Privacy Policy

Data Privacy Notice 

We observe the applicable data protection regulations, in particular the requirements of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). We process your personal data only if the law permits data processing or if you have given your consent to the processing of your data. The transparency of the data processing is an important concern for us, so that we would like to inform you comprehensively with the following references to data protection.

Feb. 2021

Overview:

  1. Controller
  2. Data protection officer
  3. General information about the data processing
  4. Your rights
  5. Server and Logfiles
  6. Cookies
  7. Ad Partner / Third Party Services
  8. Advertising
  9. Website optimization, reach measurement and online marketing
  10. Contact
  11. Contractual services
  12. Payment Provider
  13. Social Media & Content
  14. Sharing of data / processing outside EEA
  15. Applicant data
  16. Amendments
  17. Definitions of terms

In detail:

1. Controller

The Controller responsible for processing your personal data on this website is

Haar-Scharf oHG
Poppenbütteler Bogen 17b
22399 Hamburg
Deutschland

www.hair-shop.com
[email protected]

2. Data protection officer

You can reach our Data Protection Officer Lawyer Dr. Daniel Taraz LLM. as follows:

Tel.: +49 40 228683860

3. General information about the data processing

a. Scope & purpose of the processing of personal data

We process your personal data of your visit to this website only to the extent necessary to provide a functioning website as well as our content and services. The processing of your personal data will only take place with your consent, unless data processing is permitted by law without prior consent. The purposes of the processing result from the processing activities described in more detail below.

b. Legal basis for the processing of personal data

As far as we obtain your consent for the processing of personal data, Art. 6 para. 1 sentence 1 a) GDPR serves as the legal basis. If the processing of your data is necessary for the fulfilment of a contract to which you are a party, Art. 6 para. 1 sentence 1 b) GDPR serves as the legal basis. This shall also apply to processing operations necessary for the implementation of pre-contractual measures. If the processing of your personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 sentence 1 c) GDPR serves as the legal basis. In the event that vital interests of you or another natural person require the processing of personal data, Art. 6 para. 1 d) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if your interests, fundamental rights and fundamental freedoms do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 f) GDPR shall serve as the legal basis for the processing.

c. Data erasure and storage duration

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. A storage can take place beyond that, if this was intended by laws or other legal regulations binding for us. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned legal provisions expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.

d. Types of data processed

  • Customer data (e.g. name, address);
  • Contact data (e.g. e-mail address, phone no.);
  • Content data (e.g. text entries, photography, videos);
  • Store account, payment and order data (e.g. when placing an order);
  • Usage data (e.g. Website visits, Access times, personal interests);
  • Communication and meta data (e.g. IP addresses, device information).

e. Purposes of processing

  • Provision of the online service with online store, its functions and contents;
  • Answering contact requests and communicating with users;
  • security measures;
  • Range measurement/Marketing.

f. Categories of data subjects

Visitors and users of the online offering (hereinafter called “user”).

g. Automated decision making

An automated decision making (Art. 22 para. 1 GDPR) through us does not take place.

4. Your rights

When processing your personal data, you have the following rights, which we are pleased to inform you about below. You can contact us as the person responsible or the data protection officer, the contact details can be found above under 1. and 2.

a. Right of access (Art. 15 GDPR)

Upon request, we will confirm whether personal data concerning you will be processed. If this is the case, you have a right to be informed about the following information

  • the purpose(s) of the data processing,
  • the categories of data processed, and
  • where appropriate, the recipients or categories of recipients to whom data are disclosed on the basis of legal obligations or contractual relationships; in particular for recipients in third countries
  • the planned storage period or, if this is not possible, the criteria for determining the duration
  • the existence of a right to have personal data concerning you corrected or deleted, or to have your personal data processed by us restricted, or to have a right of objection to such processing
  • the existence of a right of appeal to the supervisory authority
  • in the event that the personal data are not collected from the data subject: All available information about the origin of the data
  • the existence of automated decision-making, including profiling and meaningful information on the logic involved and the scope and intended impact of such processing on the data subject
  • in the case of transfer to a third country or an international organisation, the appropriate guarantees in connection with the transfer.

Upon request, you will receive a copy of the data collected and processed by you. This is basically free of charge.

b. Right to correction (Art. 16 GDPR)

You have the right to request the immediate correction of inaccurate personal data concerning you. You have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.

c. Right to erasure (Art. 17 GDPR) (so-called right to be forgotten)

Upon request or after fulfilment or termination of the contract with us, your personal data will be deleted immediately if this does not conflict with duties of storage or documentation under tax or commercial law or if the safeguarding of the legitimate interests of the person responsible is endangered.

A claim for cancellation exists under the following conditions:

  • The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
  • You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 sentence 1 a) GDPR or Art. 9 para. 2 a) GDPR and there is no other legal basis for the processing.
  • You file an objection to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing or an objection to the processing pursuant to Art. 21 para. 2 GDPR has been filed.
  • the personal data have been processed unlawfully.
  • the deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
  • The personal data was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR (consent was given by a child)

d. Right to restriction of processing (Art. 18 GDPR) (blockage)

Under the following conditions you have the right to request the restriction of processing, i.e. the blocking of your personal data for processing:

  • the accuracy of the personal data is disputed by you for a period that enables us to verify the accuracy of the personal data.
  • the processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data.
  • The data controller no longer needs the personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims.
  • The user has filed an objection against the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh those of the user.

e. Right to data portability (Art. 20 GDPR) (data portability)

