Privacy Policy
Data Protection Declaration For Noble Soap GmbH
Last update May 30, 2020
This is a privacy policy for Noble Soap Co./ Noble Soap GmbH, available at noblesoap.com, noblesoap.net, noblesoap.org, noblesoap.eu, syriasoap.com and syriansoap.com. All given addresses will be forwarded to https://noblesoap.com.
The protection of your personal data is of particular concern to us. We therefore process your data on the basis of the legal provisions (GDPR, TKG). In this data protection information, we explain the most important aspects of data processing on our website.
If you have any further questions or would like more information about our privacy policy, to make announcements or to lodge complaints, please contact us by email at: [email protected]
1) Information about the collection of personal data and contact details of the person responsible
1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.
1.2 Responsible for the data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Noble Soap GmbH, Grangasse 4 / 5A, 1150 Vienna, Austria, Tel .: +43 67 67 67 1111, email: admin @ noblesoap. com. The person responsible for the processing of personal data is the natural or legal person who alone or together with others decides on the purposes and means of processing personal data.
1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this website uses an SSL or. TLS encryption. You can recognize an encrypted connection by the string “https: //” and the lock symbol in your browser line.
2) Data collection when visiting our website
When using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source / reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if necessary: in anonymous form)
- Processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are specific indications of illegal use.
3) Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable you to recognize your browser the next time you visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to the individual extent. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings in your web browser.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the content of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies we use, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either to implement the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of a given consent or according to Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
Please note that you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browser under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Please note that the functionality of our website may be restricted if cookies are not accepted.
4) Contact us
4.1 Personal data is collected when you contact us (e.g. via the contact form or email). Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact is aimed at the conclusion of a contract, then an additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter concerned has been finally clarified and provided that there are no statutory retention requirements.
4.2 WhatsApp business
We offer visitors to our website the opportunity to contact us via the WhatsApp news service from WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. For this we use the so-called “business version” of WhatsApp.
If you contact us via WhatsApp regarding a specific transaction (e.g. an order placed), we save and use the mobile phone number you used with WhatsApp and – if provided – your first and last name in accordance with Art. 6 Para. 1 lit. b. GDPR to process and answer your request. On the basis of the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address or email address) so that we can assign your request to a specific process.
If you use our WhatsApp contact for general inquiries (e.g. on the range of services, availability or our website), we save and use the mobile phone number you used with WhatsApp and – if provided – your first and last name in accordance with Art. 6 Para. 1 lit. . f GDPR based on our legitimate interest in the efficient and timely provision of the requested information.
Your data will only ever be used to answer your request via WhatsApp. A disclosure to third parties does not occur.
Please note that WhatsApp Business receives access to the address book of the mobile device we use for this purpose and automatically transfers phone numbers stored in the address book to a server of the parent company Facebook Inc. in the USA. For the operation of our WhatsApp business account, we use a mobile device whose address book only stores the WhatsApp contact details of those users who have also contacted us via WhatsApp.
This ensures that every person whose WhatsApp contact data is stored in our address book, already when using the app on their device for the first time, by accepting the WhatsApp terms of use in the transmission of their WhatsApp telephone number from the address books of their chat contacts in accordance with Art. 6 para. 1 lit. a GDPR has consented. The transmission of data from users who do not use WhatsApp and / or have not contacted us via WhatsApp is excluded.
Facebook Inc., based in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.
The purpose and scope of the data collection and the further processing and use of the data by WhatsApp as well as your rights and setting options to protect your privacy can be found in WhatsApp’s data protection information: https://www.whatsapp.com/legal/?eea=1# privacy policy
5) Make an appointment online
We process your personal data as part of the online appointment arrangement provided. You can see which data we collect for making an appointment online from the respective entry form or the appointment query to make an appointment. If certain data is necessary in order to be able to make an online appointment, we will indicate this accordingly in the entry form or when requesting an appointment. If we provide you with a free text field on the input form, you can describe your request in more detail there. You can then control yourself which additional data you would like to enter.
The data you have provided will only be saved and used for the purpose of making an appointment. When processing personal data that are necessary to fulfill a contract with you (this also applies to processing operations that are necessary to carry out pre-contractual measures), Art. 6 Para. 1 lit. b GDPR as the legal basis. If you have given us consent to the processing of your data, the processing will be based on Art. 6 Para. 1 lit. a GDPR. A given consent can be revoked at any time by sending a message to the person responsible at the beginning of this declaration.
6) Data processing when opening a customer account and for contract processing
According to Art. 6 Para. 1 lit. b GDPR, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. It is possible to delete your customer account at any time and can send a message to the above. Address of the person responsible. We save and use the data you provide for contract processing. After completion of the contract or deletion of your customer account, your data will be blocked with due regard to tax and commercial law retention periods and deleted after the expiry of these deadlines, unless you have expressly consented to further use of your data or a legally permitted further data use on our part is reserved has been.
