Privacy policy

Privacy policy

Unless otherwise provided below, the provision of your personal data is not required by law or contract, nor is it necessary for the conclusion of a contract. You are not obligated to provide the data. Failure to deploy has no consequences. This applies only to the extent that no other indication is given in the subsequent processing operations.
“Personal Data” means any information relating to an identified or identifiable natural person.

Server logfiles

You can visit our website without providing any personal information.

Every time you access our website, usage data is transmitted to us or to our web host /IT service provider through your Internet browser and stored in log data (so-called server log files). These stored data include, for example.B the name of the page accessed, the date and time of the retrieval, the IP address, the amount of data transferred and the requesting provider.
The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR based on our overriding legitimate interest in ensuring the trouble-free operation of our website and improving our offering.

Your data may be transferred to third countries outside the European Union for which the EU Commission has issued an adequacy decision.

Contact

Person responsible
Please contact us if you wish. The person responsible for data processing is Angela Bailey, Sylvester-Jordan-Str. 4, 35039 Marburg Germany, +49 (0)6421/9824444, angela@elfen-und-helden.de

Proactive contact by the customer by e-mail
If you contact us by e-mail on your own initiative, we will only collect your personal data (name, e-mail address, message text) to the extent provided by you. The purpose of data processing is to process and respond to your contact request.
If the establishment of contact serves the implementation of pre-contractual measures (e.g. advice in the event of an interest in purchasing, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. 1 lit. b GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR from our overriding legitimate interest in processing and responding to your request. In this case, you have the right, for reasons arising from your particular situation, to exercise this right at any time on the basis of Art. 6 para. 1 lit. f GDPR-based processing of your personal data in your area.
We will only use your e-mail address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing when using the contact form
When you use the contact form, we only collect your personal data (name, email address, message text) to the extent that you provide it. The purpose of data processing is to contact us.
If the establishment of contact serves the implementation of pre-contractual measures (e.g. advice in the event of an interest in purchasing, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. 1 lit. b GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR from our overriding legitimate interest in processing and responding to your request. In this case, you have the right, for reasons arising from your particular situation, to exercise this right at any time on the basis of Art. 6 para. 1 lit. f GDPR-based processing of your personal data in your area.
We only use your e-mail address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Use of Calendly
We use the appointment booking function “Calendly” from the provider Calendly LLC (BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA) on our website.
When using this function, we collect and process your personal data (first and last name, e-mail address and telephone number, message text) only to the extent provided by you. The data processing serves the purpose of appointment allocation and user-friendliness.
Calendly uses technologies such as cookies. The following information may be collected and transmitted to Calendly: IP address, date and time of the page view, device model, information about the browser and operating system you are using and the location.
Your data may be transferred to third countries such as the USA. An adequacy decision of the EU Commission is in place for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Calendly has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles.
Your personal data is processed for the purpose of booking appointments on the basis of Art. 6 para. 1 lit. b GDPR to fulfill the contract concluded with us or to carry out pre-contractual measures.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data that takes place through the use of cookies is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You can find more information on data protection and the use of cookies at Calendly at https://calendly.com/privacy.

WhatsApp Business
If you contact us via WhatsApp, we use the WhatsApp Business version of WhatsApp Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “WhatsApp”). If you are located outside the European Economic Area, this service is provided by WhatsApp Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).
The purpose of data processing is to process and respond to your contact request. For this purpose, we collect and process your mobile phone number stored with WhatsApp, your name if provided and other data to the extent provided by you. We use a mobile device for the service, the address book of which only contains data from users who have contacted us via WhatsApp. Personal data will not be passed on to WhatsApp without your prior consent.
Your data will be transmitted by WhatsApp to servers of Meta Platforms Inc. in the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta Platforms Inc. is certified in accordance with the TADPF and is therefore committed to complying with European data protection principles. If the contact is for the purpose of implementing pre-contractual measures (e.g. advice on an interest in purchasing, preparation of an offer) or relates to a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR from our overriding legitimate interest in providing a quick and easy way to contact you and in responding to your request. In this case, you have the right, for reasons arising from your particular situation, to exercise this right at any time on the basis of Art. 6 para. 1 lit. f GDPR-based processing of your personal data in your area.
We only use your personal data to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
You can find more information on terms of use and data protection when using WhatsApp at https://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy.

