privacy policy

Privacy policy

1. Privacy policy at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data are all data with which you can be personally identified. Detailed information on the subject of data protection can be found in our data protection declaration listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the section “Information on the responsible office” in this data protection declaration.

How do we collect your data?

On the one hand, your data is collected when you communicate it to us. This can be, for. E.g. data that you enter in a contact form.

Other data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g. internet browser, operating system or time of the page was viewed). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected in order to ensure that the website is error-free. Other data can be used to analyze your user behavior.

What rights do you have with regard to your data?

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request that the processing of your personal data be restricted under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time with regard to this and other questions on the subject of data protection.

Third-party analytics and tools

When you visit this website, your surfing behavior can be statistically evaluated. This is done mainly with so-called analysis programs.

Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting

External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit.b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art . 1 lit.f GDPR).

Our host will only process your data to the extent that this is necessary to fulfill its performance obligations and follow our instructions with regard to this data.

We use the following hoster:

Strato AG
Otto-Ostrowski-Straße 7
10249 Berlin
Deutschland

Order processing

We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Cloudflare privacy policy

We use Cloudflare from Cloudflare, Inc. on this website. (101 Townsend St., San Francisco, CA 94107, USA) to make our website faster and more secure. Cloudflare uses cookies and processes user data. Cloudflare, Inc. is an American company that provides a content delivery network and various security services. These services are located between the user and our hosting provider and act as a reverse proxy for websites. What this all means exactly, we will try to explain in more detail below.

What is Cloudflare?

A Content Delivery Network (CDN), like the one provided by Cloudflare, is nothing more than a network of servers connected over the Internet. Cloudflare has distributed such servers all over the world to bring websites to your screen faster. Simply put, Cloudflare creates copies of our website and places them on their own servers. Now, when you visit our website, a system of load balancing ensures that the largest portions of our website are delivered from the server that can show you our website the fastest. The distance of data transfer to your browser is significantly shortened by a CDN. Thus, the content of our website will be delivered to you by Cloudflare not only from our hosting server, but from servers all over the world. The use of Cloudflare will be especially helpful for users from abroad, as here the site can be delivered from a server nearby. Apart from fast website delivery, Cloudflare also offers various security services, such as DDoS protection or web application firewall.

Why we use Cloudflare on our website?

Of course we want to offer you the best possible service with our website. Cloudflare helps us to make our website faster and more secure. Cloudflare provides us with web optimizations as well as security services, such as DDoS protection and web firewall. This also includes a reverse proxy and content distribution network (CDN). Cloudflare blocks threats and limits abusive bots and crawlers that waste our bandwidth and server resources. By storing our website on local data centers and blocking spam software, Cloudflare enables us to reduce our bandwidth usage by about 60%. Serving content through a data center near you and some web optimizations performed there reduces the average website load time by about half. The “I’m Under Attack Mode” setting can mitigate further attacks, according to Cloudflare, by displaying a JavaScript computational task to solve before a user can access a web page. Overall, this makes our website much more powerful and less vulnerable to spam or other attacks.

What data is stored by Cloudflare?

Cloudflare generally forwards only those data that are controlled by website operators. The content is therefore not determined by Cloudflare, but always by the website operator itself. In addition, Cloudflare may collect certain information about the use of our website and process data that is sent by us or for which Cloudflare has received appropriate instructions. In most cases, Cloudflare receives data such as contact information, IP addresses, security fingerprints, DNS log data, and website performance data derived from browser activity. Log data helps Cloudflare detect new threats, for example. This allows Cloudflare to ensure a high level of security protection for our website. Cloudflare processes this data as part of the services in compliance with applicable laws. This of course also includes the German Data Protection Regulation (DSGVO).

For security reasons, Cloudflare also uses a cookie. The cookie (__cfduid) is used to identify individual users behind a shared IP address and apply security settings for each individual user. This cookie becomes very useful, for example, when you use our website from a location where there are a number of infected computers. However, if your computer is trustworthy, we can recognize this from the cookie. Thus, despite infected PCs in the vicinity, you can surf our website unhindered. It is also important to know that this cookie does not store any personal data. This cookie is absolutely necessary for the Cloudflare security features and cannot be disabled.

Cookies from Cloudflare

__cfduid
Expiration time: 1 year
Usage: security settings for each individual visitor
Exemplary value: d798bf7df9c1ad5b7583eda5cc5e78311141511
Cloudflare also works with third party service providers. These may only process personal data under the instruction of Cloudflare and in accordance with the privacy policy and other confidentiality and security measures. Cloudflare does not share personal data without explicit consent from us.

How long and where is the data stored?

Cloudflare stores your information primarily in the United States and the European Economic Area. Cloudflare can transfer and access the information described above from all over the world. In general, Cloudflare stores user-level data for domains in Free, Pro, and Business versions for less than 24 hours. For Enterprise domains that have Cloudflare Logs (formerly Enterprise LogShare or ELS) enabled, data can be stored for up to 7 days. However, if IP addresses trigger security alerts at Cloudflare, there may be exceptions to the above retention period.

