Data Protection

Inventory data (e.g., names, addresses).
Contact information (e.g., e-mail, phone numbers).
Content data (e.g., text input, photographs, videos).
Usage data (e.g., visited web pages, interest in content, access times).
Meta / communication data (e.g., device information, IP addresses).
Contract data (e.g., subject, term, customer category).
Payment data (e.g., bank details, payment history) from our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.

 

Affected people

Visitors and users of the online offer (hereinafter we refer to the affected persons as “users”).

 

Reason for Processing

Provision of the online offer, its functions and contents.
Answering contact requests and communicating with users.
Safety measures.
Audience measurement / marketing.

 

Concepts

For the terms used (eg “Personal data”, “Processing”, “Pseudonymisation”, “Profiling”, “Responsible” and “Processor”) we refer to Art. 4 GDPR.

 

Legal basis for processing

In summary, the data processing by us are based on the following legal bases, depending on the respective circumstances:

Fulfillment of our contractual obligation (Article 6 (1) (b) GDPR)
Legal obligations, in particular retention obligations (Article 6 (1) (c) GDPR)
Our main legitimate interest (Article 6 (1) (f) DSGVO)
Consents (Article 6 (1) (a) and Article 7 GDPR).
Rights of data subjects

According to Art. 15 GDPR, they have the right to obtain information against the person responsible for the processing of personal data.

According to Art. 16 GDPR, they have the right to correct inaccurate personal data concerning them.

According to Art. 17 GDPR, they have the right to be deleted (“right to be forgotten”).

According to Art. 18 GDPR, they have the right to restrict processing.

They have the right to data transmission in accordance with Art. 20 GDPR.

According to Art. 21 GDPR, they have the right to object to the processing.

According to Art. 77 GDPR, they have the right to complain to a supervisory authority.

 

Right of revocation and opposition

You have the right to grant consent in accordance with. Art. 7 para. 3 DSGVO with effect for the future.

You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may in particular be made against processing for direct marketing purposes.

 

Deletion, limited processing and storage

All data will be deleted in a timely manner as soon as the intended purposes are achieved. For this a regular check takes place.

The immediate deletion is regularly opposed by statutory retention requirements, in particular §§ 147 para. 1 AO, 257 para. 1 No. 1 and 4, para. 4 HGB (10 years) and § 257 para. 1 No. 2 and 3, para. 4 HGB (6 years).

Unless the data is deleted because it is required for other and legitimate purposes, its processing will be restricted with the result that the data will be blocked and not processed for any other purpose.

 

Calling the website and cookies

When visiting our website, we collect connection data or meta / communication and usage data. These are necessary in order to be able to present the offer at all or in the respective form and with appropriate performance.

We and third parties commissioned by us also use cookies. This information is transferred from our web server or third-party web servers to users’ web browsers and stored there for later retrieval.

Cookies are used, for example, to fully enable the use of the online offer and to improve and personalize the online offer, for example by automatically providing the website operator with certain data about their terminal device and the Internet connection.

Cookies are stored on your computer. You have the possibility to see the storage duration of a stored cookie in your system.

It is also possible to use the website without cookies. Saved cookies can be deleted in the system settings of the browser. The deactivation settings can be found in the system settings of your browser or device. However, the use of the website may be restricted if you have restricted or deactivated the use of cookies.

The basis for the collection of data when the website is accessed and the use of cookies is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO as well as your consent pursuant to Art. 6 para. 1 lit. a GDPR.

 

Ordering and User Accounts

We process the data of our users during order processes in our online offer to enable them to select and order the selected products and services, as well as their payment and delivery, or execution. Optionally, a user account can be created here.

We store and process data in the specified scope. This can be in particular the following data:

• Inventory data

• communication data

• contract data

• Payment details (note about payment services)

• Further data during registration are the IP address and time of the respective user action

All data necessary for delivery or contract execution will be passed on to third party service providers at the time of delivery or contract execution.

The legal basis for the processing of the data, in particular with regard to the user account, is your consent in the context of the registration Art. 6 para. 1 lit. a GDPR. With regard to the data that is the fulfillment of the contract of which the user is a party or the implementation of pre-contractual measures, the legal basis Art. 6 para. 1 lit. b DSGVO. Further data is collected in accordance with Art. 6 para. 1 lit. f DSGVO to protect against misuse and other unauthorized use.

 

Contact

If you contact us, for example via contact form, e-mail, telephone or social media, your details will be stored so that they can be used to process and answer your request.

