Bitte geben Sie eine gültige eMail-Adresse ein.

Privacy

Privacy Policy

I. General Information on Personal Data and Contact Details of the Controller
The protection of your personal data is important to us.
Below, we would like to inform you about how personal data is handled. According to Article 4(1) of Regulation (EU) 2016/679 (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”), personal data means any information relating to an identified or identifiable natural person. Your data is stored and processed by us in compliance with the relevant provisions of national data protection laws and the General Data Protection Regulation (GDPR).

The controller responsible for data processing within the meaning of the above-mentioned regulations is:

Kindermaxx UG (haftungsbeschränkt)
represented by Janna Clazina van Soest e/v Bosch and Jan Willem Bosch
Karlsplatz 3
80335 Munich
Phone: +49 89 2109 3633
Email: service@kindermaxx.de

The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

II. Your Rights
With regard to personal data concerning you, you have the following rights vis-à-vis the controller. The legal basis for exercising each of these rights is indicated below:

  • Right of access pursuant to Article 15 GDPR;
  • Right to rectification pursuant to Article 16 GDPR;
  • Right to erasure pursuant to Article 17 GDPR;
  • Right to restriction of processing pursuant to Article 18 GDPR;
  • Right to notification pursuant to Article 19 GDPR;
  • Right to data portability pursuant to Article 20 GDPR;
  • Right to withdraw consent pursuant to Article 7(3) GDPR;
  • Right to lodge a complaint pursuant to Article 77 GDPR.

In addition, you have the right to object:

Data subjects have the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is based on Article 6(1)(e) or (f) GDPR.
The controller shall no longer process the personal data unless compelling legitimate grounds for the processing can be demonstrated which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims.
Where personal data is processed for direct marketing purposes, data subjects have the right to object at any time to the processing of their personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.
If a data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Data subjects may exercise their right to object – regardless of Directive 2002/58/EC – in connection with the use of information society services by automated means using technical specifications.

IV. Duration of the Storage of Personal Data
The respective storage period of personal data depends on the legal basis, the purpose of the processing, and, where applicable, statutory retention obligations.

As a general rule:
If the processing of data is based on consent within the meaning of Article 6(1)(a) GDPR, the data will be stored until the consent is withdrawn.
If the processing is based on Article 6(1)(f) GDPR, the data will be stored until the data subject exercises their right to object pursuant to Article 21(1) GDPR, unless compelling legitimate grounds for the processing can be demonstrated which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims.
Where personal data is processed for direct marketing purposes on the basis of Article 6(1)(f) GDPR, the data will be stored until the data subject exercises their right to object pursuant to Article 21(2) GDPR.

Unless otherwise specified in the following information regarding specific processing situations, personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed, and no statutory retention obligations prevent deletion.

III. Legal Bases
Where we obtain consent from the data subject for processing operations involving personal data, Article 6(1)(a) GDPR serves as the legal basis.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to take steps prior to entering into a contract.
If the processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
If the processing of personal data is necessary in order to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.
If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis.

Where reference is made below to data being processed in the USA, we point out that the European Court of Justice has in the past considered the level of data protection in the USA to be inadequate. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes without the possibility of legal redress.
If you have consented to the use of the respective service, you thereby consent in accordance with Article 49(1)(a) GDPR to the processing of your data in the USA.
If the respective provider has acceded to a valid EU-US Data Privacy Framework, the data transfer is based on an adequacy decision of the European Commission, which ensures compliance with the European level of data protection.

Where cookies or similar technologies are used, we obtain prior consent pursuant to § 25 TDDDG, unless this is not legally required. In particular, consent is not required if the storage and access to the information – including cookies – is strictly necessary in order to provide users with a telemedia service expressly requested by them (i.e. our online offering). The revocable consent is clearly communicated to users and contains information on the specific cookie use.

 V. Specific Processing Situations
1. Processing of Personal Data When Visiting the Website

a. Description and Scope of Data Processing
When accessing our website (without registration or other contact), the following data (so-called log files) are transmitted by your browser to our servers:

  • IP address
  • Date and time of the request
  • Time zone difference to GMT
  • Content of the webpage
  • Access status (HTTP status)
  • Amount of data transferred
  • Referring website
  • Web browser
  • Operating system
  • Language and version of the browser

b. Legal Basis for Data Processing
The legal basis for the storage of the data and log files is Article 6(1)(f) GDPR.

c. Purpose of Data Processing
The storage in log files ensures the proper functioning of our website. It also serves the optimisation and security of our systems. The data is not evaluated for marketing purposes in this context.

d. Duration of Storage
The data stored by us will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case at the end of the respective session.