On request, your data can be made available in a structured, current and machine-readable format for a fee in order to enable fast transmission. This applies in any case if the processing is based on a consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR or Art. 9 para. 2 a) GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 b) GDPR and the processing is carried out using automated procedures.

f. Right of revocation of your consents (Art. 7 para. 3 GDPR)

You can revoke your consent at any time by declaration to us. As a result, we are no longer allowed to continue processing data based on this consent in the future.

g. Right to lodge a complaint with the supervisory authority (Art. 77 GDPR)

If you believe that there has been a violation of data protection regulations, you have a right of appeal to the competent supervisory authority. For companies in Hamburg, for example, this is the Hamburgische Beauftragter für Datenschutz und Informationsfreiheit, Kurt-Schumacher-Allee 4, 20097 Hamburg, Tel.: 040 428 54 4040, E-Mail: [email protected], Internet: https://www.datenschutz-hamburg.de

h. Right of objection (Art. 21 GDPR)

You also have the right to object to the processing of your personal data. If the processing takes place for the purpose of direct advertising (e.g. newsletter), this right exists at any time. Otherwise, the right to object at any time to the processing of personal data concerning you may also exist for reasons arising from your particular situation. This only applies insofar as the processing takes place on the basis of Art. 6 para. 1 e) or f) GDPR (representation of public interests or protection of legitimate interests by the person responsible). We will then no longer process the personal data unless we can prove compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

In order to exercise this right of objection, you can also send us an informal message, stating your e-mail address, using the contact options listed under sections 1 or 2, in which your intention of objection is expressed.

5. Server and Logfiles

a. Hoster

We use a so-called hoster to provide certain services in connection with the operation of this website: in particular, IT infrastructure, computing services, database services, e-mail dispatch, security services, server storage space and technical maintenance services are provided. We or our hosters process on our behalf inventory data, contact data, content data, contract data, usage data, meta and communication data of our visitors to our website on the basis of Art. 28 GDPR due to our legitimate interests in a professional and secure provision of our website in accordance with Art. 6 para. 1 f) GDPR.

b. Logfiles

If you only use the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 Para. 1 Sentence 1 f) GDPR:

Date and time of access, name of the pages accessed, IP address of the requesting device, the amount of data transferred, browser type, language & version.

This data is processed exclusively to ensure trouble-free operation, i.e. the correct provision of the page(s) you have requested, but also to ensure the permanent functionality of the technical systems and to make improvements to the offer. A storage takes place for security reasons for a maximum of 7 days.

We reserve the right to provide law enforcement authorities with the necessary information for the purpose of criminal prosecution if there is a legal obligation for the responsible party to do so.

We do not draw any conclusions about your person and do not merge this information with other (personal) data of yours.

Content Delivery Network

We use a so called content delivery network called Cloudflare. Cloudflare is operated by Cloudflare, Inc. 101 Townsend St, San Francisco,CA 94107, USA. We have agreed with Cloudflare on a Data Processing Agreement according to Art. 28 DSGVO.This is a service that enables our content such as media data, images and scripts to be distributed and delivered faster across a variety of regional servers.For this purpose and for the security of our website, e.g. against DDOS attacks, this service is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 sentence 1 f) GDPR. The Cloudflare privacy policy can be found at: https://www.cloudflare.com/security-policy">https://www.cloudflare.com/security-policy.

6. Cookies

In addition to the previously mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive by the browser you are using and allow certain information to flow to us as the entity that set the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

Use of cookies:

a) Temporary cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

b) Permanent cookies remain stored even after you close the browser. In this way, settings or preferences can be saved, for example.

c) First-party cookies are set by the respective website operator itself, whereas third-party cookies are used by third parties (e.g. advertising partners).

d) Necessary cookies (also called required cookies) are, on the one hand, absolutely necessary for the operation of a website (e.g. to save logins or other user entries) or are required for security reasons.

e) Furthermore, there are cookies set, for example, for personalization, for statistical purposes and for marketing.

This website uses the following cookies, some of which are necessary for the operation of our website:

Provider

NAME

purpose

storage duration

REQUIRED

Amazon Inc. 

apay-session-set 

Erstellung einer Sitzung für Amazon Pay 

1 Jahr 

Nein

Amazon Inc. 

amazon-pay-abtesting-new-widgets 

Cookie für A/B-Tests von Amazon 

Sitzung 

Nein

Amazon Inc. 

amazon-pay-abtesting-apa-migration 

Cookie für A/B-Tests von Amazon 

Sitzung 

Nein

Amazon Inc. 

apayLoginState 

Status des Logins bei Amazon 

1 Stunde 

Nein

belboon 

belboon 

Tracking von Affiliate-Partner-Links 

1 Tag 

Nein

Facebook Inc. 

_fpb 

Tracking zur Bereitstellung von Anzeigen bei Facebook 

3 Monate 

Nein

Facebook Inc. 

_fbc 

Tracking von Facebook Ads 

3 Monate 

Nein

Google Inc. 

_gcl_aw 

Tracking von Google Ads 

3 Monate 

Nein

Google Inc. 

_gac_UA-3539043-2 

Tracking von Google Ads 

3 Monate 

Nein

Google Inc.

_ga 

Erstellung und Auswertung von Website-Statistiken 

2 Jahre 

Nein

Google Inc.

_gat 

Erstellung und Auswertung von Website-Statistiken 

1 Minute 

Nein

Google Inc.

