Privacy Policy
We observe the applicable data protection regulations, in particular the requirements of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). We process your personal data only if the law permits data processing or if you have given your consent to the processing of your data. The transparency of the data processing is an important concern for us, so that we would like to inform you comprehensively with the following references to data protection.
Feb. 2023
Overview
- Controller
- Data protection officer
- General information about the data processing
- Your rights
- Server and Logfiles
- Cookies
- Ad Partner / Third Party Services
- Advertising
- Website optimization, reach measurement and online marketing
- Contact
- Contractual services
- Payment Provider
- Social Media & Content
- Sharing of data / processing outside EEA
- Applicant data
- Amendments
- Definitions of terms
In detail:
1. Controller
The Controller responsible for processing your personal data on this website is
Haar-Scharf oHG
Fuhlsbüttler Straße 407a-d
22309 Hamburg
Deutschland
www.hair-shop.com
[email protected]
2. Data protection officer
You can reach our Data Protection Officer, Sandra Schnehagen, as follows:
Email: [email protected]
Tel.: +49 40 611684617
3. General information about the data processing
a. Scope & purpose of the processing of personal data
We process your personal data of your visit to this website only to the extent necessary to provide a functioning website as well as our content and services. The processing of your personal data will only take place with your consent, unless data processing is permitted by law without prior consent. The purposes of the processing result from the processing activities described in more detail below.
b. Legal basis for the processing of personal data
As far as we obtain your consent for the processing of personal data, Art. 6 para. 1 sentence 1 a) GDPR serves as the legal basis. If the processing of your data is necessary for the fulfilment of a contract to which you are a party, Art. 6 para. 1 sentence 1 b) GDPR serves as the legal basis. This shall also apply to processing operations necessary for the implementation of pre-contractual measures. If the processing of your personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 sentence 1 c) GDPR serves as the legal basis. In the event that vital interests of you or another natural person require the processing of personal data, Art. 6 para. 1 d) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if your interests, fundamental rights and fundamental freedoms do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 f) GDPR shall serve as the legal basis for the processing.
c. Data erasure and storage duration
Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. A storage can take place beyond that, if this was intended by laws or other legal regulations binding for us. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned legal provisions expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
d. Types of data processed
- Customer data (e.g. name, address);
- Contact data (e.g. e-mail address, phone no.);
- Content data (e.g. text entries, photography, videos);
- Store account, payment and order data (e.g. when placing an order);
- Usage data (e.g. Website visits, Access times, personal interests);
- Communication and meta data (e.g. IP addresses, device information).
e. Purposes of processing
- Provision of the online service with online store, its functions and contents;
- Answering contact requests and communicating with users;
- security measures;
- Range measurement/Marketing.
f. Categories of data subjects
Visitors and users of the online offering (hereinafter called “user”).
g. Automated decision making
An automated decision making (Art. 22 para. 1 GDPR) through us does not take place.
4. Your rights
When processing your personal data, you have the following rights, which we are pleased to inform you about below. You can contact us as the person responsible or the data protection officer, the contact details can be found above under 1. and 2.
a. Right of access (Art. 15 GDPR)
Upon request, we will confirm whether personal data concerning you will be processed. If this is the case, you have a right to be informed about the following information
- the purpose(s) of the data processing,
- the categories of data processed, and
- where appropriate, the recipients or categories of recipients to whom data are disclosed on the basis of legal obligations or contractual relationships; in particular for recipients in third countries
- the planned storage period or, if this is not possible, the criteria for determining the duration
- the existence of a right to have personal data concerning you corrected or deleted, or to have your personal data processed by us restricted, or to have a right of objection to such processing
- the existence of a right of appeal to the supervisory authority
- in the event that the personal data are not collected from the data subject: All available information about the origin of the data
- the existence of automated decision-making, including profiling and meaningful information on the logic involved and the scope and intended impact of such processing on the data subject
- in the case of transfer to a third country or an international organisation, the appropriate guarantees in connection with the transfer.
Upon request, you will receive a copy of the data collected and processed by you. This is basically free of charge.
b. Right to correction (Art. 16 GDPR)
You have the right to request the immediate correction of inaccurate personal data concerning you. You have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.
c. Right to erasure (Art. 17 GDPR) (so-called right to be forgotten)
Upon request or after fulfilment or termination of the contract with us, your personal data will be deleted immediately if this does not conflict with duties of storage or documentation under tax or commercial law or if the safeguarding of the legitimate interests of the person responsible is endangered.
A claim for cancellation exists under the following conditions:
- The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
- You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 sentence 1 a) GDPR or Art. 9 para. 2 a) GDPR and there is no other legal basis for the processing.
- You file an objection to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing or an objection to the processing pursuant to Art. 21 para. 2 GDPR has been filed.
- the personal data have been processed unlawfully.
- the deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
- The personal data was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR (consent was given by a child)
d. Right to restriction of processing (Art. 18 GDPR) (blockage)
Under the following conditions you have the right to request the restriction of processing, i.e. the blocking of your personal data for processing:
- the accuracy of the personal data is disputed by you for a period that enables us to verify the accuracy of the personal data.
- the processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data.
- The data controller no longer needs the personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims.
- The user has filed an objection against the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh those of the user.
e. Right to data portability (Art. 20 GDPR) (data portability)
On request, your data can be made available in a structured, current and machine-readable format for a fee in order to enable fast transmission. This applies in any case if the processing is based on a consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR or Art. 9 para. 2 a) GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 b) GDPR and the processing is carried out using automated procedures.
f. Right of revocation of your consents (Art. 7 para. 3 GDPR)
You can revoke your consent at any time by declaration to us. As a result, we are no longer allowed to continue processing data based on this consent in the future.
g. Right to lodge a complaint with the supervisory authority (Art. 77 GDPR)
If you believe that there has been a violation of data protection regulations, you have a right of appeal to the competent supervisory authority. For companies in Hamburg, for example, this is the Hamburgische Beauftragter für Datenschutz und Informationsfreiheit, Kurt-Schumacher-Allee 4, 20097 Hamburg, Tel.: 040 428 54 4040, E-Mail: [email protected], Internet: https://www.datenschutz-hamburg.de
h. Right of objection (Art. 21 GDPR)
You also have the right to object to the processing of your personal data. If the processing takes place for the purpose of direct advertising (e.g. newsletter), this right exists at any time. Otherwise, the right to object at any time to the processing of personal data concerning you may also exist for reasons arising from your particular situation. This only applies insofar as the processing takes place on the basis of Art. 6 para. 1 e) or f) GDPR (representation of public interests or protection of legitimate interests by the person responsible). We will then no longer process the personal data unless we can prove compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
In order to exercise this right of objection, you can also send us an informal message, stating your e-mail address, using the contact options listed under sections 1 or 2, in which your intention of objection is expressed.