The collection and processing of personal data takes place in accordance with Art. 6 para. 1 lit. a DSGVO or Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in responding to your contact request quickly and reliably. Insofar as the collection of the contact data serves to fulfill the contract, the additional legal basis for processing the data is Art. 6 para. 1 lit. b DSGVO User information can be stored in a Customer Relationship Management System (“CRM System”) or comparable request organization.

Once the data for the request is no longer required, they are deleted. In addition, every two years the necessity is checked, while respecting the statutory retention requirements.

 

Relationship with order processors and third parties

If, in the context of our processing, we disclose data to other persons and companies (order processors or third parties), transmit them to them or otherwise grant access to the data, this is done only on the basis of a legal permission (eg if the data is transmitted to Third parties, as to payment service providers, pursuant to Art. 6 (1) (b) DSGVO is required to fulfill the contract), you have consented to a legal obligation or on the basis of our legitimate interests (eg the use of agents, webhosters, etc.). ).

If we commission third parties to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

 

Transfers to third countries

The processing of data in a third country (ie outside the European Union (EU) or the European Economic Area (EEA)) or the use of third party services or disclosure or transmission of data to third parties is only to the extent that it is necessary to fulfill the (pre) contractual Duties, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. DSGVO.

At present, we use service providers in the US who submit to the Privacy Shield. By calling the website (https://www.privacyshield.gov/EU-US-Framework) it is possible to call up the status of the respective service provider and further information by means of a search function.

As part of our business, we continuously use providers to manage administrative and organizational tasks. All data collected by us, but in particular contract and payment data, may be affected. Insofar as this is required by the provisions of data protection law, this is done in the context of order data processing. Basis for the processing is regularly our justified interest (kind 6 exp. 1 lit. f. DSGVO).

 

Payment service provider

We use the payment service providers […].

As part of the ordering process, users are required to fulfill the contract in accordance with Art. 6 para. 1 lit. b DSGVO forwarded to this. Incidentally, we use external payment service providers on the basis of our legitimate interests. Art. 6 para. 1 lit. f. DSGVO in order to offer our users effective and secure payment options.

This includes in particular the transfer to […] for the purpose of processing the order and payment. The transferred data may be used by the third party exclusively for the stated purposes.

The payment service providers collect from you data such as name, address, bank details (account numbers or credit card numbers, passwords, TANs and checksums) as well as the contract, summary and recipient-related information to process the transactions. We only receive information about the status of the payment. If necessary, the payment service providers and other service providers process the data further for the purposes of identity and credit checks. Please take note of the respective terms and conditions and privacy policy:

 

Google

We use various offers from Google Inc. on our website (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”):

 

reCAPTCHA: The query is for the purpose of distinguishing the input is by a human or automated, machine processing. The query includes the sending of the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input needs to be translated to Google and used there. However, your IP address will be shortened by Google within member States of the European Union or other Contracting states of the European Economic Area. Only in exceptional cases does the full IP address be sent to a Google server in the US and shortened there. Google wants to use this information on behalf of the operator of this website to evaluate your use of this service. The IP address sent by your browser as part of reCaptcha will not be merged with other data provided by Google. If necessary, your data also wants to be transmitted to the USA. For data transfers to the US, there is an adequacy decision of the European Commission, the “Privacy Shield”. Google participates in the “Privacy Shield” and has submitted to the specifications. By pressing the query, you consent to the processing of your data. Processing is based on Art. 6 (1) lit. a GDPR with your consent. You can revoke your consent at any time,

For more information about Google reCAPTCHA and its privacy policy, please visit: https://www.google.com/privacy/ads/

 

Google Analytics: a web analytics service provided by Google LLC (“Google”). The information generated by the cookie about the use of the online offer by the users will be used on our behalf to evaluate the use of our online offer by the users, to compile reports on the activities within this online offer and to further, with the use of this online offer and the internet use related services to provide us. In this case, pseudonymous usage profiles of the users can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.

The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection by Google of the data generated by the cookie and related to its use of the online offer and the processing of such data by Google by downloading and installing the browser plug-in available at the following link: http: // tools .google.com / dlpage / gaoptout? hl = en.

For more information about Google’s data usage, hiring and disparaging options, please read Google’s Privacy Policy (https://policies.google.com/technologies/ads) and Google’s Ads Ads Settings (https://adssettings.google.com/authenticated).