Longer storage is possible. In such cases, users’ IP addresses are deleted or anonymised so that identification of the requesting client is no longer possible.

e. Right to Object and Possibility of Removal
The collection of the above-mentioned data is essential for the operation of the website. Therefore, there is no possibility for the user to object.

2. Processing of Personal Data Through Cookies

a. Description and Scope of Data Processing
Our website uses cookies. Cookies are text files that are stored on the visitor’s computer system when our websites are accessed. Cookies contain a string of characters that enables the browser to be uniquely identified when the website is visited again.

We use the following types of cookies:

  • Transient cookies / session cookies: deleted after the session ends
  • Persistent cookies: deleted after a predefined storage period
  • Technically necessary cookies

Where cookies are also set for advertising and/or analysis purposes on our website, we will provide separate information in this privacy policy.

You can configure your browser settings to be informed about the setting of cookies and to decide individually on their acceptance or to exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be limited.

Where cookies are also set for advertising and/or analysis purposes on our website, we will provide separate information in this privacy policy.

b. Legal Basis for Data Processing
The legal basis for the processing of personal data using necessary cookies is Article 6(1)(f) GDPR.

c. Purpose of Data Processing
Technically necessary cookies serve to enable the use of websites. Some functions of the website cannot be offered without the use of cookies. For these functions, it is necessary for the browser to be recognised even after a page change.

The user data collected by technically necessary cookies is not used to create user profiles.

d. Duration of Storage, Right to Object and Removal Option
Cookies are stored on the user's device and transmitted from there to our site. Therefore, users have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies for our website are disabled, not all functions of the website may be fully usable.

3. Contact Form and Email

a. Description and Scope of Data Processing
We provide visitors to our website with a contact form for quick electronic communication. The data entered in the input form is transmitted to us and stored.

If you contact us via the contact form or by email, you agree to communication by email, which is transport-encrypted but not content-encrypted. Please inform yourself about the associated risks, for example at: https://www.bsi-fuer-buerger.de.

In addition, at the time of submission, the IP address of the user as well as the date and time of the transmission are stored.

Alternatively, it is possible to contact us via the email address provided. In this case, the personal data transmitted with the email is stored.

The data is processed for the purpose of handling the enquiry.

b. Legal Basis for Data Processing
The legal basis for processing the data is Article 6(1)(a) GDPR.
If the email contact aims to conclude a contract, the legal basis for processing is Article 6(1)(b) GDPR.
Otherwise, the legal basis is Article 6(1)(f) GDPR.

c. Purpose of Data Processing
The processing of personal data serves solely to handle the contact request. This also constitutes the legitimate interest required for processing the data.

The other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our IT systems.

d. Duration of Storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data from the contact form input fields and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

If the correspondence results in a business transaction, we are legally required to retain the exchanged correspondence for 6 years (beginning at the end of the calendar year in which the respective message was sent).

e. Right to Object and Removal Option
The user may withdraw their consent to the processing of personal data at any time. To do so, the user may contact the controller using the contact options provided on the website. If the user contacts us by email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

If the retention of the data is based on a legal obligation, there is no right to object.

4. Newsletter

a. Description and Scope of Data Processing
Users have the option to subscribe to our newsletter via our website. When signing up for the newsletter, the data entered in the input form is transmitted to us.

The following data is also collected at the time of registration:

  • IP address of the registering device
  • Date and time of registration

During the registration process, consent is obtained using the so-called double opt-in procedure.

If customers have purchased goods or services from us and provided their email address in the process, we may subsequently use this address to send them a newsletter. In such cases, the newsletter is used exclusively for direct advertising of our own similar goods or services.

b. Legal Basis for Data Processing
The legal basis for processing data after the user subscribes to the newsletter is Article 6(1)(a) GDPR, provided that the user has given consent.
The legal basis for sending the newsletter following the sale of goods or services is § 7(3) UWG (German Unfair Competition Act).

c. Purpose of Data Processing
The collection of the user's email address serves the purpose of delivering the newsletter.
The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

d. Duration of Storage
The data is deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. Accordingly, the user’s email address is stored for as long as the newsletter subscription is active.

e. Right to Object and Removal Option
The subscription to the newsletter can be cancelled by the user at any time. A corresponding link is provided in each newsletter for this purpose.