How can I delete my data or prevent data storage?

Cloudflare keeps data logs only as long as necessary and this data is also deleted within 24 hours in most cases. Cloudflare also does not store any personal data, such as your IP address. However, there is information that Cloudflare stores indefinitely as part of its permanent logs in order to improve the overall performance of Cloudflare Resolver and to identify any security risks. You can read about exactly what permanent logs are stored at https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/All data that Cloudflare collects (temporary or permanent) is cleansed of all personal data. All permanent logs are also anonymized by Cloudflare.

Cloudflare addresses in their privacy policy that they are not responsible for the content they receive. For example, when you ask Cloudflare to update or delete your content, Cloudflare generally refers you to us as the website operator. You can also completely prevent Cloudflare from collecting and processing all of your data by disabling the execution of script code in your browser or by installing a script blocker in your browser.

Cloudflare is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information about this on https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0.
You can find more information about data protection at Cloudflare on https://www.cloudflare.com/de-de/privacypolicy/

3. general notes and mandatory information

Privacy Policy

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This data protection declaration explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

Note on the responsible body

The responsible body for data processing on this website is:

wine in motion GmbH
Kellerweg 4
D-84494 Neumarkt – Sankt Veit

Phone: +49 (0) 8639 420 98 66
E-Mail: info@cellardoor24.com

The responsible body is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage period

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. Therefore, it cannot be ruled out that U.S. authorities (e.g. intelligence agencies) may process, evaluate and permanently store your data located on U.S. servers for monitoring purposes. We have no influence on these processing activities.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

Right to object to the collection of data in special cases and to direct advertising (Art. 21 GDPR)

IF THE DATA PROCESSING BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR SPECIAL SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.THE RELEVANT LEGAL BASIS ON WHICH PROCESSING IS BASED ON THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN PROVIDE COMPULSORY REASONS FOR PROCESSING THAT OWN YOUR INTEREST, EXECUTE OR OVERVIEW THE RIGHTS OBJECTION ACCORDING TO ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED IN ORDER TO OPERATE DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT IN CONNECTION WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION ACCORDING TO ART. 21 (2) GDPR).

Right of complaint to the competent supervisory authority

In the event of violations of the GDPR, the data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done if it is technically feasible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If there is an obligation to provide us with your payment data (e.g. account number for direct debit authorization) after the conclusion of a fee-based contract, this data is required for payment processing.

Payment transactions using common means of payment (Visa / MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.

With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

Information, deletion and correction

Within the framework of the applicable statutory provisions, you have the right to free information about your stored personal data, their origin and recipient and the purpose of the data processing and, if necessary, a right to correct or delete this data. You can contact us at any time with regard to this and other questions on the subject of personal data.

Right to restriction of processing

You have the right to request that the processing of your personal data be restricted. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the test, you have the right to request that the processing of your personal data be restricted.
If the processing of your personal data happened / happens unlawfully, you can request the restriction of the data processing instead of the deletion.
If we no longer need your personal data, but you need them to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of being deleted.
If you have filed an objection according to Art. 21 Para. 1 GDPR, a balance must be made between your and our interests. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest processed by the European Union or a member state.

Objection to advertising e-mails

The use of contact data published within the framework of the imprint obligation for the transmission of advertising and information material not expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

4. Data collection on this website

Cookies

Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.

What exactly are cookies?

Whenever you browse the Internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, effectively the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the “user-related” information back to our site. Thanks to cookies, our site knows who you are and offers you your usual default setting. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. Also, the expiration time of a cookie varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other “pests”. Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga
Expiration time: 2 years
Usage: differentiation of website visitors
Exemplary value: GA1.2.1326744211.152311141511
A browser should support the following minimum sizes:

A cookie should be able to contain at least 4096 bytes
At least 50 cookies should be able to be stored per domain
A total of at least 3000 cookies should be able to be stored

What are the different types of cookies?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

We can distinguish 4 types of cookies:

Absolutely necessary cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues surfing on other pages and later goes to the checkout. Through these cookies, the shopping cart is not deleted even if the user closes his browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behavior of the website with different browsers.

Targeting cookies
These cookies provide a better user experience. For example, entered locations, font sizes or form data are stored.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very convenient, but also very annoying.

Usually, when you visit a website for the first time, you are asked which of these cookie types you want to allow. And, of course, this decision is also stored in a cookie.

How can I delete cookies?

How and whether you want to use cookies, you decide. Regardless of which service or website the cookies come from, you always have the option to delete, only partially allow or disable cookies. For example, you can block third-party cookies, but allow all other cookies.

If you want to determine which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you do not want to have cookies in principle, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser. The best way is to search the instructions in Google with the search term “delete cookies Chrome” or “disable cookies Chrome” in case of a Chrome browser or exchange the word “Chrome” for the name of your browser, e.g. Edge, Firefox, Safari.

What about my privacy?