_gid 

Erstellung und Auswertung von Website-Statistiken 

1 Tag 

Nein

hair-shop.com 

frontend 

Speicherung von seitenübergreifenden Sitzungsdaten 

1 Tag 

Ja

hair-shop.com 

frontend_cid 

Vermeidung von MITM-Attacken 

1 Tag 

Ja

hair-shop.com 

customer_group 

Steuerung von Inhalten abhängig von der Kundengruppe 

1 Tag 

Ja

hair-shop.com 

store 

Speicherung der gewählten Sprache 

1 Jahr 

Nein. 

hair-shop.com 

cookie_consent 

Speicherung der Cookie-Konfiguration 

1 Jahr 

Ja.

hair-shop.com 

guest-view 

Anzeige von Bestellinformationen 

10 Minuten 

Ja.

hair-shop.com 

user_allowed_save_cookie 

Speicherung der Erlaubnis zur Speicherung von Cookies 

1 Jahr 

Ja.

hair-shop.com 

cjvt 

Speicherung von angesehenen Produkten 

Sitzung 

Nein.

Microsoft Inc. 

_uetmsclkid 

Tracking von Bing Ads

Nein.


The responsible Controller is the body named under item 1.

If these cookies are not necessary and/or the information contained therein is personal data, the legal basis for data processing is your consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR, which is stored via a cookie. You give your consent via our cookie notice. This summarizes the cookies into certain purpose-related categories. The category of required cookies is pre-filled and cannot be deselected.

If these cookies are necessary cookies and/or information contained therein is personal data, the legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR. Our interest in maintaining the functionality of our website is thereby to be regarded as legitimate within the meaning of the aforementioned provision.

Insofar as the processing is based on your consent, you have the option to revoke this at any time with effect for the future and thus prevent the further collection of your data by deselecting optional cookie-categories (not required) in the cookie settings. Unless and insofar as you do not consent or revoke granted consent, the (further) collection of data by means of optional cookies requiring consent and the associated data processing will cease. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all functions of this website. In addition, you can, for example, generally object to the use of cookies for online marketing on the page http://www.youronlinechoices.com.

The details of the previously mentioned third-party services can be found in the points listed below.

7. Ad Partner / Third Party Services

We work together with advertising partners to make the online offer on our site even more interesting for you. For this purpose, cookies are also set by our advertising partners when you visit our site (so-called third party cookies) and after you have given your consent in the cookie banner according to Art. 6 para. 1 sentence 1 a) GDPR. The cookies of our advertising partners also contain information about your user behavior and your interests when you visit our site using pseudonyms. In some cases, information is also collected that was collected prior to visiting our site on other sites. This information is used to display interest-related advertisements from our advertising partners. No personal data will be stored and no user profiles will be merged with personal data.

You can prevent the interest-based advertising insertion of our advertising partners by means of a corresponding cookie setting in your browser.

Proper order processing agreements have been concluded with service providers that we engage for the purpose of supplying advertising and who process data on our behalf strictly in accordance with instructions.

You can revoke your consent at any time free of charge with effect for the future. In order to exercise this right of revocation, you can send us an informal message via the contact options mentioned under point 1, in which your intention to revoke is expressed. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can prevent the interest-based advertising of our advertising partners by selecting the appropriate cookie setting in your browser.

Bing Ads

Bing Ads is used to optimize our offers. Bing Ads is offered by:

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Bing Ads is used to promote our company online. It uses cookies to record the completion and processing of transactions. This enables products or services to be marketed more effectively and in a more targeted manner. Bing Ads anonymizes your personal data and ensures that it cannot be used to identify individuals.

The legal basis is Art. 6 para. 1 f) GDPR. The processing serves to protect our legitimate interests in an optimization of our offer.

Cookies can be deleted. You can also select which cookies are not allowed on your computer.

Bing's privacy policy can be found here:
https://privacy.microsoft.com/de-de/privacystatement

Google Adwords

Our website uses the Google Adwords service. Google AdWords is an online advertising program from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

We use the remarketing function within the Google AdWords service. The remarketing function enables us to present advertisements based on their interests to users of our website on other websites within the Google display network (on Google itself, so-called "Google ads" or on other websites). For this purpose, the interaction of users on our website is analyzed, e.g., which offers the user was interested in, in order to be able to display targeted advertising to users even after visiting our website on other pages. To do this, Google stores a number in the browsers of users who visit certain Google services or websites on the Google Display Network. This number, known as a "cookie", is used to record the visits of these users. This number is used to uniquely identify a web browser on a particular computer and not to identify a person; personal data is not stored. The legal basis for this data processing is Article 6 para. 1 sentence 1 f) GDPR.

Furthermore, we measure the conversion of the ads. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page marked with a so-called "conversion tracking tag". However, we ourselves do not receive any information with which users can be identified.

You can disable the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: www.google.com/settings/ads/plugin .

For more information about Google Remarketing and Google's privacy policy, please visit: www.google.com/privacy/ads/ .

Doubleclick by Google

Doubleclick by Google is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Doubleclick by Google uses cookies to deliver advertisements relevant to you. Your browser is assigned a pseudonymous identification number (ID) to check which ads have been displayed in your browser and which ads have been called. The cookies do not contain any personal information. The use of DoubleClick cookies only allows Google and its partner websites to serve ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for analysis and stored there. A transfer of data by Google to third parties only takes place due to legal regulations or within the scope of order data processing. Under no circumstances will Google match your data with other data collected by Google.

You can prevent Google from collecting the data generated by the cookies and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available under the following link under the item DoubleClick deactivation extension.

You can also prevent the interest-based advertising insertion of our advertising partners by means of a corresponding cookie setting in your browser or by clicking here.