5. Registration During the Order Process or Guest Checkout

a. Description and Scope of Data Processing
Users have the option to register on our website.
During registration, the data entered in the input form is transmitted to and stored by us. The same applies to data entered during the guest checkout process.

Personal data may be transferred to third parties, such as parcel delivery services, insofar as this is necessary for the performance of the contract. These third parties use the transmitted data exclusively for internal purposes attributable to us.

b. Legal Basis for Data Processing
Registration and guest checkout serve the implementation of pre-contractual measures and the fulfilment of a contract to which the user is a party. Therefore, the legal basis for processing the data is Article 6(1)(b) GDPR.

c. Purpose of Data Processing
User registration is necessary to fulfil contracts with users or to carry out pre-contractual measures. The same applies to data entered during guest checkout.

d. Duration of Storage
The data is deleted as soon as it is no longer necessary for achieving the purpose for which it was collected.

This is the case for data collected during the registration process when the registration on our website is cancelled or modified.

This is also the case for data collected during registration or guest checkout for the performance of a contract or for carrying out pre-contractual measures, when the data is no longer required for contract execution. Even after contract completion, there may be a need to store personal data of the contracting party to comply with contractual or legal obligations.

We are legally required to retain correspondence related to the conclusion of a contract for 6 years (starting at the end of the calendar year in which the respective document was sent).

e. Right to Object and Removal Option
Users can cancel their registration at any time. The stored data can be modified at any time by the users themselves or upon request.

Details on how to delete a registration can be obtained from the controller.

If the data is required to perform a contract or to carry out pre-contractual measures, early deletion is only possible to the extent that no contractual or statutory obligations prevent deletion.

6. Contract Execution

a. Description and Scope of Data Processing
In the course of processing contracts, we collect and process your personal data for the purpose of fulfilling the contract and handling your enquiries. We process the data you provide and, if necessary, forward it to service partners that we require to execute the contractual relationship, or to service providers engaged by us as processors.

In addition to the recipients specified in the respective clauses of this privacy policy, these may include recipients from the following categories:
payment service providers, service providers for order processing, web hosts, IT service providers, etc.

b. Legal Basis for Data Processing
The processing described above serves the performance of a contract to which the user is a party. The legal basis for processing the data is Article 6(1)(b) GDPR.

c. Purpose of Data Processing
The transmission of data serves the fulfilment of our contractual obligations.

d. Duration of Storage
Your data will be deleted once it is no longer required for the execution of the contract, provided that no contractual or statutory retention obligations prevent deletion.

e. Right to Object and Removal Option
If the data is required for the performance of a contract or for pre-contractual measures, early deletion is only possible if no contractual or statutory obligations prevent it.

7. Payment Service Providers

a. Description and Scope of Data Processing
If a user selects a payment service provider during the order process, the user’s data required to complete the payment is automatically transmitted to the selected provider. This data may include, for example: name and address, banking details such as account or credit card numbers, passwords, TANs and verification codes, as well as contract-related, transaction-related and recipient-related information. In this case, the controller does not receive any account or credit card information, but only a notification on whether the payment transaction was successful.
Under certain circumstances, the payment service provider may transmit the data to credit agencies for the purpose of identity and credit checks. In this respect, we refer to the general terms and conditions and data protection notices of the respective provider, which can be viewed on their websites.

If you are required to be registered with your selected payment provider in order to use their services, you will be redirected to their website during the payment process. In this case, the provider collects the data directly, and their privacy policy applies.

The payment service providers we offer and further information about them can be found in the payment information section of our website.

b. Legal Basis for Data Processing
The legal basis for processing the data is Article 6(1)(b) GDPR (processing for the performance of pre-contractual measures and fulfilment of a contract).

c. Purpose of Data Processing
The transmission of data to the selected payment service provider is necessary for the performance of a contract to which the user is a party. In particular, it serves payment processing, fraud prevention, and identity and creditworthiness verification.

d. Duration of Storage
Your data will be deleted when it is no longer required for our business processes and no statutory retention obligations apply. We have no influence over the storage of data by the payment service provider; please contact the provider directly, who in this regard is the “controller” as defined by data protection regulations.

e. Right to Object and Removal Option
You have the rights stated in this privacy policy under the section “Rights of the Data Subject”, which may be exercised directly with the respective controller.