5. Server and Logfiles
a. Hoster
We use a so-called hoster to provide certain services in connection with the operation of this website: in particular, IT infrastructure, computing services, database services, e-mail dispatch, security services, server storage space and technical maintenance services are provided. We or our hosters process on our behalf inventory data, contact data, content data, contract data, usage data, meta and communication data of our visitors to our website on the basis of Art. 28 GDPR due to our legitimate interests in a professional and secure provision of our website in accordance with Art. 6 para. 1 f) GDPR.
b. Logfiles
If you only use the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 Para. 1 Sentence 1 f) GDPR:
Date and time of access, name of the pages accessed, IP address of the requesting device, the amount of data transferred, browser type, language & version.
This data is processed exclusively to ensure trouble-free operation, i.e. the correct provision of the page(s) you have requested, but also to ensure the permanent functionality of the technical systems and to make improvements to the offer. A storage takes place for security reasons for a maximum of 7 days.
We reserve the right to provide law enforcement authorities with the necessary information for the purpose of criminal prosecution if there is a legal obligation for the responsible party to do so.
We do not draw any conclusions about your person and do not merge this information with other (personal) data of yours.
Content Delivery Network
We use a so called content delivery network called Cloudflare. Cloudflare is operated by Cloudflare, Inc. 101 Townsend St, San Francisco,CA 94107, USA. We have agreed with Cloudflare on a Data Processing Agreement according to Art. 28 DSGVO.This is a service that enables our content such as media data, images and scripts to be distributed and delivered faster across a variety of regional servers.For this purpose and for the security of our website, e.g. against DDOS attacks, this service is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 sentence 1 f) GDPR. The Cloudflare privacy policy can be found at: https://www.cloudflare.com/security-policy">https://www.cloudflare.com/security-policy.
6. Cookies
In addition to the previously mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive by the browser you are using and allow certain information to flow to us as the entity that set the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
Use of cookies:
a) Temporary cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
b) Permanent cookies remain stored even after you close the browser. In this way, settings or preferences can be saved, for example.
c) First-party cookies are set by the respective website operator itself, whereas third-party cookies are used by third parties (e.g. advertising partners).
d) Necessary cookies (also called required cookies) are, on the one hand, absolutely necessary for the operation of a website (e.g. to save logins or other user entries) or are required for security reasons.
e) Furthermore, there are cookies set, for example, for personalization, for statistical purposes and for marketing.
This website uses the following cookies, some of which are necessary for the operation of our website:
- Necessary
-
Name Partner Description Lifetime cct adscale.de Necessary for the shopping cart functionality on the website. Session shopgate app.hair-shop.com Link from web shop with app 3 days test_cookie doubleclick.net 1 day cf_clearance hair-shop.com Used for the execution of Javascript or Captcha challenges 1 day cf-cc-XXX hair-shop.com Used for the execution of Javascript or Captcha challenges 1 day cf-chl-cc-XXX hair-shop.com Used for the execution of Javascript or Captcha challenges 1 day cf-chl-prog hair-shop.com Used for the execution of Javascript or Captcha challenges 1 day cf-chl-rc-i hair-shop.com Detection of problems 1 day cf-chl-rc-ni hair-shop.com Detection of problems 1 day cf-chl-seq-XXX hair-shop.com Notwendig für die Überprüfung eines Nutzers mittels Captcha 1 day cf-chl-XXXX hair-shop.com Check for cookie support 1 day group hair-shop.com Content control depending on the customer group 3 days __cf_bm stape.io This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. 1 day CookieConsent www.hair-shop.com Stores the user's cookie consent state for the current domain 1 year customer_group www.hair-shop.com Content control depending on the customer group 3 days frontend www.hair-shop.com Stores a random ID which ensures that a user can be uniquely identified as a guest or logged-in user. Functions such as "Items last viewed" or retention of the logged-in state are connected with this cookie. 3 days guest-view www.hair-shop.com Display of order information 1 day __cf_bm www.parsa-beauty.de This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. 1 day apay-session-set checkout.hair-shop.com This cookie is used in connection with the payment window. - The cookie is required for secure transactions on the website. 1 day CookieConsent checkout.hair-shop.com Stores the user's cookie consent state for the current domain 1 year csrf[XXX] checkout.hair-shop.com Security cookies for forms 1 day empty-cart-widget checkout.hair-shop.com Necessary for the shopping cart functionality on the website. Persistent SESS# checkout.hair-shop.com Preserves users states across page requests. 1 day session- checkout.hair-shop.com Storage of session data across pages 3 days sw-cache-hash checkout.hair-shop.com Storage of cache status 1 day sw-states checkout.hair-shop.com Storage of current state in the shop 1 day timezone checkout.hair-shop.com Recognition of the user's correct time zone 1 day 1.gif imgsct.cookiebot.com Used to count the number of sessions to the website, necessary for optimizing CMP product delivery. Session - Configuration
-
Name Partner Description Lifetime store www.hair-shop.com Determines the preferred language of the visitor. Allows the website to set the preferred language upon the visitor's re-entry. Session - Statistics
-
Name Partner Description Lifetime _ga hair-shop.com Registers a unique ID that is used to generate statistical data on how the visitor uses the website. Data may be used by Google Ads, Google Search and Google Shopping. 2 years _ga_# hair-shop.com Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit. Data may be used by Google Ads, Google Search and Google Shopping. 2 years _gat hair-shop.com Creation and evaluation of website statistics by Google Analytics. Data may be used by Google Ads, Google Search and Google Shopping. 1 day _gid hair-shop.com Creation and evaluation of website statistics. Data may be used by Google Ads, Google Search and Google Shopping. 1 day flixsession media.flixcar.com Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator. Session flixgvid media.flixfacts.com Collects data on visitor interaction with the website's video-content. This data is used to make the website's video-content more relevant towards the visitor. Session AnalyseUnique p.gsitrix.com Used by the website to protect against fraud in relation to its referral system. 400 days gsitrix p.gsitrix.com Used by the website to protect against fraud in relation to its referral system. Persistent tabUUID p.gsitrix.com Used by the website to protect against fraud in relation to its referral system. Session gtmBrowserId www.googletagmanager.com This cookie is used to determine if the visitor has visited the website before, or if it is a new visitor on the website. Persistent cjvt www.hair-shop.com Storage of viewed products Session dicbo_id www.hair-shop.com Collects statistics concerning the visitors' use of the website and its general functionality. This is used to optimize and compile reports on the website for comparison through a third party analysis service. 1 day - Marketing
-
