Privacy policy
1) Introduction and contact details of the controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how we handle your personal data when you use our website. Personal data is all data that can be used to personally identify you.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Theodor und Anton Kehler, FAERELLI, Forstweg 1, Haus 2, 14656 Brieselang, Germany, Tel.: +49 171 1603048, e-mail: cs@faerelli.com. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2) Data collection when visiting our website
2.1 When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to the server of the site (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:
- The website visited on our domain
- Date and time at the moment of access
- Amount of data sent in bytes
- Source/referrer from which you reached the page
- Browser used
- Operating system used
- IP address used (where applicable, in anonymised form)
Processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is neither passed on nor used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.
2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the character string “https://” and the lock symbol in your browser bar.
3) Hosting & content delivery network
Shopify
For hosting our website and displaying the site content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”)
Data is also transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
4) Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. Some of these cookies are automatically deleted again after you close the browser (so-called “session cookies”), while others remain on your end device for longer and enable your page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of the cookie settings in your web browser.
If personal data is also processed by individual cookies used by us, the processing takes place either in accordance with Art. 6 (1) (b) GDPR for the performance of a contract, in accordance with Art. 6 (1) (a) GDPR in the event that consent has been given, or in accordance with Art. 6 (1) (f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be restricted.
5) Contact
5.1 Loox
For review reminders we use the services of the following provider: Loox Online Ltd., Rehov Har Sinai 2, 6581602 Tel Aviv-Yafo, Israel
Exclusively on the basis of your express consent in accordance with Art. 6 (1) (a) GDPR, we transmit your e-mail address and, where applicable, further customer data to the provider so that the provider can contact you by e-mail with a review reminder.
You can revoke your consent at any time with effect for the future, either to us or to the provider.
We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.
5.2 Koalendar
To provide an online appointment booking function, we use the services of the following provider: Koalendar LLC, 440 N Barranca Ave #6605, Covina, CA 91723, USA
For the purpose of scheduling appointments, first and last name as well as e-mail address (and, where applicable, the telephone number if a telephone appointment is requested) are collected in accordance with Art. 6 (1) (b) GDPR and transmitted to the provider in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in effective customer management and efficient appointment administration, where they are stored for appointment organisation.
After the appointment has taken place or after the agreed appointment period has expired, your data will be deleted by the provider.
We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.
For the transfer of data to the USA, the provider relies on the European Commission’s standard contractual clauses, which are intended to ensure compliance with the European level of data protection.
5.3 WhatsApp Business
You have the option of contacting us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called “Business version” of WhatsApp.
If you contact us via WhatsApp on the occasion of a specific transaction (for example, an order you have placed), we store and use the mobile phone number you use on WhatsApp and – if provided – your first and last name in accordance with Art. 6 (1) (b) GDPR to process and respond to your request. On the same legal basis, we may ask you via WhatsApp to provide additional data (order number, customer number, address or e-mail address) in order to be able to assign your enquiry to a specific transaction.
If you use our WhatsApp contact for general enquiries (e.g. about our range of services, availability or our online presence), we store and use the mobile phone number you use on WhatsApp and – if provided – your first and last name in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in providing the requested information efficiently and promptly.
Your data will only ever be used to respond to your enquiry via WhatsApp. It will not be passed on to third parties.
Please note that WhatsApp Business has access to the address book of the mobile device we use for this purpose and automatically transfers stored telephone numbers to a server of the parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp Business account, we use a mobile device whose address book only stores the WhatsApp contact data of users who have also contacted us via WhatsApp.
This ensures that every person whose WhatsApp contact data is stored in our address book has already consented, when first using the app on their device, by accepting the WhatsApp terms of use, to the transmission of their WhatsApp telephone number from the address books of their chat contacts in accordance with Art. 6 (1) (a) GDPR. The transmission of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.
For information on the purpose and scope of data collection and the further processing and use of the data by WhatsApp, as well as your rights in this regard and settings options for protecting your privacy, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.
In the context of the processing operations mentioned above, data may be transferred to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
5.4 When you contact us (e.g. via contact form or e-mail), personal data is processed – solely for the purpose of processing and responding to your enquiry and only to the extent necessary for this.
The legal basis for processing this data is our legitimate interest in responding to your enquiry in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
6) Data processing when opening a customer account
In accordance with Art. 6 (1) (b) GDPR, personal data is collected and processed to the extent necessary if you provide it to us when opening a customer account. You can see which data is required to open the account from the input form on our website.