Belboon

We have integrated components of the belboon affiliate advertising network on this website. belboon is a German affiliate network that offers affiliate marketing. Affiliate marketing is an Internet-based form of distribution that allows commercial operators of websites, the so-called merchants or advertisers, to display advertising, which is usually remunerated through click or sale commissions, on third-party websites, i.e. sales partners, also called affiliates or publishers. The merchant provides an advertising medium via the affiliate network, i.e. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated by an affiliate on its own Internet pages or advertised via other channels, such as keyword advertising or e-mail marketing.

The operating company of belboon is belboon GmbH, Weinmeisterstr. 12-14, 10178 Berlin, Germany. belboon sets a cookie on your information technology system (PC, laptop, etc.), provided that you consent to this in our cookie notice. You can change this at a later time and thus revoke it with effect for the future. You can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent belboon from setting a cookie on your information technology system of the person concerned. In addition, cookies already set by belboon can be deleted at any time via an internet browser or other software programs.

The data processing serves the analysis of user behavior for the purpose of changing and optimizing the website. The legal basis for data processing is your consent according to Art. 6 para. 1 p. 1 a) GDPR. You have the right to object to the data processing at any time. This is possible via the following link: http://www.youronlinechoices.com/de/praferenzmanagement or via our cookie settings (Cookie-Category Marketing).

The tracking cookie (set with your consent) from belboon does not store any personal data. Only the identification number of the affiliate, i.e. the partner referring the potential customer, as well as the order number of the visitor of a website and the clicked advertising material are stored. The purpose of storing this data is the processing of commission payments between a merchant and the affiliate, which are processed through the affiliate network, i.e. belboon.

The applicable data protection provisions of belboon can be found at https://www.belboon.com/de/ueber-uns/datenschutz/abgerufen.

Integration of the Trusted Shops Trustbadge

The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops Trustmark and the collected reviews as well as to offer Trusted Shops products to buyers after an order.

This is necessary to safeguard our legitimate prevailing interests in an optimal marketing by ensuring the safety of your purchase according to Article 6 para. 1 sentence 1 f) GDPR. The Trustbadge and the services advertised with it are an offer of the Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, _Germany. The Trustbadge is made available by a CDN provider (Content-Delivery-Network) as part of order processing. The Trusted Shops GmbH uses also service provider from the USA. An adequate level of data protection is guaranteed. Further information to the data security of the Trusted Shops GmbH can be found here: https://www.trustedshops.co.uk/imprint/

When the Trustbadge is called up, the web server automatically saves a server log file which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. Individual access data are stored in a security database for the analysis of security problems. The log files are automatically deleted 90 days after creation at the latest.

Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered for use. The contractual agreement made between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether or not you are already registered as a Trusted Shops customer is automatically checked by means of a neutral parameter, the e-mail address hashed by cryptological one-way function. The e-mail address is converted to this hash value, which cannot be decrypted by Trusted Shops before it is transmitted. After checking for a match, the parameter is deleted automatically.

This is necessary for the fulfillment of our and Trusted Shops' legitimate prevailing interests in the provision of the buyer protection linked to the specific order and the transactional review services in accordance with Art. 6 para. 1 sentence 1 f) GDPR. Further details, including your right to object, can be found in the Trusted Shops Privacy Policy linked above and within the Trustbadge.

8. Advertising

Newsletter

If you would like to receive the newsletter offered on our website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter.

We use your data exclusively for sending the newsletter it, but do not pass it on to third parties. The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR.

The newsletter is sent by the service provider CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede, Germany – based on our legitimate interest according to Art. 6 para. 1 S. 1 a) GDPR in providing a promotional, secure and user-friendly newsletter system - within the scope of a concluded Data processing agreement (Art. 28 GDPR) . The data protection provisions of the dispatch service provider can be found at: https://www.cleverreach.com/de/datenschutz/ .

For the registration to our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

The newsletters contain a so-called web beacon. These are small graphics that enable a log file recording or log file analysis, which are used for statistical evaluations for online marketing and are retrieved by CleverReach when the newsletter email is opened. In the course of this retrieval, technical information such as information about the browser and your system and the time of retrieval are collected. This information is used for the technical improvement of our services based on the technical data, the target groups and their respective reading behavior. Statistical surveys include information on whether a newsletter is opened, its time and the links clicked. If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

The data you provide for the purpose of receiving the newsletter will be stored by us or CleverReach until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or CleverReach in a blocklist, if necessary, to prevent future mailings. The data from the blocklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 sentence 1 f) GDPR. The storage in the blocklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

Right of Withdrawal

You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time with effect for the future by notifying us, e.g. to our e-mail address specified under number 1 (or 2) or by using the unsubscribe option at the end of each newsletter.

Advertising with consent

We process your data for marketing purposes only on the basis of express consent to these purposes in accordance with Art. 6 Para. 1 sentence 1 a) GDPR.

With service providers who we engage for the purpose of advertising provision and who process data on our behalf in strict compliance with instructions, proper agreements have been concluded for order processing.

Information on the right of objection

You can object to the use of your personal data for the aforementioned advertising purposes at any time free of charge with effect for the future under the contact options specified under number 1 (or 2). If you file an objection, your data will be blocked for further promotional data processing. We would like to point out that in exceptional cases advertising material may still be sent even after receipt of your objection. This is technically due to the necessary lead time within the selection process and does not mean that we have not implemented your objection.

9. Website optimization, reach measurement and online marketing

Google Analytics

We use based on your given consent according to Art. 6 para. 1 sentence 1 a) GDPR Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) ("Google") on our website on the basis of our legitimate interests (in particular the interest in the analysis, improvement and commercial design of our online offer). Google uses cookies. The information generated by the cookie about the use of the online offer by users is generally transferred to a Google server in the USA and stored there.