Name Partner Description Lifetime _rxuuid 1rx.io Sets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third party advertisement hubs, which facilitates real-time bidding for advertisers. 1 year match 360yield.com Sets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third party advertisement hubs, which facilitates real-time bidding for advertisers. Session C adform.net Used to check if the user's browser supports cookies. 1 month uid adform.net Registers a unique user ID that recognises the user's browser when visiting websites that use the same ad network. The purpose is to optimise display of ads based on the user's movements and various ad providers' bids for displaying user ads. 2 months am-uid admixer.net This cookie is used to identify the visitor and optimize ad-relevance by collecting visitor data from multiple websites – this exchange of visitor data is normally provided by a third-party data-center or ad-exchange. 3 months tu adscale.de Used to target ads by registering the user's movements across websites. 1 year uu adscale.de Used to target ads by registering the user's movements across websites. Session c bidswitch.net Regulates synchronisation of user identification and exchange of user data between various ad services. 1 year sync bidswitch.net Collects data on user behaviour and interaction in order to optimize the website and make advertisement on the website more relevant. Session tuuid bidswitch.net Registers whether or not the user has consented to the use of cookies. 1 year tuuid_lu bidswitch.net Contains a unique visitor ID, which allows Bidswitch.com to track the visitor across multiple websites. This allows Bidswitch to optimize advertisement relevance and ensure that the visitor does not see the same ads multiple times. 1 year _uetsid bing.com Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. Persistent _uetsid_exp bing.com Contains the expiry-date for the cookie with corresponding name. Persistent _uetvid bing.com Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. Persistent _uetvid_exp bing.com Contains the expiry-date for the cookie with corresponding name. Persistent MSPTC bing.com 1 year MUID bing.com Used widely by Microsoft as a unique user ID. The cookie enables user tracking by synchronising the ID across many Microsoft domains. 1 year bsmartdata_rt bsmartdata.com Used to measure the efficiency of the website’s advertisement efforts, by collecting data on the conversion rate of the website’s ads across multiple websites. 30 days CMID casalemedia.com Collects visitor data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads. 1 year CMPRO casalemedia.com Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement. 3 months CMPS casalemedia.com Collects visitor data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads. 3 months rum casalemedia.com Collects data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads. Session fV_dt collect.bannercrowd.net Registers user behaviour and navigation on the website, and any interaction with active campaigns. This is used for optimizing advertisement and for efficient retargeting. Session n8zP2B_bypass collect.bannercrowd.net Session lastExternalReferrer connect.facebook.net Detects how the user reached the website by registering their last URL-address. Persistent lastExternalReferrerTime connect.facebook.net Detects how the user reached the website by registering their last URL-address. Persistent id connectad.io Preserves the visitor's session state across page requests. 1 month uid connectad.io Unique user ID that recognizes the user on returning visits 1 month uid fatmedia.io Unique user ID that recognizes the user on returning visits 1 year NID google.com 6 months _dcid hair-shop.com Collects information on user behaviour on multiple websites. This information is used in order to optimize the relevance of advertisement on the website. 400 days _fbc hair-shop.com Tracking of Facebook Ads 3 months _fbp hair-shop.com Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. 3 months _gcl_au hair-shop.com Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. Data may be used by Google Ads, Google Search and Google Shopping. 3 months _gcl_aw hair-shop.com Tracking of Google Ads. Data may be used by Google Search and Google Shopping. 3 months _uetmsclkid hair-shop.com Tracking of Bing Ads 3 months _uetsid hair-shop.com Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement. 1 day _uetvid hair-shop.com Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. 1 year stape hair-shop.com Measurement of marketing actions Session dmc-12 hyj.mobi Registers user behaviour and navigation on the website, and any interaction with active campaigns. This is used for optimizing advertisement and for efficient retargeting. 1 year dmc-12-r hyj.mobi Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement. 1 year bs/cm.aspx inv-nets.admixer.net Presents the user with relevant content and advertisement. The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers. Session viewer_token loopme.me Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. 3 months flixdist media.flixcar.com Session flixlan media.flixcar.com Session inpage/log.gif media.flixcar.com Collects information on user behaviour on multiple websites. This information is used in order to optimize the relevance of advertisement on the website. Session traffic/log.gif media.flixcar.com Session mdrds_nin_765 mediards.com 1 day mdrds_pv_765 mediards.com 1 year mdrds_vid mediards.com 1 year w/1.0/sd openx.net Registers data on visitors such as IP addresses, geographical location and advertisement interaction. This information is used optimize the advertisement on websites that make use of OpenX.net services. Session unifiedPixel outbrain.com Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner. Session receive-cookie-deprecation parsa-beauty.de Collects information on user behaviour on multiple websites. This information is used in order to optimize the relevance of advertisement on the website. Session beat/ rt.flix360.com Session uid sdk-set1.com Unique user ID that recognizes the user on returning visits 1 year _rxuuid unrulymedia.com Presents the user with relevant content and advertisement. The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers. 1 year #-# www.youtube-nocookie.com Used to track user’s interaction with embedded content. Session iU5q-!O9@$ www.youtube-nocookie.com Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Session LAST_RESULT_ENTRY_KEY www.youtube-nocookie.com Used to track user’s interaction with embedded content. Session nextId www.youtube-nocookie.com Used to track user’s interaction with embedded content. Session requests www.youtube-nocookie.com Used to track user’s interaction with embedded content. Session yt.innertube::nextId www.youtube-nocookie.com Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Persistent ytidb::LAST_RESULT_ENTRY_KEY www.youtube-nocookie.com Used to track user’s interaction with embedded content. Persistent YtIdbMeta#databases www.youtube-nocookie.com Used to track user’s interaction with embedded content. Persistent yt-remote-cast-available www.youtube-nocookie.com Stores the user's video player preferences using embedded YouTube video Session yt-remote-cast-installed www.youtube-nocookie.com Stores the user's video player preferences using embedded YouTube video Session yt-remote-connected-devices www.youtube-nocookie.com Stores the user's video player preferences using embedded YouTube video Persistent yt-remote-device-id www.youtube-nocookie.com Stores the user's video player preferences using embedded YouTube video Persistent yt-remote-fast-check-period www.youtube-nocookie.com Stores the user's video player preferences using embedded YouTube video Session yt-remote-session-app www.youtube-nocookie.com Stores the user's video player preferences using embedded YouTube video Session yt-remote-session-name www.youtube-nocookie.com Stores the user's video player preferences using embedded YouTube video Session #-# youtube.com Used to track user’s interaction with embedded content. Session __Secure-ROLLOUT_TOKEN youtube.com 180 days iU5q-!O9@$ youtube.com Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Session LAST_RESULT_ENTRY_KEY youtube.com Used to track user’s interaction with embedded content. Session LogsDatabaseV2:V#||LogsRequestsStore youtube.com Used to track user’s interaction with embedded content. Persistent nextId youtube.com Used to track user’s interaction with embedded content. Session remote_sid youtube.com Necessary for the implementation and functionality of YouTube video-content on the website. Session requests youtube.com Used to track user’s interaction with embedded content. Session ServiceWorkerLogsDatabase#SWHealthLog youtube.com Necessary for the implementation and functionality of YouTube video-content on the website. Persistent TESTCOOKIESENABLED youtube.com Used to track user’s interaction with embedded content. 1 day VISITOR_INFO1_LIVE youtube.com Tries to estimate the users' bandwidth on pages with integrated YouTube videos. 180 days YSC youtube.com Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Session yt.innertube::nextId youtube.com Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Persistent ytidb::LAST_RESULT_ENTRY_KEY youtube.com Used to track user’s interaction with embedded content. Persistent YtIdbMeta#databases youtube.com Used to track user’s interaction with embedded content. Persistent yt-remote-cast-available youtube.com Stores the user's video player preferences using embedded YouTube video Session yt-remote-cast-installed youtube.com Stores the user's video player preferences using embedded YouTube video Session yt-remote-connected-devices youtube.com Stores the user's video player preferences using embedded YouTube video Persistent yt-remote-device-id youtube.com Stores the user's video player preferences using embedded YouTube video Persistent yt-remote-fast-check-period youtube.com Stores the user's video player preferences using embedded YouTube video Session yt-remote-session-app youtube.com Stores the user's video player preferences using embedded YouTube video Session yt-remote-session-name youtube.com Stores the user's video player preferences using embedded YouTube video Session
The responsible Controller is the body named under item 1.
