Data Privacy Statement
We attach the utmost importance to protecting your data and safeguarding your privacy. We therefore provide the following information regarding the collection and use of personal data when you use our website.
§ 1 Data controller and data protection officer
(1) The following information explains how we collect personal data when you use our website. Personal data refers to any data that can be linked to you personally, e.g. name, address, email addresses, user behaviour.
(2) The controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) is FARE - Guenther Fassbender GmbH, represented by Volker Griesel, Stursberg II 12, 42899 Remscheid (see our legal notice).
(3) The data protection officer pursuant to Article 37(1) of the GDPR is Prof. Thomas Jäschke, DATATREE AG; Bovermannstraße 8, 44141 Dortmund, Tel. (0231) 543803-98, email [email protected]. You can contact our Data Protection Officer using these contact details or by writing to our postal address, adding “the Data Protection Officer”.
(4) If we use contracted service providers for specific functions of our service or wish to use your data for marketing purposes, we will provide you with detailed information on the respective processes below. We will also specify the criteria for the storage period.
§ 2 Your rights
(1) You have the following rights vis-à-vis us with regard to your personal data
- Right of access,
- Right to rectification or erasure,
- Right to restriction of processing,
- Right to object to processing,
- Right to data portability.
If you wish to exercise your rights as a data subject, please send us an email to [email protected] or to our Data Protection Officer: [email protected]
(2) You also have the right to lodge a complaint with the data protection supervisory authority responsible for your place of residence or our registered office regarding our processing of your personal data. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Düsseldorf, Email: [email protected]. For further information and the latest contact details, please refer to the website of the https://www.ldi.nrw.de.
§ 3 Collection of personal data when visiting our website
(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (the legal basis is Article 6(1)(f) of the GDPR):
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request originates
- Browser
- Operating system and its interface
- Language and version of the browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and associated with the browser you are using, and through which certain information is transmitted to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective overall.
(3) Use of cookies:
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (see b)
- Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which allows various requests from your browser to be assigned to the shared session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies at any time via your browser’s security settings.
d) When you visit our site for the first time, the consent tool we use [CT(A1)] will ask you to select which cookies, tracking tools and remarketing tools are to be used based on your visit to our site. The use of certain cookies is necessary to ensure the functionality and security of our website. Furthermore, implementing the selection you make requires the use of a cookie that is stored on your device for a period of 1 year, unless you delete it beforehand via your browser settings. The legal basis for the use of these cookies is our legitimate interest (Art. 6(1)(f) GDPR) in recording the cookie selection you have made.
If you consent via the consent tool to the use of further cookies, tracking tools and remarketing tools, the processing of your personal data is based on your consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time. You will find the option to withdraw your consent in the descriptions of the individual tools below.
To provide the consent tool, we use the services of the provider Digital Data Solutions B.V. (CookieFirst), Plantage Middenlaan 42a, NL - 1018DH, Amsterdam
You can withdraw your consent at any time by visiting our site, clicking on “Adjust cookie settings” to reopen the selection screen and making your choice again.
e) You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the features of this website.
§ 4 Cloudflare / Cloudflare Turnstile
To provide our website, we use the content delivery network of the provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA (hereinafter “Cloudflare”). The use of Cloudflare enables us to optimise the loading speed and performance of web pages. Furthermore, the use of Cloudflare involves the monitoring and analysis of data streams for fault diagnosis as well as for the detection and defence against security attacks, e.g. DDoS attacks.
To this end, the website’s content is delivered via a network of distributed servers located geographically closer to users. The data processed in this context includes, in particular, IP addresses, device types, screen resolutions, network speeds, operating systems, usage behaviour, and technical access and error data. This information is necessary to dynamically adapt the content to different devices and network conditions and to optimise delivery.
The duration of storage depends on the purpose of the processing and can range from a few days for simple error analysis to several months in the event of an incident (depending on its severity).
Processing is carried out to safeguard our legitimate interests (Art. 6(1)(f) GDPR). Our legitimate interest is based on improving the stability and functionality of our website, as well as protecting and defending the website against attacks.
Furthermore, we use Cloudflare Turnstile (hereinafter “Turnstile”) from Cloudflare on our website. This is used to distinguish whether an input is made by a natural person or is abusive due to automated processing (e.g. bots).
