Basic information on data processing and the legal principles
- This data protection declaration provides information on the type, scope and purpose of processing personal data within our online range of services and the websites associated with it, functions and content (hereinafter jointly referred to as “online range” or “website”). This data protection declaration applies independently of the domains, systems, platforms and devices used (e.g. desktop or mobile) to call up the online range.
- The terms used such as “personal data” or its “processing” refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
- The user’s personal data processed as part of this online range include inventory data (e.g. customer’s name and address), contract data (e.g. services used, name of administrators, payment information), usage data (e.g. websites from our online range visited, interest in our products) and content data (e.g. entries in the contact form).
- The term “user” covers all categories of people affected by data processing. They include our business partners, customers, potential customers and other visitors to our online range. The terms used, such as “users”, are to be understood as gender neutral.
- We process users’ personal data only in compliance with the key data protection provisions. This means that users’ data is only processed if there is statutory permission to do so. This means in particular that if the data processing is required to provide our contractual services (e.g. process orders) and online services or is required by law, users have provided consent or if we have a justified interest (i.e. interest in the analysis, optimisation, economic operation and security of our online range as defined by Art. 6 Para. 1 lit. f GDPR, in particular to measure the reach, create profiles for advertising and marketing purposes, collect access data and use the services of third-party suppliers.
- We point out that the legal basis for consents is Art. 6 Para.1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfil our services and implement contractual measures is Art. 6 Para.1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 Para.1 lit. c GDPR and the legal basis for processing to maintain our justified interests is Art. 6 Para.1 lit. f GDPR.
- We undertake up-to-date organisational, contractual and technical security measures to ensure that the regulations of the data protection laws are complied with and to thus protect the data that we process from random or deliberate manipulation, loss, destruction or access by unauthorised persons.
- The security measures include in particular the encrypted transfer of data between your browser and our server.
Transfer of data to third parties and third party suppliers
- A transfer of data to third parties only takes place within the framework of the statutory requirements. We only pass on users’ data if this is required e.g. on the basis of Art. 6 Para.1 lit. b GDPR for contractual purposes or based on justified interests pursuant to Art. 6 Para.1 lit. f GDPR for the economic and effective operation of our business.
- If we use sub-contractors to provide our services, we undertake suitable legal precautions and appropriate technical and organisational measures to protect personal data pursuant to the key statutory regulations.
- If, within the framework of the content in this data protection declaration, tools or other resources of other suppliers are used (hereinafter jointly referred to as “third party suppliers”) and their stipulated head office is in a third country, it can be assumed that data transfer takes place to the country of the third party supplier’s head office. Third party countries are understood as countries where GDPR is not directly applicable law, i.e. countries outside the EU and European Economic Area. The transfer of data to third countries takes place either if there is an appropriate level of data protection, users’ consent or other statutory permission.
Provision of contractual services
- We process inventory data (e.g. users’ name, address and contact data), contract data (e.g. services used, name of contacts, payment information) for the purposes of fulfilling our contractual obligations and services pursuant to Art. 6 Para. 1 lit. b GDPR.
- Users may create a user account in which they can see their orders. As part of the registration, the users are informed about the necessary compulsory information. The user accounts are not public and cannot be indexed by search engines. If users terminate their user account, the data for their user account is erased, notwithstanding its storage if this is necessary for commercial or tax law reasons pursuant to Art. 6 Para. 1 lit. c GDPR. It is up to users to back up their data on termination before the end of the contract. We are entitled to irrevocably erase the user’s data stored during the contractual period.
- As part of the registration and repeat logins as well as the use of our online services, we store the IP address and timing of the relevant user action. The storage is based on our justified interests and to protect the user from abuse and other unauthorised use. This data is not transferred to third parties except if it is necessary to track our claims or there is a statutory obligation to do so under Art. 6 Para. 1 lit. c GDPR.
- For advertising purposes, we process usage data (such as the websites of our online range visited, interest in our products) and content data (e.g. entries in the contact form or user profile) in a user profile to show users e.g. product information starting from the services used to date.
- When making contact with us (using the contact form or email), the user’s information are processed to handle the contact request pursuant to Art. 6 Para. 1 lit. b) GDPR.