The so-called “Cookie Guidelines” have been in place since 2009. These state that the storage of cookies requires the consent of the website visitor (i.e. you). Within the EU countries, however, there are still very different reactions to these guidelines. In Germany, the Cookie Directives have not been implemented as national law. Instead, this directive was largely implemented in Section 15 (3) of the German Telemedia Act (TMG).

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Internet Engineering Task Force (IETF) Request for Comments called “HTTP State Management Mechanism”.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version
operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

This data will not be merged with other data sources.

This data is collected on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website – the server log files must be recorded for this.

contact form

If you send us inquiries using the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the request and in case of follow-up questions. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was queried.

The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Inquiries by email, phone or fax

If you contact us by e-mail, telephone or fax, your request, including all personal data derived from it (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Registration on this website

You can register on this website in order to use additional functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be given in full. Otherwise we will refuse the registration.

For important changes, for example in the scope of the offer or for technically necessary changes, we use the e-mail address given during registration to inform you in this way.

The processing of the data entered during the registration takes place for the purpose of the implementation of the usage relationship established by the registration and, if necessary, for the initiation of further contracts (Art. 6 Abs. 1 lit. b GDPR).

The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.

5. analysis tools and advertising

Google Maps Privacy Policy

We use Google Maps from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. Google Maps allows us to better visualize locations and thus improve our service. By using Google Maps, data is transmitted to Google and stored on Google servers. Here we will now go into more detail about what Google Maps is, why we use this Google service, what data is stored and how you can prevent this.

What is Google Maps?

Google Maps is an online mapping service of the company Google Inc. With Google Maps you can search for exact locations of cities, sights, accommodations or companies on the Internet via a PC or via an app. If companies are represented on Google My Business, other information about the company is displayed in addition to the location. To show how to get there, map sections of a location can be integrated into a website via HTML code. Google Maps displays the earth’s surface as a street map or as an aerial or satellite image. Thanks to the Street View images and the high-quality satellite images, very accurate representations are possible.

Why do we use Google Maps on our website?

All our efforts on this site are aimed at providing you with a useful and meaningful time on our website. By integrating Google Maps, we can provide you with the most important information about various locations. Thanks to Google Maps you can see at a glance where we are located. The directions always show you the best or fastest way to us. You can get the directions for routes by car, public transport, on foot or by bike. For us, providing Google Maps is part of our customer service.

What data is stored by Google Maps?

In order for Google Maps to fully offer its service, the company must record and store data from you. This includes the search terms entered, your IP address and the latitude and longitude coordinates. If you use the route planner function, the start address entered is also stored. However, this data storage happens on the websites of Google Maps. We can only inform you about this, but have no influence. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google uses this data primarily to optimize its own services and to provide individual, personalized advertising for you.

The following cookie is set in your browser due to the integration of Google Maps:

Name: NID
Expiry time: after 6 months
Usage: NID is used by Google to customize ads to your Google searches. With the help of the cookie, Google “remembers” your most frequently entered search queries or your previous interaction with ads. This way, you will always get tailored ads. The cookie contains a unique ID that Google uses to collect personal settings of the user for advertising purposes.
Example value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ311141511

Note We can not guarantee the completeness of the stored data. Especially when using cookies, changes at Google can never be ruled out. To identify the cookie NID, a separate test page was created, where only Google Maps was integrated.

How long and where is the data stored?

Google servers are located in data centers around the world. However, most servers are located in America. For this reason, your data is also increasingly stored in the USA. Here you can read exactly where the Google data centers are located: https://www.google.com/about/datacenters/inside/locations/?hl=de

Google distributes the data on different data carriers. This means that the data can be retrieved more quickly and is better protected against any attempts at manipulation. Each data center also has special emergency programs. For example, if there are problems with Google’s hardware or a natural disaster affects the servers, the data is still very likely to remain protected.

Google stores some data for a set period of time. For other data, Google only offers the option to delete it manually. Furthermore, the company also anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 and 18 months, respectively.

How can I delete my data or prevent data storage?

With the automatic deletion of location and activity data introduced in 2019, location and web/app activity information will be stored for either 3 or 18 months – depending on your decision – and then deleted. In addition, you can also manually delete this data from your history at any time via your Google account. If you want to completely prevent your location tracking, you need to pause the “Web and App Activity” section in Google Account. Click “Data and personalization” and then click the “Activity setting” option. Here you can turn the activities on or off.

In your browser, you can also deactivate, delete or manage individual cookies. Depending on which browser you use, this works in different ways. The following instructions show how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set your browser so that it always informs you when a cookie is to be set. This way, you can decide for each individual cookie whether you allow it or not.

Google is an active participant in the EU-U.S. Privacy Shield Framework, which governs the accurate and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.If you would like to learn more about Google’s data processing, we recommend that you read the company’s own privacy policy at https://policies.google.com/privacy?hl=de.