To this end, Turnstile automatically analyses the behaviour of website visitors based on various characteristics (e.g. IP address, duration of visit, mouse movements, characters entered). This analysis begins automatically upon visiting the site. The data collected in the process (IP address, browser type, operating system, screen resolution, mouse movements, duration of visit, etc.) is transmitted to Cloudflare. As a rule, data processing takes place only for the duration of the visit to our website.
The use of Turnstile is based on Article 6(1)(f) of the GDPR. Our legitimate interest lies in preventing misuse and ensuring the security of our website.
We cannot rule out the possibility that personal data may be transferred outside the jurisdiction of the European Union, e.g. to servers located in the USA. Cloudflare is certified under the EU-US Data Privacy Framework and, through this certification, guarantees a level of data protection comparable to that of the EU. Furthermore, we have concluded a corresponding data protection agreement (“Data Processing Addendum”) with Cloudflare. Further information on data protection at Cloudflare can be found at: https://www.cloudflare.com/en-en/privacypolicy/ and https://www.cloudflare.com/trust-hub/gdpr/.
§ 5 Use of Google Tag Manager
We use Google Tag Manager on our website, a service provided by Google Ireland Limited, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. This is an organisational tool that allows us to manage our analytics tags via a single interface. In doing so, Google Tag Manager collects data on our website and forwards it to our connected analytics tools. The connected analytics tools store and analyse this data. Google Tag Manager itself does not set any cookies and does not store any personal data. The management tool merely collects data on how individual tags are used.
The use of Google Tag Manager is carried out in accordance with Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG only if you have given us your consent via the selection in our cookie banner. You can withdraw your consent at any time by clicking on the “View privacy settings” button integrated into the footer of our website ” in the footer of our website to open the consent banner. You can then use the banner to make a new selection.
We cannot rule out the possibility that personal data may be transferred outside the legal jurisdiction of the European Union, e.g. to servers located in the USA. Google is certified under the EU Data Privacy Framework and thus guarantees an equivalent level of data protection. Furthermore, we have concluded a “Data Processing Addendum”.
Further information about Google Tag Manager is available at https://support.google.com/tagmanager/answer/9323295?hl=en. For details on the collection and storage of your personal data, as well as the nature, scope and purpose of its use through the use of Google Tag Manager, please refer to Google’s privacy policy: https://policies.google.com/privacy.
§ 6 Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will, however, be truncated by Google beforehand within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website and internet usage to the website operator.
(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
(3) The legal basis for data processing is your consent (Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG). You may withdraw your consent at any time by visiting our page, clicking on “Adjust cookie settings” and revising your selection. You can prevent the storage of cookies by adjusting the settings in your browser software; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available via the following link: http:// tools.google.com/dlpage/gaoptout?hl=en.
Via this link, you can select and deactivate the various tags / trackers / analytics tools on this website: Adjust cookie settings
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. This ensures that IP addresses are processed in a truncated form, thereby ruling out any possibility of personal identification. Where the data collected about you is personally identifiable, this is therefore immediately excluded and the personal data is deleted without delay.
(5) We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offering and make it more interesting for you as a user. We cannot rule out the possibility that the use of Google Analytics may result in the transfer of personal data outside the legal jurisdiction of the European Union, e.g. to servers located in the USA. Google is certified under the EU Data Privacy Framework and thus guarantees an equivalent level of data protection. Furthermore, we have concluded a ‘Data Processing Addendum’ with Google.
§ 7 Use of Google AdWords Conversion Tracking
On our website, we use the advertising component Google Ads with so-called conversion tracking, a service provided by Google Ireland Limited, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an online advertising service that allows us to place adverts both in Google’s search engine results and on the Google Display Network.
With Google Ads, specific keywords are defined in advance, whereby an advert is displayed in Google’s search engine results only when you use the search engine to retrieve a search result relevant to those keywords. Within the Google Display Network, the adverts are distributed across thematically relevant websites using an automatic algorithm and in accordance with the previously defined keywords.
The purpose of Google Ads is to promote our website by displaying interest-based advertising on third-party websites and in Google’s search results. If you arrive at our website via a Google advert, Google places a so-called conversion cookie. A conversion cookie expires after 30 days and is not used to identify the data subject. Provided the cookie has not yet expired, the conversion cookie is used to track how you interact with our site, e.g. which subpages on our website have been visited.