- The user’s information may be stored in our customer relationship management system (“CRM system”), “FreshSales”, a platform issued by FreshWorks, Alte Jakobstraße 85/86, Hof 3, Haus 6, 10179 Berlin, Germany, or a comparable query organisation system. We also use the “CRM system” Less Annoying CRM,Less Annoying Software, LLC, 1017 Olive St. #300, St. Louis, MO 63101
- We use the “Helpdesk”, ”FreshDesk”, a platform by FreshWorks, Alte Jakobstraße 85/86, Hof 3, Haus 6, 10179 Berlin, Germany, based on our justified interests (efficient and quick processing of user queries). For this we have concluded a contract with so-called standard contract clauses with FreshDesk, in which FreshDesk is obligated to process the user data only pursuant to our instructions and comply with the EU data protection level. FreshDesk is also certified under the Privacy Shield agreement and therefore offers an additional safeguard that European data protection law is complied with (https://www.privacyshield.gov/participant?id=a2zt0000000KzX1AAK&status=Active). You can view the FreshWorks data protection provisions here:
Comments and contributions
- If users leave comments or other contributions, their IP address is saved based on our justified interests as defined by Art. 6 Para. 1 lit. f. GDPR for 7 days.
- 6.2. This is done for our security in case somebody leaves illegal content or contributions (insults, banned political propaganda etc.). In these cases, we can be sued for the comment or contribution and are therefore interested in the author’s identity.
Collection of access data and log files
- Based on our justified interests as defined by Art. 6 Para. 1 lit. f. GDPR, we collect data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the called up website, file, date and time of call-up, transferred data volume, notification of successful call-up, browser type and version, user’s operating system, referrer URL (the previously visited page), IP addresses and requesting provider.
- Log file information is stored for security reasons (e.g. to clarify abuse or fraud) for a maximum of seven days and then erased. Data that must continue to be stored for evidence purposes is excluded from erasure until the final clarification of the relevant event. You can view the Strato data protection provisions here:
Cookies and reach measurement
- Cookies are information transferred from our web server or that of third parties to the user’s web browser and stored there for calling up later. Cookies may be small files or other types of information storage.
- We use “session cookies” that are only stored for the duration of the current visit to our online range (e.g. to store your log in status or shopping basket function and thus permit the use of our online range). A randomly generated unique identification number is stored in a session cookie; this is called a session-ID. A cookie also states its origin and storage period. These cookies cannot store any other data. Session cookies are deleted when the use of our online range has ended and the user logs off or closes the browser.
- If the user does not want cookies to be saved on their computer, they can deactivate the relevant option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies may result in functional restrictions to this online range.
- Google is also certified under the Privacy Shield agreement and therefore offers a safeguard that European data protection law is complied with (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- At our request, Google will use this information to analyse users’ use of the online range, create reports on the activities within the online range and provide other services associated with use of this online range and internet use. Pseudonym usage profiles can be created from users’ processed data.
- We use Google Analytics to show adverts from Google web services and its partners only to those users who have shown an interest in our online range or certain characteristics (e.g. interest in particular themes or products that were determined using the websites visited) that we transfer to Google (so-called “Remarketing” or “Google Analytics Audiences”). With the aid of remarketing audiences, we want to ensure that our adverts meet the potential interests of the users and which are non-invasive.
- We only use Google Analytics with activated IP anonymisation. This means that Google will first shorten your IP address within European Union Member States or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases, is the full IP address transferred to a Google server in the USA and abbreviated there.
- The IP address provided from the user’s browser is not combined with other Google data. The user can prevent the storage of the cookies by using an appropriate setting in their browser software; users can also prevent the storage of the data generated by the cookie and related to the use of the online range to Google as well as the processing of the data by Google by downloading and installing the browser plug-in available on the following link: http://tools.google.com/dlpage/gaoptout.
- Additional information on data usage by Google, settings and objection options are found on the Google website: https://www.google.com/intl/de/policies/privacy/partners (“data usage by Google when using our partners’ websites or apps”), http://www.google.com/policies/technologies/ads (“data usage for advertising purposes”), http://www.google.de/settings/ads (“manage information that Google uses to show adverts”).
