Privacy Policy

Privacy Policy

Responsible

ONBOARD GmbH

c/o S&K Asset Management GbR, represented by Juri Schleicher

Otto-Suhr-Allee 27

10585 Berlin

Phone number: 

E-mail address:

Represented by Yevgeniy Tretyakov, Managing Director.

Registered office ibidem.

Register court: Local court Charlottenburg

Registration number: HRB 225329 B.

Status: May 2021

Content

1. basic information on data processing and legal basis

2. types of data processed/categories of data subjects

3. security measures

4. transfer of data to third parties and third-party providers

5. provision of contractual services

6. contacting

7. web hosting

8. comments and contributions

9. cookies

10. web analysis, monitoring and optimization

11. online marketing

12. integration of third party services and content

13. newsletter/mail dispatch

14. rights of the data subject

15. deletion of data

16. right to object

17. changes to the data protection declaration

1. basic information on data processing and legal basis

1.1 This data protection declaration informs you about the type, scope and purpose of the processing of personal data within our online offer and the websites, functions and content connected to it (hereinafter jointly referred to as "online offer" or "website"). The privacy policy applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offer is executed.

1.2 The terms used, such as "personal data" or their "processing" refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).


2. Types of data processed / categories of data subjects

2.1 The personal data of users processed within the scope of this online offer includes:

  • Inventory data (e.g. names and addresses of customers), 

  • Contact data (e.g. e-mail, telephone numbers),

  • communication data,

  • Contract data (e.g. services used, payment information), 

  • Usage data (e.g. the web pages visited on our website, interest in our products) 

  • Meta/communication data (e.g. device information, IP addresses) and 

  • content data (e.g. entries in the contact form). 

2.2 The term "user" includes all categories of persons affected by the data processing. They include our business partners, customers, interested parties and other visitors to our online offering. The terms used are to be understood as gender-neutral.

2.3 We process users' personal data only in compliance with the relevant data protection provisions. This means that the user's data will only be processed if a legal permission exists, in particular if the data processing is necessary for the provision of our contractual services (e.g. processing of orders) as well as online services, or is required by law, or if the user has given his consent, as well as on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 Par. 1 lit. f. DSGVO, in particular in the case of range measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and use of third-party services.

2.4 We point out that the legal basis for the consents is Art. 6 para. 1 lit. a. and Art. 7 DSGVO, the legal basis for the processing for the fulfillment of our services and implementation of contractual measures Art. 6 para. 1 lit. b. DSGVO, the legal basis for processing to fulfill our legal obligations Art. 6 para. 1 lit. c. DSGVO, and the legal basis for processing to protect our legitimate interests Art. 6 para. 1 lit. f. DSGVO is.

2.5 The following persons are affected by the data processing:

  • Contractual and business partners,

  • Users of our online offer,

  • Prospective customers who are interested in our online offer or who contact us for other reasons, and

  • customers.


3. security measures

We take appropriate organizational, contractual and technical security measures within the meaning of Art 32. DSGVO according to the state of the art, taking into account the implementation costs and the nature, scope, circumstances and purposes of data processing, as well as the varying likelihood and severity of the risk to the rights and freedoms, in order to ensure an adequate level of protection for your data. We hereby ensure compliance with the provisions of data protection laws and protect this data against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. 

3.1 The security measures include in particular the encrypted transmission of data between your browser and our server. You can recognize such encrypted connections by the fact that the URL in the address bar of your browser begins with "https://". This is a communication protocol with which data can be transmitted in a tap-proof manner within the framework of transport encryption. 


4. transfer of data to third parties and third-party providers

4.1 Data is only passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 lit. b) DSGVO for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f) DSGVO. DSGVO in the economic and effective operation of our business.

4.2 We only use subcontractors to provide our services if we have taken suitable legal precautions and appropriate technical and organizational measures to ensure the protection of the personal data processed in accordance with the relevant statutory provisions.

4.3 If content, tools or other means described in the context of this privacy policy are used by other providers (hereinafter collectively referred to as "third party providers"), we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data. The recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website.

4.4 If we use a third-party provider whose named registered office is located in a third country (outside the European Union (EU) or the European Economic Area), it is to be assumed that a transfer of data to the third party provider's registered office takes place. The transfer of data to third countries only takes place if there is an adequate level of data protection, user consent or otherwise legal permission.