You can delete your customer account at any time by sending a message to the controller at the address given above. After deletion of your customer account, your data will be deleted provided that all contracts concluded via it have been fully processed, there are no statutory retention periods to the contrary and we have no legitimate interest in continued storage.
7) Use of customer data for direct advertising
7.1 Subscribing to our e-mail newsletter
If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address. Providing further data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive newsletters once you have expressly confirmed your consent to receive newsletters by clicking on a verification link sent to the e-mail address provided.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR. In this context, we store your IP address as entered by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter is used strictly for the intended purpose.
You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller named at the beginning. After you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list without delay, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
7.2 Klaviyo
The dispatch of our e-mail newsletters and other promotional e-mail communication is carried out via the following provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA
On the basis of our legitimate interest in effective and user-friendly e-mail marketing, we pass on the data you provided when registering in accordance with Art. 6 (1) (f) GDPR to this provider so that they can handle the e-mail dispatch on our behalf.
Subject to your express consent in accordance with Art. 6 (1) (a) GDPR, the provider also carries out statistical performance analyses of e-mail campaigns using web beacons or tracking pixels in the e-mails sent, which can measure open rates and specific interactions with the content of the newsletter. In doing so, device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data sets.
You can revoke your consent to e-mail tracking at any time with effect for the future.
We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.
For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
7.3 SMS marketing
On our website, you have the option of registering to receive SMS notifications about current offers, promotions and information on orders placed.
The only mandatory information for sending SMS notifications is your mobile phone number. Providing further data is voluntary and is used to address you personally.
For sending SMS messages, the so-called double opt-in procedure is used, which ensures that promotional SMS messages are only sent to you once you have expressly confirmed your consent to receive SMS by clicking on a verification link sent to the mobile phone number provided.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR. When you register for SMS dispatch, the date and time of registration are also stored in order to be able to trace any possible misuse of your mobile phone number at a later date. The data collected during registration is used exclusively for the purpose of promotional contact via SMS messages.
You can unsubscribe from SMS dispatch at any time by sending a corresponding message to the controller named at the beginning and thereby revoke your consent with effect for the future. After you have unsubscribed, your mobile phone number will be deleted from the distribution list without delay, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
7.4 WhatsApp newsletter
If you subscribe to our WhatsApp newsletter, we will regularly send you information about our offers via WhatsApp. The only mandatory information for sending the newsletter is your mobile phone number.
To send the newsletter, you save our mobile phone number provided to you in the address contacts of your mobile device and send us the message “Start” via WhatsApp. By sending this WhatsApp message, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR for the purpose of sending the newsletter. We will then add you to our newsletter distribution list.
The data we collect when you register for the newsletter is used exclusively for the purpose of promotional contact via the newsletter. You can unsubscribe from the newsletter at any time by sending us the message “Stop” via WhatsApp. After you have unsubscribed, your mobile phone number will be deleted from our newsletter distribution list without delay, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
Please note that WhatsApp Business has access to the address book of the mobile device we use for this purpose and automatically transfers stored telephone numbers to a server of the parent company Meta Platforms Inc. in the USA.
For sending our WhatsApp newsletter, we therefore use a mobile device whose address book only stores the WhatsApp contact data of our newsletter recipients. This ensures that every person whose WhatsApp contact data is stored in our address book has already consented, when first using the app on their device, by accepting the WhatsApp terms of use, to the transmission of their WhatsApp telephone number from the address books of their chat contacts in accordance with Art. 6 (1) (a) GDPR. The transmission of data of users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.
For information on the purpose and scope of data collection and the further processing and use of the data by WhatsApp, as well as your rights in this regard and settings options for protecting your privacy, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
We have concluded a data processing agreement with WhatsApp, which protects the data of our newsletter recipients and prohibits disclosure to third parties.
In the context of the processing operations mentioned above, data may be transferred to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
7.5 Product availability notification by e-mail
For items that are temporarily unavailable, you can register to receive e-mail notifications about product availability. In this case, we will send you a one-time e-mail informing you of the availability of the item you have selected. The only mandatory information for sending this notification is your e-mail address. Providing further data is voluntary and may be used to address you personally. For sending the e-mail, we use the so-called double opt-in procedure, which ensures that you only receive a notification once you have expressly confirmed your consent to receive such notifications by clicking on a verification link sent to the e-mail address provided.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR. In this context, we store your IP address as entered by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you register for our e-mail notification service for product availability is used strictly for the intended purpose.