Google re/marketing services
- Based on our justified interests (i.e. interests in analysing, optimising and economically operating our online range as defined by Art. 6 Para 1 lit. f. GDPR), we use the marketing and remarketing services (summarised as “Google marketing services”) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
- Google is also certified under the Privacy Shield agreement and therefore offers a safeguard that European data protection law is complied with (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)).
- The Google marketing services enable us to show adverts for and targeted to our website in order to only present to users adverts that potentially match their interests. If a user e.g. is shown adverts for products for which they are interested on other websites, this is called “remarketing”. For this purpose, when calling up our and other adverts on which Google marketing services are active, Google executes a code and so-called (re)marketing tags (also called invisible graphics or codes and web beacons) are integrated into the website. This is used to store an individual cookie, i.e. a small file, on the user’s device (comparable technologies may be used instead of cookies). The cookies can be set by various domains including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. This file records which websites the users visit, which content they are interested in, which offers they have clicked; it also stores technical information on the browser and operating systems, referring websites, visit time and other information on using the online range. It also stores the user’s IP address and, as part of Google Analytics, the IP address is shortened within the member states of the European Union or the signatory states of the Agreement on the European Economic Area and only in exceptional circumstances is it transferred in full to Google servers in the USA and shortened there. The IP address is not merged with the user’s data from other Google offers. The information stated above may be linked by Google to such information from other sources. If the user then visits other websites the adverts can be matched according to their interests.
- The user’s data is processed in Google marketing services using pseudonyms. This means that Google does not store or process e.g. the name or email address of users, but rather processes the relevant data for each cookie within pseudonym user profiles. This means that from Google’s perspective, the adverts are not managed and displayed for a specifically identified person but rather to the cookie owner, no matter who this owner is. This does not apply if a user explicitly allows Google to process the data without this pseudonymisation. The information collected about the users by Google marketing services is transferred to Google and stored on Google’s servers in the USA.
- The Google marketing services that we use include the “Google AdWords” online advertising program. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained with the aid of the cookie is used to create conversion statistics for AdWords customers who have chosen conversion tracking. The AdWords customers discover the total number of users who have clicked on their advert and are forwarded to the page that was given a conversion tracking tag. However, they contain no information that could enable the user to be identified in person.
- We can also use the “Google Optimizer” service. Within the framework of so-called “A/B testing”, Google Optimizer allows us to track how various changes to a website have an effect (e.g. changes to entry fields, the design etc.). Cookies are stored on users’ devices for these test purposes. Only pseudonym data is used.
- We may also use the “Google Tag Manager” to integrate and manage Google analysis and marketing services in our website.
- You can find more information on use of the data for marketing purposes by Google on the overview page: https://www.google.com/policies/technologies/ads; the Google data protection declaration can be called up from https://www.google.com/policies/privacy.
- If you wish to object to interest-related advertising by Google marketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.
Facebook Social Plug-ins
- Based on our justified interests (i.e. interest in the analysis, optimisation and economic operation of our online range as defined by Art. 6 Para. 1 lit. f. GDPR), we use social plug-ins (“plug-ins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plug-ins depict interaction elements or content (e.g. videos, graphics or text blocks) and are recognisable from the Facebook logo (white “f” on a blue tile, the terms “Like”, “Gefällt mir” or a “thumbs up” icon) or are marked with the “Facebook Social Plug-in” supplement. The list and appearance of Facebook social plug-ins can be viewed here: https://developers.facebook.com/docs/plugins/.
- Facebook is certified under the Privacy Shield agreement and therefore offers a safeguard that European data protection law is complied with (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
- If a user calls up a function from this online range that contains such a plug-in, their browser makes a direct connection with the Facebook servers. The content of the plug-in is transferred by Facebook directly to the user’s device and is integrated into the online range. Usage profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects using this plug-in and consequently inform the user according to our level of knowledge.