Customer account Orders

Customer account
When you open a customer account, we collect your personal data to the extent specified there. The purpose of data processing is to improve your shopping experience and simplify order processing. The processing is carried out on the basis of Article 6(4) of the European 1 lit. a GDPR with your consent. You can revoke your consent at any time by notifying us without affecting the legality of the processing carried out on the basis of the consent until the revocation. Your customer account will then be deleted.

Collection, processing and disclosure of personal data on orders

When ordering, we only collect and process your personal data insofar as this is necessary for the fulfillment and processing of your order as well as for the processing of your enquiries. The provision of the data is necessary for the conclusion of the contract. Non-provision means that no contract can be concluded. The processing is carried out on the basis of Article 6(4) of the European 1 lit. b GDPR and is necessary for the performance of a contract with you.

Your data will be passed on, for example, to shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing and IT service providers. In all cases, we strictly comply with the legal requirements. The scope of the data transfer is limited to a minimum.

Your data may be transferred to third countries outside the European Union for which the EU Commission has issued an adequacy decision.

Reviews Advertising

Data collection when writing a comment or rating
When you comment/rate an article or post, we only collect your personal data (name, email address, comment text) to the extent that you provide it. The processing serves the purpose of enabling a comment/rating and displaying comments/ratings.

We also collect the following data for the purpose of verifying your rating/comment: Order number, , , .

By submitting the comment/review, you consent to the processing of the transmitted data. The processing is carried out on the basis of Article 6(4) of the European 1 lit. a GDPR with your consent. You can revoke your consent at any time by notifying us without affecting the legality of the processing carried out on the basis of the consent until revocation. Your personal data will then be deleted.

Use of your personal data for the sending of postal advertising
We use your personal data (name, address), which we have received in the context of the sale of a product or service, to send you postal advertising, unless you have objected to this use. The provision of this data is necessary for the conclusion of the contract. Non-provision means that no contract can be concluded.
The processing is carried out on the basis of Article 6(4) of the European 1 lit. f GDPR from our overriding legitimate interest in direct advertising. You can object to this use of your address data at any time by notifying us. You will find the contact details for exercising your objection in the legal notice.

Use of your e-mail address for sending newsletters
We use your e-mail address to send you information and offers by newsletter, provided you have expressly consented to this. The data processing serves the sole purpose of advertising. For this purpose, we process your email address and any other data that you have voluntarily provided when registering for our newsletter.
The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by sending us a message. Your e-mail address will then be removed from the mailing list. Despite removal from the mailing list, we may continue to store your email address in a so-called blacklist to prevent you from receiving future newsletter emails from us. This storage takes place on the basis of Art. 6 para. 1 lit. f GDPR from our and your legitimate interest in preventing your e-mail address from being used again to send you our newsletter. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.

Use of the e-mail address for sending direct advertising
We use your e-mail address, which we have received as part of the sale of a good or service, for the electronic sending of advertising for our own goods or services that are similar to those that you have already purchased from us, unless you have objected to this use. The provision of the e-mail address is necessary for the conclusion of the contract. Non-provision means that no contract can be concluded. The processing is carried out on the basis of Article 6(4) of the European 1 lit. f GDPR from our overriding legitimate interest in direct advertising. You can object to this use of your e-mail address at any time by notifying us. You will find the contact details for exercising your objection in the legal notice. You can also use the link provided in the promotional e-mail. This will not incur any costs other than the transmission costs according to the basic rates.

Use of the e-mail address for availability notifications
We offer the service of product availability notification on our website. If an item is temporarily unavailable, you have the option of entering your e-mail address on the respective item and being informed by us by e-mail when it becomes available, provided you have agreed to this. You will receive a one-off e-mail notification about the availability of the item in question. The processing is carried out on the basis of Article 6(4) of the European 1 lit. a GDPR with your consent. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent until the revocation. You can unsubscribe from the availability notification at any time by sending us a message. Your e-mail address will then be removed from the mailing list.

Shipping service provider Merchandise management

Forwarding of the e-mail address to shipping companies for information about the shipping status
We forward your e-mail address to the shipping company as part of the contract processing, provided that you have expressly agreed to this during the ordering process. The purpose of the transfer is to inform you by e-mail about the shipping status. The processing is carried out on the basis of Article 6(4) of the European 1 lit. a GDPR with your consent. You can revoke your consent at any time by notifying us or the transport company without affecting the legality of the processing carried out on the basis of the consent until the revocation.