8. Credit Check Data Transfers

a. Description and Scope of Data Processing
In cases permitted by law, data may be transmitted to credit agencies as part of payment processing for the purpose of credit checks. Recipients of the data may include the following companies:

b. Legal Basis for Data Processing
The legal basis for the processing of data is Article 6(1)(b) GDPR.

c. Purpose of Data Processing
The data transfer is carried out for fraud prevention as well as identity and creditworthiness verification.

d. Duration of Storage
Your data will be deleted once it is no longer required for our business processes and no statutory retention obligations apply. We have no influence over the storage of the data by the provider. You can contact the provider using the contact details listed above.

e. Right to Object and Removal Option
The user may withdraw the consent given to the provider or to the controller at any time. However, withdrawal is not possible for data that is essential for payment processing.

9. Google Analytics

a. Description and Scope of Data Processing
This website uses the web analytics service Google (Universal) Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses analytics cookies. The information generated by these cookies about your use of this website is generally transmitted to a Google server in the USA and stored there. We have extended the Google Analytics code with the function “gat._anonymizeIp();”. This code ensures that Google shortens the IP address within Member States of the European Union or other contracting states of the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide further services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Demographic Characteristics
By using the “demographic characteristics” function, statistics can be generated that provide information about the age, gender, and interests of users.

Google Signals
The “Google Signals” feature enables cross-device reports. If a user has activated personalised ads and linked their devices to their Google account, Google can analyse usage behaviour across devices and create cross-device conversions. We only receive statistics from this, not personal data.

For more information on how to disable personalised advertising, see:
https://support.google.com/ads/answer/2662922?hl=de
and
https://support.google.com/analytics/answer/7532985?hl=de

UserIDs
The “UserIDs” function allows activities and conversions to be analysed across devices.

Further information is available at:
https://www.google.com/analytics/terms/de.html
https://policies.google.com/?hl=de
https://policies.google.com/technologies/partner-sites
https://policies.google.com/privacy?hl=de&gl=de

We have concluded a data processing agreement with the provider. Furthermore, the provider relies on the European Commission’s standard contractual clauses. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

b. Legal Basis for Data Processing
The legal basis for processing users’ personal data is Article 6(1)(a) GDPR in conjunction with § 25(1) TDDDG.

c. Purpose of Data Processing
Processing users’ personal data enables us to analyse our users’ browsing behaviour. The evaluation of the data collected allows us to compile information on the usage of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. The anonymisation of the IP address adequately protects users’ interest in safeguarding their personal data.

d. Duration of Storage
Your data will be deleted when it is no longer required for our business processes and no statutory retention obligations apply.
Additionally, we have configured Google to automatically delete the data after 2 months.

e. Right to Object and Removal Option
Cookies are stored on the user’s device and transmitted to us. Therefore, users have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Already stored cookies can be deleted at any time. This can also be done automatically.

You can also prevent Google from collecting and processing the data generated by the cookie related to your use of the website (including your IP address) by downloading and installing the browser add-on available at:
https://tools.google.com/dlpage/gaoptout?hl=de

10. Google Ads

a. Description and Scope of Data Processing
We have integrated Google Ads on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

By using Google Ads, we can advertise our website by displaying interest-based advertising on third-party websites and in the search engine results of Google, as well as placing third-party advertisements on our own website. If a user clicks on a Google Ads advertisement, a conversion cookie is stored on the user’s device. Conversion cookies are not used to identify individual users. These cookies help us track which subpages of our website were accessed, whether a purchase was completed or cancelled. The personal data is stored by Google in the USA. Google may transmit this data to third parties.

b. Legal Basis for Data Processing
The legal basis for the processing of personal data through the use of cookies for analytical purposes is Article 6(1)(a) GDPR.

c. Purpose of Data Processing
Google Ads enables the placement of online advertising in Google’s search engine results as well as across the Google advertising network. For this purpose, we predefine certain keywords, which will trigger our adverts to appear in Google’s search results only if the user’s search query is relevant to these keywords. Within the Google advertising network, ads are distributed across relevant websites using an automatic algorithm and keyword targeting. The data obtained helps us optimise our advertising efforts.

d. Duration of Storage
Your data will be deleted when it is no longer required for our business processes and no statutory retention obligations apply. We have no influence over data storage by the provider. You can contact the provider using the contact details listed above.

e. Right to Object and Removal Option
Cookies are stored on the user’s device and transmitted to us. Therefore, users have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing your browser settings. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, some website features may no longer be fully usable.