You can unsubscribe from availability notifications at any time by sending a corresponding message to the controller named at the beginning. After you have unsubscribed, your e-mail address will be deleted from our distribution list set up for this purpose without delay, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
7.6 Cart reminders by e-mail
If you abandon your purchase with us before completing the order, you have the option of receiving a one-time reminder of the contents of your virtual shopping cart by e-mail.
The only mandatory information for sending this reminder is your e-mail address. Providing further data is voluntary and may be used to address you personally. For sending the e-mail, we use the so-called double opt-in procedure, which ensures that you only receive a notification once you have expressly confirmed your consent to receive such notifications by clicking on a verification link sent to the e-mail address provided.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR for sending a cart reminder. In this context, we store your IP address as entered by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you register for our e-mail notification service is used strictly for the intended purpose.
You can unsubscribe from cart reminders at any time by sending a corresponding message to the controller named at the beginning. After you have unsubscribed, your e-mail address will be deleted from our distribution list set up for this purpose without delay, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
7.7 Advertising by postal mail
On the basis of our legitimate interest in personalised direct advertising, we reserve the right to store your first and last name, your postal address and – insofar as we have received these additional details from you in the course of the contractual relationship – your title, academic degree, year of birth and your professional, industry or business designation in accordance with Art. 6 (1) (f) GDPR and to use them for sending interesting offers and information about our products by postal mail.
You can object to the storage and use of your data for this purpose at any time by contacting us.
8) Data processing for order handling
8.1 Insofar as this is necessary for contract processing for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) (b) GDPR.
If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact data you provided when placing the order in order to inform you personally about upcoming updates within the scope of our statutory information obligations in accordance with Art. 6 (1) (c) GDPR. Your contact details will be used strictly for the purpose of notifications about updates owed by us and will only be processed by us to the extent necessary for the respective information.
To process your order, we also work with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
8.2 Use of payment service providers (payment services)
- Amazon Pay
One or more online payment methods from the following provider are available on this website: Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg
If you select a payment method from the provider where you pay in advance (such as credit card payment), the payment data you provide during the order process (including name, address, bank and card details, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. Your data will be passed on in this case solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
- Apple Pay
If you choose the “Apple Pay” payment method of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is processed via the “Apple Pay” function of your device running iOS, watchOS or macOS by charging a payment card stored in “Apple Pay”. Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorise a payment, it is therefore necessary to enter a code defined by you in advance and to verify it using the “Face ID” or “Touch ID” function of your device.
For the purpose of payment processing, the information you provide during the order process, together with information about your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay to execute the payment. Encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the success of the payment.
Insofar as personal data is processed in the context of the transfers described, processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.
Apple stores anonymised transaction data, including the approximate purchase amount, the approximate date and time and an indication of whether the transaction was successfully completed. Due to anonymisation, it is not possible to identify individuals. Apple uses the anonymised data to improve “Apple Pay” and other Apple products and services.
If you use Apple Pay on your iPhone or Apple Watch to complete a purchase that you made via Safari on your Mac, the Mac and the authorisation device communicate via an encrypted channel on Apple’s servers. Apple does not process or store any of this information in a form that can be used to identify you. You can disable the option to use Apple Pay on your Mac in the settings of your iPhone. Go to “Wallet & Apple Pay” and deactivate “Allow payments on Mac”.
Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/de-de/HT203027
- giropay
One or more online payment methods from the following provider are available on this website: paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany
If you select a payment method from the provider where you pay in advance (such as credit card payment), the payment data you provide during the order process (including name, address, bank and card details, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. Your data will be passed on in this case solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
- Google Pay
If you choose the “Google Pay” payment method of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment is processed via the “Google Pay” application on your mobile device running at least Android 4.4 (“KitKat”) and equipped with an NFC function by charging a payment card stored in Google Pay or a payment system verified there (e.g. PayPal). To authorise a payment via Google Pay of more than €25, you must first unlock your mobile device using the verification method set up in each case (e.g. facial recognition, password, fingerprint or pattern).
