Privacy Policy
Information on the Processing of Personal Data (Privacy Notice)
(Version 1.0, as of November 23, 2022)
Welcome to the privacy section of Starke Möbel GmbH. We are delighted by your interest in our company. Through this privacy notice, we would like to provide you with detailed information about when we collect which data and how it is processed.
Data Controller
The data controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) is:
Starke Möbel GmbH
Managing Directors: Uwe Starke and Maria Starke
Beiersdorfer Straße 18
02708 Schönbach
Phone: 035872 / 368 – 0
Email: info@moebel-starke.de
Data Protection Officer
You can contact our Data Protection Officer at:
Gesellschaft für Personaldienstleistungen mbH
Pestalozzistraße 27
34119 Kassel
Phone: +49 561 220774-0
Email: datenschutz@gfp24.de
General Information on the Collection of Personal Data
With the following information, we provide you with transparent details regarding the nature and scope of the processing of personal data,
- which is collected during your visit to our website,
- the use of our online services,
- external online presences on social media platforms,
- as part of application processes
- our retail operations
- as well as in business relationships with customers and service providers
The legal basis for our data protection is formed in particular by the provisions of the General Data Protection Regulation (GDPR) as well as the supplementary regulations of the Federal Data Protection Act (BDSG) (new).
Purpose / Legal Basis for Processing
In cases where we obtain your consent for the processing of personal data, Article 6(1)(a) of the GDPR serves as the legal basis.
When processing personal data necessary to fulfill a contract concluded between you and us, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
In the event that the processing of personal data is necessary to fulfill a legal obligation to which we are subject, Article 6(1)(c) of the GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.
In the event that the processing of personal data is necessary to safeguard a legitimate interest of our company or a third party, and your interests, fundamental rights and freedoms do not override the aforementioned interest, then Article 6(1)(f) of the GDPR serves as the legal basis for the processing.
Disclosure of Personal Data
If we transfer your personal data to other parties or disclose it to them in the course of our processing activities, this is done exclusively on the basis of one of the aforementioned legal grounds. Recipients of this data may include, for example, payment service providers in connection with the fulfillment of the contract. In cases where we are required to do so by law or by court order, we must transfer your data to authorized authorities.
If external service providers assist us in processing your data (e.g., data analysis, newsletter distribution), this is done within the framework of commissioned processing pursuant to Art. 28 GDPR. In doing so, we only enter into contracts with service providers that offer sufficient guarantees that appropriate technical and organizational measures ensure the protection of your data.
Data Transfer to Third Countries
Data transfer to third countries (outside the European Union or the European Economic Area) only takes place to the extent that this is in accordance with legal requirements. Subject to express consent or a transfer required by contract or law, we process or have the data processed in third countries only if they have a recognized level of data protection or in accordance with Art. 44 et seq. GDPR on the basis of specific safeguards, such as contractual obligations through the EU Commission’s so-called standard data protection clauses (EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Storage of Data
As soon as the respective purpose for storage no longer applies, we will delete or block your personal data. Furthermore, your personal data will only be stored if specific statutory retention periods (in particular commercial and tax law retention obligations) at the national or European level prevent deletion.
Definitions
Our privacy notice is based on terminology used and defined in the GDPR. To ensure that our privacy policy is easy to read and understand, we would like to explain the most important terms in advance.
Personal Data
“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Processing
“Processing” means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Controller
“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Pseudonymization
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
Processor
“Processor” means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
Recipient
“Recipient” means a natural or legal person, public authority, agency, or other body to whom personal data is disclosed, regardless of whether such entity is a third party or not. However, public authorities that may receive personal data in the course of a specific investigative mandate under Union law or the law of the Member States are not considered recipients.
Third party
“Third party” means a natural or legal person, public authority, agency, or other body, other than the data subject, the controller, the processor, and the persons authorized under the direct responsibility of the controller or the processor to process the personal data.
Consent
“Consent” means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Profiling
“Profiling” means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Data Subject Rights
The processing of personal data grants you, as the data subject, certain rights that you may exercise against us at any time. These are:
- Right to withdraw a declaration of consent under data protection law pursuant to Art. 7(3) GDPR
- Right to access your personal data stored by us pursuant to Art. 15 GDPR
- Right to rectification of inaccurate data or to completion of incomplete data pursuant to Art. 16 GDPR
- Right to erasure of your data stored by us pursuant to Art. 17 GDPR
- Right to restriction of processing of your data pursuant to Art. 18 GDPR
- Right to data portability pursuant to Art. 20 GDPR
- Right to object pursuant to Art. 21 GDPR
- Automated decision-making in individual cases, including profiling, pursuant to Art. 22 GDPR.
Right of access
You have the right to ask us whether and—if so—what personal data we process about you, as well as to request copies of your personal data from us. Please note that your right of access may be restricted under certain circumstances in accordance with legal regulations.
Right to rectification
If the information concerning you is no longer accurate, you have the right to request the immediate rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data.
Right to erasure
In accordance with legal requirements, you have the right to request that data concerning you be erased without undue delay, e.g., if the data is no longer necessary for the purposes for which it was collected and legal retention and archiving requirements do not preclude erasure.
Right to restriction of processing
You have the right, within the framework of the provisions of Art. 18 GDPR, to request a restriction on the processing of data concerning you,
e.g., if you have objected to the processing, for the duration of the review to determine whether the objection can be upheld.
Right to data portability
You have the right to have data that you have provided to us transferred to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place to the extent that it is technically feasible.
Right to Withdraw a Declaration of Consent under Data Protection Law
If the processing of your personal data is based on consent you have given us, you have the right to withdraw this consent at any time. Withdrawal does not affect the lawfulness of processing carried out on the basis of the consent prior to its withdrawal.
Please send your withdrawal informally to Starke Möbel GmbH, Beiersdorfer Straße 18, 02708 Schönbach, info@moebel-starke. de. Please note that your objection may also apply to other processes or, for technical reasons, must apply to them. Further information on this can be found in the respective service descriptions.
Right to object to processing
Under the conditions of Art. 21(1) 1 of the GDPR, you may object to data processing based on Article 6(1)(e) or (f) of the GDPR for reasons arising from your particular situation. This also applies to profiling based on these provisions. If you exercise your right to object, we will no longer process your personal data in question, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
Please submit your objection informally to Starke Möbel GmbH, Beiersdorfer Straße 18, 02708 Schönbach, info@moebel -starke.de. Please note that your objection may also apply to other processes or may be required for technical reasons. Further information on this can be found in the respective service descriptions.