Use of an external merchandise management system
We use a merchandise management system for contract processing as part of order processing. For this purpose, your personal data collected during the order will be sent to
Cowis
transmitted.

The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

Payment service provider

Use of PayPal Check-Out
We use the PayPal Check-Out payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”) on our website. The purpose of data processing is to be able to offer you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal or “Pay later” via PayPal, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you with the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

Cookies may be stored that enable your browser to be recognized. The resulting data processing takes place on the basis of Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in a customer-oriented offer of different payment methods. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.

Credit card via PayPal, direct debit via PayPal & “Pay later” via PayPal
For individual payment methods such as credit card via PayPal, direct debit via PayPal or “Pay later” via PayPal, PayPal reserves the right to obtain credit information on the basis of mathematical-statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received on the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may contain probability values (score values) that are calculated on the basis of scientifically recognized mathematical-statistical procedures and whose calculation includes address data, among other things. Your legitimate interests are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is carried out on the basis of Article 6(4) of the European 1 lit. f GDPR from our overriding legitimate interest in protection against non-payment if PayPal makes advance payments.
You have the right to object to this processing at any time for reasons arising from your particular situation on the basis of Art. 6 para. 1 lit. f GDPR by notifying PayPal of your objection to the processing of personal data concerning you. The provision of the data is necessary for the conclusion of the contract with the payment method you have requested. Failure to provide the data means that the contract cannot be concluded with the payment method you have selected.

Third-party provider
When paying via the payment method of a third-party provider, the data required for payment processing is transmitted to PayPal. Such processing is carried out on the basis of Article 6(3). 1 lit. b GDPR. PayPal may then forward the data to the respective provider in order to process this payment method. Such processing is carried out on the basis of Article 6(3). 1 lit. b GDPR. Local third-party providers can be, for example:

Apple Pay (Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)

Purchase on account via PayPal
When paying via the payment method purchase on account, the data required for payment processing is first transmitted to PayPal. In order to process this payment method, the data will then be transmitted by PayPal to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; “Ratepay”) in order to fulfill the contract with you with the selected payment method. Such processing is carried out on the basis of Article 6(3). 1 lit. b GDPR. Ratepay may carry out a credit check on the basis of mathematical-statistical procedures (probability or score values) using credit agencies in accordance with the procedure described above. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is carried out on the basis of Article 6(4) of the European 1 lit. f GDPR on the basis of our overriding legitimate interest in protection against payment default if Ratepay makes advance payments. Further information on data protection and which credit agencies Ratpay uses can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.

Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Use of Klarna payment options

We use the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; “Klarna”) on our website. By selecting and using payment via Klarna, the data required for payment processing will be transmitted to Klarna in order to fulfill the contract with you using the selected payment method. Such processing is carried out on the basis of Article 6(3). 1 lit. b GDPR.

Cookies may be stored that enable your browser to be recognized. The resulting data processing takes place on the basis of Art. 6 para. 1 lit. f GDPR from our overriding legitimate interest in a customer-oriented range of different payment methods. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.

“Pay Later” (invoice), “Pay Now” (payment by direct debit, credit card, instant bank transfer), “Financing” (installment purchase)

For individual payment methods such as “Pay Later” (invoice), “Pay Now” (payment by direct debit, credit card, instant bank transfer), “Financing” (installment purchase), Klarna reserves the right to obtain credit information on the basis of mathematical-statistical procedures using credit agencies.

For this purpose, Klarna transmits the personal data required for a credit check, such as first and last name, address, gender, e-mail address, IP address and data related to the order, to a credit agency for the purpose of identity and credit checks and uses the information received on the statistical probability of non-payment for a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may contain probability values (score values) that are calculated on the basis of scientifically recognized mathematical-statistical procedures and whose calculation includes address data, among other things. Your legitimate interests are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is carried out on the basis of Article 6(4) of the European 1 lit. f GDPR from our overriding legitimate interest in protection against payment default if Klarna makes advance payment. You have the right to object to this processing at any time for reasons arising from your particular situation on the basis of Art. 6 para. 1 lit. f GDPR by notifying Klarna of your objection to the processing of personal data concerning you. The provision of the data is necessary for the conclusion of the contract with the payment method you have requested. Failure to provide the data means that the contract cannot be concluded with the payment method you have selected.