The data and information collected through the use of the conversion cookie is used by Google to generate visitor statistics for our website. We, in turn, use these visitor statistics to determine the total number of users who were referred to us via AdWords adverts, i.e. to determine the success or failure of the respective AdWords advert and to optimise our AdWords adverts for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could be used to identify the data subject.
The conversion cookie is used to store personal information, such as the web pages visited by the data subject. Consequently, each time our web pages are visited, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google. The use of Google Ads is based on your consent in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG.
You may withdraw your consent at any time by clicking on the “View privacy settings” button integrated into the footer of our website and thus opening the consent banner. You can then make a new selection via the banner.
We cannot rule out the possibility that personal data may be transferred outside the legal jurisdiction of the European Union, e.g. to servers located in the USA. Google is certified under the EU Data Privacy Framework and thus guarantees an equivalent level of data protection. Furthermore, we have concluded a “Data Processing Addendum” with Google.
Further information on the purpose and scope of data collection and its processing by Google Ads can be found at https://ads.google.com/intl/en_en/home/faq/gdpr/
§ 8 Use of Matomo
We use Matomo (formerly: PIWIK) on our website, a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. This is open-source software that enables us to analyse the use of our website and tailor our online presence to your interests.
During your visit to our website, Matomo places a cookie on your device, which allows your browser to be recognised. When subpages of our website are accessed, Matomo collects the following personal data, amongst other things:
- Your IP address, truncated by the last two bytes (“Automatically Anonymise Visitor IPs”)
- The subpage accessed and the time of access
- The source of your visit (i.e. which website you came to us from)
- technical information such as browser, internet service provider, device and screen resolution
- your behaviour on the pages (e.g. time spent on the site, clicks, scrolling behaviour)
- the achievement of “website goals” (e.g. contact enquiries, newsletter subscriptions)
The personal data collected via Matomo is stored on our own servers. It is not passed on to third parties. Matomo is used in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG only if you have given us your consent via the selection in our consent banner. If you have not given your consent, no data processing will take place. You may withdraw your consent at any time in accordance with Article 7(3) of the GDPR and without giving reasons, with effect for the future, by clicking on the ‘Adjust cookie settings’ button integrated into the footer of our website to open the consent banner. You can then make a new selection via the banner.
For details on the collection and storage of your personal data, as well as the nature, scope and purpose of its use by Matomo, please refer to Matomo’s privacy policy: https://matomo.org/gdpr-analytics/?footer
§ 9 Use of Hotjar
We use Hotjar (a web analytics service provided by Hotjar Limited, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta) to better understand the needs of our users and to optimise the content on this website. With the help of Hotjar’s cookies, we gain a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click on), and this helps us to tailor our content based on user feedback. Hotjar uses cookies and other technologies to collect information about our users’ behaviour and their devices (in particular, mouse behaviour in the form of movements and clicks, the device’s IP address (in anonymised form), screen size, device type [Unique Device Identifiers], information about the browser used, location [country only], and the preferred language for displaying our website). Hotjar stores this information in a pseudonymised user profile. If you take part in embedded surveys on the website, your responses will also be assigned to the pseudonymised user profile. Neither Hotjar nor we use this information to identify individual users or combine it with other data relating to individual users.
Some of the cookies set by Hotjar are session cookies, which are deleted when the session ends. For the other cookies, the storage period ranges from 30 minutes to 365 days. (see also https://help.hotjar.com/hc/en-us/articles/6952777582999) . Further information can be found in Hotjar’s privacy policy (https://www.hotjar.com/legal/policies/privacy/en/) . This data processing takes place if you have selected the cookie settings in the cookie banner in such a way that you have given your consent (Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG), which forms the legal basis for the processing.
You may withdraw your consent at any time by clicking the “Cookie Settings” button at the start of our privacy policy or by clicking the link provided by Hotjar itself. By confirming the link https://www.hotjar.com/en/legal/policies/do-not-track/, a cookie will be set on your browser, which immediately prevents further analysis. Please note that you must confirm the above link again if you delete the cookies stored on your device.
§ 10 Use of the Facebook Pixel
Our website uses the so-called “Facebook Pixel” provided by Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland).
