Data is processed on this website by the website operator. The contact details for the website operator are published in the section "Information on the data controller responsible" in this Privacy Policy.
In the first instance, we collect your data in situations where you provide us with it. For example, this could be the data you enter in a contact form.
Our IT systems also collect other data automatically or after you have granted consent when you visit our website. This mainly concerns technical data, such as your internet browser, operating system or when you retrieved the page. This data is collected automatically as soon as you enter this website.
Some of the data is collected to make sure that the website functions without error. Other data may be used to analyse your user behaviour.
You have the right to obtain information about the origin, recipient and purpose of the personal data stored about you at any time free of charge. You also have the right to request that this data be corrected or deleted. If as you have granted us consent to process your data, you can revoke this at any time for the future. You also have the right to request that processing your personal data be restricted under certain circumstances. Moreover, you have the right to appeal to the competent supervisory authority.
You can contact us at any time if you have any questions concerning this or other issues relating to data protection.
Your user behaviour may be analysed statistically when you visit this website. This occurs mainly by using so-called analysis programs.
You can find detailed information on these analysis programs in the Privacy Policy below.
Our website is hosted by an external service provider in Germany (host). The personal data recorded on this website is stored on the host's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, web page retrievals and other data generated over a website.
The host is used for the purpose of contract fulfilment vis-à-vis our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 (1) (f) GDPR). If corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR and Art. 25 (1) German Teleservices Data Protection Act (TTDSG), insofar as the consent granted includes the storage of cookies or access to information on the user's personal device (e.g. device fingerprinting) as defined in the TTDSG. Your consent can be revoked at any time.
Our host will only process your data to the extent that it is necessary to fulfil its service obligations and will follow our instructions with regard to this data.
We have concluded a data processing agreement (DPA) with the aforementioned provider. This is a mandatory agreement under data protection legislation, which ensures that the provider only processes the personal data from our website visitors in accordance with our instructions and in compliance with the GDPR.
The website operator takes the protection of your personal data very seriously. We handle your personal data confidentially and in compliance with the statutory data protection requirements and this Privacy Policy.
Various personal data will be collected when you use this website. Personal data refers to data that identifies you personally. This Privacy Policy explains what information we collect and what we use it for. It also explains how and the purpose for which it occurs.
We would like to point out that transferring data over the Internet (e.g. when communicating by email) can be vulnerable to security gaps. It is impossible to completely protect data against unauthorised access by third parties.
The data controller is the natural person or legal entity, alone or together with others, who decides on the purpose and means of processing personal data (e.g. names, email adresses, etc.).
Unless this Privacy Policy states a more specific retention period, your personal data will remain in our possession until the purpose for processing the data no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, deletion takes place after these reasons no longer apply.
If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR if special categories of data are processed in accordance with Art. 9 (1) GDPR. If express consent is given to the transfer of personal data to third countries, the data is also processed on the basis of Art. 49 (1) (a) GDPR. If you have consented to cookies being stored or information being accessed on your personal device (e.g. by means of device fingerprinting), data processing is also carried out on the basis of Section 25 (1) German Teleservices Data Protection Act (TTDSG). Your consent can be revoked at any time. If your data is required to fulfil a contract or to conduct pre-contractual measures, we process your data on the basis of Art. 6 (1) (b) GDPR. We also process your data if it is required to fulfil a legal obligation on the basis of Art. 6 (1) (c) GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR. The following paragraphs of this Privacy Policy provide information on the relevant legal basis in each individual case.
Among other things, we use tools from companies based in the USA or other third countries that are not secure from the perspective of data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in these countries. For example, US companies are obliged to surrender personal data to security agencies without you as the data subject being able to take legal action against this. It cannot be ruled out therefore that US agencies (e.g. secret services) process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence over these processing activities.
Revoking your consent to data processing
Many data processing operations can only be performed with your express consent. You can revoke any consent you have previously provided at any time. The legality of the data processing we perform up to the point of you revoking your consent remains unaffected by the act of revocation.
Right to object to the collection of data in special cases and to direct advertising (Art. 21 GDPR)
IF DATA PROCESSING TAKES PLACE ON THE BASIS OF ART. 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO YOUR PERSONAL DATA BEING PROCESSED AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING ON THE BASIS OF THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN ESTABLISH COMPELLING LEGITIMATE GROUNDS FOR ITS PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR ITS PROCESSING IS FOR PURPOSES OF ASSERTING, EXERCISING OR DEFENDING AGAINST LEGAL CLAIMS (OBJECTION UNDER ART. 21 1 GDPR).
IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT ADVERTISING PURPOSES, YOU ARE ENTITLED TO SUBMIT AN OBJECTION AT ANY TIME AGAINST PROCESSING YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS ASSOCIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING AFTERWARDS (OBJECTION UNDER ART. 21 2 GDPR).
Right to appeal to the competent supervisory authority
In the event of breaches of the GDPR, the data subjects have the right to lodge a appeal with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged breach. The right to lodge an appeal exists without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a standard, machine-readable format. As far as you request the direct transfer of your personal data to another data controller, this only takes place insofar as it is technically feasible.
Right to information, deletion and correction
Within the framework of the relevant statutory provisions, you have the right to receive access free of charge at any time to personal data stored on your person. This includes information on its origin, to whom it was sent, the purpose of its processing, and, if you wish, the right to rectify or delete this data. You can contact us at any time if you have any questions concerning this or other issues relating to personal data.
Right to restrict processing
You have the right to demand that the processing of your personal data is restricted. You can contact us at any time for this purpose. The right to restrict processing exists in the following cases:
- If you dispute the accuracy of the personal data we store on you, we usually need time to check this. For the duration of the review, you have the right to request that the processing of your personal data is restricted.
- If processing your personal data took place/is taking place unlawfully, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of its processing instead of its deletion.
- If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your and our interests has to be performed. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, it may only be used with your consent, or for the purpose of asserting, exercising or defending legal claims, or for protecting the rights of another natural person or legal entity or for reasons of important public interest of the European Union or a member state.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transfer of sensitive content, such as the orders or enquiries you send us as site operator. You can recognise an encrypted connection when the address line in your browser changes from "http://" to "https://" and by the lock icon in the address bar.
If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.
Encrypted payment transactions on this website
If an obligation to submit your payment data (e.g. account number in the case of direct debit authorisation) exists after concluding a contract that is subject to a charge, this data is required for processing the payment.
Payment transactions using standard means of payment (Visa/MasterCard, direct debit) are made exclusively over an encrypted SSL or TLS connection. You can recognise an encrypted connection when the address line in your browser changes from "http://" to "https://" and by the lock icon in the address bar.
With encrypted communication, the payment data you submit to us cannot be read by third parties.
Objecting to promotional emails
As part of our duty to provide a legal notice on this website, we hereby prohibit using the contact data published for sending unsolicited advertisements and information material. The operators of these pages reserve the express right to take legal action in the event that unsolicited promotional information, such as spam emails, is sent out.
4. Data collection on this website
Cookies
Our web pages use what are referred to as 'cookies'. Cookies are small text files and do not cause any damage to your personal device. They are either stored on your personal device temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted once you leave our website. Permanent cookies remain stored on your personal device until you either delete them yourself or your web browser automatically deletes them.
In some cases, cookies from third-party companies can also be stored on your personal device when you access our website (third-party cookies). These make it possible for us or you to use certain services provided by the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are essential for technical reasons, as certain website features would not work without them (e.g. the shopping cart or displaying videos). Other cookies serve to evaluate user behaviour or to display advertising.
Cookies used to perform the electronic communications process to provide certain features you wish to use (e.g. for the shopping cart) or to optimise the website (e.g. cookies to measure web audience) (essential cookies) are stored on the basis of Art. 6 (1) (f) DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing essential cookies to ensure the error-free technical and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 (1) (a) GDPR and Section 25 (1) German Teleservices Data Protection Act (TTDSG)); consent can be revoked at any time.
You can set your browsers to inform you that cookies are being used. You can also enable cookies in individual cases only, enable the acceptance of cookies in specific cases or generally rule out the use of cookies altogether and automatically delete them when you close your browser. If you disable cookies, it may limit your ability to use this website to its full extent.
If cookies are used by third-party companies or for analysis purposes, we inform you about this separately within the context of this Privacy Policy and, if necessary, ask for your consent.
Consent with Consent Manager
Our website uses consent technology from ConsentManager to obtain your consent to the storage of certain cookies on your personal device or to the use of certain technologies and to document this consent in a manner that complies with the data protection regulations. The provider of this technology is Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website:
https://www.consentmanager.de (hereinafter "ConsentManager").
A connection is established to the ConsentManager servers when you enter our website to obtain your consent and other declarations regarding the use of cookies. ConsentManager then stores a cookie in your browser in order to be able to allocate to you the consent granted or its revocation. The data collected in this way is stored until you ask us to delete it, delete the Consent Manager Provider cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention requirements remain unaffected.