For the purpose of payment processing, the information you provide during the order process, together with information about your order, is transmitted to Google. Google then transmits your payment information stored in Google Pay in the form of a one-time transaction number to the originating website, which is used to verify a successful payment. This transaction number does not contain any information about the actual payment data of your payment methods stored in Google Pay, but is created and transmitted as a one-time valid numerical token. In all transactions via Google Pay, Google acts solely as an intermediary for processing the payment process. The transaction is carried out exclusively in the relationship between the user and the originating website by charging the payment method stored in Google Pay.
Insofar as personal data is processed in the context of the transfers described, processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) (b) GDPR.
Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction carried out via Google Pay. This includes the date, time and amount of the transaction, the merchant’s location and description, a description of the goods or services purchased provided by the merchant, photos you attach to the transaction, the seller’s and buyer’s or sender’s and recipient’s name and e-mail address, the payment method used, your description of the reason for the transaction and, where applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Art. 6 (1) (f) GDPR on the basis of the legitimate interest in proper accounting, verification of transaction data and optimisation and maintenance of the functionality of the Google Pay service.
Google also reserves the right to combine the processed transaction data with other information that is collected and stored by Google when other Google services are used.
The Google Pay terms of use can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection at Google Pay can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Klarna
One or more online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden
If you select a payment method from the provider where you pay in advance (such as credit card payment), the payment data you provide during the order process (including name, address, bank and card details, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. Your data will be passed on in this case solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
If you select a payment method where the provider pays in advance (such as invoice or instalment purchase or direct debit), you will also be asked during the order process to provide certain personal data (first and last name, street, house number, postcode, town/city, date of birth, e-mail address, telephone number and, where applicable, data on an alternative means of payment).
In order to safeguard our legitimate interest in determining the solvency of our customers, this data is forwarded by us to the provider in accordance with Art. 6 (1) (f) GDPR for the purpose of a credit check. On the basis of the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience), the provider checks whether the payment option you have selected can be granted with regard to payment and/or default risks.
For the decision as part of the application check, the provider may also obtain identity and credit information from the following credit agencies in accordance with Art. 6 (1) (f) GDPR, in addition to internal provider criteria:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
- PAYONE
One or more online payment methods from the following provider are available on this website: PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, Germany
If you select a payment method from the provider where you pay in advance (such as credit card payment), the payment data you provide during the order process (including name, address, bank and card details, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. Your data will be passed on in this case solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
- PayPal
One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
If you select a payment method from the provider where you pay in advance, the payment data you provide during the order process (including name, address, bank and card details, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. Your data will be passed on in this case solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
If you select a payment method where we pay in advance, you will also be asked during the order process to provide certain personal data (first and last name, street, house number, postcode, town/city, date of birth, e-mail address, telephone number and, where applicable, data on an alternative means of payment).
In order to safeguard our legitimate interest in determining your solvency in such cases, this data is forwarded by us to the provider in accordance with Art. 6 (1) (f) GDPR for the purpose of a credit check. On the basis of the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience), the provider checks whether the payment option you have selected can be granted with regard to payment and/or default risks.
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
- PayPal Checkout
This website uses PayPal Checkout, an online payment system from PayPal that consists of PayPal’s own payment methods and local payment methods from third-party providers.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “Pay Later” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”) as part of the payment processing. The transfer is carried out in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing.
For the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “Pay Later” via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
If the PayPal payment method “purchase on account” is available and selected, your payment data will first be transmitted to PayPal for the purpose of preparing the payment, after which PayPal will forward it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (“Ratepay”) to execute the payment. The legal basis is Art. 6 (1) (b) GDPR in each case. In this case, Ratepay carries out an identity and credit check in its own name to determine solvency in accordance with the principle already described above and, on the basis of its legitimate interest in determining solvency in accordance with Art. 6 (1) (f) GDPR, passes on your payment data to credit agencies. A list of the credit agencies that Ratepay may use can be found here: https://www.ratepay.com/legal-payment-creditagencies/
When using a local third-party provider’s payment method, your payment data will first be passed on to PayPal in accordance with Art. 6 (1) (b) GDPR for the purpose of preparing the payment. Depending on your selection of an available local payment method, PayPal will then transmit your payment data to the respective provider in accordance with Art. 6 (1) (b) GDPR to execute the payment:
- Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
- iDeal (Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
For further information on data protection, please refer to PayPal’s privacy policy: https://www.paypal.com/de/legalhub/paypal/privacy-full
- Sofortüberweisung (Sofort bank transfer)
One or more online payment methods from the following provider are available on this website: Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden
If you select a payment method from the provider where you pay in advance (such as credit card payment), the payment data you provide during the order process (including name, address, bank and card details, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. Your data will be passed on in this case solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
- Stripe
One or more online payment methods from the following provider are available on this website: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland
If you select a payment method from the provider where you pay in advance (such as credit card payment), the payment data you provide during the order process (including name, address, bank and card details, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. Your data will be passed on in this case solely for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.