Right to lodge a complaint with the data protection authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is not lawful. The address of the supervisory authority responsible for our company is:
Saxon Data Protection Commissioner
Mailing Address
Devrienstraße 5
01067 Dresden
Tel: 0351/85471 101
Fax: 0351/85471 109
Email: saechsdsb@slt.sachsen.de
Automated Decision-Making in Individual Cases, Including ProfilingYou have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or similarly significantly affects you.Use of Online ServicesBelow, we inform you when and in what context data is processed when using our online services.Collection of personal data when visiting our websiteWhen using the website solely for informational purposes—that is, if you do not register or otherwise provide us with information—we collect only the personal data that your browser transmits to our server. When you view our website, we collect the data listed below. This data is technically necessary to display our website to you and to ensure the stability and security of the display (the legal basis is Art. 6(1)(f) GDPR):IP addressDate and time of the requestTime zone difference from Greenwich Mean Time (GMT)Content of the request (specific page)Access status / HTTP status codeAmount of data transferred in each caseWebsite from which the request originatesBrowserOperating system and its interfaceIntegration of iFrames and third-party providersThis data is temporarily stored in our system’s log files for a maximum of seven days. Storage beyond this period is possible; however, in such cases, the IP addresses are partially deleted or anonymized so that the requesting client can no longer be identified.We embed third-party content on our website using so-called iFrames. This is a technique used to integrate external content (e.g., videos, maps, or other media) into our website.By using these iFrames, your IP address and, if applicable, other technical information (e.g., browser type, operating system, referrer URL, time of access) are transmitted to the respective third-party providers. This occurs regardless of whether you have a user account with the respective provider or are logged in there.The following third-party providers may receive data in connection with the use of iFrames:Mittwald Server LogsAmazon CDNfonts.comYouTubeGoogle FontsVimeoSepiaData processing is based on Art. 6(1)(f) GDPR (legitimate interest in an appealing and functional presentation of our website) and—provided that corresponding consent is requested—on Art. 6(1)(a) GDPR.Please note that we have no influence over the nature and scope of data processing by the respective providers. Further information on data processing and your rights can be found in the privacy policies of the respective providers.If consent is requested,
the content is only integrated after you have given your explicit consent via our consent management tool. You can revoke your consent at any time with future effect.
Use of Cookies
In addition to the data mentioned above, cookies are stored on your device (e.g., PC, laptop, smartphone). Cookies are small text files that are stored on your device and associated with the browser you are using, and through which certain information is transmitted to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transfer malware to your devices. They serve to make the online offering more user-friendly and effective overall.
This website uses the following types of cookies, the scope and functionality of which are explained below:
Transient Cookies
Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which allows various requests from your browser to be associated with the same session. This enables your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
Persistent cookies
Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete these cookies at any time in your browser’s security settings.
We use cookies on our website that are generated by us as the website operator and are necessary for the full functionality and presentation of our website. We use these cookies based on our legitimate interest pursuant to Art. 6(1)(f) GDPR to ensure the functionality of our online service.
In addition to the cookies set by us as the data controller, cookies provided by other providers are also used. We process these cookies based on your consent pursuant to Art. 6(1)(a) GDPR or based on our legitimate interest pursuant to Art. 6(1)(f) of the GDPR. Further information regarding the use of and collaboration with external service providers can be found in the privacy policies of the respective online services.
You can configure your browser settings according to your preferences and, for example, refuse to accept cookies from external providers or all cookies. However, please note that this may prevent you from using all features of this website. If you have consented to the use of cookies and wish to revoke this consent in the future, you can delete the stored cookies in the settings of the browser you are using.
Cookie Settings in Web Browsers
Web browsers can be configured to notify you when cookies are set or to reject or disable cookies generally or in part. By disabling and deleting all cookies, you can also revoke any consent previously given. If you disable or restrict cookies using your browser, certain features on our website may not be available to you. You can delete stored cookies at any time using your web browser, including automatically.
You can find out more about these options for the most commonly used browsers via the following links:
Mozilla Firefox: https ://support.mozilla.org/de/kb/cookies-informationen-websites-auf-ihrem-computer
Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=de&answer=95647
Apple Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Microsoft Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge: https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies
Opera: https://help.opera.com/de/latest/web-preferences/
If no restrictions have been applied to the cookie settings, cookies that enable and ensure the necessary technical functions will remain on your device until you close your browser; other cookies may remain on your device for a longer period. The exact cookie durations are displayed to you [in the consent banner / under cookie settings / for the respective services used].
SSL or TLS Encryption
Our website uses TLS encryption (formerly SSL) for security and to protect the transmission of confidential content. Orders or contact requests you send to us are therefore transmitted using transport encryption. Depending on your browser type, you can recognize this by either the lock icon and/or the https protocol in the address bar.
External Hosting
We host our website externally. The personal data collected on this website is stored on the servers of the host(s). This may include all information relating to users of our online service that is generated during use and communication, such as, in particular, content data (e.g., entries in online forms); usage data (e.g., websites visited, access times); meta/communication data (e.g., device information, IP addresses).
We collect the aforementioned data to ensure the secure, fast, and efficient provision of our online service. The legal basis for processing the data is our legitimate interest in the proper presentation and functionality of our website in accordance with Art. 6(1)(f) GDPR.
We use the following hosting provider(s):
BWK Systemhaus GmbH, Mozartstraße 2, 02763 Zittau, Tel: +49 3583 7725-500, Email: info@bwk.net
Further information on data protection is available at https://www.bwk.net/informationen-zum-datenschutz/
We have also entered into a data processing agreement (DPA). This agreement governs the scope, nature, and purpose of the access rights of the above-mentioned provider(s) to the data. Access is limited solely to what is necessary to fulfill the hosting services and in compliance with the GDPR.
Contacting Us
Contact Form
When you contact us via a contact form, the data you provide (your email address, your name if applicable, your phone number, and the content of your message) will be stored by us in order to respond to your inquiry. The processing of the data entered into the contact form is based on your consent pursuant to Art. 6(1)(a) GDPR. If your contact inquiry relates to the performance of a contract or the implementation of pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. We will delete the data collected in this context once storage is no longer necessary, or restrict processing if statutory retention obligations apply. You may revoke this consent at any time. The lawfulness of the data processing operations carried out prior to revocation remains unaffected by the revocation.
Inquiries via Email, Phone, or Fax
When you contact us via email, phone, or fax, the personal data you provide (your email address, your name if applicable, your phone number, and the content of your message) will be stored by us in order to process your request. We will not disclose this data without your consent.
Data processing is based on Art. 6(1)(b) GDPR, provided your inquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, we process your data based on your consent pursuant to Art. 6(1)(a) GDPR and/or based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our legitimate interest lies in particular in the effective handling of your inquiry.