Google Analytics Privacy Policy

We use the analysis tracking tool Google Analytics (GA) of the American company Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. Google Analytics collects data about your actions on our website. For example, when you click on a link, this action is stored in a cookie and sent to Google Analytics. Using the reports we receive from Google Analytics, we can better tailor our website and service to your preferences. In the following, we will go into more detail about the tracking tool and, in particular, inform you about what data is stored and how you can prevent this.

What is Google Analytics?

Google Analytics is a tracking tool used for traffic analysis of our website. For Google Analytics to work, a tracking code is built into the code of our website. When you visit our website, this code records various actions you take on our website. Once you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and we receive reports about your user behavior. These reports may include, but are not limited to, the following:

Target group reports: Through target group reports, we get to know our users better and know more precisely who is interested in our service.

Ad reports: Ad reports make it easier for us to analyze and improve our online advertising.

Acquisition reports: Acquisition reports give us helpful information on how to get more people excited about our service.
Behavior Reports: This is where we learn how you interact with our website. We can track which path you take on our site and which links you click.

Conversion reports: Conversion is the name given to a process in which you perform a desired action as a result of a marketing message. For example, when you go from being just a website visitor to a buyer or newsletter subscriber. These reports help us learn more about how our marketing efforts are working for you. This is how we aim to increase our conversion rate.

Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are reading this text.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically evaluated data shows us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it is found more easily by interested people on Google. On the other hand, the data helps us to better understand you as a visitor. Thus, we know very well what we need to improve on our website in order to provide you with the best possible service. The data also helps us to carry out our advertising and marketing measures in a more individual and cost-effective way. After all, it only makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?

Google Analytics uses a tracking code to create a random, unique ID associated with your browser cookie. This is how Google Analytics recognizes you as a new user. The next time you visit our site, you will be recognized as a “returning” user. All collected data is stored together with this user ID. This is how it is possible to evaluate pseudonymous user profiles in the first place.

Identifiers such as cookies and app instance IDs measure your interactions on our website. Interactions are all types of actions you take on our website. If you also use other Google systems (such as a Google account), data generated through Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. Exceptions may occur if required by law.

The following cookies are used by Google Analytics:

Name: _ga
Value:2.1326744211.152311141511-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Basically, it is used to distinguish the website visitors.
Expiration date: after 2 years

Name: _gid
Value:2.1687193234.152311141511-1
Purpose: The cookie is also used to distinguish the website visitors
Expiration date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to lower the request rate. When Google Analytics is deployed via Google Tag Manager, this cookie is named _dc_gtm_ <property-id>.
Expiration date: after 1 Minute

Name: AMP_TOKEN
Value: no data
Purpose: The cookie has a token that can be used to retrieve a user ID from the AMP client ID service. Other possible values indicate a logout, a request, or an error.
Expiration date: after 30 seconds up to one year

Name: __utma
Value:1564498958.1564498958.1564498958.1
Purpose: This cookie can be used to track your behavior on the website and measure its performance. The cookie is updated every time information is sent to Google Analytics.
Expiration date: After 2 years

Name: __utmt
Value: 1
Purpose: The cookie is used like _gat_gtag_UA_<property-id> to throttle the request rate.
Expiration date: after 10 minutes

Name: __utmb
Value:3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated every time new data or info is sent to Google Analytics.
Expiration date: after 30 minutes

Name: __utmc
Value: 167421564
Purpose: This cookie is used to set new sessions for returning visitors. This is a session cookie and is only stored until you close the browser again.
Expiration date: After closing the browser

Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: The cookie is used to identify the source of traffic to our website. That is, the cookie stores from where you came to our website. This may have been another page or an advertisement.
Expiration date: After 6 months

Name: __utmv
Value: not specified
Purpose: The cookie is used to store custom user data. It is updated whenever information is sent to Google Analytics.
Expiration date: After 2 years

Note: This list cannot claim to be complete, as Google also changes the choice of its cookies time and again.

Here we show you an overview of the most important data collected with Google Analytics:

Heatmaps: Google creates so-called heatmaps. Via heatmaps you can see exactly those areas that you click on. This way we get information where you are “on the road” on our site.

Session duration: Google defines session duration as the time you spend on our site without leaving. If you have been inactive for 20 minutes, the session ends automatically.

Bouncerate: Bounce is when you view only one page on our website and then leave our website again.

Account creation: When you create an account or place an order on our website, Google Analytics collects this data.

IP-Address: The IP address is only shown in abbreviated form so that no clear assignment is possible.

Location: The IP address can be used to determine the country and your approximate location. This process is also called IP location determination.

Technical information: Technical information may include your browser type, Internet service provider, or screen resolution.

Source of origin: Google Analytics or, of course, we are also interested in which website or which advertisement you came to our site from.

Other data include contact details, any ratings, playing media (e.g., when you play a video via our site), sharing content via social media, or adding to your favorites. The enumeration does not claim to be complete and only serves as a general orientation of the data storage by Google Analytics.

How long and where is the data stored?