7) Comment function
As part of the comment function on this website, in addition to your comment, information on the time the comment was created and the commentator name you selected are saved and published on this website. Your IP address is also logged and saved. This IP address is saved for security reasons and in the event that the data subject violates the rights of third parties by posting a comment or posts illegal content. We need your email address to contact you if a third party objects to your published content as unlawful. The legal basis for the storage of your data is Art. 6 Para. 1 lit. b and f GDPR. We reserve the right to delete comments if they are criticized as unlawful by third parties.
8) Use of your data for direct advertising
8.1 Subscribe to our email newsletter
If you register for our e-mail newsletter, we will send you regular information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed to us that you consent to receiving the newsletter. We will then send you a confirmation email asking you to click the corresponding link to confirm that you want to receive the newsletter in the future.
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. When registering for the newsletter, we save your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your email address at a later date. The data collected by us when registering for the newsletter will only be used for advertising purposes in the form of the newsletter. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a corresponding message to the person named above. After unsubscribing, your email address will be deleted from our newsletter mailing list immediately, unless you have expressly consented to further use of your data or we reserve the right to use the data beyond this, which is permitted by law and about which we inform you in this declaration.
8.2 Sending the e-mail newsletter to existing customers
If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers from our range of goods or services similar to those already purchased from our range. We do not have to obtain any separate consent from you for this in accordance with Section 7 (3) UWG. In this respect, data processing takes place solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 Para. 1 lit. f GDPR. If you have initially objected to the use of your email address for this purpose, we will not send you an email. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with future effect by notifying the person responsible at the beginning. For this, you only incur transmission costs according to the basic tariffs. After receipt of your objection, the use of your email address for advertising purposes will be stopped immediately.
8.3 Newsletter dispatch via MailChimp
Our email newsletter is sent via the technical service provider The Rocket Science Group, LLC d / b / a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http: //www.mailchimp .com /), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 Para. 1 lit. f GDPR and serves our legitimate interest in the use of an advertising-effective, secure and user-friendly newsletter system. Please note that your data is usually transferred to a MailChimp server in the USA and stored there.
MailChimp uses this information to send and statistically evaluate the newsletter on our behalf. For the evaluation, the emails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files that are stored on our website. In this way it can be determined whether a newsletter message has been opened and which links have been clicked on. With the help of the web beacons, Mailchimp automatically generates general, non-personal statistics on the response behavior to newsletter campaigns. On the basis of our legitimate interest in the statistical evaluation of the newsletter campaigns to optimize advertising communication and better focus on recipient interests, the web beacons in accordance with Article 6 (1) (f) GDPR also collect data from the respective newsletter recipient (email address, Time of access, IP address, browser type and operating system) and used. This data allows individual conclusions to be drawn about the newsletter recipient and is processed by Mailchimp for the automated creation of statistics that show whether a particular recipient has opened a newsletter message.
If you want to deactivate the data analysis for statistical evaluation purposes, you have to unsubscribe from the newsletter.
MailChimp can also use this data in accordance with Art. 6 Para. 1 lit. f Use the GDPR itself based on its own legitimate interest in the needs-based design and optimization of the service and for market research purposes, for example to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them themselves or to pass them on to third parties.
To protect your data in the USA, we have concluded a data processing agreement with MailChimp based on the standard contractual clauses of the European Commission to enable the transmission of your personal data to MailChimp. If you are interested, this data processing contract can be viewed at the following Internet address: https://mailchimp.com/legal/data-processing-addendum/
MailChimp is also certified under the US-European data protection agreement “Privacy Shield” and is therefore committed to complying with EU data protection regulations.
You can view MailChimp’s privacy policy here:
https://mailchimp.com/legal/privacy/
8.4 Goods availability notification by email
If we offer the possibility in our online shop for selected, temporarily unavailable items to inform you by email about the time of availability, you can register for our email notification service for the availability of goods. If you register for our e-mail notification service for the availability of goods, we will send you a one-time e-mail message about the availability of the item you have selected. All that is required for sending this notification is your email address. The provision of further data is voluntary and may be used to address you personally. We use the so-called double opt-in procedure to send this notification. This means that we will only send you a corresponding notification if you have expressly confirmed to us that you consent to receiving such a message. We will then send you a confirmation email asking you to click the appropriate link to confirm that you want to receive such notification.
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. When registering for our e-mail notification service for the availability of goods, we save your IP address entered by the Internet service provider (ISP) as well as the date and time of registration to prevent any possible misuse of your e-mail address at a later date to be able to understand. The data we collect when you register for our e-mail notification service regarding the availability of goods will only be used for the purpose of informing you about the availability of a specific item in our online shop. You can unsubscribe from the e-mail notification service for goods availability at any time by sending a message to the person named above. After unsubscribing, your email address will be deleted from our mailing list, unless you have expressly consented to further use of your data or we reserve the right to use the data beyond that, which is permitted by law and about which we inform you in this declaration .
9) Data processing for order processing
9.1 In order to process your order, we work with the following service provider (s) who support us in whole or in part in the execution of contracts. Certain personal data is transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery as far as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution as part of the payment processing, if this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly below. The legal basis for the transfer of the data is Art. 6 Para. 1 lit. b GDPR.