Furthermore, users have the option to object to interest-based advertising by Google. To do so, they must access the link
www.google.de/settings/ads
from each internet browser they use and configure the desired settings.

Further information and the applicable data protection provisions of Google can be found at:
https://www.google.de/intl/de/policies/privacy/

11. Microsoft Advertising

a. Description and Scope of Data Processing
For online marketing purposes, we use “Microsoft Advertising”. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The parent company is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

We use conversion tracking to determine how you came to our website via an advert, which products you click on, and how long you stay on our website. We receive data about your click behaviour but no personal information identifying you as a user.

b. Legal Basis for Data Processing
The legal basis for data processing is Article 6(1)(a) GDPR (consent).
We note that the provider may process your data in the USA. By giving your consent in accordance with Article 49(1)(a) GDPR, you agree to your data being processed in the USA, despite the European Court of Justice having deemed the level of data protection there as inadequate. In particular, there is a risk that your data may be accessed by US authorities for control and monitoring purposes without effective legal remedies.

c. Purpose of Data Processing
The processing is carried out for marketing purposes, in particular for measuring the effectiveness and optimising our advertising campaigns on search engines and other Microsoft platforms.

d. Duration of Storage
We have no influence over the duration of data storage by the provider. According to Microsoft, search queries are anonymised by deleting the IP address after six months.

e. Right to Object and Removal Option
If you do not want Microsoft to collect and store data about you as described above, you can block the setting of cookies via your browser settings. You can also express your objection at:
http://choice.microsoft.com/de-DE/opt-out

Further information on data protection and the cookies used by the provider can be found at:
https://privacy.microsoft.com/de-de/privacystatement

12. Neocom Product Advisor

a. Description and Scope of Data Processing
We use the online product advisory software Neocom on our website. The provider is Neo Commerce GmbH, Max-Bill-Str. 8, 80807 Munich, Germany. This tool allows us to offer digital product consulting services.

Neocom is an interactive product advisory tool that guides users through a series of questions to help them find suitable products from our range. During this process, Neocom collects and processes usage data (e.g. clicks, selection decisions) as well as technical information (e.g. IP address, device type, browser information) to ensure the functionality of the tool and generate personalised recommendations.
To help you find a suitable product, you are guided through a questionnaire. Browser information is saved during this process. At the end, you receive a product recommendation, which can be sent to you by email if desired.

We have concluded a data processing agreement with the provider. This can be viewed at:
https://neocom.ai/avv/

b. Legal Basis for Data Processing
The data processing carried out when using the questionnaire is based on our legitimate interest in user-friendly design and optimal marketing of our website, pursuant to Article 6(1)(f) GDPR.

The result of the product recommendation is only sent to you if you have expressly consented to this, pursuant to Article 6(1)(a) GDPR.

c. Purpose of Data Processing
The data is processed for marketing purposes and to provide product recommendations.

d. Duration of Storage
The data will be deleted once it is no longer required for our business processes.

e. Right to Object and Removal Option
You may withdraw your consent at any time with effect for the future. To do so, please use the contact details provided in this policy.

Further information can be found at:
https://neocom.ai/de/datenschutz/

13. Two-Click Solution for Embedding YouTube

a. Description and Scope of Data Processing
We have integrated components from YouTube on our website. YouTube is an internet video platform that allows video publishers to upload video clips free of charge and enables other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, including complete films and TV shows, music videos, trailers, and videos created by users.

The service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Our website does not embed YouTube videos directly into its pages. This prevents profiling by third parties.

To view our videos, users must first click on the preview image. Only after giving consent or logging in can the video be played. Only at this point is data transmitted.

Further information can be found at:
http://www.youtube.com/t/privacy_guidelines
and in the privacy policy published by YouTube, available at:
https://www.google.de/intl/de/policies/privacy/
These provide details about the collection, processing and use of personal data by Google.