5. provision of contractual services

5.1 We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. DSGVO. We inform the contractual partners which data is required for the aforementioned purposes before or in the course of data collection, e.g. in online forms, by means of special marking (e.g. colors) or symbols (e.g. asterisks or similar), or in person. Within the framework of applicable law, we only disclose this data to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations or with your consent (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities).

5.2 We delete the data after the expiry of legal warranty and comparable obligations, i.e., in principle after the expiry of 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons (e.g., for tax purposes usually 10 years). We delete data disclosed to us by the contractual partner within the framework of a contractual relationship in accordance with the requirements of the contract, generally after the contractual services have been fulfilled.

5.3 Users can optionally create a user account, in which they can view their orders in particular. As part of the registration process, users are provided with the required mandatory information. User accounts are not public and cannot be indexed by search engines. If users have cancelled their user account, their data with regard to the user account will be deleted, subject to their retention is necessary for commercial or tax reasons in accordance with Art. 6 para. 1 lit. c DSGVO. It is the responsibility of the users to save their data in the event of termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.

5.4 In the context of registration and renewed registrations as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against abuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Art. 6 Par. 1 lit. c DSGVO.

5.5 We process usage data (e.g. the web pages visited on our online offer, interest in our products) and content data (e.g. entries in the contact form or user profile) for advertising purposes in a user profile, e.g. in order to display product information to users based on the services they have used to date.


6. contacting

6.1 When contacting us (via contact form or e-mail), the information provided by the user is processed for the purpose of handling the contact request and its processing pursuant to Art. 6 para. 1 lit. b. DSGVO processed. Here, we only process the data that we need to process their request.

6.2 The user's details may be stored in our Customer Relationship Management System ("CRM System") or comparable request organization.


7. web hosting 

7.1 In order to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.

7.2 We collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO, we collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

7.3 Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes shall be exempt from deletion until final clarification of the respective incident.

7.4 The web hosting services also include sending, receiving and storing e-mails. For these purposes, the addresses of the recipients and senders, but also further information on the e-mail dispatch (e.g. the providers involved), including contents of the respective e-mails are processed. Even though our e-mail communications have transport route encryption, they are not encrypted on the servers from which they are sent and received. The content of e-mail communications is therefore generally susceptible to manipulation.


8. comments and contributions

8.1 When users leave comments or other contributions, their IP addresses are stored on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO are stored for 7 days. 

8.2 This is done for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.


9. payment service providers

9.1 In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use other payment service providers in addition to banks and credit institutions for this purpose (collectively "payment service providers").

9.2 The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. We do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data is transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the terms and conditions and the data protection notices of the payment service providers.

9.3 For payment transactions, the terms and conditions and data protection information of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of revocation, information and other rights of affected parties.


Store Pay (Shopify): 

  • Types of data processed: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. subject matter of contract, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

  • Data subjects: Customers, interested parties.

  • Purposes of processing: provision of contractual services and customer service.

  • Legal grounds: contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services and service providers used:

  • Amazon Payments: payment services; service provider: Amazon Payments Europe S.C.A. 38 avenue J.F. Kennedy, L-1855 Luxembourg; Website: https://pay.amazon.com/de; Privacy Policy: https://pay.amazon.com/de/help/201212490.

  • Klarna / Sofortüberweisung: payment services; service provider: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; website: https://www.klarna.com/de; privacy policy: https://www.klarna.com/de/datenschutz.


10. cookies 

10.1 When you visit our website, information may be stored on your computer in the form of a cookie. Cookies are pieces of information that are transferred from our web server or third-party web servers to users' web browsers and stored there for later retrieval. Most browsers are set to accept cookies automatically. We would like to point out that the use of our online offer without cookies is only possible to a limited extent. In particular, the use of your customer account is generally not possible, as the use of cookies is technically mandatory for this. However, you can also use your browser to prevent only the setting of certain cookies (e.g. cookies from third-party providers), for example if you want to prevent web tracking. You can find more information on this in the help function of your browser. For more information on third-party cookies that are set or processed when you visit our website, please refer to the privacy policy below, insofar as we make use of them. The term cookies also includes other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as "user IDs"). 

  • A distinction must be made between cookies that are set by the website operator when a website is visited (also known as "first-party cookies") and cookies that are set by third-party providers (also known as "third-party cookies"). We only have technical control over the first-mentioned cookies. We further differentiate between the following cookies. 

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.

  • Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users used for reach measurement or marketing purposes can be stored in such a cookie.