If these cookies are not necessary and/or the information contained therein is personal data, the legal basis for data processing is your consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR, which is stored via a cookie. You give your consent via our cookie notice. This summarizes the cookies into certain purpose-related categories. The category of required cookies is pre-filled and cannot be deselected.
If these cookies are necessary cookies and/or information contained therein is personal data, the legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR. Our interest in maintaining the functionality of our website is thereby to be regarded as legitimate within the meaning of the aforementioned provision.
Insofar as the processing is based on your consent, you have the option to revoke this at any time with effect for the future and thus prevent the further collection of your data by deselecting optional cookie-categories (not required) in the cookie settings. Unless and insofar as you do not consent or revoke granted consent, the (further) collection of data by means of optional cookies requiring consent and the associated data processing will cease. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all functions of this website. In addition, you can, for example, generally object to the use of cookies for online marketing on the page http://www.youronlinechoices.com.
The details of the previously mentioned third-party services can be found in the points listed below.
7. Ad Partner / Third Party Services
We work together with advertising partners to make the online offer on our site even more interesting for you. For this purpose, cookies are also set by our advertising partners when you visit our site (so-called third party cookies) and after you have given your consent in the cookie banner according to Art. 6 para. 1 sentence 1 a) GDPR. The cookies of our advertising partners also contain information about your user behavior and your interests when you visit our site using pseudonyms. In some cases, information is also collected that was collected prior to visiting our site on other sites. This information is used to display interest-related advertisements from our advertising partners. No personal data will be stored and no user profiles will be merged with personal data.
You can prevent the interest-based advertising insertion of our advertising partners by means of a corresponding cookie setting in your browser.
Proper order processing agreements have been concluded with service providers that we engage for the purpose of supplying advertising and who process data on our behalf strictly in accordance with instructions.
You can revoke your consent at any time free of charge with effect for the future. In order to exercise this right of revocation, you can send us an informal message via the contact options mentioned under point 1, in which your intention to revoke is expressed. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can prevent the interest-based advertising of our advertising partners by selecting the appropriate cookie setting in your browser.
Bing Ads
Bing Ads is used to optimize our offers. Bing Ads is offered by:
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA
Bing Ads is used to promote our company online. It uses cookies to record the completion and processing of transactions. This enables products or services to be marketed more effectively and in a more targeted manner. Bing Ads anonymizes your personal data and ensures that it cannot be used to identify individuals.
The legal basis is Art. 6 para. 1 f) GDPR. The processing serves to protect our legitimate interests in an optimization of our offer.
Cookies can be deleted. You can also select which cookies are not allowed on your computer.
Bing's privacy policy can be found here:
https://privacy.microsoft.com/de-de/privacystatement
Google Adwords
Our website uses the Google Adwords service. Google AdWords is an online advertising program from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
We use the remarketing function within the Google AdWords service. The remarketing function enables us to present advertisements based on their interests to users of our website on other websites within the Google display network (on Google itself, so-called "Google ads" or on other websites). For this purpose, the interaction of users on our website is analyzed, e.g., which offers the user was interested in, in order to be able to display targeted advertising to users even after visiting our website on other pages. To do this, Google stores a number in the browsers of users who visit certain Google services or websites on the Google Display Network. This number, known as a "cookie", is used to record the visits of these users. This number is used to uniquely identify a web browser on a particular computer and not to identify a person; personal data is not stored. The legal basis for this data processing is Article 6 para. 1 sentence 1 f) GDPR.
Furthermore, we measure the conversion of the ads. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page marked with a so-called "conversion tracking tag". However, we ourselves do not receive any information with which users can be identified.
You can disable the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: www.google.com/settings/ads/plugin .
For more information about Google Remarketing and Google's privacy policy, please visit: www.google.com/privacy/ads/ .
Doubleclick by Google
Doubleclick by Google is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Doubleclick by Google uses cookies to deliver advertisements relevant to you. Your browser is assigned a pseudonymous identification number (ID) to check which ads have been displayed in your browser and which ads have been called. The cookies do not contain any personal information. The use of DoubleClick cookies only allows Google and its partner websites to serve ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for analysis and stored there. A transfer of data by Google to third parties only takes place due to legal regulations or within the scope of order data processing. Under no circumstances will Google match your data with other data collected by Google.
You can prevent Google from collecting the data generated by the cookies and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available under the following link under the item DoubleClick deactivation extension.
You can also prevent the interest-based advertising insertion of our advertising partners by means of a corresponding cookie setting in your browser or by clicking here.
Belboon
We have integrated components of the belboon affiliate advertising network on this website. belboon is a German affiliate network that offers affiliate marketing. Affiliate marketing is an Internet-based form of distribution that allows commercial operators of websites, the so-called merchants or advertisers, to display advertising, which is usually remunerated through click or sale commissions, on third-party websites, i.e. sales partners, also called affiliates or publishers. The merchant provides an advertising medium via the affiliate network, i.e. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated by an affiliate on its own Internet pages or advertised via other channels, such as keyword advertising or e-mail marketing.
The operating company of belboon is belboon GmbH, Weinmeisterstr. 12-14, 10178 Berlin, Germany. belboon sets a cookie on your information technology system (PC, laptop, etc.), provided that you consent to this in our cookie notice. You can change this at a later time and thus revoke it with effect for the future. You can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent belboon from setting a cookie on your information technology system of the person concerned. In addition, cookies already set by belboon can be deleted at any time via an internet browser or other software programs.
The data processing serves the analysis of user behavior for the purpose of changing and optimizing the website. The legal basis for data processing is your consent according to Art. 6 para. 1 p. 1 a) GDPR. You have the right to object to the data processing at any time. This is possible via the following link: http://www.youronlinechoices.com/de/praferenzmanagement or via our cookie settings (Cookie-Category Marketing).
The tracking cookie (set with your consent) from belboon does not store any personal data. Only the identification number of the affiliate, i.e. the partner referring the potential customer, as well as the order number of the visitor of a website and the clicked advertising material are stored. The purpose of storing this data is the processing of commission payments between a merchant and the affiliate, which are processed through the affiliate network, i.e. belboon.
The applicable data protection provisions of belboon can be found at https://www.belboon.com/de/ueber-uns/datenschutz/abgerufen.
Integration of the Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops Trustmark and the collected reviews as well as to offer Trusted Shops products to buyers after an order.