The data you send us via contact inquiries will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been fully processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.
Online Store
We offer an online store for the purchase of our products. In this context, we process your personal data based on Article 6(1)(b) of the GDPR. Mandatory information required for contract processing is marked separately; additional information is voluntary. The data required for the conclusion, performance, or termination of a contract includes:
First name, last name
Billing and shipping address
Email address
Billing and payment details
Date of birth
Unless we use your contact information for marketing purposes, we store the data collected for contract processing until the statutory retention periods expire. Retention periods under commercial and tax law require us to store the necessary information for a period of ten years (after the contract is concluded).
As part of order processing, we may share your necessary data (title, first and last name, address) for the purpose of contract fulfillment (Art. 6(1)(b) GDPR) to the following third parties, who use this data to process and deliver the order. These third parties include logistics service providers, shipment tracking services, returns processing, complaint handling, etc. If you have given your explicit consent during the ordering process, we will also transmit your email address and/or your phone number to the shipping service provider prior to delivery of the goods in accordance with Art. 6(1)(a) GDPR for the purpose of shipment tracking.
Consent may be revoked at any time with future effect by contacting the controller named above or the service provider.
Payment Systems / Credit Check / Fraud Prevention
In our online shop, you can choose between different payment methods. For this purpose, the relevant payment-related data is collected to process your order and handle the payment. In addition, contract data and user data may also be stored. Most payment providers also store your IP address and information about the device you are using.
Certain personal data (mandatory information), without which we cannot fulfill the contract, is transmitted to our payment service providers for payment processing, depending on the selected payment method. For identity and credit checks, payment providers may transmit data to the relevant authorities. You can obtain further information on this from the respective providers.
Credit Card Payment
When paying by credit card, the necessary data—such as [name, address, and purchase details]—is forwarded to the respective credit card company.
As is standard for credit card payments, the credit card details are verified and authorization is performed by [Muster Anbieter GmbH].
Prepayment
In the case of prepayment, you will receive an invoice in advance. As soon as you have transferred the amount to the specified bank account and the invoice amount has been credited there, we will ship the ordered items immediately.
PayPal
PayPal is a company of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you select “PayPal” as the payment method during the ordering process in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of personal data required for payment processing. The personal data transmitted to PayPal generally includes: first name, last name, address, email address, IP address, phone number, and mobile phone number, which are necessary for payment processing. Personal data related to the respective order is also required to fulfill the purchase agreement.PayPal’s current privacy policy can be accessed at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.Sofortüberweisung
On our website, we offer, among other options, payment via “Sofortüberweisung.” The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich. Using the “Sofortüberweisung” process, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin fulfilling our obligations.
If you have chosen the “Sofortüberweisung” payment method, you will provide Sofort GmbH with a PIN and a valid TAN, which it uses to log in to your online banking account. After logging in, Sofort GmbH automatically checks your account balance and executes the transfer to us using the TAN you provided. The service provider then immediately sends us a transaction confirmation. After logging in, your transaction history, the credit limit of your overdraft facility, and the existence of other accounts as well as their balances are also automatically checked.
The transmission of your data to Sofort GmbH is based on Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (performance of a contract). You have the option to revoke your consent to data processing at any time with future effect. A revocation does not affect the validity of past data processing operations.
For details on data protection when paying via Sofortüberweisung, please refer to the following link: https://www.sofort.de/datenschutz.html.
Paydirekt
When paying via paydirekt, your payment data is transmitted to paydirekt GmbH, Stephanstraße 14-16, 60313 Frankfurt am Main, as part of the payment processing.
The payment data (payment amount, details of the payee) as well as the participant’s confirmation that the payment data is accurate are collected, processed, and transmitted to the bank by paydirekt GmbH for the purpose of executing the paydirekt payment. paydirekt GmbH authenticates the payment using the authentication method stored for the participant. The bank authorizes the payment to the merchant through paydirekt GmbH. paydirekt GmbH collects and stores the transaction data for paydirekt payments. The transaction data includes the transaction reference and the transaction ID, as well as information about the shopping cart, which paydirekt GmbH receives from the merchant, provided the merchant supports this. This data enables paydirekt GmbH and the bank to identify and reference the transaction at a later date
(e.g., for refunds), so that the transaction can be assigned to the respective customer. To process refunds, transaction data is transmitted from paydirekt GmbH to the bank.
For more information, please see the paydirekt Privacy Policy at: https://www.paydirekt.de/agb/index.html.
Data Processing for Advertising Purposes
Newsletter
With your consent, you can subscribe to our newsletter, through which we inform you about current interesting offers. We regularly report on
.
We use the so-called double opt-in procedure for subscribing to our newsletter. This means that after you sign up, we will send an email to the provided email address asking you to confirm that you wish to receive the newsletter. If you do not confirm your subscription within [24 hours], your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you used and the times of your registration and confirmation. The purpose of this procedure is to verify your registration and, if necessary, to investigate any potential misuse of your personal data.
The only mandatory information required to receive the newsletter is your email address. Providing additional, separately marked data is voluntary and is used to address you personally. After your confirmation, we will store your email address for the purpose of sending you the newsletter. The legal basis is Art. 6(1)(a) GDPR (consent).
You may revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking the link (unsubscribe) provided in every newsletter email [or via this form on the website (insert link!)]
We work with the following email marketing provider:
CleverReach GmbH & Co. KG, //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany
Privacy Policy: https://www.cleverreach.com/de/datenschutz/
Conclusion of a Contract for Data Processing
We have concluded a contract for data processing with CleverReach. In this agreement, CleverReach is obligated to protect our customers’ data and not to disclose it to third parties.
Please note that we analyze your user behavior when sending the newsletter. For this analysis, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the analysis, we link data and the web beacons to your email address and a unique ID. Links received in the newsletter also contain this ID.
The data is collected exclusively in pseudonymized form; the IDs are therefore not linked to your other personal data, and direct personal identification is ruled out.
You can object to this tracking at any time by clicking the separate link (unsubscribe) provided in every email. The information is stored for as long as you remain subscribed to the newsletter. After you unsubscribe, we store the data purely for statistical and anonymous purposes.Analytics ToolsGoogle Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies.” These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie regarding your use of this website is generally transmitted to and stored on Google’s servers in the United States.
However, if IP anonymization (AnonymizeIP) is enabled on this website, your IP address will be truncated by Google beforehand within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address is transmitted to Google servers in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
This website uses Google Analytics with the “Anonymize IP.” This truncates IP addresses during processing, thereby virtually eliminating the possibility of personal identification. To the extent that the data collected about you is personally identifiable, it will be deleted immediately.