Further information, in particular to which credit agencies Klarna passes on your personal data, can be found at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies.

General information about Klarna can be found at: https://www.klarna.com/de/. Your personal data will be treated by Klarna in accordance with the applicable data protection regulations and in accordance with the information in Klarna’s privacy policy at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.

Use of the payment service provider Stripe

We use the Stripe payment service of Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) on our website. The purpose of data processing is to be able to offer you payment via the payment service. By selecting and using Stripe, the data required for payment processing is transmitted to Stripe in order to be able to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

Stripe reserves the right to obtain credit information on the basis of mathematical-statistical procedures using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received on the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may contain probability values (score values) that are calculated on the basis of scientifically recognized mathematical-statistical procedures and whose calculation includes address data, among other things. Your legitimate interests are taken into account in accordance with the statutory provisions. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is carried out on the basis of Article 6(4) of the European 1 lit. f GDPR from our overriding legitimate interest in protection against payment default if Stripe makes advance payments.

You have the right to object to this processing at any time for reasons arising from your particular situation on the basis of Art. 6 para. 1 lit. f GDPR by notifying Stripe of your objection to the processing of personal data concerning you. The provision of the data is necessary for the conclusion of the contract with the payment method you have requested. Failure to provide the data means that the contract cannot be concluded with the payment method you have selected.

All Stripe transactions are subject to the Stripe Privacy Policy. This can be found at https://stripe.com/de/privacy

Using the payment method Link

We use the payment service link of Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland; “Stripe”) on our website.

The purpose of data processing is to be able to offer you quick and easy payment via the payment service if you have a customer account with Link.

In order to integrate this payment service, it is necessary for Stripe to collect, store and analyze data (e.g. IP address, device type, operating system, browser type, location of your device, language settings, date and time of the page view) when you access the website and use the payment service. Cookies that enable your browser to be recognized can also be used for this purpose.

The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent until the revocation.

By selecting and using Link, the data required for payment processing will be transmitted to Stripe in order to fulfill the contract with you using the selected payment method. This processing is carried out to fulfill the contract concluded between you and us on the basis of Art. 6 para. 1 lit. b GDPR.

Further information on data processing when using the Link payment service can be found at https://link.co/de/privacy and at https://link.co/de/privacy-center

Cookies

Our website uses cookies. Cookies are small text files that are stored in the internet browser or the internet browser on a user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is re-accessed.

Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting appropriate technical settings in your internet browser, you can be notified before setting cookies and decide on the acceptance individually as well as prevent the storage of cookies and transmission of the data contained. Cookies that have already been saved can be deleted at any time. However, we would like to point out that you may then not be able to use all functions of this website to their full extent.

You can find out how to manage cookies with the most important browsers (including deactivation) under the following links:

Chrome: https://support.google.com/accounts/answer/61416?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically necessary cookies

Insofar as no other information is provided below in the data protection declaration, we only use these technically necessary cookies for the purpose of making our offer more user-friendly, effective and secure. Furthermore, cookies allow our systems to recognize your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

The use of cookies or comparable technologies is based on Section 25 (2) TDDDG. The processing of your personal data takes place on the basis of Art. 6 para. 1 lit. f GDPR from our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our offer.

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.

Use of Borlabs Cookie

On our website, we use the consent management tool Borlabs Cookie from the provider Borlabs – Benjamin A. Bornschein (Georg-Wilhelm-Str. 17, 21107 Hamburg; “Borlabs”).

The tool enables you to give your consent to data processing via the website, in particular the setting of cookies, and to exercise your right to withdraw consent you have already given.

The purpose of data processing is to obtain and document the necessary consent for data processing and thus to comply with legal obligations.

Cookies can be used for this purpose. The following information may be collected: Date and time of the page view, information about the browser you are using and the device you are using, UID (randomly assigned, anonymous ID), opt-in and opt-out data. This data is not passed on to third parties.

The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR.