This is necessary to safeguard our legitimate prevailing interests in an optimal marketing by ensuring the safety of your purchase according to Article 6 para. 1 sentence 1 f) GDPR. The Trustbadge and the services advertised with it are an offer of the Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, _Germany. The Trustbadge is made available by a CDN provider (Content-Delivery-Network) as part of order processing. The Trusted Shops GmbH uses also service provider from the USA. An adequate level of data protection is guaranteed. Further information to the data security of the Trusted Shops GmbH can be found here: https://www.trustedshops.co.uk/imprint/
When the Trustbadge is called up, the web server automatically saves a server log file which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. Individual access data are stored in a security database for the analysis of security problems. The log files are automatically deleted 90 days after creation at the latest.
Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered for use. The contractual agreement made between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether or not you are already registered as a Trusted Shops customer is automatically checked by means of a neutral parameter, the e-mail address hashed by cryptological one-way function. The e-mail address is converted to this hash value, which cannot be decrypted by Trusted Shops before it is transmitted. After checking for a match, the parameter is deleted automatically.
This is necessary for the fulfillment of our and Trusted Shops' legitimate prevailing interests in the provision of the buyer protection linked to the specific order and the transactional review services in accordance with Art. 6 para. 1 sentence 1 f) GDPR. Further details, including your right to object, can be found in the Trusted Shops Privacy Policy linked above and within the Trustbadge.
8. Advertising
Newsletter
If you would like to receive the newsletter offered on our website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter.
We use your data exclusively for sending the newsletter it, but do not pass it on to third parties. The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR.
The newsletter is sent by the service provider CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede, Germany – based on our legitimate interest according to Art. 6 para. 1 S. 1 a) GDPR in providing a promotional, secure and user-friendly newsletter system - within the scope of a concluded Data processing agreement (Art. 28 GDPR) . The data protection provisions of the dispatch service provider can be found at: https://www.cleverreach.com/de/datenschutz/ .
For the registration to our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
The newsletters contain a so-called web beacon. These are small graphics that enable a log file recording or log file analysis, which are used for statistical evaluations for online marketing and are retrieved by CleverReach when the newsletter email is opened. In the course of this retrieval, technical information such as information about the browser and your system and the time of retrieval are collected. This information is used for the technical improvement of our services based on the technical data, the target groups and their respective reading behavior. Statistical surveys include information on whether a newsletter is opened, its time and the links clicked. If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
The data you provide for the purpose of receiving the newsletter will be stored by us or CleverReach until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data that has been stored by us for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or CleverReach in a blocklist, if necessary, to prevent future mailings. The data from the blocklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 sentence 1 f) GDPR. The storage in the blocklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
Right of Withdrawal
You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time with effect for the future by notifying us, e.g. to our e-mail address specified under number 1 (or 2) or by using the unsubscribe option at the end of each newsletter.
Right of Withdrawal for assortment notifications
If we receive your data (name, address, email address) in connection with the sale of a product or service and there is no advertising objection to your data, we reserve the right to regularly send you offers for products similar to those you have already purchased from our range by email. You can object to this use of your data at any time by sending a message via our contact form or via the link provided in the advertising email, without incurring any costs other than the transmission costs according to the basic tariffs. The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR. The processing of personal data for the purpose of direct advertising is processing that serves our legitimate interest.
Advertising with consent
We process your data for marketing purposes only on the basis of express consent to these purposes in accordance with Art. 6 Para. 1 sentence 1 a) GDPR.
With service providers who we engage for the purpose of advertising provision and who process data on our behalf in strict compliance with instructions, proper agreements have been concluded for order processing.
Information on the right of objection
You can object to the use of your personal data for the aforementioned advertising purposes at any time free of charge with effect for the future under the contact options specified under number 1 (or 2). If you file an objection, your data will be blocked for further promotional data processing. We would like to point out that in exceptional cases advertising material may still be sent even after receipt of your objection. This is technically due to the necessary lead time within the selection process and does not mean that we have not implemented your objection.
9. Website optimization, reach measurement and online marketing
Google Analytics
We use based on your given consent according to Art. 6 para. 1 sentence 1 a) GDPR Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) ("Google") on our website on the basis of our legitimate interests (in particular the interest in the analysis, improvement and commercial design of our online offer). Google uses cookies. The information generated by the cookie about the use of the online offer by users is generally transferred to a Google server in the USA and stored there.
The information generated by the cookie about your use of this website is approximately
- Browser type/version,
- operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request
Details about cookies can be found above under number 6.
However, in the context of Google Analytics we use the suffix "anonymizeIp". By means of this addition, Google shortens and anonymises the IP address of the Internet connection of the person concerned when accessing our Internet pages from a member state of the European Union or from another state party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
For additional information on the transfer of data to the USA, please refer to section 14.
Google will use the aforementioned information on our behalf to evaluate the use of our online offer by users and to provide us with reports on the activities within this online offer and, if necessary, to provide further services in this context. Pseudonymous user profiles can be created from the processed data.
The (shortened) IP address transmitted by the user's browser is not merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly and prevent the collection of data generated by the cookie with regard to the online offer and its processing by Google by downloading and installing the browser plug-in available under the following link: <a>http://tools.google.com/dlpage/gaoptout?hl=en"</a>.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this <a href="gaOptout()">Link</a> . An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on Google's use of data and possible settings and objections can be found in Google's privacy policy https://policies.google.com/technologies/ads) and in the settings for the display of advertisements on Google (https://adssettings.google.com/authenticated).
User's personal data will be deleted or made anonymous after 14 months.
Facebook Pixel
Within the framework of our website, we use the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc. on the basis of your consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR or, if consent is not given in the individual case and is not legally required, on the basis of our legitimate interests (i.e. interest in evaluating the use of our website and improving the operation of our website within the meaning of Art. 6 para. 1 sentence 1 f) GDPR), 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
Facebook uses EU standard contractual clauses for data transfers from the EEA and relies on adequacy decisions issued by the European Commission regarding specific countries, where applicable.
The Facebook Pixel allows Facebook to target visitors to our website for the display of ads (so-called "Facebook Ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our offers or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we would like to help ensure that our Facebook ads correspond to the presumed interest of the user and that ads do not appear annoying or inappropriate, but instead appear interesting and useful to the user. The Facebook pixel is also intended to help us track the effectiveness of Facebook ads for statistical and market research purposes, in which we see whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
Facebook processes the data within the framework of Facebook's data use policy. This policy contains further information on the display of Facebook ads: www.facebook.com/policy.php. Specific instructions on the Facebook Pixel and how it works are available in Facebook's help section: www.facebook.com/business/help/651294705016616 .
You can opt-out of the Facebook Pixel's collection and use of your data to display Facebook ads. To configure what types of ads are displayed to you within Facebook, you can visit the following page provided by Facebook to follow the information on how to configure usage-based advertising: https://www.facebook.com/settings?tab=ads. The configuration is not limited to the specific platform / hardware you use, that is, they are adopted for all devices, such as desktop computers or mobile devices.