We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offerings and make them more interesting for you as a user. The legal basis for the use of Google Analytics is our legitimate interest in product improvement pursuant to Art. 6(1)(f) GDPR.
We also use Google Analytics for cross-device analysis of visitor flows, which is carried out via a user ID. You can disable cross-device analysis of your usage in your customer account under “My Data,” “Personal Data.”
You can prevent the storage of cookies by adjusting your browser settings accordingly; however, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Data transfer to the U.S. is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Terms of Use: https://www.google.com/analytics/terms/de
html, Privacy Overview: https://support.google.com/analytics/answer/6004245?hl=de and Privacy Policy:
https://policies.google.com/privacy?hl=de&gl=de.
Tracking Tools
Google reCAPTCHA
This website uses the reCAPTCHA service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, to determine whether certain inputs are performed by humans or computers (so-called bots). To do this, the actions of website users are analyzed (e.g., mouse movements or queries). Google identifies the type of input based on the IP address of the device used, the website visited with the CAPTCHA function, the date and duration of the visit, and the data of the browser and operating system used. Data processing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and spam.
When using Google reCAPTCHA, personal data may also be transferred to servers operated by Google LLC in the United States.
Data transfers to the United States are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
Marketing Tools
Google Tag Manager
This website uses “Google Tag Manager,” a service provided by Google Ireland Limited. Google Tag Manager allows you to manage website tags via a single interface. The Google Tag Manager tool, which implements the tags, is a cookie-free domain. However, Google Tag Manager records your IP address, which may also be transferred to Google’s parent company in the United States.
Google Tag Manager triggers other tags, which may in turn collect data. Google Tag Manager does not access this data. If deactivation has been performed at the domain or cookie level, it remains in effect for all tracking tags implemented with Google Tag Manager.
The legal basis for the processing of your data is Art. 6(1)(a) 1(a) of the GDPR (consent).
Data transfer to the U.S. is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Google Tag Manager FAQ: https://www.google.com/intl/de/tagmanager/faq.html
Google Tag Manager Terms of Service: https://www.google.com/intl/de/tagmanager/use-policy.html
Facebook Custom Audiences
This website uses “Facebook Custom Audiences,” a remarketing tool provided by Meta Platforms, Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as “Facebook”).
Facebook Custom Audiences enables the display of interest-based advertisements, known as “Facebook Ads,” when you visit this website, the Facebook social network, or other websites that also use Facebook Custom Audiences. When Facebook Custom Audiences is used, your web browser automatically establishes a direct connection to Facebook’s server. If you have a Facebook user account and are logged in, Facebook can associate your visit with your user account. Even if you are not registered with Facebook or are not logged in, there is a possibility that Facebook may obtain and store your IP address and, if applicable, other identifying characteristics. We have no influence over the scope and further use of the data processed by Facebook through the use of Facebook Custom Audiences.
We use Facebook Custom Audiences for marketing and optimization purposes, in particular to display content that is relevant and tailored to visitors, thereby improving our offering and making it more interesting for you as a user. The legal basis is Art. 6(1)(f) GDPR (legitimate interest).
Logged-in users can also deactivate Facebook Custom Audiences at https://www.facebook.com/settings/?tab=ads#_. In addition, you can adjust your cookie settings in your browser.
You can also prevent participation in tracking by disabling the providers’ interest-based ads by clicking on one of the links listed. As part of the self-regulation campaigns, a so-called opt-out cookie is set for this purpose. However, this setting is deleted when you clear your cookies.
http://optout.networkadvertising.org/
http://www.youronlinechoices.com/uk/your-ad-choices/
Information on data processing based on standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.
Information from the third-party provider: Meta Platforms Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information from the third-party provider regarding data protection can be found on the following Facebook website: https://www.facebook.com/about/privacy.
Google Ads
“ad servers.” So-called ad server cookies are used for this purpose, which allow certain parameters for measuring success—such as the display of ads or clicks by users—to be tracked. If you arrive at our website via a Google ad, Google Ads will store a cookie on your device. These cookies typically expire after 30 days. Cookies are not used to
identify you personally. This cookie typically stores the following information as analytics data: unique cookie ID,
number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (indication that the user no longer wishes to be targeted). These cookies enable Google to recognize your web browser. If a user visits specific content or pages on a Google Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the client can recognize that the user clicked on the ad and was redirected to that page. Each Google Ads client is assigned a different cookie. Cookies cannot therefore be tracked across the websites of Google Ads clients. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We receive only anonymized, statistical reports from Google. Based on these reports, we can assess the effectiveness of the advertising measures used. We do not receive any further data from the use of the advertising materials; in particular, we cannot identify users based on this information. Due to the marketing tools used, your browser automatically establishes a direct connection to Google’s servers. We have no influence over the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives the information that you have visited the relevant part of our website or clicked on one of our ads. If you have a Google user account and are logged in, Google can associate the visit with your user account. Even if you are not registered with Google or are not logged in, there is a possibility that Google may obtain, store, and process your IP address for other purposes.
We use Google Ads for marketing and optimization purposes, in particular to display relevant and interesting advertisements to you, improve campaign performance evaluations, and ensure fair calculation of advertising costs. This also constitutes our legitimate interest in the processing of the aforementioned data by the third-party provider. The legal basis is Art. 6(1)(f) GDPR.
You can prevent the use of cookies by deleting existing cookies and disabling the storage of new cookies in your web browser settings. Please note that in this case, you may not be able to fully utilize all features of our website. You can also prevent the storage of cookies by configuring your web browser via https://www.google.de/ settings/ads to block cookies from the domain www.googleadservices.com. Please note that this setting will be deleted if you delete your cookies. You can also disable interest-based ads via the link https://optout.aboutads.info. Please note that this setting will also be deleted if you delete your cookies in your web browser.
Third-party provider information: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland
Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/ .
For more information on Google’s use of data, settings and opt-out options, as well as privacy policies, please visit the following Google websites:
Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de
Google Website Statistics: https://services.google.com/sitestats/de.html
Embedded Third-Party Content
Google Maps
We use Google Maps on this website. This allows us to display interactive maps directly on the website and enables you to conveniently use the map feature.
When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In doing so, metadata is transmitted to the service provider, which may be personally identifiable. Additionally, Google obtains your IP address. This occurs regardless of whether Google provides a user account through which you are logged in, or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish for this association with your Google profile, please log out before activating the feature. The information collected by Google is also transmitted to Google servers (Google Inc.) in the United States. Google stores your data as user profiles and uses them for advertising, market research, and/or to tailor its website to user needs. Such analysis is conducted in particular (even for users who are not logged in) to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you should preferably contact Google to exercise this right.
The function is only activated and data is only transmitted to the service provider once the service is activated. The legal basis for the processing of your data is Art. 6(1)(a) GDPR (consent).
Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Further information regarding the purpose and scope of data collection and its processing by the plugin provider can be found in the provider’s privacy policy. There you will also find further information regarding your rights in this regard and settings options for protecting your privacy: https://policies.google.com/privacy?hl=de&gl=de.
We have included a link to Google Maps on our website so that you can more easily locate our address on a map. [Clicking on our “Directions” tab will redirect you directly to the Google Maps website].
Please note that we have no influence over the content or data processing activities of external third-party websites.
Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
For more information on the purpose and scope of data collection and its processing by Google, please refer to the provider’s privacy policy. There you will also find further information regarding your rights in this regard and settings options to protect your privacy: https://policies.google.com/privacy?hl=de& gl=de.
YouTube
We have embedded YouTube videos in our online offering that are stored on https://www.youtube.com/ and can be played directly from our website. These are all embedded in “enhanced privacy mode,” i.e. no data about you as a user is transmitted to YouTube unless you play the videos. According to YouTube, data is only transmitted once you play the videos. We have no influence over this data transmission.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, metadata is transmitted to the service provider, which may be personally identifiable. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish for this association with your YouTube profile, please log out before activating the feature. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research, and/or to tailor its website to user needs. Such analysis is conducted in particular (even for users who are not logged in) to deliver targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you should preferably contact YouTube.
The function is only activated and data transmitted to the service provider once the service is activated. The legal basis for the processing of your data is Art. 6(1)(a) GDPR (consent). Your consent may be revoked at any time with future effect.
Online video conferencing tools
Microsoft Teams
We use the “Microsoft Teams” tool to conduct telephone and video conferences, online meetings, video consultations, digital coaching, and/or webinars (hereinafter: “online meetings”). Microsoft Teams is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
If you visit the Microsoft Teams website (https://teams. microsoft.com/), Microsoft is responsible for data processing. Accessing this website is necessary to download the required software if use is not intended or possible directly via a web browser without a download.
Data Categories
When using Microsoft Teams, various types of data are processed. The total volume of data processing also depends on the information the user provides before, during, and after an “online meeting.”
The following personal data may generally be subject to processing:
User information: First name, last name, phone number (optional), email address, password (if “single sign-on” is not used), profile picture (optional), department (optional)
Meeting metadata: Topic, description (optional), date, time, duration, participant IP addresses, device/hardware information
For recordings (optional) : MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialing in by phone: Information on the incoming and outgoing phone numbers, country name, start and end times. Additional connection data, such as the device’s IP address, may be stored if applicable.
Text, audio, and video data: You may have the option to use the chat, question, or poll features in an “online meeting.” The text you enter is processed to display it in the “online meeting” and, if applicable, to log it. To enable video display and audio playback, data from a microphone and any video camera on the device is processed during the meeting. Data transmission from the camera and microphone can be disabled or muted at any time and by any user independently via the Microsoft Teams application.
To participate in an “online meeting” or enter the “meeting room ,” you must at least provide your name.
Data Storage
“Online meetings” are not recorded. If we intend to record “online meetings,” we will notify you in advance and obtain your consent. The fact that the meeting is being recorded will also be displayed to you in the Microsoft Teams app.
The content of chats is logged by Microsoft when using Microsoft Teams. If necessary for the purpose of documenting the results of an online meeting, we may also log chat content.
Legal Basis for Data Processing
To the extent that personal data of employees of [Company] is processed, Section 26 of the German Federal Data Protection Act (BDSG) serves as the legal basis for data processing.
If, in connection with the use of Microsoft Teams, personal data is not necessary for the establishment, execution, or termination of the employment relationship but is nonetheless an essential component of using Microsoft Teams, then Article 6(1)(f) f GDPR is the legal basis for data processing. In these cases, our interest lies in the effective conduct of “online meetings.”
Furthermore, the legal basis for data processing during the conduct of “online meetings” is Art. 6(1)(b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
Recipients / Disclosure of Data
Personal data processed in connection with participation in “online meetings” is generally not disclosed to third parties, unless it is specifically intended for disclosure. Apart from this, disclosure to third parties only occurs if we are legally obligated to do so (e.g., by court order), or the data subjects have expressly consented to the transfer of their data.
The provider of Microsoft Teams, which supports us in conducting “online meetings,” necessarily gains access to the aforementioned data,
to the extent provided for in our data processing agreement with Microsoft.
Microsoft is obligated to comply with the legal requirements of applicable data protection law through the data processing agreement concluded with Microsoft Teams, based on EU Standard Contractual Clauses. A currently valid version can be viewed at the following link:
https://www.microsoftvolumelicensing.com/Downloader.aspx? DocumentId=18030.
Data Processing Outside the European Union
Data processing outside the European Union (EU) generally does not take place, as we have limited our storage location to data centers within the European Union. However, we cannot technically rule out routing or storage on servers outside the European Union at the data processor Microsoft.
A secure level of data protection is ensured through the conclusion of supplemented EU Standard Data Protection Clauses as well as technical and organizational measures. For example, the data is encrypted during transmission over the Internet and are thus generally protected against unauthorized access by third parties. Furthermore, in a statement dated July 20, 2020, Microsoft guarantees—with regard to personal data stored by Microsoft in the U.S. and Europe that may be subject to official requests for information from U.S. authorities—that any court orders granting access to personal data.
Further Information on Data Protection in Microsoft Teams
Further information on Microsoft’s data protection policies is available at https://privacy.microsoft.com/de-de/privacystatement (section “Online Services for Business”), as well as: https://www.microsoft.com/de-de/trust-center/privacy/customer-data-definitions.
Zoom
We use the “Zoom” tool to conduct telephone and video conferences, online meetings, video consultations, digital coaching, and/or webinars (hereinafter: “online meetings”). Zoom is a service provided by Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA.
If you visit the Zoom website (https://zoom.us), Zoom is responsible for data processing. Visiting this website is necessary to download the required software if use is not intended or possible directly via a web browser without a download.
You can also use Zoom by entering the respective meeting ID and, if necessary, additional access data for the online meeting directly in the Zoom app. Even without the app, basic functions are available via a browser version.
Data Categories
Various types of data are processed when using Zoom. The total volume of data processing also depends on the information the user provides before, during, and after an “online meeting.”
If you participate in an online meeting as an external attendee, you will receive an access link from the host via email. When registering for the online meeting, you must then provide your name and, if applicable, your email address.
In addition, the tool collects user data necessary for providing the service. This includes, in particular, technical data about your devices, your network, and your internet connection, such as IP address, device type, operating system type and version, client version, camera type, microphone or speakers, and connection type.