9.2 Disclosure of personal data to shipping service providers:
DHL
If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will provide your email address in accordance with Art. 6 Para. 1 lit. a DSGVO before delivery of the goods to DHL for the purpose of coordinating a delivery date or for delivery notification, provided you have given your express consent in the ordering process. Otherwise we give for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR only forward the name of the recipient and the delivery address to DHL. The data will only be passed on if this is necessary for the delivery of goods. In this case, a prior coordination of the delivery date with DHL or the delivery announcement is not possible.
The consent can be revoked at any time with future effect to the person responsible above or to the transport service provider DHL.
DPD
If the goods are delivered by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstrasse 1, 63741 Aschaffenburg), we will give your email address and your telephone number before the goods are delivered in accordance with Art. 6 Para. 1 lit. a DSGVO for the purpose of coordinating a delivery date or for delivery notification to DPD, provided you have given your express consent in the ordering process. Otherwise we give for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b GDPR only forward the name of the recipient and the delivery address to DPD. The data will only be passed on if this is necessary for the delivery of goods. In this case, prior coordination of the delivery date with DPD or delivery notification is not possible.
The consent can be revoked at any time with future effect to the person responsible above or to the transport service provider DPD.
Austrian post
If the delivery of the goods is carried out by the transport service provider Austrian Post (Österreichische Post Aktiengesellschaft, Rochusplatz 1, 1030 Vienna, Austria), we will give your email address before the goods are delivered in accordance with Art. 6 Para. 1 lit. a DSGVO for the purpose of coordinating a delivery date or for delivery notification to Austrian Post, provided that you have given your express consent in the ordering process. Otherwise we give for the purpose of delivery according to Art. 6 Para. 1 lit. b GDPR only forward the name of the recipient and the delivery address to Austrian Post. The data will only be passed on if this is necessary for the delivery of goods. In this case, a prior coordination of the delivery date with the Austrian Post or the transmission of status information of the delivery of the shipment is not possible.
The consent can be withdrawn at any time with future effect to the person responsible above or to the transport service provider Austrian Post.
9.3 Use of payment service providers (payment services)
Amazon Pay
If you select the “Amazon Pay” payment method, payment processing is carried out by the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (hereinafter: “Amazon Payments”), to whom we provide the information you provided in the course of the ordering process and the information about your order in accordance with Art. 6 Para. 1 lit. b Pass on GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider Amazon Payments and only to the extent that it is necessary for this. You can find more information about the data protection provisions of Amazon Payments at the following Internet address: https://pay.amazon.com/de/help/201751600
Apple Pay
If you choose the payment method “Apple Pay” from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed via the “Apple Pay” function of your end device operated with iOS, watchOS or macOS by debiting a payment card deposited with “Apple Pay”. Apple Pay uses security features built into your device’s hardware and software to help protect your transactions. To release a payment, you have to enter a code that you have previously defined, as well as verification using the “Face ID” or “Touch ID” function on your device.
For the purpose of payment processing, the information you provide during the ordering process and the information about your order are passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is sent to the payment service provider of the payment card stored in Apple Pay to carry out the payment. Encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the outgoing website to confirm payment success.
If personal data are processed in the described transmissions, the processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.
Apple retains anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes personal references. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services.
When you use Apple Pay on iPhone or Apple Watch to complete a purchase you made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone’s settings. Go to “Wallet & Apple Pay” and uncheck “Allow payments on Mac”.
Further information on data protection at Apple Pay can be found at the following Internet address: https://support.apple.com/de-de/HT203027
Google Pay
If you choose the payment method “Google Pay” from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment is processed via the “Google Pay” application of your with at least Android 4.4 (“KitKat”) operated and with an NFC function mobile devices by debiting a payment card deposited with Google Pay or a payment system verified there (eg PayPal). To release a payment via Google Pay in the amount of more than € 25, it is necessary to unlock your mobile device beforehand by means of the verification measures set up in each case (such as face recognition, password, fingerprint or sample).
For the purpose of payment processing, the information you provide during the ordering process and the information about your order will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the original website, which is used to verify that a payment has been made. This transaction number does not contain any information about the real payment data of your means of payment stored with Google Pay, but is created and transmitted as a one-time numerical token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment process. The transaction is carried out exclusively in the relationship between the user and the initial website by debiting the payment method deposited with Google Pay.
If personal data are processed in the described transmissions, the processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.
Google reserves the right to collect, save and evaluate certain process-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, location and description of the dealer, a description of the purchased goods or services provided by the dealer, photos that you have attached to the transaction, the name and email address of the seller and buyer or of the sender and recipient, the payment method used, your description for the reason for the transaction and, if applicable, the offer associated with the transaction.
According to Google, this processing takes place exclusively in accordance with Art. 6 Para. 1 lit. f GDPR based on the legitimate interest in proper accounting, the verification of process data and the optimization and maintenance of the Google Pay service.
Google also reserves the right to combine the processed process data with other information that is collected and stored when Google uses other Google services.