If you select a payment method where the provider pays in advance (such as invoice or instalment purchase or direct debit), you will also be asked during the order process to provide certain personal data (first and last name, street, house number, postcode, town/city, date of birth, e-mail address, telephone number and, where applicable, data on an alternative means of payment).
In order to safeguard our legitimate interest in determining the solvency of our customers, this data is forwarded by us to the provider in accordance with Art. 6 (1) (f) GDPR for the purpose of a credit check. On the basis of the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience), the provider checks whether the payment option you have selected can be granted with regard to payment and/or default risks.
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values.
You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.
9) Retargeting/remarketing and conversion tracking
9.1 Meta Pixel
Within our online offering, we use the “Meta Pixel” service of the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”)
If a user clicks on an ad placed by us on Facebook and/or Instagram, the URL of our linked page is extended by a parameter using “Meta Pixel”. This URL parameter is then entered into the user’s browser via a cookie that our linked page sets itself after redirection.
This enables Meta, on the one hand, to determine the visitors to our online offering as a target group for the display of ads (“ads”). Accordingly, we use the service to display the Facebook and/or Instagram ads we place only to those users who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interest in certain topics or products determined on the basis of the websites visited) that we transmit to Meta (“Custom Audiences”).
On the other hand, “Meta Pixel” can be used to track whether users were redirected to our website after clicking on an ad and what actions they take there (“conversion tracking”).
The data collected is anonymous to us and therefore does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes.
All processing described above, in particular the setting of cookies for reading information on the end device used, is only carried out if you have given us your express consent to do so in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.
We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.
The information generated by Meta is usually transmitted to a Meta server and stored there; in this context, data may also be transferred to servers of Meta Platforms Inc. in the USA.
For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
9.2 Google Ads conversion tracking
This website uses the online advertising program “Google Ads” and, within the framework of Google Ads, conversion tracking by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use the services of Google Ads to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google AdWords). In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We pursue the aim of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of the advertising costs incurred.
The cookie for conversion tracking is set when a user clicks on an ad placed by Google. Cookies are small text files that are stored on your end device. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user has clicked on the ad and has been redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across the websites of Google Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. In the context of the use of Google Ads, personal data may also be transmitted to the servers of Google LLC in the USA.
Details on the processing triggered by Google Ads conversion tracking and on how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites
All processing described above, in particular the setting of cookies for reading information on the end device used, is only carried out if you have given us your express consent to do so in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.
You can also permanently object to the setting of cookies by Google Ads conversion tracking by downloading and installing the browser plug-in from Google available at the following link:
https://support.google.com/My-Ad-Center-Help/answer/12155656?hl=de
Please note that certain functions of this website may not be available or may only be available to a limited extent if you have deactivated the use of cookies.
Google’s privacy policies can be viewed here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/
For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
10) Site functionalities
10.1 Facebook plugins
Plugins of the social network of the following provider are used on our website: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
These plugins enable direct interaction with content on the social network.
To increase the protection of your data when you visit our website, the plugins are initially deactivated and integrated into the page using the so-called “2-click” or “Shariff” solution.
This integration ensures that when you access a page of our website that contains such plugins, no connection is yet established with the provider’s servers.
Only when you activate the plugins and thereby give your consent to data transfer in accordance with Art. 6 (1) (a) GDPR does your browser establish a direct connection to the provider’s servers. In this process, information about your end device (including your IP address), your browser and your page history is transmitted to the provider and may be further processed there, regardless of whether you are logged into an existing user profile.
If you are logged into an existing user profile on the provider’s social network, information about interactions carried out via the plugins is also published there and displayed to your contacts.
You can revoke your consent at any time by deactivating the activated plugin again by clicking on it. However, the revocation has no effect on data that has already been transmitted to the provider.