The information generated by the cookie about your use of this website is approximately

  • Browser type/version,
  • operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request

Details about cookies can be found above under number 6.

However, in the context of Google Analytics we use the suffix "anonymizeIp". By means of this addition, Google shortens and anonymises the IP address of the Internet connection of the person concerned when accessing our Internet pages from a member state of the European Union or from another state party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

For additional information on the transfer of data to the USA, please refer to section 14.

Google will use the aforementioned information on our behalf to evaluate the use of our online offer by users and to provide us with reports on the activities within this online offer and, if necessary, to provide further services in this context. Pseudonymous user profiles can be created from the processed data.

The (shortened) IP address transmitted by the user's browser is not merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly and prevent the collection of data generated by the cookie with regard to the online offer and its processing by Google by downloading and installing the browser plug-in available under the following link: <a>http://tools.google.com/dlpage/gaoptout?hl=en"</a>.

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this <a href="gaOptout()">Link</a> . An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on Google's use of data and possible settings and objections can be found in Google's privacy policy https://policies.google.com/technologies/ads) and in the settings for the display of advertisements on Google (https://adssettings.google.com/authenticated).

User's personal data will be deleted or made anonymous after 14 months.

Facebook Pixel

Within the framework of our website, we use the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc. on the basis of your consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR or, if consent is not given in the individual case and is not legally required, on the basis of our legitimate interests (i.e. interest in evaluating the use of our website and improving the operation of our website within the meaning of Art. 6 para. 1 sentence 1 f) GDPR), 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

Facebook uses EU standard contractual clauses for data transfers from the EEA and relies on adequacy decisions issued by the European Commission regarding specific countries, where applicable.

The Facebook Pixel allows Facebook to target visitors to our website for the display of ads (so-called "Facebook Ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our offers or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we would like to help ensure that our Facebook ads correspond to the presumed interest of the user and that ads do not appear annoying or inappropriate, but instead appear interesting and useful to the user. The Facebook pixel is also intended to help us track the effectiveness of Facebook ads for statistical and market research purposes, in which we see whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

Facebook processes the data within the framework of Facebook's data use policy. This policy contains further information on the display of Facebook ads: www.facebook.com/policy.php. Specific instructions on the Facebook Pixel and how it works are available in Facebook's help section: www.facebook.com/business/help/651294705016616 .

You can opt-out of the Facebook Pixel's collection and use of your data to display Facebook ads. To configure what types of ads are displayed to you within Facebook, you can visit the following page provided by Facebook to follow the information on how to configure usage-based advertising: https://www.facebook.com/settings?tab=ads. The configuration is not limited to the specific platform / hardware you use, that is, they are adopted for all devices, such as desktop computers or mobile devices.

You can object to the use of cookies used for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/ ) and additionally the US website (http://www.aboutads.info/choices ) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/ ).

10. Contact

Contact by E-mail, Post & Telephone

You have the option to contact us in several ways. By e-mail, telephone or post. When you contact us, we use the personal data that you voluntarily make available to us in this context solely for the purpose of contacting you and processing your enquiry.
The legal basis for this data processing is Art. 6 Para. 1 sentence 1 b) GDPR. Your data will be deleted if they are no longer needed for the purpose of processing and there is no legal obligation to store them.

Contact form

There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this option, the data you enter in the input mask will be transmitted to us in encrypted form and stored.

If you have given your consent, the legal basis for the processing of your data is Art. 6 para. 1 sentence 1 a) GDPR. If you do not give your individual consent, we will process your data on the basis of Art. 6 para. 1 sentence 1 b) GDPR. The processing of the personal data from the input mask serves us only for the purpose of establishing contact.

11. Contractual services

Processing in connection with online shop

We process your personal data only to the extent necessary to process your orders in our online shop or to contact you.

We only process the personal data that you give us, such as your name, contact data, payment data and order data.
Data processing is carried out for the purpose of fulfilling the contract and implementing pre-contractual measures on the legal basis of Art. 6. para. 1 sentence 1 b) GDPR. In order to process your e-mail address in the event of a purchase via our websites/applications, we are also obliged by law under the German Civil Code (BGB) to send an electronic order confirmation (Art. 6 Para. 1 sentence 1 c) GDPR).

In order to provide you with the greatest possible convenience, we offer you the permanent storage of your personal data in a password-protected customer account/user account.
The creation of the customer account is in principle voluntary and is based on your consent within the meaning of Art. 6 para. 1 sentence 1 a) GDPR. After setting up a customer account, no further data entry is required. In addition, you can view and change the data stored about you in your customer account at any time.

In addition to the data requested when placing an order, you must enter a password of your choice when setting up a customer account. This, together with your e-mail address, is used to access your customer account. Please treat your personal access data confidentially and in particular do not make them accessible to any unauthorized third parties. You have the possibility to delete your customer account at any time. Please note, however, that this will not also delete the data that can be viewed in the customer account once you have placed an order with us. The deletion of your data takes place automatically after the expiry of the commercial and tax storage obligations applicable to us. The legal basis for this data processing is Art. 6 para. 1 sentence 1 c) GDPR and Art. 6 para. 1 sentence 1 f) GDPR.

For the processing of a purchase contract, payment service providers commissioned by us will be passed on to process the payment(s). Information on your delivery address will be passed on to logistics companies and shipping partners commissioned by us. The respective data will be transmitted solely for the respective purposes and deleted after delivery.