The following personal data may generally be subject to processing:
User information: First name, last name, phone number (optional), email address, password (if “single sign-on” is not used), profile picture (optional), department (optional)
Meeting metadata: Topic, description (optional), date, time, duration, participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialing in by phone: Information regarding the incoming and outgoing phone numbers, country name, start and end times. Additional connection data, such as the device’s IP address, may be stored if applicable.
Text, audio, and video data: You may have the option to use the chat, question, or poll features during an “online meeting.” The text you enter is processed to display it in the “online meeting” and, if applicable, to log it. To enable video display and audio playback, data from a microphone and any video camera on the device is processed during the meeting. Data transmission from the camera and microphone can be turned off or muted at any time and by any user independently via the Zoom applications.
Data Storage
“Online meetings” are not recorded. If we , we will notify you in advance and obtain your consent. The fact that the meeting is being recorded will also be displayed to you in the Zoom app. Recordings stored on Zoom’s cloud servers are automatically deleted after 30 days at the latest. Unless online meetings are recorded, the provider states that it does not store the meeting content after the online meeting has ended.
If it is necessary for the purpose of documenting the results of an online meeting, we will log the chat content. However, this will generally not be the case.
Legal Basis for Data Processing
To the extent that personal data of employees of the [Company], Section 26 of the German Federal Data Protection Act (BDSG) serves as the legal basis for data processing.
If, in connection with the use of Zoom, personal data is not required for the establishment, performance, or termination of the employment relationship but is nonetheless an essential component of using Zoom, then Article 6(1)(f) of the General Data Protection Regulation (GDPR) serves as the legal basis for data processing. In these cases, our interest lies in the effective conduct of “online meetings.”
Furthermore, the legal basis for data processing during the conduct of “online meetings” is Article 6(1)(b) of the GDPR, provided that the meetings are conducted within the framework of contractual relationships.
Recipients / Disclosure of Data
Personal data processed in connection with participation in
“online meetings” are generally not disclosed to third parties, unless they are specifically intended for disclosure. Apart from that, disclosure to third parties only takes place if we are legally obligated to do so (e.g., by court order) , or the data subjects have expressly consented to the transfer of their data.
Zoom Video Communications Inc. supports us in the processing of your data as an external service provider and data processor within the meaning of Art. 28 GDPR. As a data processor, Zoom Video Communications Inc. processes your data strictly in accordance with our instructions and on the basis of a separately concluded data processing agreement.
Data Processing Outside the European Union
Data processing may also take place outside the EU or the EEA. The data collected directly during online meetings (such as video, audio, conversation content) is generally processed at the nearest Zoom server location, and thus regularly within the EU; otherwise, it is processed exclusively on U.S. servers. The remaining metadata is processed on U.S. servers.
Data is transferred based on the EU Commission’s Standard Data Protection Clauses as an appropriate guarantee for an adequate level of data protection pursuant to Art. 46(2)(c) of the GDPR, as well as technical and organizational measures. For example, the data is encrypted during transmission over the internet and is thus generally protected against unauthorized access by third parties. Zoom also provides end-to-end encryption for online meetings as well as the use of the data routing feature.
For more information on Zoom’s privacy policy, please visit https://zoom.us/de-de/privacy.html.
SWYX Meetings
We use the SWYX Meetings tool to conduct telephone and video conferences, online meetings, video consultations, digital coaching, and/or webinars (hereinafter: “online meetings”). SWYX Meetings is a service provided by Enreach Germany GmbH, Emil-Figge-Straße 86, 44227 Dortmund, Tel: 0231 47777-0, Email: office@enreach.de
If you visit the Enreach website (www.enreach.de), Enreach is responsible for data processing. Accessing this website is necessary to download the required software if use cannot or should not take place directly via a web browser without a download.
Data Categories
Depending on the data you enter when or during your participation in video conferences, the data categories listed below will be processed from you in connection with the use of SWYX Meetings.
If we record online meetings, we will notify you in advance and obtain your consent. All participants will be informed by the application about the start and end of a recording.
The following categories of personal data are subject to processing:
- Freely selectable name of guest participants in the meeting and color coding (avatar function) ·
- When dialing in by phone: Participant’s phone number, unless the participant suppresses the transmission of their phone number
- Freely selectable name for the meeting room
- Text messages (chat function)
- Video stream (video function)
- Transmission of one’s own screen content (screen-sharing function)
- Uploaded files (file-sharing function)
- Additional information (data transmission to other participants) necessary for the functioning of a meeting between participants
To participate in an “online meeting,” you must provide at least a freely selectable name and a color identifier to enter the “meeting room.” Without providing this information, participation in a video conference via SWYX MEETING is not possible.
Legal basis for data processing
To the extent that personal data of employees of [Company] is processed, Section 26 of the German Federal Data Protection Act (BDSG) serves as the legal basis for data processing.
If, in connection with the use of SWYX Meetings, personal data is not required for the establishment, implementation, or termination of the employment relationship, but is nonetheless an essential component of using SWYX, then Art. 6(1)(f) GDPR is the legal basis for data processing. In these cases, our interest lies in the effective conduct of “online meetings.”
Furthermore, the legal basis for data processing when conducting “online meetings” is Article 6(1)(b) of the GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
Recipients of Data
We generally do not disclose data processed in connection with participation in our video conferences to third parties, unless such data is intended for disclosure. If the data is intended for disclosure (e.g., placing an order during a video conference, pre-contractual measures, content of inquiries to other departments, job interviews, performance reviews, etc.), we transfer your personal data within our organization exclusively to the departments and individuals who require this data to perform their duties. Otherwise, data is transferred to recipients outside the company only to the extent permitted or required by law.
Data is not transferred to a third country. All processing of personal data takes place within the European Union or the European Economic Area.
Data Retention
In general, we delete personal data whenever there is no longer a need for further storage. To the extent necessary, we process and store your personal data to fulfill contractual purposes or for the purposes of the employment relationship. In these areas of processing (as well as, where applicable, in other areas), we are subject to various legal retention and documentation obligations. In the case of legal retention and documentation obligations, deletion is only considered after the respective retention period has expired.
Social Media Presence
Information on Social Media
We maintain publicly accessible profiles on social networks to draw attention to our services and products. There, we would like to connect with you as a visitor and user of these pages as well as our website.
In doing so, user data may be processed outside the European Union. This may pose risks for you as a user; in some cases, it may make it more difficult to enforce your rights.
When selecting the social media platforms we use, we ensure that the operators commit to complying with EU data protection standards.
When you visit one of our social media profiles (e.g., Facebook), we, the company, Address, are jointly responsible with the operator of the respective social media platform in accordance with the GDPR and other data protection regulations.