  • Necessary (also: essential or absolutely necessary) cookies: On the one hand, cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user input or for security reasons).

  • Statistical, marketing and personalization cookies: Furthermore, cookies are generally also used in the context of range measurement and when a user's interests or behavior (e.g. viewing certain content, using functions, etc.) on individual websites are stored in a user profile. Such profiles are used, for example, to show users content that matches their potential interests. This process is also referred to as "tracking", i.e., tracking the potential interests of users. We will inform you separately about the use of "tracking" technologies in our data protection declaration or in the context of obtaining consent.

10.2 We use "session cookies", which are only stored for the duration of the current visit to our online presence (e.g. to enable the storage of your login status or the shopping cart function and thus the use of our online offer). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and log out or close the browser, for example.

10.3 If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. If we do not provide explicit information on the storage period of permanent cookies, it can be assumed that the storage period is up to 2 years.

10.4 The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in a business operation of our online offer and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations.

Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent given or to object to the processing of your data by cookie technologies ("opt-out"). You can initially declare your opt-out by means of your browser settings by objecting to the setting of cookies in the system settings of your browser. An objection to the use of cookies for online marketing purposes can also be declared by means of a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can obtain further instructions on how to object within the scope of the information on the service providers and cookies used.

Before we process or have processed data in the context of the use of cookies, we ask users for consent that can be revoked at any time. Before the consent has not been expressed, cookies are used at most, which are necessary for the operation of our online offer. Their use is based on our interest and the interest of users in the expected functionality of our online offer. This includes usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses). Users of our online offer are affected by this processing. The processing is carried out on the legal basis of consent (Art. 6 para. 1 sentence 1 lit. a DSGVO) or legitimate interests iSd. Art. 6 para. 1 p. 1 lit. f. DSGVO.

We use a cookie consent management procedure, in the context of which the consent of users to the use of cookies, or the processing and providers mentioned in the cookie consent management procedure can be obtained and managed and revoked by users. In this context, the declaration of consent is stored in order not to have to repeat its request and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies), in order to be able to assign the consent to a user or their device. The duration of the storage of the consent can be up to two years. A pseudonymous user identifier is created and stored with the time of consent, information on the scope of consent (e.g., which categories of cookies and/or service providers) and the browser, system and end device used. From this, a ConsentID is formed. The consent status incl. timestamp are stored in the local memory of your browser and simultaneously on the cloud servers used. Further processing only takes place if you submit a request for information or revoke your consent. In this case, the relevant information is provided to us in a compact data format in an easily readable text form for the purpose of data exchange. No user information is stored for statistics on the use of consent given or not given. Only the frequency and locations of clicks are stored. Personal data is stored on a Google Cloud server located in the EU (Brussels, Frankfurt am Main).

10.5 In this course, we process user data of visitors to our online offer on the legal basis of consent (Art. 6 para. 1 p. 1 lit. a. DSGVO) and our legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).


11. Web analysis, monitoring and optimization

11.1 We evaluate the visitor flows of our online offer. This includes behavior, interests or demographic information about users, such as age or gender, as pseudonymous values. The reach analysis enables us to identify at what time our online offer or its functions or content are most frequently used. On a technical level, this analysis enables us to understand which areas of our online offering require optimization. 

11.2 In addition to web analysis, we may also use testing procedures to better tailor our online offering to the needs of our users.

11.3 For these purposes, so-called user profiles may be created and stored in a temporary statistics, marketing and personalization cookies or similar procedures may be used with the same purpose. This information may include, for example, content viewed, websites visited and elements used there and technical information such as the browser used, the computer system used and information on usage times. 

11.4 The parts of the IP addresses of the users are also stored, whereby these are automatically shortened (IP masking) in order to enable protection of the users. The IP address is thus pseudonymized. We do not use any clear user data (such as e-mail addresses or names) in our web analysis, but only pseudonyms. The actual identity of the users is thus not known to us, we will only use this data, which is necessary for the respective procedure, to provide us with further information on the general usage behavior of our online offer. 

11.5 Web analysis, monitoring and optimization is carried out by us exclusively on the legal basis of consent (Art. 6 para. 1 lit. a DSGVO). In doing so, we process usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) from the users of our online service for the purpose of measuring reach (e.g. access statistics, recognition of returning visitors), and creating user profiles).

11.6 We use the following service providers for this purpose:

  • Google Analytics: Reach measurement and web analysis of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google").   Google is part of a group of companies in which the parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Details of Google's service description can be found at the following website: https://marketingplatform.google.com/intl/de/about/analytics/. Details on data protection can be found in their statement at: https://policies.google.com/privacy.