The Google Pay terms of use can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection at Google Pay can be found at the following Internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
giropay
When paying via “giropay”, the payment is processed by giropay GmbH, An der Welle 4, 60322 Frankfurt / Main, to whom we pass on the information you provided during the ordering process and the information about your order. Your data will be passed on in accordance with Art. 6 Para. 1 lit. b GDPR exclusively for the purpose of payment processing and only to the extent that it is necessary for this. You can find more information about the data protection provisions of giropay GmbH at the following Internet address: https://www.giropay.de/rechtliches/datenschutzerklaerung
Heidelpay
When paying by credit card via Heidelpay! The payment is processed by the payment service provider Heidelberger Payment GmbH, Vangerowstrasse 18, 69115 Heidelberg (hereinafter referred to as “Heidelpay”), to whom we provide the data you have provided during the ordering process exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b Pass on GDPR. The data will only be passed on to the extent that it is actually required for payment processing. Heidelpay transmits your data for the execution of the payment – if necessary – in accordance with Art. 6 Para. 1 lit. b GDPR in turn to HUELLEMANN & STRAUSS ONLINESERVICES S.A., 1, Place du Marché, 6755 Grevenmacher, Luxembourg.
If you choose the payment method “purchase on account via Heidelpay” or “direct debit via Heidelplay”, you will be asked in the ordering process to enter your personal data (first and last name, street, house number, postcode, city, date of birth, email address and telephone number). In order to protect our legitimate interest in determining the solvency of our customers, we collect this data in accordance with Art. 6 Para. 1 lit. f GDPR for the purpose of a credit check to Heidelberger Payment GmbH, Vangerowstr. 18, 69115 Heidelberg (hereinafter referred to as “Heidelpay”). Based on the personal data you have provided and other data (such as the shopping cart, invoice amount, order history, payment history), Heidelpay checks whether the payment option you have selected can be granted with regard to payment and / or bad debt risks. According to Art. 6 Para. 1 lit. f GDPR, identity or credit information from the following credit agencies can also be included:
SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden
CRIF Bürgel GmbH, Friesenweg 4, Haus 12, 22763 Hamburg
Arvato Infoscore GmbH, Rheinstrasse 99, 76532 Baden-Baden
Deltavista GmbH, Kaiserstrasse 217, 76133 Karlsruhe
UNIVERSUM Business GmbH, Hugo-Junkers-Strasse 3, 60386 Frankfurt am Main
Bisnode International Group, Robert-Bosch-Strasse 11, 64293 Darmstadt
Regis24 GmbH, Wallstrasse 58, 10179 Berlin
Creditreform AG, Hellersbergstrasse 12, 41460 Neuss
The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data is used, among other things, but not exclusively, to calculate the score values.
You can object to this processing of your data at any time by sending a message to the person responsible for data processing or to Heidelpay. However, Heidelpay may still be entitled to process your personal data if this is necessary for contractual payment processing.
mPay 24
If you choose a payment method from the payment service provider mPAY 24 GmbH, Annagasse 5, 1010 Vienna, Austria, the payment is processed by this payment service provider, to whom we provide the information you provided during the ordering process, along with the information about your order (name, address, Account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) according to Art. 6 Para. 1 lit. b Pass on GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider mPAY24 GmbH and only to the extent that it is necessary for this.
Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “installment payment” via PayPal, we pass your payment details on to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “installment payment” via PayPal. For this purpose, your payment details may be processed in accordance with Art. 6 Para. 1 lit. f GDPR passed on to credit agencies on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data is used, among other things, but not exclusively, to calculate the score values. For more information on data protection law, including information on the credit agencies used, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.
SOFORT
If you select the payment method “SOFORT”, the payment will be processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “SOFORT”), to whom we will provide the information you provided during the ordering process, together with the information about your order in accordance with Art. 6 para. 1 lit. b Pass on GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will only be passed on for the purpose of payment processing with the payment service provider IMMEDIATELY and only to the extent that it is necessary for this. You can find more information about SOFORT’s data protection regulations at the following Internet address: https://www.klarna.com/sofort/datenschutz.
Stripe
If you choose a payment method from the payment service provider Stripe, the payment will be processed via the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will provide the information you provided during the order process along with the information about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 Para. 1 lit. b Pass on GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent that it is necessary for this. You can find more information on Stripe’s data protection at the URL https://stripe.com/de/privacy#translation.
10) Use of social media: videos
Use of YouTube videos
This website uses the YouTube embedding function to display and play back videos from the provider “Youtube”, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
The extended data protection mode is used here, which, according to the provider, only starts storing user information when the video (s) is played. If the playback of embedded Youtube videos is started, the provider “Youtube” uses cookies to collect information about user behavior. According to “YouTube”, these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive practices. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not want your YouTube profile to be assigned, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation takes place in particular in accordance with Art. 6 Para. 1 lit. f GDPR based on Google’s legitimate interests in displaying personalized advertising, market research and / or designing its website in line with requirements. You have a right to object to the creation of these user profiles, and you must contact YouTube to exercise them. When using YouTube, personal data may also be transmitted to the servers of Google LLC. come in the US.
