mod­i­fi­ca­tions may only be made with the users’ con­sent.

B

Users are request­ed to obtain information about the con­tent of the pri­va­cy policy at reg­u­lar inter­vals.