You can find more information on data protection at Borlabs at: https://de.borlabs.io/borlabs-cookie/

Affiliate advertising tracking analysis

Use of Google Analytics 4
We use the web analysis service Google Analytics from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The purpose of data processing is to analyse this website and its visitors, as well as for marketing and advertising purposes. For this purpose, Google will use the information obtained on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.
The following information may be collected in the process: IP address, date and time of the page view, click path, information about the browser you are using and the device you are using, pages visited, referrer URL (website from which you accessed our website), location data, purchase activities. Your data may be linked by Google with other data, such as your search history, your personal accounts, your usage data from other devices and all other data that Google has about you.

The IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

The information generated by this about your use of this website is usually transmitted to a Google server in the USA and stored there. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is therefore obliged to comply with European data protection principles. Both Google and US government authorities have access to your data.

Further information on terms of use and data protection can be found at https://policies.google.com/technologies/partner-sites and at https://policies.google.com/privacy?hl=de&gl=de.

Use of the Meta Pixel

We use the Meta Pixel from Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “Meta”) on our website.

Meta and we are jointly responsible for the collection of your data and the transmission of this data to Meta when the service is integrated. The basis for this is an agreement between us and Meta on the joint processing of personal data, in which the respective responsibilities are defined. The agreement is available at https://de-de.facebook.com/legal/terms/businesstools can be accessed. Accordingly, we are responsible in particular for fulfilling the information obligations pursuant to Art. 13, 14 GDPR, for compliance with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service and for compliance with the obligations pursuant to Art. 33, 34 GDPR, insofar as a breach of the protection of personal data affects our obligations under the joint processing agreement. Meta is responsible for enabling the rights of data subjects pursuant to Art. 15 – 20 GDPR, complying with the security requirements of Art. 32 GDPR with regard to the security of the Service and the obligations under Art. 33, 34 GDPR to the extent that a personal data breach affects Meta’s obligations under the Joint Processing Agreement.

The purpose of the application is to target visitors to the website with interest-based advertising on the social networks Facebook and Instagram. The Meta remarketing tag has been implemented on the website for this purpose. This tag is used to establish a direct connection to the Meta servers when you visit the website. This tells the Meta server which of our pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram user account. When you visit the social networks Facebook or Instagram, you will then be shown personalized, interest-based ads.

The application also serves the purpose of creating conversion statistics. This tells us the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag, as well as what actions are taken after being redirected to this website. However, we do not receive any information that can be used to personally identify users.

Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.

The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of the consent until the revocation.
You can deactivate the remarketing function “Custom Audiences” here. For more information on the collection and use of data by Meta, your rights in this regard and ways to protect your privacy, please refer to Meta’s privacy policy at https://www.facebook.com/about/privacy/.

Use of Google Ads conversion tracking
We use the online advertising program “Google Ads” on our website and in this context conversion tracking (visit action evaluation). Google Conversion Tracking is an analysis service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; Google).
If you click on an advertisement placed by Google, a cookie for conversion tracking is stored on your computer. These cookies are limited in validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you have clicked on the ad and have been redirected to this page. Each Google Ads customer receives a different cookie. Thus, there is no way that cookies can be tracked through the websites of Ads customers.
The information collected with the help of the conversion cookie is used to create conversion statistics. We find out the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.
Your data may be transmitted to the servers of Google LLC in the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.

The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You can find more information and Google’s privacy policy at: https://www.google.de/policies/privacy/

Use of the Pinterest tag
We use the Pinterest tag from Pinterest Europe Limited (Palmerston House, 2nd, Fenian Street, Floor, Dublin 2, Ireland “Pinterest”) on our website.
The purpose of the application is to target visitors to the website with interest-based advertising on the Pinterest social network. The Pinterest conversion tag has been implemented on the website for this purpose. This tag establishes a direct connection to the Pinterest servers when the website is visited. This tells the Pinterest server which of our pages you have visited. Pinterest assigns this information to your personal Pinterest user account if you are logged into the social network. When you visit Pinterest, you will then be shown personalized, interest-based Pinterest ads.
If you access our website via a pin on the Pinterest social network, a cookie for conversion tracking is stored on your computer. These cookies are limited in validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Pinterest and we can recognize that you have clicked on the pin and have been redirected to this page. The information collected with the help of the conversion cookie is used to create conversion statistics and thus to optimize our website. Among other things, the following information can be processed: Total number of users who clicked on one of our pins and were redirected to our website, subpages visited on our website (e.g. category or product pages), search queries on our website, your shopping cart contents, completed transactions.
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified according to the TADPF. Data is transferred on the basis of standard contractual clauses, among others, as suitable guarantees for the protection of personal data, which can be viewed at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
For more information on the collection and use of data by Pinterest, your rights in this regard and ways to protect your privacy, please refer to Pinterest’s privacy policy at https://policy.pinterest.com/de/privacy-policy.