Regardless of whether the embedded videos are played back, a connection to the Google network is established each time this website is accessed, which may trigger further data processing operations without our influence.
In the event of transmission of personal data to Google LLC. based in the United States, Google LLC. certified for the US-European data protection convention “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
Further information on data protection at “YouTube” can be found in the provider’s data protection declaration at: https://www.google.de/intl/de/policies/privacy
As far as legally required, we have given your consent to the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a GDPR obtained. You can revoke your consent at any time with future effect. To exercise your revocation, please follow the above-mentioned option to object.
11) Online-Marketing
11.1 Facebook Pixel für die Erstellung von Custom Audiences mit erweitertem Datenabgleich
Innerhalb unseres Onlineangebotes wird das sog. „Facebook-Pixel“ des sozialen Netzwerkes Facebook im Modus des erweiterten Datenabgleichs eingesetzt, welches von der Facebook Ireland Limited, 4 Grand Canal Quare, Dublin 2, Irland („Facebook“) betrieben wird.
Auf Basis seiner ausdrücklichen Einwilligung wird, wenn ein Nutzer auf eine bei Facebook ausgespielte, von uns geschaltete Werbeanzeige klickt, der URL unserer verknüpften Seite durch Facebook Pixel ein Zusatz angefügt. Sodann wird dieser URL-Parameter nach Weiterleitung in den Browser des Nutzers per Cookie eingeschrieben, welches unsere verknüpfte Seite selbst setzt. Zusätzlich werden von diesem Cookie spezifische Kundendaten wie beispielsweise die Mailadresse, die wir auf unserer mit der Facebook-Anzeige verknüpften Webseite bei Vorgängen wie Kaufabschlüssen, Kontoanmeldungen oder Registrierungen sammeln, erfasst (erweiterter Datenabgleich). Das Cookie wird von Facebook Pixel sodann ausgelesen und ermöglicht eine Weiterleitung der Daten, inklusive der spezifischen Kundendaten, an Facebook.
Mit Hilfe des Facebook-Pixels mit erweitertem Datenabgleich ist es Facebook einerseits möglich, die Besucher unseres Onlineangebotes als Zielgruppe für die Darstellung von Anzeigen (sog. „Facebook-Ads“) genau zu bestimmen. Dementsprechend setzen wir das Facebook-Pixel mit erweitertem Datenabgleich ein, um die durch uns geschalteten Facebook-Ads nur solchen Facebook-Nutzern anzuzeigen, die auch ein Interesse an unserem Onlineangebot gezeigt haben oder die bestimmte Merkmale (z.B. Interessen an bestimmten Themen oder Produkten, die anhand der besuchten Webseiten bestimmt werden) aufweisen, welche wir an Facebook übermitteln (sog. „Custom Audiences“). Mit Hilfe des Facebook-Pixels mit erweiterten Datenabgleich möchten wir ebenfalls sicherstellen, dass unsere Facebook-Ads dem potentiellen Interesse der Nutzer entsprechen und nicht belästigend wirken. So können wir weiter die Wirksamkeit der Facebook-Werbeanzeigen für statistische und Marktforschungszwecke auswerten, indem wir nachvollziehen, ob Nutzer nach dem Klick auf eine Facebook-Werbeanzeige auf unsere Website weitergeleitet wurden (sog. „Conversion“). Gegenüber der Standard-Variante von Facebook Pixel hilft die Funktion des erweiterten Datenabgleichs uns, die Effektivität unserer Werbekampagnen besser zu messen, indem sie mehr zugeordnete Conversions erfasst.
Alle übermittelten Daten werden von Facebook gespeichert und verarbeitet, sodass eine Verbindung zum jeweiligen Nutzerprofil möglich ist und Facebook die Daten für eigene Werbezwecke, entsprechend der Facebook- Datenverwendungsrichtlinie (https://www.facebook.com/about/privacy/) verwenden kann. Die Daten können Facebook sowie dessen Partnern das Schalten von Werbeanzeigen auf und außerhalb von Facebook ermöglichen.
Diese Verarbeitungsvorgänge erfolgen ausschließlich bei Erteilung der ausdrücklichen Einwilligung gemäß Art. 6 Abs. 1 lit. a DSGVO.
Consent to the use of the Facebook pixel may only be given by users who are older than 13 years. If you are younger, we ask that you ask your legal guardian for permission.
The information generated by Facebook is usually transferred to a Facebook server and stored there, which can also be transmitted to the Facebook Inc. servers in the USA. Facebook Inc., based in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.
You can revoke your consent at any time by deactivating Facebook pixel tracking. For this purpose, you can set an opt-out cookie by clicking on the link below, which deactivates Facebook pixel tracking:
Deactivate Facebook pixel
This opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you must click the link above again.
11.2 Google AdSense
This website uses Google AdSense, a web advertising service Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google AdSense uses so-called cookies. These are text files that are stored on your computer and that enable an analysis of your use of the website. In addition, Google AdSense also uses so-called “web beacons” (small invisible graphics) to collect information, which can be used to record, collect and evaluate simple actions such as visitor traffic to the website. The information generated by the cookie and / or web beacon (including your IP address) about your use of this website is usually transmitted to a Google server and stored there. Here, it can also be transmitted to the servers of Google LLC. come in the US.