When accessing external content from these providers, you consent in accordance with Article 49(1)(a) GDPR to your data being processed in the USA, a country whose level of data protection has been assessed by the European Court of Justice as inadequate. In particular, there is a risk that your data may be processed by US authorities for surveillance and control purposes without the possibility of legal redress.

b. Legal Basis for Data Processing
The legal basis is Article 6(1)(a) GDPR (consent).

14. Facebook

a. Description and Scope of Data Processing
We maintain a company profile on the social media platform Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The parent company is Meta Platforms Inc., 1 Meta Way, Menlo Park, California 94025, USA.

If you have a Facebook profile and are logged into your Facebook account when visiting our company page, the provider may associate your visit with your user account. The provider collects and stores user data, such as information you provide and your IP address, and may use this data for business purposes.

Further information about data processing by the provider is available at:
https://de-de.facebook.com/policy.php

Please note that we have no influence over the provider’s data processing.

If you contact us via Facebook – for example, through a private message – we are the data controller within the meaning of the GDPR. We process the data you send us as well as any technically necessary administrative data.

When the provider processes your data as the platform operator (Insights data), it is considered a case of joint controllership with us pursuant to Article 26 GDPR. The corresponding agreement can be accessed here:
https://www.facebook.com/legal/terms/page_controller_addendum

For the use of certain Meta products, such as the “Facebook Business Tools”, an additional joint controller agreement under Article 26 GDPR applies:
https://www.facebook.com/legal/controller_addendum

You can contact the provider’s data protection officer via:
https://www.facebook.com/help/contact/540977946302970

b. Legal Basis for Data Processing
If you contact us via your social media profile, the legal basis for processing your data is our legitimate interest in responding to your enquiry pursuant to Article 6(1)(f) GDPR.
If your contact is aimed at entering into a contract, the additional legal basis is Article 6(1)(b) GDPR.

c. Purpose of Data Processing
The purpose of processing your data is to respond to your enquiries and, where applicable, to initiate or conclude a contract.

d. Duration of Storage
Your data will be deleted once your enquiry has been fully processed, provided that no legal retention obligations prevent this. We consider the enquiry to be completed when it can be inferred from the circumstances that the relevant matter has been conclusively clarified.

e. Right to Object and Removal Option
In addition to the rights listed under “Your Rights”, users have the following opt-out options:

15. Instagram

a. Description and Scope of Data Processing
We maintain a company profile on the social media platform Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The parent company is Meta Platforms Inc., 1 Meta Way, Menlo Park, California 94025, USA.

If you have an Instagram profile and are logged into your Instagram account while visiting our company page, the provider may associate your visit with your user profile. The provider collects and stores user data such as the information you provide or your IP address and may use this data for business purposes.

Further information about how the provider processes your data can be found at:
https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

Please note that we have no influence over the provider’s data processing activities.

If you contact us via Instagram – for example, by private message – we act as the controller within the meaning of the GDPR. We process the data you provide to us, along with any data that is technically necessary for administration.

When the provider processes your data as the platform operator (Insights data), this constitutes joint controllership with us in accordance with the GDPR.

You can reach the provider’s data protection officer at:
https://www.facebook.com/help/contact/540977946302970

b. Legal Basis for Data Processing

If you contact us via your social media profile, the legal basis for the data processing is our legitimate interest in responding to your enquiry, pursuant to Article 6(1)(f) GDPR.
If your contact is aimed at concluding a contract, the additional legal basis is Article 6(1)(b) GDPR.

c. Purpose of Data Processing
The purpose of processing is to respond to your enquiries, initiate or conclude contracts if applicable, and to provide access to our social media pages.

d. Duration of Storage
Your data will be deleted after your enquiry has been conclusively processed, unless statutory retention obligations prevent deletion. We consider an enquiry to be completed when it can be inferred from the circumstances that the matter has been conclusively resolved.

e. Right to Object and Removal Option
You have the rights set out under “Your Rights”.

In addition, users can opt out as follows:

16. Trusted Shops Reviews

a. Description and Scope of Data Processing
We use the review tool provided by Trusted Shops. The provider is Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne, Germany.

If the user clicks the checkbox “Review later” during the order process, the provider receives the user’s email address. The user may receive emails from the provider reminding them to leave a review.