  • Google Tag Manager: Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online offering (please refer to further details in this privacy policy). The Tag Manager itself does not yet create user profiles or store cookies. Google only learns the IP address of the user, which is necessary to run the Google Tag Manager. The details can be found in Google's product description and privacy policy: https://marketingplatform.google.com; https://policies.google.com/privacy.

  • Facebook Domain Insights: Facebook Domain Insights is a web analytics service provided by Facebook Inc, 1601 Willow Road, Menlo Park, California, 94025, USA. Facebook Domain Insights also uses cookies to help us evaluate traffic to our website. For us, this shows how the interactions of visitors on Facebook and this website are related. This includes, but is not limited to, information about which content on the website was "liked" or shared on Facebook, as well as statistics about the demographics of users who clicked on a link to the website on Facebook. You can disable the use of cookies by selecting the appropriate settings in your browser. In addition, you can break the link between our website and Facebook's data by logging out of your Facebook account. For more information, see Facebook's privacy policy at https://www.facebook.com/policy.php.


12. online marketing

12.1 We process personal data for online marketing purposes. 

12.2 For these purposes, so-called user profiles are created and temporary statistics, marketing and personalization cookies are stored or similar procedures are used, by means of which information about the user relevant to the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed.

12.3 The IP addresses of users are also stored in parts. We use the IP masking procedure. The IP address is thus shortened for our processing purposes, so that we are not able to clearly assign the IP address to an individual person. The IP address thus becomes a pseudonymized date for the protection of users. As part of the online marketing process, no clear data of the users is stored, but pseudonyms. We therefore do not know the actual identity of the users, but only the information stored in their profiles.

12.4 The information in the profiles is usually stored in the cookies. These cookies can later generally also be read on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider.

12.5 In principle, we only receive access to summarized information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing methods have led to a so-called conversion, i.e., for example, to a contract being concluded with us. The conversion measurement is used solely to analyze the success of our marketing measures.

12.6 Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.

12.7 We use online marketing based on the consent of the user (Art. 6 para. 1 lit. a. DSGVO). 

12.8 We use Google Analytics to display the ads placed within Google's advertising services and those of its partners only to users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Google (so-called "remarketing", or "Google Analytics Audiences"). Hereby we ensure that our advertisements correspond to the interest of the users.

12.9 In the course of this, usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses) of users of our online offer are processed.

12.10. We refer to the data protection notices of the respective providers and the objection options given to the providers (so-called "opt-out"). If no explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this may restrict functions of our online offer. We therefore recommend the following additional opt-out options, which are offered in summary for the respective areas: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-territory: https://optout.aboutads.info.

12.11. We use the following service providers for this purpose:

- Google Tag Manager: The Google Tag Manager from Google is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online offer. The details can be found in the product description and the privacy policy of Google: https://marketingplatform.google.com; https://policies.google.com/privacy.

  • Google Analytics: Online marketing and web analysis by Google. The details of the service description can be found in the following list: https://marketingplatform.google.com/intl/de/about/analytics/. We also refer to the privacy policy of Google: https://policies.google.com/privacy; there is an opt-out option to prevent data transmission to Google, this is via the following website https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertising: https://adssettings.google.com/authenticated.

  • Criteo by Criteo GmbH, Gewürzmühlstraße 11, 80538 Munich, Germany. Criteo's services allow us to display ads for and on our website in a more targeted manner to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products he or she was interested in on other websites, this is referred to as "remarketing". For these purposes, when our website and other websites on which Criteo is active are called up, Criteo immediately executes code from Criteo and so-called remarketing tags (invisible graphics or code, also referred to as "web beacons") are integrated into the website. With their help, an individual temporary marketing cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which web pages the user has visited, which content the user is interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring web pages, time of visit and other information about the use of the online offer. The aforementioned information may also be combined by Criteo with such information from other sources. If the user subsequently visits other websites, he can be shown ads tailored to his interests. The processing of user data takes place as a pseudonym, i.e. no clear user data, such as names, are processed. IP addresses of the users are shortened. Processing only takes place on the basis of an online identifier, a technical ID. Any ID or email addresses provided to Criteo are encrypted as hash values and stored as a series of characters that do not allow us to identify them. 