Google uses the information obtained in this way to evaluate your usage behavior with regard to the AdSense ads. The IP address transmitted by your browser as part of Google AdSense will not be merged with other Google data. The information collected by Google may be transferred to third parties if this is required by law and / or if third parties process this data on behalf of Google.
The described processing of data is carried out in accordance with Art. 6 Para. 1 lit. f GDPR for the purpose of targeting the user through advertising by third parties whose ads are displayed on this website based on the evaluated user behavior. This processing also serves our financial interest in exploiting the economic potential of our website by displaying personalized third-party content against payment.
In the event of transmission of personal data to Google LLC. based in the United States, Google LLC. certified for the US-European data protection convention “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
You can find more information about Google’s data protection regulations at the following Internet address: https://www.google.de/policies/privacy/
You can permanently deactivate cookies for advertising specifications by preventing them by setting your browser software accordingly or you can download and install the browser plug-in available under the following link:
https://www.google.com/settings/ads/plugin?hl=de
Please note that certain functions of this website may not be used or may only be used to a limited extent if you have deactivated the use of cookies.
As far as legally required, we have given your consent to the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a GDPR obtained. You can revoke your consent at any time with future effect. To exercise your revocation, please follow the above-mentioned option to object.
11.3 Google Marketing Platform
This website uses the online marketing tool Google Marketing Platform from the operator Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“GMP”).
GMP uses cookies to serve ads relevant to users, to improve reports on campaign performance, or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed multiple times. The processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 Para. 1 lit. f GDPR.
In addition, GMP can use cookie IDs to record conversions related to ad requests. This is the case, for example, if a user sees a GMP ad and later accesses the advertiser’s website when using the same browser and buys something via this website. According to Google, GMP cookies do not contain any personal information.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge as follows: By integrating GMP, Google receives the information that you are using the corresponding part of our website Accessed the website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and save your IP address. As part of the use of GMP, personal data may also be transmitted to the servers of Google LLC. come in the US.
If you would like to object to the participation in this tracking process, you can deactivate cookies for conversion tracking by setting your browser so that cookies from the domain www.googleadservices.com are blocked (see https: // www. google.de/settings/ads), whereby this setting will be deleted if you deactivate your cookies. Alternatively, you can get information from the Digital Advertising Alliance at www.aboutads.info about the setting of cookies and make your desired settings. Finally, you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be restricted.
In the event of transmission of personal data to Google LLC. based in the United States, Google LLC. certified for the US-European data protection convention “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
You can find more information about the data protection regulations of GMP by Google at the following Internet address: https://www.google.de/policies/privacy/
As far as legally required, we have given your consent to the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a GDPR obtained. You can revoke your consent at any time with future effect. To exercise your revocation, please follow the above-mentioned option to object.
12) web analytics services
12.1 Google (Universal) Analytics
Google (Universal) Analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google (Universal) Analytics uses so-called “cookies”, which are text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including the shortened IP address) is usually transferred to a Google server and stored there, which can also be transmitted to the servers of Google LLC. come in the US.
This website uses Google (Universal) Analytics exclusively with the extension “_anonymizeIp ()”, which ensures anonymization of the IP address by shortening and excludes a direct personal reference. The extension will shorten your IP address from Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google LLC server in the USA and shortened there. In these exceptional cases, this processing takes place in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google (Universal) Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly. However, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install:
https://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data on this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you must click this link again): Deactivate Google Analytics
Further information on Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de
In the event of transmission of personal data to Google LLC. based in the United States, Google LLC. certified for the US-European data protection convention “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
As far as legally required, we have given your consent to the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a GDPR obtained. You can revoke your consent at any time with future effect. To exercise your revocation, please follow the above-mentioned option to object.
12.2 Hotjar (hotjar Ltd.)
This website uses the web analysis service Hotjar from Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel .: +1 (855) 464-6788). With this tool, movements on the websites on which Hotjar is used can be tracked (so-called heat maps). For example, you can see how far users scroll and which buttons users click and how often. It is also possible to use the tool to obtain feedback directly from the website users. In this way, we obtain valuable information to make our websites even faster and more customer-friendly. The above analysis is based on our legitimate interests in optimization and marketing purposes and the interest-based design of our website in accordance with Art. 6 Para. 1 lit. f GDPR. When using this tool, we pay particular attention to the protection of your personal data. So we can only understand which buttons you click and how far they scroll. Areas of the website in which personal data of you or third parties are displayed are automatically hidden by Hotjar, and are therefore at no point traceable.
Hotjar offers every user the possibility to prevent the use of the Hotjar tool with the help of a “Do Not Track Header”, so that no data about the visit to the respective website is recorded. This is a setting that supports all common browsers in the current version. To do this, your browser sends a request to Hotjar with the instruction to deactivate the tracking of the respective user. If you use our website with different browsers / computers, you must set up the “Do Not Track Header” for each of these browsers / computers separately.