As far as we do not use your data for advertising purposes, we store the data collected for contract processing until the expiry of the statutory or possible contractual warranty and guarantee rights. Upon expiry of this period, we shall retain the information of the contractual relationship required by commercial and tax law for the periods specified by law. For this period, the data will be reprocessed solely in the event of an audit by the tax authorities.

E-mail service provider

For communication with you by e-mail and its evaluation, in addition to our hoster (see section 5 above), we partly use the e-mail service of Sendinblue. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. We have entered into an order processing agreement with Sendinblue (Art. 28 GDPR). Sendinblue partially sends our store emails to you in order to fulfill our legal information obligations. The legal basis for this is Art. 6 para. 1 sentence 1 c). In addition, the processing of your order is hereby carried out, for which the legal basis is Art. 6 para.1 sentence 1 b) GDPR. Sendinblue logs certain technical data and order information for us for statistical purposes, for error detection and to combat abuse. The legal basis in this respect is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 f) GDPR in stable and secure communication and combating abuse.

12. Payment Provider

In addition, the following data processing is required to process a purchase contract via our website:
Your payment data will be passed on to payment service providers who process the payment(s), depending on the payment method. Information on your delivery address will be passed on to logistics companies and shipping partners commissioned by us. In order to ensure that the goods are delivered according to your wishes, we will send your e-mail address and, if applicable, the telephone number to the logistics company and/or shipping partner commissioned by us who will take over the delivery. They may contact you prior to delivery to discuss delivery details. The respective data will be transmitted solely for the respective purposes and deleted after delivery. The legal basis for this data processing is Art. 6 para. 1 sentence 1 a), Art. 6 para. 1 sentence 1 b) GDPR and Art. 6 para. 1 sentence 1 f) GDPR.

Payment service provider

We use the following payment service providers:

PayPal, AmazonPay, Sofortüberweisung, Klarna

PayPal

PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and provides buyer protection services.

PayPal's European operating company is PayPal (Europe) S.à.r.l. &amp; Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the person concerned selects this as a payment option during the order process in our online shop, data of the person concerned is automatically transmitted to PayPal. By selecting this payment option, the person concerned consents to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, or other data necessary for payment processing. Personal data in connection with the respective order are also necessary for the processing of the purchase contract.

The purpose of data transmission is to process payments and prevent fraud.

The transmission takes place on the basis of the fulfilment of the contract in accordance with Art. 6 para. 1 b) GDPR and, insofar as personal data is also transmitted, on the basis of our legitimate interests in secure payment processing and fraud prevention in accordance with Art. 6 para. 1 f) GDPR.

The personal data exchanged between PayPal and us may be transferred by PayPal to credit agencies. The purpose of this transmission is to verify identity and creditworthiness. Responsible for this is PayPal.

PayPal may pass on personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of PayPal.

You have the option to revoke your consent to the handling of personal data by PayPal at any time. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing.

PayPal's current privacy policy can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

AmazonPay

AmazonPay is a payment service that enables cashless payment for products and services on the Internet. AmazonPay maps a technical procedure by which the online merchant immediately receives a payment confirmation. This enables a merchant to deliver goods, services or downloads to the customer immediately after the order is placed.

The operating company of AmazonPay is Amazon Europe Core S.à r.l. (Société à responsabilité limitée), 5 Rue Plaetis, L-2338 Luxembourg.

If you select "AmazonPay" as a payment option during the ordering process in our online store, data of the data subject will be automatically transmitted to AmazonPay. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.

During the purchase transaction via AmazonPay, the buyer transmits the login data to AmazonPay. AmazonPay then carries out a transfer to the online merchant after a technical check of the account balance and retrieval of further data to check the account coverage. The online merchant is then automatically notified of the execution of the financial transaction.

The personal data exchanged with AmazonPay are first name, last name, address, email address, IP address, telephone number, other data necessary for payment processing. The transmission of the data is for the purpose of payment processing in the context of contract performance and fraud prevention, the legal basis is Art. 6 para. 1 para. 1 sentence 1 b) GDPR. We may also transfer other personal data to AmazonPay if there is a legitimate interest for the transfer, such as security and fraud prevention, Art. 6 para. 1 para. 1 sentence 1 f) GDPR. The personal data exchanged between AmazonPay and us may be transmitted by AmazonPay to credit reporting agencies. This transmission is for the purpose of checking identity and creditworthiness.

AmazonPay may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfillment of contractual obligations or the data is to be processed on behalf.

You have the option to revoke your consent to the handling of personal data at any time vis-à-vis AmazonPay. A revocation does not affect personal data that must necessarily be processed, used or transmitted for (contractual) payment processing.

The applicable data protection provisions of AmazonPay can be found at https://www.amazon.de/datenschutzhinweise .

Sofortüberweisung

Sofortüberweisung is a payment service that enables cashless payment for products and services on the Internet. Sofortüberweisung represents a technical procedure by which the online merchant immediately receives a payment confirmation. This enables a merchant to deliver goods, services or downloads to the customer immediately after the order is placed.

The operating company of Sofortüberweisung is SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.

If you select "Sofortüberweisung" as a payment option during the ordering process in our online store, data of the data subject will be automatically transmitted to Sofortüberweisung. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.

During the purchase transaction via Sofortüberweisung, the buyer transmits the PIN and the TAN to Sofort GmbH. Sofortüberweisung then carries out a transfer to the online merchant after a technical check of the account balance and retrieval of further data to check the account coverage. The online merchant is then automatically notified of the execution of the financial transaction.