Google has its servers spread all over the world. Most servers are located in America and consequently your data is mostly stored on American servers. Here you can read exactly where Google’s data centers are located: https://www.google.com/about/datacenters/inside/locations/?hl=de

Your data is distributed on different physical data carriers. This has the advantage that the data can be retrieved more quickly and is better protected against manipulation. In every Google data center, there are corresponding emergency programs for your data. If, for example, the hardware at Google fails or natural disasters paralyze servers, the risk of a service interruption at Google still remains low.

By default, Google Analytics sets a retention period of 26 months for your user data. Then your user data is deleted. However, we have the option to choose the retention period of user data ourselves. There are five variants available to us for this purpose:

Deletion after 14 months
Deletion after 26 months
Deletion after 38 months
Deletion after 50 months
No automatic deletion

Once the specified period has expired, the data is deleted once a month. This retention period applies to your data associated with cookies, user recognition and advertising IDs (e.g. DoubleClick domain cookies). Reporting results are based on aggregated data and are stored separately from user data. Aggregated data is a merging of individual data into a larger unit.

How can I delete my data or prevent data storage?

Under European Union data protection law, you have the right to obtain information about your data, update it, delete it, or restrict it. Using the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js), you can prevent Google Analytics from using your data. You can download the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=dePlease note that this add-on only disables data collection by Google Analytics.

If you generally want to disable, delete or manage cookies (independently of Google Analytics), there are separate instructions for each browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

Google Analytics is an active participant in the EU-U.S. Privacy Shield Framework, which governs the accurate and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=311141511.We hope we have been able to provide you with the most important information about Google Analytics data processing. If you want to learn more about the tracking service, we recommend these two links: http://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de.

Google Analytics IP anonymization

We have implemented Google Analytics IP address anonymization on this website. This feature was developed by Google to enable this website to comply with applicable data protection regulations and recommendations of local data protection authorities when they prohibit storage of the full IP address. The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data takes place.

You can find more information about IP anonymization on https://support.google.com/analytics/answer/2763052?hl=de.

Google Analytics reports on demographic characteristics and interests

We have turned on the advertising reports features in Google Analytics. The demographic and interest reports contain information on age, gender and interests. This allows us – without being able to assign this data to individual persons – to get a better picture of our users. You can learn more about the advertising functions on https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can control and end the use of your Google Account activities and information under “Advertising Settings” on https://adssettings.google.com/authenticated via checkbox.

Google Analytics deactivation link

If you click on the following deactivation link you can prevent Google from collecting further visits to this website. Attention: Deleting cookies, using the incognito/private mode of your browser, or using a different browser will result in data being collected again.

[google_analytics_optout]Deactivate Google Analytics[/google_analytics_optout]

Google Analytics Data Processing Addendum

We have entered into a direct customer agreement with Google for the use of Google Analytics by accepting the “Data Processing Addendum” in Google Analytics.

You can find out more about the data processing addendum for Google Analytics here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad

Google Analytics Google Signals Privacy Policy

We have enabled Google signals in Google Analytics. This updates existing Google Analytics features (advertising reports, remarketing, cross-device reports, and interest and demographic reports) to obtain aggregated and anonymized data from you, provided you have allowed personalized ads in your Google account.

The special thing about this is that it is cross-device tracking. That means your data can be analyzed across devices. By activating Google signals, data is collected and linked to the Google account. Google can thus recognize, for example, if you view a product on our website via a smartphone and only buy the product later via a laptop. Thanks to the activation of Google signals, we can launch cross-device remarketing campaigns that would otherwise not be possible in this form. Remarketing means that we can also show you our offer on other websites.

Google Analytics also collects other visitor data such as location, search history, YouTube history, and data about your actions on our website through Google signals. This gives us better advertising reports from Google and more useful information about your interests and demographics. This includes your age, what language you speak, where you live, or what gender you are. Furthermore, social criteria such as your profession, your marital status or your income are also added. All these characteristics help Google Analytics to define groups of people or target groups.

The reports also help us to better assess your behavior, wishes and interests. This allows us to optimize and adapt our services and products for you. By default, this data expires after 26 months. Please note that this data collection only occurs if you have allowed personalized advertising in your Google account. This is always aggregated and anonymous data and never individual person data. In your Google account, you can manage this data or delete it.

Google Ads (Google AdWords) Conversion Tracking Privacy Policy

We use Google Ads (formerly Google AdWords) as an online marketing measure to promote our products, offers and services. In this way, we want to draw more people’s attention to the high quality of our offerings on the Internet. As part of our advertising measures through Google Ads, we use the conversion tracking of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) on our website. With the help of this free tracking tool, we can adapt our advertising offer to your interests and needs much better. In the following article, we will go into more detail about why we use conversion tracking, what data is stored in the process, and how you can prevent this data storage.

The legal basis for the use of Google Ads conversion tracking is Article 6 (1) f (lawfulness of processing), because there is a legitimate interest to carry out targeted advertising measures.

What is Google Ads conversion tracking?