- As a result of the plug-in integration, Facebook receives notification that the user has opened up the relevant page on the online range. If the user is logged into Facebook, Facebook can assign the visit to their Facebook account. If the user interacts with the plug-in, e.g. presses the “Like” button or makes a comment, the relevant information is transferred directly from their browser to Facebook and is saved there. If a user is not a member of Facebook, there is still a chance that Facebook will discover and store their IP address. According to Facebook, only anonymous IP addresses are stored in Germany.
- The purpose and scope of the data collection, the ongoing processing and use of the data by Facebook as well as their rights and setting options related to this to protect their private sphere are shown in the Facebook data protection information: https://www.facebook.com/about/privacy/.
- If a user is a member of Facebook and does not want Facebook to collect data on this online range and link this with their member data saved on Facebook, they must log out of Facebook before visiting the website and delete the cookies. Other settings and objections are possible for advertising purposes within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are transferred for all devices such as desktop computers and mobile devices.
Facebook, Custom Audiences and Facebook Marketing Services
- Within our online range on the basis of our justified interests in the analysis, optimisation and economic operation of our online range and for this purpose, we use the so-called “Facebook Pixel” from the social network Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
- Facebook is certified under the Privacy Shield agreement and therefore offers a safeguard that European data protection law is complied with (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
- With the aid of the Facebook Pixel, Facebook is able on the one hand to determine visitors to our online range as a target group to display adverts (so-called “Facebook Ads”). We therefore use the Facebook Pixel to show Facebook adverts that we have placed only to those Facebook users who have shown an interest in our online range or certain characteristics (e.g. interest in particular themes or products that have been determined using the websites visited) that we transfer to Facebook (so-called “Custom Audiences”). With the aid of the Facebook Pixel, we also want to ensure that our Facebook adverts meet the potential interests of the users and are non-invasive. With the aid of the Facebook Pixel, we can also track the effectiveness of Facebook adverts for statistical and market research purposes in which we see whether the user was forwarded to our website after clicking a Facebook ad (so-called “Conversion”).
- The Facebook Pixel is integrated directly by Facebook when opening our website and a so-called cookie, i.e. a small file, may be stored on your device. If you then log into Facebook or visit Facebook when logged in, the visit to our online range is noted in your profile. The data collected about you is anonymous for us and we can therefore not make any conclusions on the user’s identity. However, the data is stored and processed by Facebook, such that a link to the relevant user profile is possible and can be used by Facebook and for our own market research and advertising purposes. If we transfer data to Facebook for comparison purposes, these are stored locally on the browser and only sent to Facebook via a secure https connection. This takes place solely for the purpose of creating a comparison with the data that is equally encrypted by Facebook.
- In addition, when using the Facebook Pixel, we also use the “advanced comparison” additional function; here such data as telephone numbers, email addresses or the user’s Facebook IDs are transferred to Facebook to form target groups (“Custom Audiences” or “Look Alike Audiences”) (encrypted). Additional information on “advanced comparison”: https://www.facebook.com/business/help/611774685654668).
- Also on the basis of our justified interests, we use the “Custom Audiences from File” process from the social network Facebook Inc. In this case the email addresses of newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used solely to determine recipients for our Facebook adverts. We want to therefore ensure that the adverts are only shown to users who are interested in our information and services.
- Facebook processes the data under the Facebook data processing guidelines. Therefore, general information on the depiction of Facebook ads is found in the data processing guidelines here: https://www.facebook.com/policy.php. Special information and details on the Facebook Pixel and its operation is found in the Facebook help pages: https://www.facebook.com/business/help/651294705016616.
- You can object to the recording by the Facebook Pixel and use of your data to show Facebook ads. To set which types of adverts you are shown within Facebook, you can open the page set up by Facebook and follow the settings for usage-based advertising there: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are transferred for all devices such as desktop computers and mobile devices.
- With the following notifications, we clarify the content of our newsletter as well as the registration, dispatch and statistical analysis processes and your objection rights. By subscribing to our newsletter, you declare your consent to the receipt and processes described.
- Content of the newsletter: We send newsletters, emails and other electronic notifications with advertising information (hereinafter referred to as “newsletter”) only with the consent of the recipients or statutory permission. If the contents of a newsletter are specifically described within the scope of a registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information on our products, offers, actions and our company.