Use of the Amazon Partner Program
We use the “AmazonPartnerNet” partner program of Amazon EU S.a.r.l. (5 Rue Plaetis, L-2338 Luxembourg; “Amazon”).
We have set up advertisements on our website as links to offers on various Amazon websites. Amazon uses cookies. The cookies serve the purpose of correct billing as part of the partner program. The cookies enable Amazon to determine that you have clicked on an ad link and to trace the origin of the order generated via the ad link.
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Amazon has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
The privacy policy with detailed information on the use of data by Amazon can be found at https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401.

Plug-ins and miscellaneous

Use of the Google Tag Manager
We use the Google Tag Manager of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
This application is used to manage JavaScript tags and HTML tags that are used to implement tracking and analysis tools in particular. The purpose of data processing is to design and optimize our website according to your needs.
The Google Tag Manager itself neither stores cookies nor does it process personal data. However, it enables the triggering of other tags that can collect and process personal data.
You can find more information on terms of use and data protection here.

Use of social plug-ins
We use social network plug-ins on our website. The integration of social plug-ins and the data processing that takes place serves the purpose of optimizing the advertising of our products.
When social plug-ins are integrated, a link is established between your computer and the servers of the social network provider and the plug-in is displayed on the page by notifying your browser, provided you have expressly consented to this. Both your IP address and the information on which of our pages you visited will be transmitted to the provider servers. This applies regardless of whether you are registered or logged in to the Social Network. A transmission also takes place for unregistered or unlogged users. If you are connected to one or more of your social network accounts at the same time, the information collected can also be associated with your respective profiles. When using the plug-in functions (e.B. by pressing the button), this information is also assigned to your user account. You can prevent this assignment by logging out of your social media accounts before visiting our website and before activating the buttons.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) sentence 1 TDDDG. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
The social networks listed below are integrated into our website by means of social plug-ins. Further information on the scope and purpose of the collection and use of the data as well as about your rights in this regard and possibilities for protecting your privacy can be found in the linked data protection notices of the providers.

Facebook of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Meta Platforms Ireland and we are jointly responsible for the collection of your data when the service is integrated and the transmission of this data to Facebook. The basis for this is an agreement between us and Meta Platforms Ireland on the joint processing of personal data, in which the respective responsibilities are defined. The agreement is available at https://www.facebook.com/legal/controller_addendum. Accordingly, we are responsible in particular for fulfilling the information obligations pursuant to Art. 13, 14 GDPR, for compliance with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service and for compliance with the obligations pursuant to Art. 33, 34 GDPR, insofar as a breach of the protection of personal data affects our obligations under the joint processing agreement. Meta Platforms Ireland is responsible for enabling the rights of data subjects pursuant to Art. 15 – 20 GDPR, complying with the security requirements of Art. 32 GDPR with regard to the security of the Service and the obligations under Art. 33, 34 GDPR to the extent that a personal data breach affects Meta Platforms Ireland’s obligations under the Joint Processing Agreement.
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.
For more information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy, please refer to Facebook’s privacy policy at https://www.facebook.com/about/privacy/.

Instagram of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
https://help.instagram.com/155833707900388
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). LinkedIn has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.

Pinterest by Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA)
https://policy.pinterest.com/de/privacy-policy
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified according to the TADPF.

X, formerly known as Twitter, (X Corp., 1355 Market Street, Suite 900 San Francisco, CA 94103, USA)

https://twitter.com/privacy
https://twitter.com/personalization
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). X has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles.

Xing of XING SE (Dammtorstraße 30, 20354 Hamburg, Germany)
https://www.xing.com/privacy
Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Xing is not certified according to the TADPF. Data is transferred on the basis of standard contractual clauses, among others, as suitable guarantees for the protection of personal data, which can be viewed at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.