This is a code that we have implemented on our website. When you visit our website, this code establishes a connection with Facebook’s servers to track your behaviour on our website. Among other things, the following personal data is collected by the Facebook Pixel:
- Your IP address
- Device information (device ID, device type and the operating system you are using)
Facebook uses this personal data to identify visitors to our website and to associate their actions with a Facebook user account, as well as to display personalised advertising and create interest-based user profiles. The individual data processing operations and their scope are not necessarily traceable to us. The data collected remains anonymous and inaccessible to us and is used solely for the purpose of measuring the effectiveness of advertising placements.
The use of the Facebook Pixel is carried out in accordance with Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG only if you have given us your consent via the selection in our cookie banner.
You may withdraw your consent at any time by clicking on the “View privacy settings” button integrated into the footer of our website to open the consent banner. You can then make a new selection via the banner.
We cannot rule out the possibility that personal data may be transferred
outside the legal jurisdiction of the European Union, e.g. to servers located in the USA. Furthermore, we expressly point out that an equivalent level of data protection cannot be guaranteed for the USA. For details regarding the collection and storage of your personal data, as well as the nature, scope and purpose of its use by the Facebook Pixel, please refer to Facebook’s privacy policy: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.
§ 11 Use of SalesViewer technology
On this website, data is collected and stored for marketing, market research and optimisation purposes using SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Art. 6(1)(f) GDPR).
For this purpose, a JavaScript-based code is used to collect company-related data and for the corresponding processing. The data collected using this technology is encrypted using a one-way function that cannot be reversed (known as hashing). The data is immediately pseudonymised and is not used to personally identify visitors to this website.
The data stored within the SalesViewer® system is deleted as soon as it is no longer required for its intended purpose and provided that no statutory retention obligations prevent its deletion.
You may object to the collection and storage of data at any time with future effect by clicking this link https://www.salesviewer.com/ to prevent SalesViewer® from collecting data on this website in future. An opt-out cookie for this website will then be stored on your device. If you delete your cookies in this browser, you will need to click this link again.
§ 12 Embedding of YouTube videos
We embed videos from the YouTube platform into our online offering; these are stored at www.youtube.com and can be played directly from our website. In doing so, we use YouTube’s so-called ‘enhanced privacy mode’. This means that as long as you do not actively start an embedded video, no personal data is transmitted to YouTube. Only when you play a video does data transmission take place, over which we have no control.
When you play a YouTube video, YouTube (a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) is informed that you have visited the relevant subpage of our website. In the course of this, various data are transmitted to YouTube, including your IP address, the date and time of access, the time zone difference from Greenwich Mean Time, specific page content, HTTP status code, amount of data transferred, the referrer URL, browser type, language, version, operating system and its interface.
This occurs regardless of whether you have a YouTube or Google account or are logged in to one. If you are logged in to one of these services, your interaction with the video may be associated with your user account. Furthermore, YouTube stores so-called cookies on your device to create a usage profile based on your browsing behaviour and interactions, for example for personalised advertising within and outside the platform. We do not have full insight into the details of YouTube’s data processing.
If you do not wish YouTube to associate your interaction with our website with your account, we recommend log out of the relevant platforms before playing the videos, delete cookies and restart your browser. You may object to the creation of personalised user profiles in principle, but this objection must be raised directly with YouTube or Google.
The processing of your personal data is carried out exclusively on the basis of your voluntary consent in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG. You may withdraw your consent at any time with future effect without giving reasons. Withdrawal is possible in accordance with Article 7(3) of the GDPR via the “Adjust cookie settings” button in the footer of our website.
Please note that when using YouTube videos, the transfer of personal data to servers outside the European Union, in particular to the USA, cannot be ruled out. Detailed information on the nature, scope and purpose of data processing, as well as storage periods, can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=en.
§ 13 Accessing our site via a QR code
As part of advertising campaigns in magazines, catalogues and other promotional materials, we offer you the option of scanning a QR code using a mobile device to access our website or a relevant subpage of our website. To provide the QR code, we use the services of the provider Bitly Europe GmbH, Am Lenkwerk 13, 33609 Bielefeld. When you access our website via a QR code provided by Bitly, the data collected is technically necessary to display our website and to ensure its stability and security (legal basis: Article 6(1)(f) of the GDPR; see also Section 3: Collection of personal data when visiting our website).
Furthermore, this data is used by Bitly to provide us with a report enabling us to see which QR code a visitor used to access our site. This is a purely statistical overview that no longer contains any personal data itself. The legal basis for this data processing is our legitimate interest (Article 6(1)(f) of the GDPR) in measuring the success of individual advertising materials and tailoring our advertising campaigns accordingly.