- Double opt-in and logging: To register for our newsletter, we use the so-called double opt-in procedure. This means that after registration, you receive an email that requests confirmation of your registration. This confirmation is required so that nobody can register with a third-party email address. The newsletter registrations are logged to be able to document the registration process pursuant to the legal requirements. This includes storing the registration and confirmation timing, as well as the IP address. The changes to the data stored are also logged with the delivery service provider.
- Delivery service provider: The newsletter is sent via “MailChimp”, a newsletter delivery platform by US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The delivery service provider’s data protection provisions can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement and therefore offers a safeguard that it complies with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
- In addition, the delivery service provider states that it uses this data in pseudonym form, i.e. without assignment to a user, to optimise or improve its services, e.g. technically optimise the delivery and depiction of the newsletters or for statistical purposes to determine the countries where the recipients are located. The delivery service provider however does not use the data of our newsletter recipients to write to them or pass this on to third parties.
- Registration data: To register for the newsletter, it is sufficient to state your email address. As an option, we request a name so we can address the newsletter to you personally.
- Statistical collection and analyses – the newsletters contain a so-called “web beacon”, i.e. a pixel file that is called up when opening the newsletter by the server of the delivery service provider. When it is called up, it first collects technical information, such as information on the browser and your system, your IP address and timing of the call up. This information is used to technically improve the services using the technical data or target groups and their read behaviour using their call up locations (which can be determined with the aid of the IP address) or access times. The statistical collections also include the determination of whether the newsletter was opened, when it was opened and which links were clicked. This information can be assigned to individual newsletter recipients for technical reasons. It is, however, neither our desire nor that of the delivery service provider to monitor individual users. Rather, the analyses are used to determine the reading habits of our users and adapt our content to them or to send different content pursuant to the interests of our users.
- The use of the delivery service provider, implementation of statistical collections and analyses as well as logging the registration process takes place on the basis of our justified interests pursuant to Art. 6 Para. 1 lit f. GDPR. Our interest depends on the use of a user-friendly and secure newsletter system that both serves the purposes of our business interests and meets the expectations of the users.
- Termination/revocation – you can terminate receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consents to their dispatch by the shipping service provider and the statistical analyses expire. Unfortunately, it is not possible to have a separate revocation for the dispatch by the delivery service provider and for the statistical analysis. You will find a link to terminating the newsletter at the end of each newsletter. If the user is only registered for the newsletter and has terminated this registration, their personal data is deleted.
Integration of services and the content of third parties
- Based on our justified interests (i.e. interest in the analysis, optimisation and economic operation of our online range as defined by Art. 6 Para. 1 lit.f GDPR) we use on our online range content and service offers from third party suppliers to integrate their content and services, e.g. videos or fonts (hereinafter referred to jointly as “content”). This always requires that third party suppliers of this content see users’ IP addresses as without the IP address they could not send the content to their browsers. The IP address is therefore required to depict this content. We make every effort to use only such content for which the relevant supplier simply uses the IP address to deliver the content. Third party suppliers may also use so-called pixel tags (invisible graphics, also called “web beacons”) for statistical or marketing purposes. The “pixel tags” are used to analyse information such as visitor traffic on the pages of this website. The pseudonym information can also be stored in cookies on the user’s device and includes technical information on the browser and operating systems, referring websites, visit time and other information on the use of our online range as well as such information from other sources.
- The following description offers an overview of third party suppliers and their content, as well as links on their data protection declarations, other information on processing data and sometimes objection options already stated here (so-called opt-outs):
- If our customers use the payment services of third parties (e.g. PayPal or immediate transfers), the business terms and data protection information of the relevant third-party supplier apply and these can be called up within the relevant website or transaction applications.
- External fonts from Google, Inc., https://www.google.com/fonts (“Google Fonts”). The integration of Google fonts is undertaken by calling up a Google server (usually in the USA). Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
- Maps for the “Google Maps” services are provided by the third-party supplier Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
- Videos for the “YouTube” platform are provided by the third-party supplier Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
- Our online range integrates the functions of the Google+ service. – These functions are offered by the third-party supplier Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged into your Google+ account, you can link the content of our site with your Google+ profile by clicking the Google+ button. This enables Google to assign your visit to our site to your user account. As the provider of the site, we point out that we have no knowledge of the content of the transferred data and its use by Google+. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
- Our online range integrates the functions of the Instagram service. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our site with your Instagram profile by clicking the Instagram button. This enables Instagram to assign your visit to our site to your user account. As the provider of the site, we point out that we have no knowledge of the content of the transferred data and its use by Instagram. Data protection declaration: http://instagram.com/about/legal/privacy/.