You can object to the use of cookies used for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/ ) and additionally the US website (http://www.aboutads.info/choices ) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/ ).
10. Contact
Contact by E-mail, Post & Telephone
You have the option to contact us in several ways. By e-mail, telephone or post. When you contact us, we use the personal data that you voluntarily make available to us in this context solely for the purpose of contacting you and processing your enquiry.
The legal basis for this data processing is Art. 6 Para. 1 sentence 1 b) GDPR. Your data will be deleted if they are no longer needed for the purpose of processing and there is no legal obligation to store them.
Contact form
There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this option, the data you enter in the input mask will be transmitted to us in encrypted form and stored.
If you have given your consent, the legal basis for the processing of your data is Art. 6 para. 1 sentence 1 a) GDPR. If you do not give your individual consent, we will process your data on the basis of Art. 6 para. 1 sentence 1 b) GDPR. The processing of the personal data from the input mask serves us only for the purpose of establishing contact.
11. Contractual services
Processing in connection with online shop
We process your personal data only to the extent necessary to process your orders in our online shop or to contact you.
We only process the personal data that you give us, such as your name, contact data, payment data and order data.
Data processing is carried out for the purpose of fulfilling the contract and implementing pre-contractual measures on the legal basis of Art. 6. para. 1 sentence 1 b) GDPR. In order to process your e-mail address in the event of a purchase via our websites/applications, we are also obliged by law under the German Civil Code (BGB) to send an electronic order confirmation (Art. 6 Para. 1 sentence 1 c) GDPR).
In order to provide you with the greatest possible convenience, we offer you the permanent storage of your personal data in a password-protected customer account/user account.
The creation of the customer account is in principle voluntary and is based on your consent within the meaning of Art. 6 para. 1 sentence 1 a) GDPR. After setting up a customer account, no further data entry is required. In addition, you can view and change the data stored about you in your customer account at any time.
In addition to the data requested when placing an order, you must enter a password of your choice when setting up a customer account. This, together with your e-mail address, is used to access your customer account. Please treat your personal access data confidentially and in particular do not make them accessible to any unauthorized third parties. You have the possibility to delete your customer account at any time. Please note, however, that this will not also delete the data that can be viewed in the customer account once you have placed an order with us. The deletion of your data takes place automatically after the expiry of the commercial and tax storage obligations applicable to us. The legal basis for this data processing is Art. 6 para. 1 sentence 1 c) GDPR and Art. 6 para. 1 sentence 1 f) GDPR.
For the processing of a purchase contract, payment service providers commissioned by us will be passed on to process the payment(s). Information on your delivery address will be passed on to logistics companies and shipping partners commissioned by us. The respective data will be transmitted solely for the respective purposes and deleted after delivery.
As far as we do not use your data for advertising purposes, we store the data collected for contract processing until the expiry of the statutory or possible contractual warranty and guarantee rights. Upon expiry of this period, we shall retain the information of the contractual relationship required by commercial and tax law for the periods specified by law. For this period, the data will be reprocessed solely in the event of an audit by the tax authorities.
E-mail service provider
For communication with you by e-mail and its evaluation, in addition to our hoster (see section 5 above), we partly use the e-mail service of Sendinblue. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. We have entered into an order processing agreement with Sendinblue (Art. 28 GDPR). Sendinblue partially sends our store emails to you in order to fulfill our legal information obligations. The legal basis for this is Art. 6 para. 1 sentence 1 c). In addition, the processing of your order is hereby carried out, for which the legal basis is Art. 6 para.1 sentence 1 b) GDPR. Sendinblue logs certain technical data and order information for us for statistical purposes, for error detection and to combat abuse. The legal basis in this respect is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 f) GDPR in stable and secure communication and combating abuse.
12. Payment Provider
In addition, the following data processing is required to process a purchase contract via our website:
Your payment data will be passed on to payment service providers who process the payment(s), depending on the payment method. Information on your delivery address will be passed on to logistics companies and shipping partners commissioned by us. In order to ensure that the goods are delivered according to your wishes, we will send your e-mail address and, if applicable, the telephone number to the logistics company and/or shipping partner commissioned by us who will take over the delivery. They may contact you prior to delivery to discuss delivery details. The respective data will be transmitted solely for the respective purposes and deleted after delivery. The legal basis for this data processing is Art. 6 para. 1 sentence 1 a), Art. 6 para. 1 sentence 1 b) GDPR and Art. 6 para. 1 sentence 1 f) GDPR.
Payment service provider
We use the following payment service providers:
PayPal, AmazonPay, Sofortüberweisung, Klarna
PayPal
PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and provides buyer protection services.
PayPal's European operating company is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the person concerned selects this as a payment option during the order process in our online shop, data of the person concerned is automatically transmitted to PayPal. By selecting this payment option, the person concerned consents to the transfer of personal data required for payment processing.
The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, or other data necessary for payment processing. Personal data in connection with the respective order are also necessary for the processing of the purchase contract.
The purpose of data transmission is to process payments and prevent fraud.
The transmission takes place on the basis of the fulfilment of the contract in accordance with Art. 6 para. 1 b) GDPR and, insofar as personal data is also transmitted, on the basis of our legitimate interests in secure payment processing and fraud prevention in accordance with Art. 6 para. 1 f) GDPR.
The personal data exchanged between PayPal and us may be transferred by PayPal to credit agencies. The purpose of this transmission is to verify identity and creditworthiness. Responsible for this is PayPal.
PayPal may pass on personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of PayPal.
You have the option to revoke your consent to the handling of personal data by PayPal at any time. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing.
PayPal's current privacy policy can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
AmazonPay
AmazonPay is a payment service that enables cashless payment for products and services on the Internet. AmazonPay maps a technical procedure by which the online merchant immediately receives a payment confirmation. This enables a merchant to deliver goods, services or downloads to the customer immediately after the order is placed.
The operating company of AmazonPay is Amazon Europe Core S.à r.l. (Société à responsabilité limitée), 5 Rue Plaetis, L-2338 Luxembourg.
If you select "AmazonPay" as a payment option during the ordering process in our online store, data of the data subject will be automatically transmitted to AmazonPay. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.
During the purchase transaction via AmazonPay, the buyer transmits the login data to AmazonPay. AmazonPay then carries out a transfer to the online merchant after a technical check of the account balance and retrieval of further data to check the account coverage. The online merchant is then automatically notified of the execution of the financial transaction.
The personal data exchanged with AmazonPay are first name, last name, address, email address, IP address, telephone number, other data necessary for payment processing. The transmission of the data is for the purpose of payment processing in the context of contract performance and fraud prevention, the legal basis is Art. 6 para. 1 para. 1 sentence 1 b) GDPR. We may also transfer other personal data to AmazonPay if there is a legitimate interest for the transfer, such as security and fraud prevention, Art. 6 para. 1 para. 1 sentence 1 f) GDPR. The personal data exchanged between AmazonPay and us may be transmitted by AmazonPay to credit reporting agencies. This transmission is for the purpose of checking identity and creditworthiness.