Further information as well as opt-outs from Criteo's collection of data can be found in Criteo's privacy policy: https://www.criteo.com/de/privacy/. Privacy policy: https://www.criteo.com/de/privacy/; Opt-out option: https://www.criteo.com/privacy/.


13. integration of services and content of third parties

13.1 We use third party services and content within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) or on the basis of your consent (Art. 6 para. 1 lit. a. DSGVO), we use content or services offered by third-party providers in order to integrate their content and services (hereinafter uniformly referred to as "content"). This is done to provide our online offer and to create a user-friendly online offer. This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus necessary for the presentation of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.

13.2 The following presentation provides an overview of third-party providers and their content, along with links to their privacy statements, which contain further information on the processing of data and, in part already mentioned here, opt-out options:

  • Pinterest: social network; service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA,; Website: https://www.pinterest.com; Privacy policy: https://about.pinterest.com/de/privacy-policy; Opt-out: https://about.pinterest.com/de/privacy-policy.


14. newsletter/mail dispatch

14.1 With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

14.2 Content of the newsletter: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletter") only with the consent of the recipients or a legal permission. Insofar as the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our products, offers, promotions and our company.

14.3 The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, the changes to your data stored with the shipping service provider are logged. 

14.4 Furthermore, according to its own information, the delivery service provider may use this data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for technical optimization of the delivery and presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

14.5 The newsletter is sent via Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin.

14.6 The data protection provisions of the dispatch service provider can be viewed at https://de.sendinblue.com/legal/privacypolicy/.

14.7 To register for the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to provide a name for the purpose of personal address in the newsletter.

14.8 The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

14.9 The use of the dispatch service provider, performance of statistical surveys and analyses as well as logging of the registration process, are carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users.

14.10. You can cancel the receipt of our newsletter at any time, i.e. revoke your consents. This will simultaneously terminate your consents to its dispatch by the dispatch service provider and the statistical analyses. A separate cancellation of the dispatch by the dispatch service provider or the statistical analysis is unfortunately not possible. A link to cancel the newsletter can be found at the end of each newsletter. If users have only registered for the newsletter and cancelled this registration, their personal data will be deleted.


15. rights of the data subject

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:

15.1 Right of access

You may request confirmation from the controller as to whether personal data concerning you is being processed by us. 

If such processing is taking place, you may request information from the controller about the following:

  • The purposes for which the personal data are processed;

  • the categories of personal data which are processed;

  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

  • the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;

  • the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; 

  • the existence of a right of appeal to a supervisory authority;

  • any available information on the origin of the data, if the personal data are not collected from the data subject;

  • the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.


15.2 Right to rectification 

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.


15.3 Right to restriction of processing.

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

  • if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

  • the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

  • the controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise or defense of legal claims; or

  • if you have objected to the processing pursuant to Article 21 (1) DSGVO and it is not yet clear whether the controller's legitimate grounds override your grounds.

If the processing of personal data concerning you has been restricted, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

15.4 Right to deletion

a) Obligation to delete

You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay, if one of the following reasons applies:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

  • You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a DSGVO and there is no other legal basis for the processing. 

  • You object to the processing pursuant to Art. 21 para. 1 DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 DSGVO. 

  • The personal data concerning you has been processed unlawfully. 

  • The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject. 

  • The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data. 

c) Exceptions

The right to erasure does not exist to the extent that the processing is necessary

  • For the exercise of the right to freedom of expression and information;

  • for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

  • for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 DSGVO;

  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

  • for the assertion, exercise or defense of legal claims.

15.5 Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients vis-à-vis the controller.


15.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

  • the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and

  • the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.



15.7 Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. 

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.


15.8 Right to revoke the declaration of consent under data protection law.

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

15.9 Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision 

  • is necessary for the conclusion or performance of a contract between you and the controller,

  • is permitted by legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests, or

  • is carried out with your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 of the GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.




15.10. Right to complain to a supervisory authority.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. 

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.


16. deletion of data

16.1 The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. Deletion shall also take place in particular if other permissible circumstances cease to apply. If user data is not deleted because it is required for other and legally permissible purposes, its processing is restricted, i.e. the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law.

16.2 According to legal requirements, the data is stored for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).


17. right of objection

Users may object to the future processing of their personal data in accordance with the legal requirements at any time. The objection can be made in particular against processing for purposes of direct advertising.

18. changes of the privacy policy

18.1 We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing. Insofar as user consent is required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.

18.2 Users are requested to inform themselves regularly about the content of the data protection declaration.