§ 14 Newsletter
You have the option to subscribe to our newsletter. To subscribe, we only require your email address, which will not be passed on to third parties. Only the email address is mandatory for the dispatch of the newsletter. The provision of further data is always voluntary. We send newsletters containing promotional information, in particular our current and interesting offers.
The so-called double opt-in procedure is used for newsletter registration. This means that, following your registration, we will send an email to the address you provided, asking you to confirm that you wish to receive the newsletter. The double opt-in procedure is not used in the B2B sector. This confirmation is required to prevent anyone from subscribing using someone else’s email address. If you do not confirm your subscription within 24 hours, your details will be blocked and automatically deleted after one week. We also store the IP addresses you use and the time of your subscription and confirmation. The purpose of this procedure is to verify your registration and, if necessary, to investigate any potential misuse of your personal data; the logging of the registration process constitutes our legitimate interest pursuant to Art. 6(1)(a) GDPR.
The newsletter is sent on the basis of your express consent in accordance with Art. 6(1)(a) 1(a) GDPR in conjunction with Section 7(2)(3) of the German Unfair Competition Act (UWG).
Following your confirmation, we store your email address for the purpose of sending you the newsletter. You may withdraw your consent to the sending of the newsletter at any time with future effect and without giving reasons, thereby unsubscribing from the newsletter, Art. 7(3) GDPR.
You can withdraw your consent by clicking on the unsubscribe link provided in every newsletter email or by sending a message to [email protected].
In our newsletter, we use a tracking function to analyse performance. Further information on our tracking approach can be found at: https://www.fare.de/de/datenschutz/.
§ 15 Data processing when contacting us via the contact form or by telephone or email – when using our withdrawal form
(1) When you contact us by email or via a contact form, the data you provide (your email address, your name and telephone number where applicable) will be stored by us in order to answer your questions. If you use our cancellation form, we process the following data to process your cancellation: email address, name, order number, scope of the cancellation and, where applicable, the defect.
(2) The provision of this data is necessary to identify your enquiry and to contact you or to process your withdrawal. The legal basis for processing and handling your enquiry or withdrawal is, in the case of a pre-contractual or existing contractual relationship, Article 6(1)(b) of the GDPR. The provision of the contact form is based on Article 6(1)(f) of the GDPR, our legitimate interest in providing a simple, modern way to contact us. The provision of the withdrawal form is also based on our legal obligation to enable withdrawal in writing (Article 6(1)(c) of the GDPR in conjunction with Section 356a(2) of the German Civil Code (BGB)).
(3) We will delete the data collected in connection with your enquiry or withdrawal once storage is no longer necessary and there are no legal retention obligations preventing deletion (e.g. in the event of subsequent contract processing).
(4) We use the Jotform service to integrate our forms (see Section 22).
§ 16 Registration as a trader and placing orders via your trader account
(1) If you are a trading company, you can register as a trader via our website and then communicate with us and place orders via your trader account. We process the data you enter (e.g. name, address, email address) during registration is processed for the purposes of pre-contractual services, contract fulfilment or customer care. In addition, the IP address and the date of registration are stored. Your data will only be disclosed to third parties to the extent necessary for contract fulfilment (e.g. to logistics companies for the delivery of goods) .
(2) The legal basis for the processing of your data for the purposes of pre-contractual measures or for the fulfilment of the contract is set out in Article 6(1)(b) of the GDPR.
Your consent to the processing of your data is also obtained during registration, and reference is made to our privacy policy. The legal basis for the processing of your data continues to be the consent you have given in accordance with Article 6(1)(a) of the GDPR. We would like to point out that you may revoke the consent you have given us for the registration and maintenance of your customer account at any time with future effect in accordance with Article 7(3) of the GDPR. To do so, you must inform us of your informal revocation.
(3) The data collected from you will be deleted once processing is no longer necessary or the purpose has ceased to apply. However, we are obliged under commercial and tax law to store your address, payment and order details for a period of 10 years.