AmazonPay may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfillment of contractual obligations or the data is to be processed on behalf.
You have the option to revoke your consent to the handling of personal data at any time vis-à-vis AmazonPay. A revocation does not affect personal data that must necessarily be processed, used or transmitted for (contractual) payment processing.
The applicable data protection provisions of AmazonPay can be found at https://www.amazon.de/datenschutzhinweise .
Sofortüberweisung
Sofortüberweisung is a payment service that enables cashless payment for products and services on the Internet. Sofortüberweisung represents a technical procedure by which the online merchant immediately receives a payment confirmation. This enables a merchant to deliver goods, services or downloads to the customer immediately after the order is placed.
The operating company of Sofortüberweisung is SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.
If you select "Sofortüberweisung" as a payment option during the ordering process in our online store, data of the data subject will be automatically transmitted to Sofortüberweisung. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.
During the purchase transaction via Sofortüberweisung, the buyer transmits the PIN and the TAN to Sofort GmbH. Sofortüberweisung then carries out a transfer to the online merchant after a technical check of the account balance and retrieval of further data to check the account coverage. The online merchant is then automatically notified of the execution of the financial transaction.
The personal data exchanged with Sofortüberweisung are first name, last name, address, e-mail address, IP address, telephone number, and other data necessary for payment processing. The transmission of the data is for the purpose of payment processing in the context of contract performance and fraud prevention, the legal basis is Art. 6 para. 1 sentence 1 b) GDPR. We may also transmit other personal data to Sofortüberweisung if there is a legitimate interest for the transmission, such as security and fraud prevention, Art. 6 para. 1 sentence f) GDPR. The personal data exchanged between Sofortüberweisung and us may be transmitted by Sofortüberweisung to credit reporting agencies. This transmission is for the purpose of checking identity and creditworthiness.
Sofortüberweisung may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfillment of contractual obligations or the data is to be processed on behalf.
You have the option to revoke your consent to the handling of personal data at any time to Sofortüberweisung. A revocation does not affect personal data that must be processed, used or transmitted mandatory for (contractual) payment processing.
The applicable data protection provisions of Sofortüberweisung can be found at https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.
Klarna
Klarna is an online payment service provider. Payments are processed via so-called Klarna accounts, which are virtual private or business accounts. In addition, Klarna offers the possibility to process virtual payments via credit cards if a user does not maintain a Klarna account. A Klarna account is maintained via an e-mail address. Klarna makes it possible to initiate online payments to third parties or to receive payments. Klarna also assumes trustee functions and offers buyer protection services.
The European operating company of Klarna is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.
If the data subject selects "Klarna" as a payment option during the ordering process in our online store, data of the data subject will be automatically transmitted to Klarna. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.
The personal data transmitted to Klarna are usually first name, last name, address, email address, IP address, telephone number, or other data necessary for the payment processing. Also necessary for the processing of the purchase contract are such personal data that are related to the respective order.
The transmission of the data is for the purpose of payment processing and fraud prevention. The transmission takes place on the basis of the performance of the contract pursuant to Art. 6 para. 1 sentence 1 b) GDPR and, insofar as personal data is transmitted in addition, on the basis of our legitimate interests in secure payment processing and fraud prevention pursuant to Art. 6 para. 1 sentence 1 f) GDPR.
The personal data exchanged between Klarna and us may be transmitted by Klarna to credit agencies. This transmission is for the purpose of checking identity and creditworthiness. The responsible party for this is Klarna.
Klarna may pass on the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary for the fulfillment of contractual obligations or the data is to be processed on behalf.
You have the option to revoke your consent to the handling of personal data at any time vis-à-vis Klarna. A revocation does not affect personal data that must necessarily be processed, used or transmitted for (contractual) payment processing.
The applicable data protection provisions of Klarna can be found at https://www.klarna.com/international/privacy-policy/ .
13. Social Media & Content
Our social media sites
We maintain additional websites on social networks and social platforms on Xing (New Work SE, https://privacy.xing.com/de/datenschutzerklaerung, Opt-Out: https://nats.xing.com/optout.html?popup=1), Pinterest (Pinterest Europe Ltd., https://policy.pinterest.com/de/privacy-policy) , Facebook und Instagram (see below). This is where we inform other users, interested parties and customers (hereinafter referred to as "users") about our services and, if necessary, communicate with them within this framework.
The processing of user data is also carried out regularly for market research and advertising purposes by creating profiles based on the user behavior of the user, which may be used for interest-specific advertising and other marketing measures on the network pages, but also outside the network. This is usually done using cookies that are stored locally by the user. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behavior and interests are stored in each case. The created usage profiles can also be used on different devices independently (especially for logged in users).
Data may also be processed by providers outside the European Economic Area (EEA), which may result in risks because the enforcement of (data protection) claims is difficult. However, we only use operators of such networks who have committed themselves to ensuring an appropriate level of data protection.
The processing of users' personal data is based on legitimate interests in the provision of information and communication with users pursuant to Art. 6 para. 1 sentence 1 f) GDPR. Insofar as the user has consented to the processing of his personal data vis-à-vis the provider, the legal basis of the processing is Art. 6 para. 1 sentence 1 a) in conjunction with Art. 7 GDPR.
If you wish to assert information and/or other rights as a data subject, we recommend that you contact the respective provider, because the latter can react most efficiently to this, since the latter has access to the data. Nevertheless, we are of course at your disposal for support.
For the explanation of a contradiction, the respective provider has the possibility to object in the form of an opt-out.
Facebook and Instagram
We maintain social media profiles on the social networks Facebook and Instagram ("Fanpages"), services of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"), on which We regularly publish and share content and offers. When you interact with Our Fanpages or other Facebook or Instagram websites, the operators of the social networks collect your usage behavior with cookies and similar technologies. We may view general statistics about users' interests and demographic characteristics (such as age, gender, region) for its fan pages. If you use social networks, the type, scope and purposes of the data processing in the social networks are primarily determined by the operators of the social networks. An exception applies to so-called page insights, for which We are jointly responsible with Facebook and explain below.
Facebook also processes your data when using fan pages for its own purposes, which are not depicted in this privacy policy and over which We have no influence. You can find more information about this at the respective social networks: Facebook privacy notice, Instagram privacy notice.
When you interact with our fan pages, Facebook records your usage behavior with cookies and similar technologies. We receive "page insights" in this context, which contain statistical, depersonalized (anonymized) information about visitors. An assignment to your person is not possible for us. The selection and processing of Page Insights information is done exclusively by Facebook. Page insights help us to understand how our fan pages are used, what interests visitors have, and which topics and content are particularly popular. We use this information to provide relevant content to visitors of our fan pages and to better respond to the interests and usage habits of our visitors.
We and Facebook are jointly responsible for the processing of your data for the provision of Page Insights (Art. 26 GDPR). There is an agreement between Us and Facebook that specifies which company fulfills which data protection obligations under the GDPR with respect to the processing of Page Insights data. The agreement with Facebook is available here.