You can find detailed instructions with information about your browser at: https://www.hotjar.com/opt-out
More information about Hotjar Ltd. and the Hotjar tool can be found at: https://www.hotjar.com
Hotjar Ltd.’s privacy policy can be found at: https://www.hotjar.com/privacy
As far as legally required, we have given your consent to the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a GDPR obtained. You can revoke your consent at any time with future effect. To exercise your revocation, please follow the above-mentioned option to object.
12.3 PayPal Marketing Solutions
This offer uses the web analysis service “PayPal Marketing Solutions”, a web analysis service of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. With the help of PayPal Marketing Solutions, based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes in accordance with Art. 6 Para. 1 lit. f GDPR pseudonymized data collected, evaluated and stored by customers who used the payment service “PayPal” for payment. Pseudonymized usage profiles can be created and evaluated from this data for the same purpose. PayPal Marketing Solutions uses so-called cookies, which are small text files that are stored locally in the cache of the website visitor’s Internet browser. The information generated by the cookies such as browser type / version, operating system used, device used, the previously visited page (so-called referrer URL) and the time of the server request are transmitted to a server of PayPal Marketing Solutions and stored there.
Under no circumstances will PayPal Marketing Solutions combine this information with other PayPal data stored about you personally.
If you do not agree to the storage and evaluation of this data from your visit to our website and would like to deactivate it in the future, you can prevent the use of cookies and thus participation in tracking. If you want to object to the evaluation of user behavior via cookies, you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.
You can access PayPal’s data protection guidelines at the following Internet address: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
As far as legally required, we have given your consent to the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a GDPR obtained. You can revoke your consent at any time with future effect. To exercise your revocation, please follow the above-mentioned option to object.
13) Tools and other
13.1 Google reCAPTCHA
On this website we also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function primarily serves to differentiate whether an entry is made by a natural person or whether it is misused by mechanical and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in establishing individual responsibility on the Internet and avoiding abuse and spam. As part of the use of Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. come in the US.
In the event of transmission of personal data to Google LLC. based in the United States, Google LLC. certified for the US-European data protection convention “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
Further information on Google reCAPTCHA and Google’s data protection declaration can be viewed at: https://www.google.com/intl/de/policies/privacy/
As far as legally required, we have given your consent to the processing of your data as described above in accordance with Art. 6 Para. 1 lit. a GDPR obtained. You can revoke your consent at any time with future effect. To exercise your revocation, please follow the above-mentioned option to object.
13.2 Applications for job advertisements by email
On our website, we are currently posting vacancies in a separate section, to which interested parties can apply by e-mail to the contact address provided.
In order to be accepted into the application process, applicants must provide us with all of the personal data required for a well-founded and informed assessment and selection together with the application by email.
The required information includes general information about the person (name, address, telephone or electronic contact options) as well as performance-specific evidence of the qualifications required for a job. If necessary, health-related information is also required, which in the interest of social protection must be given special consideration by the applicant in terms of labor and social law.
The respective job advertisement shows which components an application must contain in individual cases in order to be considered and in which form these components are to be sent by email.
After receipt of the application sent using the specified email contact address, we will save the applicant data and evaluate it exclusively for the purpose of processing the application. For any queries that arise during the course of processing, we use either the email address provided by the applicant with his application or a specified telephone number.
The legal basis for this processing, including contacting for queries, is basically Art. 6 Para. 1 lit. b GDPR in conjunction Section 26 (1) BDSG, in the sense of which the application process is considered to be an employment contract initiation.
Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR (e.g. health data such as information on the severely disabled) are requested from applicants, processing takes place in accordance with Art. 9 Para. 2 lit. b. GDPR, so that we can exercise the rights arising from labor law and the law of social security and social protection and fulfill our obligations in this regard.
Cumulatively or alternatively, the processing of the special data categories can also be based on Art. 9 Para. 1 lit. h GDPR if they are used for the purposes of preventive health care or occupational medicine, for the assessment of the applicant’s ability to work, for medical diagnostics, care or treatment in the health or social field or for the administration of systems and services in the health or social field he follows.
If, in the course of the evaluation described above, the applicant is not selected or if an applicant withdraws his application prematurely, his data transmitted by email and all electronic correspondence including the original application email will be deleted after a corresponding notification after 6 months at the latest. This deadline is based on our legitimate interest in answering any follow-up questions to the application and, if necessary, in being able to meet our obligations to provide evidence from the regulations on equal treatment of applicants.
In the case of a successful application, the data provided will be processed on the basis of Art. 6 Para. 1 lit. b GDPR in conjunction Section 26 (1) BDSG for the purposes of carrying out the employment relationship.
13.3 Online applications using a form
On our website we offer job applicants the opportunity to apply online using the appropriate form. In order to be included in the application process, applicants must use the form to provide us with all the personal data required for a well-founded and informed assessment and selection.
The required information includes general information about the person (name, address, telephone or electronic contact options) as well as performance-specific evidence of the qualifications required for a job. If necessary, health-related information is also required, which in the interest of social protection must be given special consideration by the applicant in terms of labor and social law.