Google Ads (formerly Google AdWords) is the in-house online advertising system of Google LLC. We can create online ads through Google Ads to introduce interested people to our products or services. We are convinced of the quality of our offer and want as many people as possible to get to know our website. In the online sector, Google Ads offers the best platform for this. Of course, we also want to get an accurate overview of the cost-benefit factor of our advertising campaigns. That’s why we use the conversion tracking tool from Google Ads.

But what is a conversion actually? A conversion occurs when you go from being a purely interested website visitor to an active visitor. This happens whenever you click on our ad and subsequently perform another action, such as visiting our website. With Google’s conversion tracking tool, we record what happens after a user clicks on our Google Ads ad. For example, we can see whether products are purchased, services are used or whether users have signed up for our newsletter.

Why do we use Google Ads conversion tracking on our website?

We use Google Ads to draw attention to our offer on other websites as well. The goal is to ensure that our advertising campaigns reach only those people who are interested in our products and services. With the conversion tracking tool we can see which keywords, ads, ad groups and campaigns lead to the desired customer actions. We see how many customers interact with our ads on a device or in a browser and then make a conversion. This data allows us to calculate our cost-benefit factor, measure the success of individual advertising measures, and consequently optimize our online marketing efforts. We can also use the data obtained to make our website more interesting for you and adapt our advertising offer even more individually to your needs.

What data is stored with Google Ads conversion tracking?

We have included a conversion tracking tag or code snippet on our website to better analyze certain user actions. If you now click on one of our Google Ads ads, the cookie “Conversion” is stored on your computer (mostly in the browser) or mobile device by a Google domain. Cookies are small text files that store information on your computer.

Here are the data of the most important cookies for conversion tracking by Google:

Name: Conversion
Expiration time: after 3 months
Example value: EhMI_aySuoyv4gIVled3Ch0llweVGAEgt-mr6aXd7dYlSAGQ311141511

Name: _gac
Expiration date: After 3 months
Example value: 1.1558695989.EAIaIQobChMIiOmEgYO04gIVj5AYCh2CBAPrEAAYASAAEgIYQfD_BwE

Note: The cookie _gac only appears in connection with Google Analytics. The above list is not exhaustive, as Google also uses other cookies for analytical purposes.

As soon as you complete an action on our website, Google recognizes the cookie and saves your action as a so-called conversion. As long as you surf our website and the cookie has not yet expired, we and Google recognize that you have found us via our Google Ads ad. The cookie is read and sent back to Google Ads with the conversion data. It is also possible that other cookies are used to measure conversions. The conversion tracking of Google Ads can be further refined and improved with the help of Google Analytics. For ads that Google displays in various locations on the web, cookies named “__gads” or “_gac” may be set under our domain. Since September 2017, various campaign information from analytics.js is stored with the _gac cookie. The cookie stores this data as soon as you visit one of our pages for which the automatic tagging of Google Ads has been set up. Unlike cookies set for Google domains, Google can only read these conversion cookies when you are on our website. We do not collect or receive any personally identifiable information. We receive a report from Google with statistical evaluations. For example, we learn the total number of users who clicked on our ad and we see how well which advertising measure was received.

How long and where is the data stored?

At this point, we would like to point out that we have no influence on how Google uses the data collected by the conversion tracking tool. According to Google, the data is encrypted and stored on secure servers. In most cases, conversion cookies expire after 30 days and do not transmit any personal data. The cookies named “Conversion” and “_gac” (which is used in conjunction with Google Analytics) have an expiration date of 3 months.

How can I delete my data or prevent data storage?

You have the option not to participate in Google Ads conversion tracking. If you deactivate the Google conversion tracking cookie via your browser, you block conversion tracking. In this case, you will not be included in the statistics of the tracking tool. You can change the cookie settings in your browser at any time. For each browser, this works slightly differently. Here you can find the instructions on how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

Through the certification for the American-European data protection agreement “Privacy Shield”, the American company Google LLC must comply with the data protection laws applicable in the EU. If you would like to learn more about data protection at Google, we recommend the general Google privacy policy: https://policies.google.com/privacy?hl=de.

Google Tag Manager Privacy Policy

For our website we use the Google Tag Manager of the company Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). This tag manager is one of many helpful marketing products from Google. Through the Google Tag Manager, we can centrally incorporate and manage code sections from various tracking tools that we use on our website.

In this privacy policy, we want to explain in more detail what Google Tag Manager does, why we use it, and in what form data is processed.

What is Google Tag Manager?

Google Tag Manager is an organizational tool that allows us to include and manage website tags centrally and through a user interface. Tags are small sections of code that, for example, record (track) your activities on our website. For this purpose, JavaScript code sections are inserted into the source code of our page. The tags often come from Google-internal products such as Google Ads or Google Analytics, but tags from other companies can also be included and managed via the manager. Such tags perform different tasks. They can collect browser data, feed marketing tools with data, embed buttons, set cookies and also track users across multiple websites.

Why do we use Google Tag Manager for our website?