- Our online range uses functions of the LinkedIn network. The supplier is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When calling up one of our pages containing LinkedIn functions, a link is made to the LinkedIn servers. LinkedIn is informed that you have visited our website and your IP address. If you click the LinkedIn “Recommend button” and are logged into your LinkedIn account, it is possible for LinkedIn to assign your visit to our website to you and your user account. As the provider of the site, we point out that we have no knowledge of the content of the transferred data and its use by LinkedIn. Data protection declaration: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- We use the social plug-in from the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). If you call up a page that contains such a plug-in, your browser creates a direct connection to the Pinterest servers. The plug-in transfers log data to the Pinterest server in the USA. This log data may contain your IP address, the address of the websites visited that also contain Pinterest, type and settings of the browser, date and time of the request, your use of Pinterest and cookies. Data protection declaration: https://about.pinterest.com/de/privacy-policy.
- Our online range integrates the functions of the Twitter service. These functions are offered Twitter Inc., 1355 Folsom St., Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “retweet” function, the websites that you visited are linked with your Twitter account and notified to other users. The data is transferred to Twitter. As the provider of the site, we point out that we have no knowledge of the content of the transferred data and its use by Twitter. Twitter data protection declaration http://twitter.com/privacy. You can modify your data protection settings at Twitter in the account settings at http://twitter.com/account/settings.
- We use the social plug-in for the social network Tumblr, which is operated by Tumblr Inc. located at 35 East 21st Street, 10E, New York, NY 10010, USA (“Tumblr ”). If you call up a page that contains such a plug-in, your browser creates a direct connection to the Tumblr servers. The plug-in transfers log data to the Tumblr servers in the USA. This log data may contain your IP address, the address of the websites visited that also contain Tumblr, type and settings of the browser, date and time of the request, your use of Tumblr and cookies. Data protection declaration: https://www.tumblr.com/policy/en/privacy.
- We use the functions of the XING network. The supplier is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. When calling up one of our pages containing Xing functions, a link is made to the Xing servers. To the best of our knowledge, no personal data is stored. In particular, no IP address is stored nor is the usage behaviour analysed. Data protection declaration: https://www.xing.com/app/share?op=data_protection.
Rights of users
- Users have the right to receive information without charge on request about the personal data we have saved.
- In addition, users have the right to rectify incorrect data, restrict the processing and erase their personal data if applicable, assert their rights to data portability and, in the event of the assumption of unlawful data processing, submit a complaint to the responsible supervisory authority. Users can also revoke consents, but only with future effect: GDPR Information Request
- The data we have stored is erased as soon as it is no longer required for the determined purpose and its erasure is not objected to by statutory storage obligations. If the users’ data is not erased because it is required for other statutorily permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies e.g. to users’ data that must be stored for commercial or tax law purposes.
- According to the statutory requirements, storage is made for 6 years pursuant to Section 257 Para. 1 of the German Commercial Code (HGB) (trading books, inventories, opening balances, annual accounts, trading letters, posting documents etc.) and for 10 years pursuant to Section 147 Para. 1 of the German Tax Code (books, records, management reports, posting documents, trading and business letters, documents relating to taxation etc.). GDPR Information Request
Right of objection
- Pursuant to the statutory requirements, users can revoke the future processing of their personal data. The revocation can in particular take place with regard to processing for the purposes of direct advertising.
Amendments to the data protection declaration
- We reserve the right to modify the data protection declaration to adapt it to modified legal requirements or for changes to the service and data processing. This applies, however, only to declarations on data processing. If user consents are required or components of the data protection declaration contain provisions on the contractual relationship with the users, the changes are only made with the consent of the user.
- The users are requested to obtain information regularly on the content of the data protection declaration.