ConsentManager is used to obtain the consent required by law to use cookies. The legal basis for this formed by Art. 6 (1) (c) GDPR.
Matomo
Mouseflow
This website uses Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. Data processing serves the purpose of analysing this website and its visitors. Data is collected and stored for marketing and optimisation purposes to this end. This data can be used to generate user profiles under a pseudonym. Cookies can be used for this purpose. The web analysis tool Mouseflow records randomly selected individual visits (but only with the IP address anonymised). This creates a log of mouse movements and clicks with the intention of randomly replaying individual website visits and deriving potential improvements for the website. Without the explicit consent of the individual concerned, the data collected by Mouseflow is not used to identify visitors to this website and is not merged with personal data concerning the individual bearing the pseudonym. Processing takes place on the basis of Art. 6 (1) f) GDPR based on a legitimate interest in direct customer communication and the needs-based design of the website. On the basis of Art. 6 (1) f GDPR, you have the right to object to your personal data being processed at any time on grounds relating to your particular situation. To do so, you can disable recording on all websites that use Mouseflow globally for the browser you are currently using under the following link: https://mouseflow.de/opt-out/: If you are interested in order data processing, you can commission this directly with us online using RightSignature:
https://mouseflow.de/gdpr/**
Server log files
The provider of this website automatically collects and stores information in so-called server log files that your browser sends to us automatically. These comprise:
- Browser type/version
- Operating system used
- Referring URL
- The host name of the computer accessing our website
- The time of the server request
- IP address
This data is not merged with other data sources.
The data is collected on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the error-free technical presentation and optimisation of their website – the server log files must be logged for this purpose.
Contact Form
If you use our contact form to send us enquiries, we store the information you provide in this form along with the contact details you enter in it to process your enquiry and handle any follow-up questions. We do not disclose this data without your consent.
This data is processed on the basis of Art. 6 (1) (b) GDPR, if your request is related to the fulfilment of a contract or is essential for implementing pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 (1) lit. (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been sought; consent can be revoked at any time.
The data you have entered in the contact form remains in our possession until you ask us to delete it, revoke your consent to its storage or the purpose for storing the data no longer applies (e.g. after your enquiry has been processed in full). Mandatory statutory provisions – especially retention periods – remain unaffected by this.
Enquiry by email, telephone or fax
If you contact us by email, telephone or fax, we will store and process your enquiry including all resulting personal data (name, enquiry) for the purpose of processing your request. We do not disclose this data without your consent.
This data is processed on the basis of Art. 6 (1) (b) GDPR, if your request is related to the fulfilment of a contract or is essential for implementing pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 (1) lit. (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been sought; consent can be revoked at any time.
The data you have sent to us when you make contact requests remains in our possession until you ask us to delete it, revoke your consent to its storage or the purpose for storing the data no longer applies (e.g. after your request has been processed in full). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.
Registering on this website
You can register on this website in order to access additional features available there. We only use the data entered for this purpose to enable you to use the respective offering or service you have registered for. The mandatory information requested during registration has to be provided in full. Otherwise we will refuse your registration.
We will use the email address you provided during registration to inform you of important changes, such as changes to the scope of our offering/services or changes that are technically essential.
The data entered during registration is processed for the purpose of implementing the user relationship established by registering and, if necessary, for initiating further contracts (Art. 6 (1) (b) GDPR).
We store the data collected during registration for as long as you are registered on this website. Subsequently we delete it. Statutory retention periods remain unaffected.
5. Plug-ins and tools
YouTube with extended data protection
This website embeds videos from YouTube. The website operator is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by extended data protection mode. In this way, YouTube establishes a connection to the Google DoubleClick network regardless of whether you are watching a video.
A connection to YouTube's servers is established as soon as you start a YouTube video on this website. The YouTube server is then informed which of our pages you have visited. When you are logged into your YouTube account, you are allowing YouTube to map your online user behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, after starting a video, YouTube can store various cookies on your device or comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can receive information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent attempted fraud.
If necessary, further data processing operations can be triggered after starting a YouTube video, over which we have no influence.
The use of YouTube takes place in the interest of the consistent presentation of our online services. This constitutes a legitimate interest in terms of Art. 6 (1) (f) GDPR. If corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR and Art. 25 (1) German Teleservices Data Protection Act (TTDSG), insofar as the consent granted includes the storage of cookies or access to information on the user's personal device (e.g. device fingerprinting) as defined in the TTDSG. Your consent can be revoked at any time.