The personal data exchanged with Sofortüberweisung are first name, last name, address, e-mail address, IP address, telephone number, and other data necessary for payment processing. The transmission of the data is for the purpose of payment processing in the context of contract performance and fraud prevention, the legal basis is Art. 6 para. 1 sentence 1 b) GDPR. We may also transmit other personal data to Sofortüberweisung if there is a legitimate interest for the transmission, such as security and fraud prevention, Art. 6 para. 1 sentence f) GDPR. The personal data exchanged between Sofortüberweisung and us may be transmitted by Sofortüberweisung to credit reporting agencies. This transmission is for the purpose of checking identity and creditworthiness.

Sofortüberweisung may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfillment of contractual obligations or the data is to be processed on behalf.

You have the option to revoke your consent to the handling of personal data at any time to Sofortüberweisung. A revocation does not affect personal data that must be processed, used or transmitted mandatory for (contractual) payment processing.

The applicable data protection provisions of Sofortüberweisung can be found at https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.

Klarna

Klarna is an online payment service provider. Payments are processed via so-called Klarna accounts, which are virtual private or business accounts. In addition, Klarna offers the possibility to process virtual payments via credit cards if a user does not maintain a Klarna account. A Klarna account is maintained via an e-mail address. Klarna makes it possible to initiate online payments to third parties or to receive payments. Klarna also assumes trustee functions and offers buyer protection services.

The European operating company of Klarna is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.

If the data subject selects "Klarna" as a payment option during the ordering process in our online store, data of the data subject will be automatically transmitted to Klarna. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.

The personal data transmitted to Klarna are usually first name, last name, address, email address, IP address, telephone number, or other data necessary for the payment processing. Also necessary for the processing of the purchase contract are such personal data that are related to the respective order.

The transmission of the data is for the purpose of payment processing and fraud prevention. The transmission takes place on the basis of the performance of the contract pursuant to Art. 6 para. 1 sentence 1 b) GDPR and, insofar as personal data is transmitted in addition, on the basis of our legitimate interests in secure payment processing and fraud prevention pursuant to Art. 6 para. 1 sentence 1 f) GDPR.

The personal data exchanged between Klarna and us may be transmitted by Klarna to credit agencies. This transmission is for the purpose of checking identity and creditworthiness. The responsible party for this is Klarna.

Klarna may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfillment of contractual obligations or the data is to be processed on behalf.

You have the option to revoke your consent to the handling of personal data at any time vis-à-vis Klarna. A revocation does not affect personal data that must necessarily be processed, used or transmitted for (contractual) payment processing.
The applicable data protection provisions of Klarna can be found at https://www.klarna.com/de/datenschutz/ .

13. Social Media & Content

Our social media sites

We maintain additional websites on social networks and social platforms on Xing (New Work SE, https://privacy.xing.com/de/datenschutzerklaerung, Opt-Out: https://nats.xing.com/optout.html?popup=1), Pinterest (Pinterest Europe Ltd., https://policy.pinterest.com/de/privacy-policy) , Facebook und Instagram (see below). This is where we inform other users, interested parties and customers (hereinafter referred to as "users") about our services and, if necessary, communicate with them within this framework.

The processing of user data is also carried out regularly for market research and advertising purposes by creating profiles based on the user behavior of the user, which may be used for interest-specific advertising and other marketing measures on the network pages, but also outside the network. This is usually done using cookies that are stored locally by the user. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behavior and interests are stored in each case. The created usage profiles can also be used on different devices independently (especially for logged in users).

Data may also be processed by providers outside the European Economic Area (EEA), which may result in risks because the enforcement of (data protection) claims is difficult. However, we only use operators of such networks who have committed themselves to ensuring an appropriate level of data protection.

The processing of users' personal data is based on legitimate interests in the provision of information and communication with users pursuant to Art. 6 para. 1 sentence 1 f) GDPR. Insofar as the user has consented to the processing of his personal data vis-à-vis the provider, the legal basis of the processing is Art. 6 para. 1 sentence 1 a) in conjunction with Art. 7 GDPR.
If you wish to assert information and/or other rights as a data subject, we recommend that you contact the respective provider, because the latter can react most efficiently to this, since the latter has access to the data. Nevertheless, we are of course at your disposal for support.
For the explanation of a contradiction, the respective provider has the possibility to object in the form of an opt-out.

Facebook and Instagram

We maintain social media profiles on the social networks Facebook and Instagram ("Fanpages"), services of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"), on which We regularly publish and share content and offers. When you interact with Our Fanpages or other Facebook or Instagram websites, the operators of the social networks collect your usage behavior with cookies and similar technologies. We may view general statistics about users' interests and demographic characteristics (such as age, gender, region) for its fan pages. If you use social networks, the type, scope and purposes of the data processing in the social networks are primarily determined by the operators of the social networks. An exception applies to so-called page insights, for which We are jointly responsible with Facebook and explain below.
Facebook also processes your data when using fan pages for its own purposes, which are not depicted in this privacy policy and over which We have no influence. You can find more information about this at the respective social networks: Facebook privacy notice, Instagram privacy notice.

When you interact with our fan pages, Facebook records your usage behavior with cookies and similar technologies. We receive "page insights" in this context, which contain statistical, depersonalized (anonymized) information about visitors. An assignment to your person is not possible for us. The selection and processing of Page Insights information is done exclusively by Facebook. Page insights help us to understand how our fan pages are used, what interests visitors have, and which topics and content are particularly popular. We use this information to provide relevant content to visitors of our fan pages and to better respond to the interests and usage habits of our visitors.