§ 17 External payment service providers – PayPal
We use external payment service providers via whose platforms users and we can carry out payment transactions. In our case, these are:
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
(https://www.paypal.com/de/webapps/mpp/ua/privacy-full), hereinafter “PayPal”
We use the payment service providers on the basis of Art. 6(1)(b) GDPR to fulfil our contractual obligations. Furthermore, we use PayPal on the basis of our legitimate interests pursuant to Article 6(1)(f) of the GDPR, in particular to offer effective and secure payment options. If you select PayPal as your payment method, you will be redirected to PayPal. There, you can log in with your account details and authorise the payment. For data processing carried out by PayPal, the payment service provider is the controller and processes your data within the framework of the Payment Services Directive (Article 94(2) PSD II). We do not receive any account or credit card-related information, but only information confirming or rejecting the payment.
The data processed by PayPal includes, in particular, personal details (name, address, bank details such as account and credit card numbers, recipient details, etc.), which are necessary to carry out the transactions. In some cases, the data is transmitted by the payment service provider to credit reference agencies. The purpose of this transmission is to verify identity and creditworthiness. Further information can be found in PayPal’s privacy policy: https://www.paypal.com/en/webapps/mpp/ua/privacy-full. Please contact PayPal directly regarding data processing by the payment service provider to exercise your rights of withdrawal, access and other data subject rights.
§ 18 Recombee product recommendations
To optimise your visit to our site and make it easier for you to find items relevant to you, we use “Recombee”, an AI software provided by Recombee, WeWork DRN, Národní 135/14, CZ - 110 00 Prague.
Your shopping history is used to display personalised product recommendations to you. This includes, in particular, items and product categories that you have previously viewed, searched for or purchased. This information about your use of this website, generated by a cookie, is collected by us and processed in pseudonymised form. The legal basis is the consent you have given via the consent tool, which you may withdraw at any time (see Section 3d of this privacy policy). We use this data to provide you with personalised product recommendations and thus make it easier for you to find relevant products. Further information can also be found here https://www.recombee.com/gdpr.html.
§ 19 Integration of the Trusted Shops Trustbadge / other widgets
Provided you have given your consent in accordance with Art. 6(1)(a) GDPR, Trusted Shops widgets are integrated into this website to display Trusted Shops services (e.g. quality seals, collected reviews) and to offer Trusted Shops products to buyers following an order.
The Trustbadge and the services advertised through it are provided by Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne (“Trusted Shops”), with whom we are joint controllers under Article 26 of the GDPR. We hereby inform you, within the scope of this privacy notice, of the key terms of the agreement pursuant to Article 26(2) of the GDPR.
In the context of the joint responsibility existing between us and Trusted Shops, please contact Trusted Shops in the first instance regarding data protection queries and to exercise your rights, using the contact details provided in the privacy policy. Irrespective of this, however, you may always contact the controller of your choice. Your enquiry will then, if necessary, be forwarded to the other controller for a response.
1. Data processing when the Trustbadge or other widgets are integrated
Provided you have given us your consent via the consent banner (Art. 6(1)(a) GDPR), the web server automatically stores a so-called server log file when the Trustbadge is accessed, which also contains your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. The IP address is anonymised immediately after collection, so that the stored data cannot be linked to you personally. The anonymised data is used in particular for statistical purposes and for error analysis. To provide the Trustbadge, Trusted Shops uses a US-based CDN provider
(Content Delivery Network). According to Trusted Shops, contractual measures ensure an adequate level of data protection. You may withdraw the consent given via the consent banner at any time by calling up the banner again (‘Adjust cookie settings’, see the footer of our page) and making the appropriate selection.
2. Data processing after order completion
Provided you have given your consent, the Trustbadge accesses order information stored on your device (order total, order number, product purchased if applicable) as well as your email address after the order has been completed, and your email address is hashed using a cryptographic one-way function. The hash value is then transmitted to Trusted Shops together with the order information in accordance with Article 6(1)(a) of the GDPR. This serves to verify whether you are already registered for Trusted Shops’ services. If this is the case, further processing takes place in accordance with the contractual agreement between you and Trusted Shops. If you are not yet registered for the services or do not give your consent to automatic recognition via the Trustbadge, you will subsequently be given the option to register manually for the use of the services or to complete the protection under your existing user agreement, if applicable.