Further information regarding the duration of storage can be found at:
https://www.trustedshops.de/impressum/

b. Legal Basis for Data Processing
The legal basis for processing the data after the user clicks the checkbox is Article 6(1)(a) GDPR.

c. Purpose of Data Processing
The data collected as described above is used to request and obtain user reviews. These reviews serve to promote the goods and services we offer.

d. Duration of Storage
Your data will be deleted when it is no longer required for our business purposes and no statutory retention obligations apply. We have no influence over how long the data is stored by the provider. You can contact the provider using the details given above.

e. Right to Object and Removal Option
You may withdraw your consent to receive review reminder emails at any time by contacting either the provider or the controller.

17. Google Translate

a. Description and Scope of Data Processing
We use the translation service Google Translate on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

By using the service, information about your use of the website (such as click behaviour, including your IP address) may be transmitted to the provider. This data may be transferred to a server operated by the provider in the USA and stored there.

Further information is available at:
https://policies.google.com/privacy?hl=de

b. Legal Basis for Data Processing
The legal basis for the data processing is Article 6(1)(a) GDPR.

c. Purpose of Data Processing
The use of Google Translate serves to improve the accessibility and usability of our online services for international visitors.

d. Duration of Storage
We have no control over the storage of data by the provider. You can contact the provider using the contact details listed above.

e. Right to Object and Removal Option
Users can prevent data transmission to the provider by disabling JavaScript in their browser. However, this may restrict the functionality of the website.

18. FriendlyCaptcha

a. Description and Scope of Data Processing
We use the service “FriendlyCaptcha” on our website, provided by Friendly Captcha GmbH, Am Anger 3–5, 82237 Wörthsee, Germany. FriendlyCaptcha serves to protect our website from automated and abusive requests (e.g. by bots). When accessing certain pages or forms, a computational puzzle is triggered, which the user’s browser solves in the background. In doing so, technical data is processed, including the IP address (in anonymised form), information about the browser and operating system used, date and time, and the referring website.

FriendlyCaptcha does not store tracking cookies, does not create user profiles, and does not conduct personalised analysis.

 

b. Legal Basis for Data Processing
The legal basis is Article 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in protecting our systems from abusive access, spam, and attacks by automated requests.

c. Purpose of Data Processing
The purpose of using FriendlyCaptcha is to ensure the integrity and security of our web forms and online services by preventing automated input (so-called bot protection).

d. Duration of Storage
The IP address is only processed in anonymised form and is not stored permanently. No personal data is stored beyond what is necessary to fulfil the security task.

e. Right to Object and Removal Option
Since FriendlyCaptcha does not store personal data in an evaluable form and does not use cookies, there is no classic objection mechanism. If you wish to prevent the processing technically, you can disable JavaScript in your browser. However, this may limit the functionality of the website.

Further information on data processing by FriendlyCaptcha can be found at:
https://friendlycaptcha.com/de/legal/privacy-end-users/

19. CleverReach

a. Description and Scope of Data Processing
We use the service “CleverReach” to send our newsletter. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany. CleverReach helps us organise and analyse our newsletter distribution.

When you subscribe to our newsletter, the data you enter (e.g. email address, optionally your name) will be stored on CleverReach’s servers in Germany or Ireland. Our newsletters contain so-called tracking pixels, which establish a connection to the CleverReach servers when the email is opened. This allows us to determine whether a newsletter was opened and which links were clicked. Technical information is also collected (e.g. time of access, IP address, browser type). This data is used for statistical evaluation of newsletter performance.

b. Legal Basis for Data Processing
The data processing is based on your consent pursuant to Article 6(1)(a) GDPR.

c. Purpose of Data Processing
The processing of your data is carried out for the purpose of sending the newsletter and analysing its success in order to optimise our newsletter offering.

d. Duration of Storage
The data stored for newsletter distribution will remain stored until you unsubscribe from the newsletter or withdraw your consent. After unsubscribing or revoking consent, your data will be deleted from both our mailing list and CleverReach’s servers.

e. Right to Object and Removal Option
You may withdraw your consent at any time by clicking the unsubscribe link provided in each newsletter or by notifying us directly. The lawfulness of data processing carried out prior to the withdrawal remains unaffected.

Further information on data processing by CleverReach can be found at:
https://www.cleverreach.com/de/datenschutz/

 

 

 

Viewed