As the saying goes: organization is half the battle! And that of course also applies to the maintenance of our website. In order to make our website as good as possible for you and all the people who are interested in our products and services, we need various tracking tools such as Google Analytics. The collected data from these tools show us what you are most interested in, where we can improve our services and which people we should still show our offers to. And for this tracking to work, we need to embed appropriate JavaScript codes into our website. In principle, we could include each code section of each tracking tool separately in our source code. However, this requires quite a lot of time and it’s easy to lose track. That’s why we use the Google Tag Manager. We can easily incorporate the necessary scripts and manage them from one place. Moreover, Google Tag Manager offers an easy-to-use interface and you don’t need any programming skills. This is how we manage to keep order in our tag jungle.

What data is stored by Google Tag Manager?

The Tag Manager itself is a domain that does not set any cookies or store any data. It acts as a mere “manager” of the implemented tags. The data is collected by the individual tags of the different web analytics tools. The data is virtually passed through to the individual tracking tools in the Google Tag Manager and is not stored.

However, the situation is completely different with the embedded tags of the various web analysis tools, such as Google Analytics. Depending on the analysis tool, various data about your web behavior is usually collected, stored and processed with the help of cookies. For this, please read our privacy texts on the individual analysis and tracking tools that we use on our website.

In the Tag Manager account settings, we have allowed Google to receive anonymized data from us. However, this is only the use and usage of our Tag Manager and not your data stored via the code sections. We allow Google and others to receive selected data in anonymized form. We thus consent to the anonymous sharing of our website data. Which summarized and anonymous data is forwarded exactly, we could not find out – despite long research. In any case, Google deletes all information that could identify our website. Google combines the data with hundreds of other anonymous website data and creates user trends as part of benchmarking measures. Benchmarking compares our own results with those of our competitors. Processes can be optimized on the basis of the information collected.

How long and where is the data stored?

When Google stores data, this data is stored on Google’s own servers. The servers are distributed all over the world. Most of them are located in America. At https://www.google.com/about/datacenters/inside/locations/?hl=de you can read exactly where the Google servers are located.

How long the individual tracking tools store data from you can be found in our individual privacy texts for the individual tools.

How can I delete my data or prevent data storage?
The Google Tag Manager itself does not set cookies, but manages tags from various tracking websites. In our privacy texts for the individual tracking tools, you will find detailed information on how to delete or manage your data.

Google is an active participant in the EU-U.S. Privacy Shield Framework, which governs the accurate and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=311141511.If you want to learn more about the Google Tag Manager, we recommend the FAQs at https://www.google.com/intl/de/tagmanager/faq.html.

Google Fonts Privacy Policy

We use Google Fonts from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website.

You do not need to log in or enter a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account information, while using Google Fonts, will be transmitted to Google. Google records the usage of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We’ll look at exactly what the data storage looks like in more detail.

What are Google Fonts?

Google Fonts (formerly Google Web Fonts) is an interactive directory of more than 800 fonts provided by Google LLC for free use.

Many of these fonts are released under the SIL Open Font License, while others are released under the Apache License. Both are free software licenses. Thus, we can use them freely without paying royalties.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our own website and not have to upload them to our own server. Google Fonts is an important component to keep the quality of our website high. All Google Fonts are automatically optimized for the web and this saves data volume and is a big advantage especially for mobile use. When you visit our site, the low file size ensures a fast loading time. Furthermore, Google Fonts are so-called secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can sometimes visually distort texts or entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers ( Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod).

We therefore use the Google Fonts so that we can present our entire online service as beautifully and consistently as possible. According to the Art. 6 para. 1 f lit. F DSGVO, this already constitutes a “legitimate interest” in the processing of personal data. Legitimate interest” in this case means both legal and economic or ideal interests recognized by the legal system.

What data is stored by Google?

When you visit our website, the fonts are reloaded via a Google server. Through this external call, data is transmitted to the Google servers. In this way, Google also recognizes that you or your IP address is visiting our website. The Google Fonts API was developed to reduce the collection, storage, and use of end-user data to what is necessary for efficient font delivery. By the way, API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software sector.

Google Fonts stores CSS and font requests securely at Google and is therefore protected. Through the collected usage figures, Google can determine the popularity of the fonts. Google publishes the results on internal analysis pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites are using Google fonts. This data is published in the Google Fonts BigQuery database. BigQuery is a web service from Google for companies that want to move and analyze large amounts of data.

It should be noted, however, that each Google Font request also automatically transmits information such as IP address, language settings, browser screen resolution, browser version and browser name to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.

How long and where is the data stored?

Google stores requests for CSS assets for one day on your servers, which are mainly located outside the EU. This allows us to use fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to easily and quickly change, for example, the design or font of a web page.

The font files are stored by Google for one year. Google thus pursues the goal of fundamentally improving the loading time of web pages. When millions of web pages reference the same fonts, they are cached after the first visit and immediately reappear on all other web pages visited later. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.

How can I delete my data or prevent data storage?

Data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. To delete this data prematurely, you must contact Google support on https://support.google.com/?hl=de&tid=311141511Data storage you prevent in this case only if you do not visit our site.