For this purpose, after you have completed your order, the Trustbadge accesses the following information stored on the end device you are using: order total, order number and email address. This is necessary so that we can offer you buyer protection. The data will only be transmitted to Trusted Shops once you have actively decided to take out buyer protection by clicking on the button labelled accordingly in the so-called Trustcard. If you decide to use the services, further processing is governed by the contractual agreement with Trusted Shops in accordance with Article 6(1)(b) of the GDPR, in order to complete your registration for buyer protection and secure the order, as well as to be able to send you review invitations by email where applicable.
§ 20 Use of Jotform
For the forms integrated into this website, we use the services of
Jotform.com (Jotform LTD, 25 Cabot Square, London E14 4QZ) . The data you enter into our forms is transmitted to a Jotform server and processed there. We have ensured that the servers are located within the EU and have entered into a data processing agreement with Jotform.
The data transmitted via the forms embedded on this website is sent to Jotform’s servers located within the EU. This data is stored there. A data processing agreement (‘Data Processing Addendum’) has been concluded with JotForm Inc. For technical reasons, we cannot guarantee that the transmission of personal data or access to data from outside the European Union, particularly from the USA. Jotform is certified under the EU-US Data Privacy Framework and, through this certification, guarantees a level of data protection comparable to that of the EU. Further information on data protection at Jotform can be found at: https://www.jotform.com/privacy/ and https://www.jotform.com/de/gdpr-compliance/
§ 21 Use of Nextcloud
On this website, data is collected and stored for marketing, market research and optimisation purposes using SalesViewer® technology from SalesViewer® GmbH, based on the legitimate interests of the website operator (Art. 6(1)(f) GDPR).
For this purpose, a JavaScript-based code is used to collect company-related data and track its usage. The data collected using this technology is encrypted using a non-reversible one-way function (so-called hashing). The data is immediately pseudonymised and is not used to personally identify visitors to this website.
The data stored via SalesViewer® is deleted as soon as it is no longer required for its intended purpose and provided that no statutory retention obligations prevent its deletion.
You may object to the collection and storage of data at any time with future effect by clicking on this link https://www.salesviewer.com/opt-out to prevent SalesViewer® from collecting data on this website in future. An opt-out cookie for this website will then be stored on your device. If you delete your cookies in this browser, you will need to click on this link again.
§ 22 Data processing when sending an application to our application inbox
You can apply for vacancies via our website or send us unsolicited applications. As part of the application process, we will process your application data electronically. The processing of applicant data is carried out solely to fulfil our (pre-)contractual obligations in the context of the application process in accordance with Articles 88(1), 6(1)(b) of the GDPR and in accordance with Section 26 of the BDSG-neu.
To ensure that your application is processed exclusively by an authorised person within our company, we ask you to use the designated application platform or the contact details provided on our ‘Careers’ page. We use the services of Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, to provide our application platform. Information on data protection at Personio is available at: https://www.personio.de/datenschutz
In the event of a rejection, your documents will be retained for a period of 90 days due to potential obligations to provide evidence (usually under the AGG) and will then be destroyed. If we retain your application for a longer period in order to contact you at a later date regarding career opportunities within our company, this will only occur if you have previously given us your consent in accordance with Art. 6(1)(a) of the GDPR. Here too, you have the right to withdraw your consent at any time in accordance with Art. 7(3) of the GDPR by submitting a declaration to us with effect for the future.
Furthermore, longer storage may take place in the absolute exception of a possible complaint or legal action based on the provisions of the AGG. The legal basis for this is derived from Article 6(1)(f) of the GDPR in conjunction with Section 24(1)(1) of the BDSG. Our legitimate interest lies in the defence and enforcement of our legal rights.
In the event of an offer of employment and the subsequent conclusion of an employment contract, we will store the data you provided to us as part of your application for the purposes of standard administrative and organisational processes. The legal basis for this is derived from Art. 6(1)(b), 88(1) of the GDPR in conjunction with Section 26 of the BDSG.
§ 23 Data processing when visiting our company pages on social networks
Our website contains links to our pages on social networks such as Facebook, YouTube, LinkedIn, Instagram and Xing. These links are not provided via so-called social plug-ins, but solely via graphically designed links (e.g. icons or logos) which are structured as simple http or https links. When you visit our website, therefore, no direct connection is established with the servers of the aforementioned social media platforms. Personal data, such as your IP address or browser information, is only transferred to these services once you actively click on one of the links and are thereby redirected to the respective external site.
For information on data processing carried out through our company’s social media profiles, please refer to our “Social Media Privacy Policy”.