When submitting the form, the applicant data is transmitted to us in encrypted form in accordance with the state of the art, saved by us and evaluated exclusively for the purpose of processing the application.
The legal basis for this processing is basically Art. 6 Para. 1 lit. b GDPR in conjunction Section 26 (1) BDSG, in the sense of which the application process is considered to be an employment contract initiation.
Insofar as special categories of personal data within the meaning of Article 9 (1) GDPR (e.g. health data such as information on the severely disabled) are requested from applicants, processing takes place in accordance with Article 9 (2) lit. b. GDPR, so that we can exercise the rights arising from labor law and the law of social security and social protection and fulfill our obligations in this regard.
Cumulatively or alternatively, the processing of the special data categories can also be based on Art. 9 Para. 1 lit. h GDPR if they are used for the purposes of preventive health care or occupational medicine, for the assessment of the applicant’s ability to work, for medical diagnostics, care or treatment in the health or social field or for the administration of systems and services in the health or social field he follows.
If the applicant is not selected in the course of the evaluation described above or if an applicant withdraws his application prematurely, the formally transmitted data will be deleted after a corresponding notification after 6 months at the latest. This deadline is based on our legitimate interest in answering any follow-up questions to the application and, if necessary, in being able to meet our obligations to provide evidence from the regulations on equal treatment of applicants.
In the case of a successful application, the data provided will be processed on the basis of Art. 6 Para. 1 lit. b GDPR in conjunction Section 26 (1) BDSG for the purposes of carrying out the employment relationship.
14) Rights of the data subject
14.1 The applicable data protection law grants you comprehensive data protection rights (information and intervention rights) to the person responsible with regard to the processing of your personal data, about which we inform you below:
Right to information according to Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of processed personal data, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned Storage period or the criteria for determining the storage period, the existence of a right to correction, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data, if we did not collect it from you, that There is an automated decision-making process including profiling and, if necessary, meaningful information about the logic involved and the scope that affects you and the intended effects of such processing, as well as your right to information, which guarantees according to Art. 46 GDPR when your data is forwarded to D riding countries exist;
Right to correction in accordance with Art. 16 GDPR: You have the right to immediate correction of incorrect data concerning you and / or completion of your incomplete data stored by us;
Right to deletion in accordance with Art. 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Art. 17 Para. 1 GDPR are met. However, this right does not exist in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the correctness of your data, which you disputed, is checked, if you reject the deletion of your data due to unauthorized data processing and instead the Request restriction of the processing of your data if you need your data for the establishment, exercise or defense of legal claims, after we no longer need this data after the purpose has been achieved or if you have objected for reasons of your special situation, as long as it is not certain whether our legitimate ones Reasons outweigh;
- Right to information in accordance with Art. 19 GDPR: If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he or she is obliged to correct or delete the data to all recipients to whom the personal data concerning you have been disclosed Notify restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible, insofar as this is technically feasible;
- Right to revoke consent given in accordance with Article 7 (3) GDPR: You have the right to revoke your consent to the processing of data at any time with future effect. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal;
- Right to lodge a complaint in accordance with Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the, without prejudice to any other administrative or judicial remedy Member State of your whereabouts, your place of work or the place of the alleged violation.
- 14.2 RIGHT TO OBJECT
- IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PRINCIPLE OF INTERESTED LEGAL INTEREST, YOU HAVE THE RIGHT TO BE AT ALL TIMES FOR REASONS FOR YOUR SITUATION IN THEIR SITUATION.
- If you exercise your right to object, we will stop processing the data concerned. A FURTHER PROCESSING IS RESERVED, BUT IF WE CAN PROVIDE COMPULSORY PROTECTED REASONS FOR THE PROCESSING, WHICH EXERCISE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL PROPERTIES, OR IF THE PROCESSING, PUBLICITY, PUBLICITY.
- IF YOUR PERSONAL DATA IS PROCESSED BY US TO OPERATE DIRECT ADVERTISEMENT, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESS PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE CONTRADICTION AS DESCRIBED ABOVE.
- If you make use of your right to object, we will stop processing the data concerned for direct marketing purposes.
15) Duration of storage of personal data
The duration of the storage of personal data is measured on the basis of the respective legal basis, the purpose of processing and – if relevant – also on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of express consent in accordance with Art. 6 Para. 1 lit. a DSGVO, this data is stored until the data subject withdraws their consent.
Are there legal retention periods for data that is part of legal or similar legal obligations on the basis of Art. 6 Para. 1 lit. b GDPR are processed, this data will be routinely deleted after the retention periods have expired, provided that they are no longer required for contract fulfillment or contract initiation and / or if we have no legitimate interest in further storage.
When processing personal data on the basis of Art. 6 Para. 1 lit. f GDPR, this data is stored until the data subject exercises his right to object pursuant to Art. 21 Para. 1 GDPR, unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct advertising on the basis of Art. 6 Para. 1 lit. f GDPR, this data is stored until the data subject exercises his right to object pursuant to Art. 21 Para. 2 GDPR.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.