Unlike other web fonts, Google allows us unlimited access to all fonts. So we can access an unlimited sea of fonts and get the most out of them for our website. You can find out more about Google Fonts and other issues at https://developers.google.com/fonts/faq?tid=311141511.There, Google addresses privacy-related matters, but really detailed information about data storage is not included. It is relatively difficult (almost impossible) to get really precise information about stored data from Google.

You can also find out which data is generally collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/

6. Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. For the handling of the newsletter we use newsletter service providers, which are described below.

Sendinblue

This website uses Sendinblue to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Sendinblue is a service with which, among other things, the sending of newsletters can be organized and analyzed. The data you enter for the purpose of receiving the newsletter is stored on Sendinblue’s servers in Germany.

Data analysis by Sendinblue

With the help of Sendinblue, it is possible for us to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links, if any, were clicked. In this way, we can determine, among other things, which links were clicked on particularly often.

In addition, we can recognize whether certain predefined actions were performed after opening/clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the newsletter.

Sendinblue also allows us to subdivide (“cluster”) newsletter recipients based on various categories. In doing so, the newsletter recipients can be subdivided according to age, gender or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups.

If you do not want Sendinblue to analyze your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

For detailed information on Sendinblue features, please refer to the following link: https://de.sendinblue.com/newsletter-software/.

Legal basis

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

Storage period

The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

After you have been removed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time.You can object to the storage provided that your interests outweigh our legitimate interests.

For more details, please see Sendinblue’s privacy policy at: https://de.sendinblue.com/datenschutz-uebersicht/.

Order processing

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

7. eCommerce and payment providers

Processing of data (customer and contract data)

We collect, process and use personal data only insofar as they are necessary for the establishment, content or change of the legal relationship (inventory data). This is done on the basis of Art. 6 Para. 1 lit. b GDPR, which allows the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data on the use of this website (usage data) only insofar as this is necessary to enable the user to use the service or to bill.

The customer data collected will be deleted after the order has been completed or the business relationship has ended. Statutory retention periods remain unaffected.

Data transmission at the conclusion of a contract for online stores, merchants and shipment of goods

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the company entrusted with the delivery of the goods or the credit institution commissioned with the processing of payments. A further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, e.g. for advertising purposes.

The basis for data processing is Art. 6 Para. 1 lit. b GDPR, which allows the processing of data for the fulfillment of a contract or pre-contractual measures.

Payment services

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of processing the payment. For these transactions, the respective contract and data protection provisions of the respective providers apply. The use of the payment service providers is based on Art. 6 para. 1 lit. b DSGVO (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f DSGVO). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a DSGVO is the legal basis for data processing; consents can be revoked at any time for the future.

We use the following payment services / payment service providers within the scope of this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

For details, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Paydirekt

The provider of this payment service is Paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany (hereinafter “Paydirekt”). When you make payment using Paydirekt, Paydirekt collects various transaction data and forwards it to the bank with which you are registered with Paydirekt. In addition to the data required for the payment, Paydirekt may collect further data such as delivery address or individual items in the shopping cart as part of the transaction processing. Paydirekt then authenticates the transaction using the authentication procedure stored with the bank for this purpose. The payment amount is then transferred from your account to ours. Neither we nor third parties have access to your account details. For details on payment with Paydirekt, please refer to the General Terms and Conditions and the Privacy Policy of Paydirekt at:https://www.paydirekt.de/agb/index.html.

Sofortüberweisung

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter “Sofort GmbH”). With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfill our obligations. If you have chosen the payment method “Sofortüberweisung”, you transmit the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, it also automatically checks your turnover, the credit line of the overdraft facility and the existence of other accounts and their balances. In addition to the PIN and the TAN, the payment data you have entered as well as data about yourself are also transmitted to Sofort GmbH. The personal data is your first and last name, address, telephone number(s), e-mail address, IP address and, if necessary, other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent fraud attempts. Details on payment with Sofortüberweisung can be found in the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

giropay

The provider of this payment service is paydirekt GmbH, Stephanstraße 14 – 16, 60313 Frankfurt am Main (hereinafter “giropay”).

For details, please refer to the giropay privacy policy: https://www.paydirekt.de/agb/index.html.

American Express

The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter “American Express”).

American Express may transfer data to its parent company in the USA. The data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/.

For more information, please see the American Express privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).

Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).

The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection that corresponds to the level of data protection in the European Union.

VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

For more information, please see VISA’s privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

8. our social media presences

Data processing through social networks

We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.

Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous processing operations relevant to data protection. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) lit. a DSGVO).

Responsible person and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

We have entered into a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies the data processing operations for which we or Facebook is responsible when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

For details, see Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

For details on their handling of your personal data, please refer to Instagram’s privacy policy: https://help.instagram.com/519522125107875.

XING

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on how they handle your personal data, please refer to XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details on their handling of your personal data, please refer to LinkedIn’s 9. privacy policy: https://www.linkedin.com/legal/privacy-policy.