Data Processing on Social Media Platforms
We have no influence over the processing of personal data by the respective platform operator. For example, social networks such as Facebook use your data for market research and advertising purposes. Among other things, user behavior can be analyzed and a usage profile created based on the user’s resulting interests. Social media operators use cookies to store and further process this information. These are text files that are stored on the user’s various devices. If you have a profile on the respective social media platform and are logged in to it, the storage and analysis even take place across devices. In this way, interest-based advertising can be displayed to you both within and outside the respective social media presence. Data processing may also affect individuals who are not registered as users on the respective social media platform.
We can access statistical data of various categories via social media platforms. These statistics are generated and provided by the social media operator. As the operator of the fan page, we have no influence over their generation or presentation. We use this data, which is available in aggregated form (total number of page views, “Likes,” page activity, post interactions, reach, video views, post reach, comments, shared content, replies, proportion of men and women, origin by country and city, language, views and clicks in the shop, clicks on route planners, clicks on phone numbers) to make our posts and activities on our fan page more appealing to users. Due to the constant development of social media platforms, the availability and presentation of data are subject to change; therefore, we refer you to the platforms’ privacy policies for further details.
Legal Basis
The operation of these fan pages, including the processing of users’ personal data, is based on our legitimate interests in providing a modern and supportive means of information and interaction for and with our users and visitors pursuant to Art. 6(1)(f) GDPR. In some cases, you may also have granted a platform operator consent to data processing; in this case, Art. 6( 1(a) GDPR.
For a comprehensive overview of the respective data processing and opt-out options, please refer to the privacy policies and information provided by the relevant platform operator.
Retention Period
Data collected directly by us via our social media channels is deleted from our systems as soon as the purpose for its storage no longer applies,
you request deletion, or you withdraw your consent to storage. Stored cookies remain on your device until you delete them. Mandatory legal provisions—in particular retention periods—remain unaffected.
We have no influence over the retention period of your data stored by social network providers for their own purposes. You can find more detailed information on this directly from the operator of the social network (e.g., in their privacy policy, see below).
Exercising Your Rights
You may generally exercise your rights (right of access, rectification, erasure, restriction of processing, data portability, and the right to lodge a complaint) both with us and with the operator of the respective portal (e.g., Facebook).
Despite joint responsibility, we would like to point out that we do not have full access to your personal data. For this reason, you should contact the providers of the social media platforms directly regarding requests for information and the exercise of data subject rights. This is because only the providers have access to the user data and can take direct action and provide information. If you need assistance with this, please contact us: Company, Address, Email, Fax (if applicable).
Our Social Networks
Facebook:
Provider: Meta Platforms, Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum
Privacy Policy: https://www.facebook.com/about/privacy
Opt-out option: https://www.facebook.com/settings?tab=ads
Instagram:
Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Privacy Policy: http://instagram.com/about/legal/privacy
Opt-out option: http://instagram.com/about/legal/privacy
Pinterest:
Provider: Pinterest Europe Ltd, WeWork, 2 Dublin Landings, N Wall Quay, Dublin 1, D01 V4A3
Privacy Policy: https://policy.pinterest.com/en/privacy-policy
Opt-out option: https://help.pinterest.com/en/article/personalization-and-data
Data Protection for Job Applications
We offer you the option to apply to us via email, mail, or our online application form. Below, we provide information regarding the scope, purpose, and use of your personal data collected during the application process.
Scope and Purpose of Data Collection
In order for us to consider you in the application process for a specific position, standard and informative application documents are required, through which you provide us with information about your personal profile and qualifications.
The personal data you provide and submit to us as part of your application typically includes: a cover letter, a resume with standard personal information (first and last name, date of birth, address, phone number, email address, photo), as well as supporting documents and certificates.
As a general rule, we use your application documents solely to decide on filling the specific position for which you have explicitly applied.
We process the personal data provided to us only to the extent necessary for the purpose of deciding whether to establish an employment relationship with us. The legal basis for this is Art. 6(1)(b) GDPR, Art. 88 GDPR in conjunction with Section 26(1) Sentence 1 BDSG (new), insofar as this concerns information we receive from you as part of the application process (name, contact details, date of birth, information regarding your professional qualifications and educational background, or information regarding professional development). If you voluntarily provide us with additional information, we process this on the basis of your consent pursuant to Art. 6(1)(a) GDPR. During the course of the application process, additional personal data may be collected from you personally and from publicly available sources for this informational purpose. Your personal data will be shared within our company exclusively with persons involved in processing your application.
If we process personal data about you to defend against legal claims asserted against us by you arising from the application process, we rely on Article 6(1)(f) of the GDPR as the legal basis. The legitimate interest is, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG).
If you submit a speculative application that does not refer to a specific position, we will consider your application documents in the context of hiring decisions for all relevant positions. We will make the applicant data available in automated searches for selected decision-makers within our company/group so that they can review your personal profile and qualifications. The legal basis for data processing in this case is also Art. 6(1)(b) GDPR in conjunction with Art. 28 GDPR, § 26(1) BDSG (new).
The following companies belong to the corporate group: List of possible recipients
Categories of recipients of personal data
Your personal data will only be transferred to third parties for the purposes listed below. We will only disclose your personal data, which we have received as part of the application process, to third parties if:
- you have expressly consented to this pursuant to Art. 6(1)(a) GDPR, § 26 BDSG (new) you have given your express consent to do so,
- the disclosure is necessary pursuant to Art. 6(1)(f) GDPR to assert, exercise, or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
- in the event that there is a legal obligation for the disclosure pursuant to Art. 6(1) 1(c) of the GDPR, and
- this is legally permissible and required under Article 6(1)(b) of the GDPR and Section 26(1), Sentence 1 of the BDSG (new) for the establishment or fulfillment of contractual relationships with you.
Furthermore, your data will be disclosed to technical service providers on the basis of Article 28 of the GDPR, who use your data exclusively on our behalf and under no circumstances for their own business purposes. These include IT service providers, hosting providers, or providers of applicant tracking systems.
There are no plans to transfer your data to third countries outside the EU or the European Economic Area.
Data Retention Period
If we are unable to offer you a position, you decline a job offer, withdraw your application, withdraw your consent to data processing, or request that we delete the data, the data you have submitted—including any remaining physical application documents—will be stored or retained for a maximum of 6 months after the conclusion of the application process (retention period) to enable us to trace the details of the application process in the event of discrepancies (Art. 6(1)(f) GDPR).
Should an application process result in a hiring decision, we will include your application documents in your personnel file pursuant to Art. 6(1)(b) GDPR, § 26(1) BDSG-neu, for the purpose of establishing the employment relationship as well as the personality profile you described and the qualifications you stated that form the basis of the hiring decision.