We and Facebook are jointly responsible for the processing of your data for the provision of Page Insights (Art. 26 GDPR). There is an agreement between Us and Facebook that specifies which company fulfills which data protection obligations under the GDPR with respect to the processing of Page Insights data. The agreement with Facebook is available here.
Facebook has summarized the main contents of this agreement (including a list of Page Insights data) here: https://www.facebook.com/legal/terms/information_about_page_insights_data . Insofar as you have consented to Facebook with regard to the creation of Page Insights described above, the legal basis is Article 6 para. 1 sentence 1 a) GDPR. Otherwise, the legal basis is Article 6 para. 1 sentence f) GDPR, with our legitimate interest arising from the aforementioned purposes.

Integration of third-party services and content

Within the framework of our website, we use offers from third party providers on the basis of a consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR or if a consent is not available in individual cases and is not legally required, on the basis of our legitimate interests (i.e. interest in evaluating the use of our website and improving the operation of our website within the meaning of Art. 6 para. 1 f) GDPR) in order to integrate its contents and services, such as videos or fonts (hereinafter uniformly referred to as "contents"). This may require that the respective third-party providers perceive your IP address, as they would not be able to send the content to your browser without the IP address. The IP address is therefore required for the delivery and display of this content.

YouTube

Based on your consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR, we may integrate videos from the "YouTube" platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can find their data protection information at: https://www.google.com/policies/privacy/
You can set an opt-out under this link: https://adssettings.google.com/authenticated .

Comments/contributions

If you leave comments or other contributions, your IP address may be stored for up to seven days due to our legitimate interests pursuant to Art. 6 para. 1 sentence 1 f) GDPR. This is done for our security and to protect others from illegal content. In this case, we are liable as the operator of this website and would therefore like to try to identify the author. In addition, this enables the detection of spam and its exclusion as a legitimate interest on our part Art. 6 para. 1 sentence 1 f) GDPR.
The content provided in the context of your comments and / or contributions will be permanently stored by us until your objection, unless there is any other obligation to remove.

14. Sharing of data / processing outside EEA

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this is only done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR).

The data collected by the products listed within the scope of this declaration from US providers or their affiliated companies, such as Google and Facebook, may be stored and processed by them in the USA, among other places. We have no influence on the further data processing by the Service Provider. For a data transfer to a third country, i.e. a country outside the EU or the EEA, appropriate guarantees for the protection of your personal data are generally required. After the European Court of Justice invalidated the Commission's Implementing Decision (EU) 2016/1250 of July 12, 2016 on the adequacy of the protection provided by the EU-US Privacy Shield ("EU-US Privacy Shield"), the EU-US Privacy Shield can no longer be used as a guarantee for an adequate level of protection in the US according to EU standards. Thus, there is currently no level of data protection in the U.S. equivalent to that in the EU within the meaning of Art. 45 GDPR, and we are also unable to provide appropriate safeguards under Art. 46 GDPR to compensate for this deficit. Thus, data transfer to the USA is only permissible here with your express consent pursuant to Art. 49 (1) a) GDPR, which can be granted by you with the cookie notice by choosing optional categories. Possible risks of this data transfer are that access by state authorities, such as security authorities and/or intelligence services, cannot be ruled out and your data could be processed by them, possibly without you being informed separately and without enforceable rights and effective legal remedies being available to you, for reasons of national security, law enforcement or for other purposes in the public interest of the USA.

Otherwise, we will only share your data with third parties if:

  • you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 a) GDPR,
  • the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6 para. 1 sentence 1 f) GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • there is a legal obligation for the disclosure according to Art. 6 para. 1 sentence 1 c) GDPR or
  • this is legally permissible and necessary according to Art. 6 para. 1 sentence 1 b) GDPR for the processing of contractual relationships with you.

The transfer to tax offices and social security institutions will only take place if there is a legal obligation to do so; the legal basis is Art. 6 para. 1 sentence 1 c) GDPR. The transfer to service providers only takes place on the basis of a proper contract processing agreement in accordance with Art. 28 GDPR.

15. Applicant data

We process the personal data of applicants for the purpose of handling the application process. The processing may also take place electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, for example by e-mail. If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded, the application documents are automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests of the responsible party oppose deletion.

16. Amendments

The controller reserves the right to adapt security and data protection measures if this becomes necessary due to technical or legal developments. In these cases, the controller will also adapt these data protection notices accordingly. Therefore, please pay attention to the current version of our data protection information.

17. Definitions of terms

For a better understanding, we would like to provide you with the following definitions of the GDPR as far as they are relevant for our data privacy notices.

Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). A natural person shall be considered identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. Personal data are, in simplified form, individual details about personal or factual circumstances of a specific or determinable natural person, i.e. not legal persons, such as a limited liability corporation. Personal data includes in particular information such as name, address, e-mail address and IP address.

Processing

Processing means any operation or set of operations which is carried out with or without the aid of automated processes and which relates to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or linking, limitation, erasure or destruction.

Restriction of processing

Profiling

Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects related to work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movement of that natural person.

Pseudonymisation

Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical andorganisational measures ensuring that the personal data are not allocated to an identified or identifiable natural person.

Controller

The controller shall be the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or controllers may be designated in accordance with Union
law or with the law of the Member States on the basis of certain criteria.

Processor

A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

Recipient

The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States shall not be considered as recipients.

Third party

Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.

Consent

Consent means any voluntary, informed and unambiguous expression by the data subject of his or her will in the particular case, in the form of a statement or other unequivocal confirmatory act, indicating that he or she consents to the processing of his or her personal data.

Supervisory authority

Supervisory authority means an independent government body established by a Member State pursuant to Art. 51 GDPR.