6. eCommerce and payment providers
Processing customer and contract data
We collect, process and use personal customer and contractual data for the purpose of establishing, defining the content of and amending our contractual relationships. We collect, process and use personal data relating to the use of this website (user data) only insofar as it is necessary to allow the user to use the service or to charge for it. The legal basis for this formed by Art. 6 (1) (b) GDPR.
We delete the customer data collected after the order has been completed or the business relationship has ended and any statutory retention periods that may exist have expired. Statutory retention periods remain unaffected.
Data transfer on concluding contracts for online shops, merchants and the shipment of goods
When you order goods from us, we share your personal data with the transport company entrusted with delivery and with the payment service provider entrusted with payment processing. Only data required by the respective service provider to fulfil its task is shared. The legal basis for this formed by Art. 6 (1) (b) GDPR, which allows data to be processed in order to fulfil contractual or pre-contractual measures. If you have granted your consent in accordance with Art. 6 (1) (a) GDPR, we will share your email address with the transport company responsible for delivery so that they can inform you by email about the shipping status of your order; you can revoke your consent at any time.
Payment Services
We embed third party payment services on our website. When you make a purchase from us, the payment service provider processes your payment data (e.g. name, payment amount, account details, credit card number) for the purpose of processing the payment. The respective contractual and data protection provisions of the respective providers apply to these transactions. Use of the payment service providers takes place on the basis of Art. 6 (1) lit. (b) GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 (1) (f) GDPR). Insofar as your consent is requested for certain actions, Art. 6 (1) (a) GDPR forms the legal basis for data processing; consent can be revoked at any time in the future.
We use the following payment services/payment service providers on this website:
PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
Please refer to the PayPal Privacy Policy for more information: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Klarna
The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). Klarna offers various payment options (e.g. payment by instalments). If you choose to pay with Klarna (Klarna Checkout), Klarna will collect various personal details from you. Klarna uses cookies to optimise the use of Klarna Checkout. Details on the use of Klarna cookies can be found under the following link:
https://www.klarna.com/uk/cookie-policy/.
Paydirect
The provider of this payment service is Paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany (hereinafter "Paydirekt"). When you make a payment using Paydirekt, Paydirekt collects a variety of transaction data and forwards it to the bank which you registered with Paydirekt. In addition to the data required for making the payment, Paydirekt may also collect additional data such as the delivery address or individual items in the shopping cart in the course of processing the transaction. Paydirekt then authenticates the transaction using the authentication procedure stored for this purpose with the bank. The payment amount is then transferred from your account. Neither we nor third parties have access to your account data. Details on paying with Paydirekt can be found in the general terms and conditions and data protection provisions of Paydirekt at:
https://www.paydirekt.de/agb/index.html (in German only).
PayOne
giropay
The provider of this payment service is paydirekt GmbH, Stephanstraße 14 - 16, 60313 Frankfurt am Main, Germany (hereinafter "giropay").
American Express
The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter "American Express").
Mastercard
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter "Mastercard").
VISA
The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter "VISA").
The UK is considered a safe third country under data protection law. This means that Great Britain has a level of data protection equivalent to that of the European Union.
7. In-house Services
Handling job applicant's data
We offer you the opportunity to apply to us for a job (e.g. by email, post or using our online application form). We inform you in the following about the scope, purpose and use of the personal data we collect during the application process. We assure you that the collection, processing and use of your data is carried out in accordance with current data protection law and all other statutory provisions and that your data is treated in strict confidence.
Scope and purpose of the data collection
If you send us your job application, we process the related personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent we need it to decide on establishing an employment relationship. The legal basis for this is formed by German law according to Art. 26 German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Art. 6 (1) (b) GDPR (general initiation of a contract) and – if you have granted your consent – Art. 6 (1) (a) GDPR. Your consent can be revoked at any time. Within our company, your personal data will only be disclosed to those persons who are involved in processing your application.
If your application is successful, the data you submitted will be stored in our data processing systems on the basis of Art. 26 German Federal Data Protection Act (BDSG) and Art. 6 (1) (b) GDPR for the purpose of implementing the employment relationship.
Data retention period
If we are unable to offer you a job, or if you reject a job offer or withdraw your application, we reserve the right to retain the data you submitted for up to 6 months from the end of the application procedure (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6 (1) (f) GDPR). The data is then deleted and the physical application documents destroyed. Retention serves as proof in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), it will first be deleted when the purpose for continued retention no longer applies.
Retention for a longer period may also take place if you have granted the corresponding consent (Art. 6 (1) (a) GDPR) or if statutory retention obligations prevent its deletion.