The personal data of users will be deleted or anonymized after 14 months.

 

Adwords: We use Google’s online AdWords marketing tool “AdWords” to place ads on the Google advertising network (eg, in search results, in videos, on websites, etc.) so that they are displayed to users who have a suspected interest in the ads to have. This allows us to more specifically display ads for and within our online offering so that we only present ads to users that potentially match their interests. If a user e.g. Showing ads for products he’s been looking for on other online offers is called remarketing. For these purposes, upon access to our and other websites where the Google Advertising Network is active, Google will immediately execute a Google code and become so-called (re) marketing tags (invisible graphics or code, also known as “).” Web beacons “) incorporated into the website. With their help, the user is provided with an individual cookie, i. a small file is saved (instead of cookies, comparable technologies can also be used). In this file is noted which websites the user visited, for what content he is interested and what offers the user has clicked, as well as technical information about the browser and operating system, referring websites, visit time and other information on the use of the online offer.

Furthermore, we receive an individual “conversion cookie”. The information obtained through the cookie is used by Google to generate conversion statistics for us. However, we only hear the anonymous total number of users who clicked on our ad and were redirected to a conversion tracking tag page. However, we do not receive any information that personally identifies users.

The data of the users are pseudonym processed within the Google advertising network. That Google stores and processes e.g. not the name or e-mail address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. That from the perspective of Google, the ads are not managed and displayed to a specifically identified person, but to the cookie owner, regardless of who that cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google’s servers in the United States.

For more information about Google’s data usage, hiring and disparaging options, please read Google’s Privacy Policy (https://policies.google.com/technologies/ads) and Google’s Ads Ads Settings (https://adssettings.google.com/authenticated).

 

Using Airbrake to find and fix bugs

We use the online exception handling program “Airbrake” on our website and, in this context, for bug testing. Airbrake is service provided by Airbrake Inc. (535 Mission Street, 14th floor, San Francisco, CA 94105). The web platform is continuously monitored and tracked in order to find errors and allow the bug fixing.

Communication between customers and Airbrake is by default sent securely via TLS. Airbrake currently supports TLS protocols v1.0, v1.1 and v1.2. All Airbrake customer data is stored encrypted at rest. This includes backups.

Airbrake is hosted on Amazon Web Services in facilities which maintain compliance, certifications and assurance. More information can be found on the AWS security pages or requested from AWS.

Airbrake has certified it’s compliance with the EU-U.S. and Swiss-U.S Privacy Shield as set forth by the U.S. Department of commerce.

Airbrake also maintains GDPR compliance. For our EU customers we offer a Data Protection Addendum available by contacting [email protected]

https://airbrake.io/docs/airbrake-faq/security/

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, based on Art. 6 (1) of the GDPR.

 

Social Media Plugins

Users of our website have the opportunity to use social media plugins to share content on our website. Below is a comprehensive listing of the social networks we use. When used, i. Click on the respective share button, personal data will be transmitted to the respective plugin provider and stored there, especially if you are logged into the respective account.

In order to prevent that the mentioned social networks collect data about the use of our web pages, do not click on the named buttons or log out additionally before visiting our page from the respective accounts. We have no control over the collected data and processing and no knowledge of the full extent of the data collection, the purpose of processing and the retention periods. The plug-in providers can inform the user about the processing of data:

• Facebook https://www.facebook.com/about/privacy/

• Google / YouTube https://policies.google.com/privacy

• Instagram http://instagram.com/about/legal/privacy/

• Twitter https://twitter.com/privacy

• Pinterest https://about.pinterest.com/en/privacy-policy.

 

Google fonts

We incorporate the fonts (“Google Fonts”) provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

 

Using GoogleMaps

We use Google Inc.’s Embed Google Maps feature on our website (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”).

The feature allows the visual display of geographic information and interactive maps.

In doing so, Google also collects, processes and uses data from the visitors to the pages in which GoogleMaps maps are integrated. For more information about Google’s collection and use of data, please see the Google Privacy Policy at https://www.google.com/privacypolicy.html, There you can also change your settings in the privacy center so that you can manage and protect your data processed by Google.

If necessary, your data will also be transmitted to the USA. There is an adequacy decision by the European Commission for data transfers to the US.

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, based on Art. 6 (1) of the GDPR.

To do this, you must turn off the JavaScript application in your browser. We point out, however, that in this case you may not be able to use all functions of this website, such as the interactive map display, in full.