Data may also be transmitted to: Meta Platforms Inc., USA
We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
10.2 Instagram plugins
Plugins of the social network of the following provider are used on our website: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
These plugins enable direct interaction with content on the social network.
To increase the protection of your data when you visit our website, the plugins are initially deactivated and integrated into the page using the so-called “2-click” or “Shariff” solution.
This integration ensures that when you access a page of our website that contains such plugins, no connection is yet established with the provider’s servers.
Only when you activate the plugins and thereby give your consent to data transfer in accordance with Art. 6 (1) (a) GDPR does your browser establish a direct connection to the provider’s servers. In this process, information about your end device (including your IP address), your browser and your page history is transmitted to the provider and may be further processed there, regardless of whether you are logged into an existing user profile.
If you are logged into an existing user profile on the provider’s social network, information about interactions carried out via the plugins is also published there and displayed to your contacts.
You can revoke your consent at any time by deactivating the activated plugin again by clicking on it. However, the revocation has no effect on data that has already been transmitted to the provider.
Data may also be transmitted to: Meta Platforms Inc., USA
We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
10.3 X plugins
Plugins of the social network of the following provider are used on our website: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
These plugins enable direct interaction with content on the social network.
To increase the protection of your data when you visit our website, the plugins are initially deactivated and integrated into the page using the so-called “2-click” or “Shariff” solution.
This integration ensures that when you access a page of our website that contains such plugins, no connection is yet established with the provider’s servers.
Only when you activate the plugins and thereby give your consent to data transfer in accordance with Art. 6 (1) (a) GDPR does your browser establish a direct connection to the provider’s servers. In this process, information about your end device (including your IP address), your browser and your page history is transmitted to the provider and may be further processed there, regardless of whether you are logged into an existing user profile.
If you are logged into an existing user profile on the provider’s social network, information about interactions carried out via the plugins is also published there and displayed to your contacts.
You can revoke your consent at any time by deactivating the activated plugin again by clicking on it. However, the revocation has no effect on data that has already been transmitted to the provider.
Data may also be transmitted to: X Corp., USA
We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.
For the transfer of data to the USA, the provider relies on the European Commission’s standard contractual clauses, which are intended to ensure compliance with the European level of data protection.
10.4 YouTube
This website uses plugins to display and play videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data may also be transmitted to: Google LLC, USA
When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the provider’s servers at the latest when video playback is started in order to load the content. In this process, certain information, including your IP address, is transmitted to the provider.
When playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behaviour, compile playback statistics and prevent abusive behaviour.
If you are logged into a user account with the provider during your visit to the site, your data will be directly assigned to your account when you click on a video. If you do not want the data to be assigned to your account, you must log out before clicking the play button.
All processing described above, in particular the setting of cookies for reading information on the end device used, is only carried out if you have given us your express consent to do so in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “cookie consent tool” provided on the website.
For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
10.5 Google Maps
This website uses an online map service from the following provider: Google Maps (API) by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google Maps is a web service for displaying interactive (land) maps in order to visually present geographical information. By using this service, our location is displayed to you and any journey to us is made easier.
As soon as you access the subpages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google’s servers and stored there; this may also involve transmission to the servers of Google LLC in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged into Google, your data will be directly assigned to your account. If you do not want your data to be assigned to your profile with Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.
Collection, storage and evaluation are carried out in accordance with Art. 6 (1) (f) GDPR on the basis of Google’s legitimate interest in displaying personalised advertising, market research and/or the needs-based design of Google websites. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by deactivating the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used.
Where legally required, we have obtained your consent to the processing of your data as described above in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the option for making an objection described above.
For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/
10.6 Google Customer Reviews (formerly Google Certified Shops program)
We work with Google as part of the “Google Customer Reviews” program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This program gives us the opportunity to collect customer reviews from users of our website. After a purchase on our website, you will be asked whether you would like to take part in an e-mail survey by Google.
If you give your consent in accordance with Art. 6 (1) (a) GDPR, we will transmit your e-mail address to Google. You will receive an e-mail from Google Customer Reviews in which you will be asked to rate your purchase experience on our website. The rating you submit will then be aggregated with our other ratings and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. Your rating will also be used for Google Seller Ratings. In the context of the use of Google Customer Reviews, personal data may also be transmitted to the servers of Google LLC in the USA.
You can revoke your consent at any time by sending a message to the controller responsible for data processing or to Google.