Facebook has summarized the main contents of this agreement (including a list of Page Insights data) here: https://www.facebook.com/legal/terms/information_about_page_insights_data . Insofar as you have consented to Facebook with regard to the creation of Page Insights described above, the legal basis is Article 6 para. 1 sentence 1 a) GDPR. Otherwise, the legal basis is Article 6 para. 1 sentence f) GDPR, with our legitimate interest arising from the aforementioned purposes.
Integration of third-party services and content
Within the framework of our website, we use offers from third party providers on the basis of a consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR or if a consent is not available in individual cases and is not legally required, on the basis of our legitimate interests (i.e. interest in evaluating the use of our website and improving the operation of our website within the meaning of Art. 6 para. 1 f) GDPR) in order to integrate its contents and services, such as videos or fonts (hereinafter uniformly referred to as "contents"). This may require that the respective third-party providers perceive your IP address, as they would not be able to send the content to your browser without the IP address. The IP address is therefore required for the delivery and display of this content.
YouTube
Based on your consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR, we may integrate videos from the "YouTube" platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can find their data protection information at: https://www.google.com/policies/privacy/
You can set an opt-out under this link: https://adssettings.google.com/authenticated .
Comments/contributions
If you leave comments or other contributions, your IP address may be stored for up to seven days due to our legitimate interests pursuant to Art. 6 para. 1 sentence 1 f) GDPR. This is done for our security and to protect others from illegal content. In this case, we are liable as the operator of this website and would therefore like to try to identify the author. In addition, this enables the detection of spam and its exclusion as a legitimate interest on our part Art. 6 para. 1 sentence 1 f) GDPR.
The content provided in the context of your comments and / or contributions will be permanently stored by us until your objection, unless there is any other obligation to remove.
Flixmedia
In order to always be able to offer up-to-date product information on our pages, we have also integrated the services of Flixmedia Ltd., Unit 1, The Technology Park, Colindeep Lane, London, NW9 6BX, United Kingdom ("Flixmedia") on our website.
Flixmedia processes your IP address for the quick upload of product pages, overviews and product content. Flixmedia works with manufacturers to provide you with official manufacturer information about the product you are considering and is not an advertising service. Flixmedia collects and processes your IP address solely to provide video, image or text information from the manufacturer, but does not store your IP address as part of this service and only makes your IP address available to supporting technology partners for the display of the information. Flixmedia does not process or store any other personal data from you and does not obtain any other of your personal data from third parties. For more information, see: http://flixmedia.eu/privacy-policy/. If you have any questions about how Flixmedia processes your IP address, please contact [email protected].
We use Flixmedia's services exclusively to provide you with more information about the products offered on our website and thus make your product selection easier. The legal basis for the use of Flixmedia services and the data processing carried out through them is Art. 6 Paragraph 1 Clause 1 Letter f) GDPR. Our legitimate interest is to optimize our website in order to be able to offer you the greatest possible user comfort and to make your visit to our website as pleasant and informative as possible.
Eye-Able®
Eye-Able® is a software from Web Inclusion GmbH to ensure barrier-free access to information on the Internet for all people. The necessary files such as JavaScript, style sheets and images are loaded locally from this website. When functions are activated, Eye-Able® uses the browser's local storage to save the settings. All settings are only saved locally and are not transferred further. You can find more information about Eye-Able® in the privacy policy of Eye-Able.
14. Sharing of data / processing outside EEA
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this is only done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR).
The data collected by the products listed within the scope of this declaration from US providers or their affiliated companies, such as Google and Facebook, may be stored and processed by them in the USA, among other places. We have no influence on the further data processing by the Service Provider. For a data transfer to a third country, i.e. a country outside the EU or the EEA, appropriate guarantees for the protection of your personal data are generally required. After the European Court of Justice invalidated the Commission's Implementing Decision (EU) 2016/1250 of July 12, 2016 on the adequacy of the protection provided by the EU-US Privacy Shield ("EU-US Privacy Shield"), the EU-US Privacy Shield can no longer be used as a guarantee for an adequate level of protection in the US according to EU standards. Thus, there is currently no level of data protection in the U.S. equivalent to that in the EU within the meaning of Art. 45 GDPR, and we are also unable to provide appropriate safeguards under Art. 46 GDPR to compensate for this deficit. Thus, data transfer to the USA is only permissible here with your express consent pursuant to Art. 49 (1) a) GDPR, which can be granted by you with the cookie notice by choosing optional categories. Possible risks of this data transfer are that access by state authorities, such as security authorities and/or intelligence services, cannot be ruled out and your data could be processed by them, possibly without you being informed separately and without enforceable rights and effective legal remedies being available to you, for reasons of national security, law enforcement or for other purposes in the public interest of the USA.
Otherwise, we will only share your data with third parties if:
- you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 a) GDPR,
- the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6 para. 1 sentence 1 f) GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- there is a legal obligation for the disclosure according to Art. 6 para. 1 sentence 1 c) GDPR or
- this is legally permissible and necessary according to Art. 6 para. 1 sentence 1 b) GDPR for the processing of contractual relationships with you.
The transfer to tax offices and social security institutions will only take place if there is a legal obligation to do so; the legal basis is Art. 6 para. 1 sentence 1 c) GDPR. The transfer to service providers only takes place on the basis of a proper contract processing agreement in accordance with Art. 28 GDPR.
15. Applicant data
We process the personal data of applicants for the purpose of handling the application process. The processing may also take place electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, for example by e-mail. If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded, the application documents are automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests of the responsible party oppose deletion.
16. Amendments
The controller reserves the right to adapt security and data protection measures if this becomes necessary due to technical or legal developments. In these cases, the controller will also adapt these data protection notices accordingly. Therefore, please pay attention to the current version of our data protection information.
17. Definitions of terms
For a better understanding, we would like to provide you with the following definitions of the GDPR as far as they are relevant for our data privacy notices.
Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). A natural person shall be considered identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. Personal data are, in simplified form, individual details about personal or factual circumstances of a specific or determinable natural person, i.e. not legal persons, such as a limited liability corporation. Personal data includes in particular information such as name, address, e-mail address and IP address.
Processing
Processing means any operation or set of operations which is carried out with or without the aid of automated processes and which relates to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or linking, limitation, erasure or destruction.
Restriction of processing
Profiling
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects related to work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movement of that natural person.
Pseudonymisation
Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical andorganisational measures ensuring that the personal data are not allocated to an identified or identifiable natural person.
Controller
The controller shall be the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or controllers may be designated in accordance with Union
law or with the law of the Member States on the basis of certain criteria.
Processor
A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Recipient
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States shall not be considered as recipients.
Third party
Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.
Consent
Consent means any voluntary, informed and unambiguous expression by the data subject of his or her will in the particular case, in the form of a statement or other unequivocal confirmatory act, indicating that he or she consents to the processing of his or her personal data.
Supervisory authority
Supervisory authority means an independent government body established by a Member State pursuant to Art. 51 GDPR.