Use of Google reCAPTCHA

On our website, we use the reCAPTCHA service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). The purpose of the query is to distinguish the input by a human being or by automated, machine processing. For this purpose, your input will be transmitted to Google and reused there. In addition, the IP address and, if necessary, any other data required by Google for the service reCAPTCHA will be transmitted to Google. This data is processed by Google within the European Union and may also be transmitted to servers of Google LLC in the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.

You can find more information about Google reCAPTCHA and the associated privacy policy at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy.

Use of Google invisible reCAPTCHA
We use the invisible reCAPTCHA service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
This serves the purpose of distinguishing the input by a human or by automated, machine processing. In the background, Google collects and analyzes usage data that is used by Invisible reCaptcha to distinguish regular users from bots. For this purpose, your input will be transmitted to Google and reused there. In addition, the IP address and any other data required by Google for the Invisible reCAPTCHA service will be transmitted to Google.
This data is processed by Google within the European Union and may also be transmitted to servers of Google LLC in the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on Google reCAPTCHA and the associated privacy policy can be found at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy

Use of Cloudflare
We use the Cloudflare CDN content delivery network from Cloudflare Inc (101 Townsend St, San Francisco, CA 94107, USA; “Cloudflare”) on our website. This is a supra-regional network of servers in various data centers to which our web server connects and via which certain content on our website is delivered.
The data processing serves the purpose of optimizing the loading times of our website and thus making our offer more user-friendly.
Among other things, the following information may be collected: IP address, system configuration information, information about traffic from and to customer websites (so-called server log files).
Your data may be transferred to the United States. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Cloudflare has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.
The processing of your personal data takes place on the basis of Art. 6 para. 1 lit. f GDPR from our overriding legitimate interest on the needs-based and targeted design of the website. You have the right to use Article 6(6) of the law at any time for reasons arising from your particular situation. 1 lit. f GDPR-based processing of your personal data in your area.
You can find more information on data protection when using Cloudflare at https://www.cloudflare.com/de-de/privacypolicy/.

Use of GoogleMaps
We use the function for embedding GoogleMaps maps from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, “Google”) on our website.
The function enables the visual display of geographical information and interactive maps. Google also collects, processes and uses the data of visitors to the websites when they access the pages in which GoogleMaps maps are embedded.
Your data may also be transmitted to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You can find more information on the collection and use of data by Google in Google’s privacy policy at https://www.google.com/privacypolicy.html. There you also have the option of changing your settings in the data protection center so that you can manage and protect your data processed by Google.

Use of YouTube
We use the function for embedding YouTube videos from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”) on our website.YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
The function displays videos stored on YouTube in an iFrame on the website. The “Extended data protection mode” option is activated. This means that YouTube does not store any information about visitors to the website. Only when you watch a video is information about it transmitted to YouTube and stored there. Your data may be transmitted to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
For more information on the collection and use of data by YouTube and Google, your rights in this regard and ways to protect your privacy, please refer to YouTube’s privacy policy at https://www.youtube.com/t/privacy.

Affected rights and storage time

Duration of storage
Once the contract has been fully processed, the data will initially be stored for the duration of the warranty period, then in accordance with statutory retention periods, in particular under tax and commercial law, and then deleted after this period has expired, unless you have consented to further processing and use.

Rights of the data subject
If the legal requirements are met, you have the following rights under Art. 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.
You also have the right to data portability under Art. 21 (1) GDPR. 1 GDPR has a right of objection to the processing, which is based on Article 6(0). 1 f GDPR, as well as against processing for direct marketing purposes.

Right to lodge a complaint with the supervisory authority
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that your personal data is being processed unlawfully.

You can lodge a complaint with the supervisory authority responsible for us, which you can reach using the following contact details:

Hessian Commissioner for Data Protection and Freedom of Information
P.O. Box 3163
65021 Wiesbaden
Tel.: +49 611 14080
Fax: +49 611 1408900 or +49 611 1408901
E-mail: poststelle@datenschutz.hessen.de

Right to object
If the personal data processing listed here is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, you have the right to object, on grounds relating to your particular situation, at any time to such processing with effect for the future.
Once you have objected, the processing of the data concerned will be terminated unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the establishment, exercise or defense of legal claims.

If the personal data processing is carried out for the purpose of direct marketing, you can object to this processing at any time by notifying us. After objections, we will terminate the processing of the data concerned for the purpose of direct marketing.

last update: 22.10.2024