For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
Further information on Google’s privacy policy can be found here: https://business.safety.google/intl/de/privacy/
10.7 Zapier
To integrate and synchronise databases and web applications, we use the services of the following provider: Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA
In this context, our processing operations are automated and different workflows are established in order to manage and execute internal processes in our processing system efficiently. Insofar as personal data is processed in this context, this is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in optimising our internal organisation.
We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
10.8 JotForm
For conducting surveys or online forms, we use the services of the following provider: JotForm Inc., 111 Pine St. Suite 1815, San Francisco, CA 94111, USA
The provider enables us to design and evaluate surveys and online forms. In addition to the respective personal data that you enter in the forms, information about your operating system, browser, date and time of your visit, referrer URL and your IP address is also collected, transmitted to the provider and stored on the provider’s servers.
The information you enter in the forms is stored password-protected to ensure that third-party access is excluded and that only we can evaluate the data for the purpose specified in the respective form.
When processing personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for carrying out pre-contractual measures), Art. 6 (1) (b) GDPR serves as the legal basis. If you have given us your consent to process your data, processing is carried out on the basis of Art. 6 (1) (a) GDPR. Consent given can be revoked at any time with effect for the future.
We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider participates in the EU-U.S. Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.
10.9 ShopSync for Shopify
This website uses the Shopify app “ShopSync” from ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.
ShopSync synchronises the “Mailchimp” newsletter service with our Shopify account so that, on the one hand, updates in Mailchimp e-mail lists (such as an opt-out by a newsletter recipient) are automatically stored on Shopify and, on the other hand, new contact data generated via contract conclusions on Shopify is automatically transferred to Mailchimp e-mail lists.
In the first case, data processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in effective and cross-system maintenance of advertising recipient records and efficient observance of legally relevant status changes.
In the second case, only on the basis of the user’s express consent in accordance with Art. 6 (1) (a) GDPR, after a contract has been concluded on Shopify, the user’s first and last name, address and e-mail address, together with transaction-related information (purchase amount, time and date of purchase), are transferred by ShopSync to Mailchimp for inclusion in the Mailchimp list.
Data transferred in this way is not stored or retained by ShopSync after synchronisation. All information synchronised between Shopify and Mailchimp is transmitted via SSL technology (Secure Socket Layer), and all transmitted information remains encrypted during the synchronisation process.
The synchronisation process requires the transfer of information via a secure connection to servers hosted by Amazon Web Services in the USA.
Further information on data protection at ShopSync can be found here: https://www.shop-sync.com/privacy-policy
11) Tools and miscellaneous
Cookie consent tool
This website uses a so-called “cookie consent tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The “cookie consent tool” is displayed to users as an interactive user interface when they access the site, where they can give consent for certain cookies and/or cookie-based applications by ticking boxes. By using the tool, all cookies/services that require consent are only loaded if the respective user gives the corresponding consent by ticking the boxes. This ensures that such cookies are only set on the respective user’s end device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our online presence.
Another legal basis for processing is Art. 6 (1) (c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically non-essential cookies dependent on the respective user’s consent.
Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our site visitors’ data and prohibits unauthorised disclosure to third parties.
Further information about the operator and the settings options of the cookie consent tool can be found directly in the corresponding user interface on our website.
12) Data subject rights
12.1 The applicable data protection law grants you the following rights as a data subject vis-à-vis the controller with regard to the processing of your personal data (rights of access and intervention), whereby reference is made to the stated legal basis for the respective conditions for exercising these rights:
- Right of access in accordance with Art. 15 GDPR;
- Right to rectification in accordance with Art. 16 GDPR;
- Right to erasure in accordance with Art. 17 GDPR;
- Right to restriction of processing in accordance with Art. 18 GDPR;
- Right to notification in accordance with Art. 19 GDPR;
- Right to data portability in accordance with Art. 20 GDPR;
- Right to withdraw consent given in accordance with Art. 7 (3) GDPR;
- Right to lodge a complaint in accordance with Art. 77 GDPR.
12.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
13) Duration of storage of personal data
The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – also by the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of express consent in accordance with Art. 6 (1) (a) GDPR, the data concerned will be stored until you revoke your consent.
If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfilment of the contract or the initiation of a contract and/or we have no legitimate interest in continued storage.
When processing personal data on the basis of Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
When processing personal data for direct marketing purposes on the basis of Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21 (2) GDPR.
Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.