Provision of Data
The provision of your personal data is not legally required during the initial phase of establishing an employment relationship. However, the provision of personal data is necessary for the conclusion of an employment contract with us. This means that, unless you provide us with personal data in your application, we cannot and will not enter into an employment relationship with you.
Automated Decision-Making
No automated decision-making takes place in individual cases within the meaning of Article 22 of the GDPR. This means that we evaluate your application personally, and the decision regarding your application is not based solely on automated processing.
Physical Business Premises
Security Cameras
We use video surveillance in our stores for the purpose of detecting criminal offenses, protecting property, and preventing vandalism. No audio recording takes place. The legal basis is Article 6(1)(f) of the GDPR. The use of video surveillance is indicated by a clearly visible pictogram in the stores. We generally delete the footage from the security cameras 72 hours after it is recorded. In the event of a criminal offense, we reserve the right to store the footage until the purpose of collection no longer applies. The video recordings are not transferred to third parties, with the exception of investigative authorities who request the recordings in the event of a criminal offense. For installation and maintenance purposes, maintenance companies commissioned by us may have access to stored data.
Processing of cashless payments
When you pay with your debit card, credit card, or use the contactless payment method (NFC), we, as the merchant, collect personal data via the payment terminal. We then transmit this collected data to the network operator. The network operator and the respective payment service providers responsible for accepting and settling the payment transactions (acquirers) further process the data, in particular for payment processing, to prevent card fraud, to limit the risk of payment defaults, and for legally mandated purposes, such as anti-money laundering and law enforcement. For these purposes, your data is also transmitted to other data controllers, such as your card-issuing bank.
Data Controller
We, as the merchant, and the network operator or acquirer are each separate data controllers responsible for processing the data.
As the payee, we are responsible for operating the payment terminal at the checkout and, where applicable, for our internal network up to the secure transmission via the Internet or telephone line to the network operator. The network operator and acquirer are responsible for the further processing of the data, in particular for executing and settling payment transactions.
When using electronic payment methods, data is transmitted to the name and contact details of the company acting as the network operator.
For information on data processing by the network operator, please refer to the privacy policy at the link to the network operator’s privacy policy.
Type and Scope
We process your card data (IBAN or account number and BIC, card expiration date, and card serial number) and other payment data (amount, date, time, terminal ID, location, company, and branch where you make the payment, your signature) .
If a direct debit is not honored (e.g., due to revocation), we collect the data related to the return debit as well as the data associated with the outstanding claim (first and last name, address, purchase receipt, bank fees incurred, reminder fees, and the reason for the return debit).
Most of the data mentioned above is stored on your card. We receive this data when the card is read at the payment terminal. We obtain your PIN or signature from you. In the event of a chargeback, we may receive data from your bank or your bank.
Purpose/Legal Basis
We process your data in particular to execute the purchase contract (legal basis: Art. 6(1)(b) GDPR), to fulfill legal obligations (legal basis: Art. 6(c) GDPR), and to investigate fraud and other criminal offenses (Art. 6(1)(f) GDPR) and our legitimate interest in protecting our assets and preventing payment defaults.
The network operator processes the data in particular for payment processing (legal basis: Art. 6(1)(b) GDPR), to prevent card misuse, to limit the risk of payment defaults (legal basis: Art. 6(1)(f) GDPR, pursuit of the legitimate interest in asset protection), and for legally prescribed purposes, such as anti-money laundering and criminal prosecution (Art. 6(1)(c) GDPR). You can obtain further information on this from the payment service provider or your bank.
Disclosure to Third Parties
We transfer your data mentioned above to [Company Name] for the purpose of payment processing. [Company Name] in turn transfers this data to your participating bank or the credit card company. To the extent necessary for payment processing, your data may be transferred to other participating service providers as part of this payment processing.
Transfer to Third Countries
We do not transfer your payment data to third countries or to organizations outside the EU. Such a transfer can only take place if you pay by credit card and the credit card company is based outside the EU.
Provision of Data
The provision of your data is voluntary. You are neither legally nor contractually obligated to provide us with your data. However, a card payment is not possible without this data.
Use of Guest Wi-Fi
We provide you with free access to the internet in the form of Wi-Fi (“Guest Wi-Fi”) at our business premises. Below, we inform you about the personal data collected in this context.
Purposes of Processing and Legal Basis
Data processing is carried out for the purpose of technically providing guest Wi-Fi and ensuring smooth use by our guests. Processing is necessary for the performance of a contract (provision of internet access via guest Wi-Fi) pursuant to Art. 6(1)(b) of the GDPR.
Furthermore, we process your data to safeguard our legitimate interests pursuant to Art. 6(1)(f) of the GDPR. Our legitimate interests lie in ensuring the security of our IT systems and in defending against liability claims in the event of non-compliant use of the guest Wi-Fi.
Data Categories and Data Origin
When using our guest Wi-Fi, the MAC address and hostname of your device, [username, log data regarding the type and extent of use of the guest Wi-Fi…] are stored in this context. In addition, each device is assigned its own IP address.
The data is transmitted directly to us by our guests when they log in to the guest Wi-Fi.
Recipients
We do not disclose your personal data to third parties. Your data will only be disclosed or transferred to the extent necessary for contract fulfillment, based on a legal basis, where a legitimate interest exists, or based on your prior consent.
If external service providers assist us in processing your data (e.g., IT service providers), this is done within the framework of commissioned processing in accordance with Art. 28 GDPR. In doing so, we only enter into contracts with service providers that offer sufficient guarantees that appropriate technical and organizational measures ensure the protection of your data.
Data Transfer to a Third Country
No data is transferred to third countries, nor is such a transfer intended.
Duration of Storage
The data is regularly deleted by us, but no later than [recommendation: a maximum of 30 days], [if applicable, more specific: with the exception of MAC and IP addresses, usernames, and log data. These are stored for a maximum of 24 hours after activation], unless longer storage of the personal data is required by law or is necessary for the establishment, exercise, or defense of legal claims.
Provision of Data
The provision of personal data regarding the data subject is technically necessary for the use of the guest Wi-Fi. Without this data, you cannot use our guest Wi-Fi.
Business Relationships
The following information explains how we handle your data when you contact us, when contract negotiations are taking place with us, and/or when contractual agreements exist with us.
Purposes of processing and legal basis
Data processing is carried out for the purpose of contract fulfillment. The processing of your data is necessary pursuant to Art. 6(1)(b) GDPR for the initiation and fulfillment of contracts.
Furthermore, the processing of your personal data may be necessary on the basis of Art. 6(1)(f) GDPR to safeguard our legitimate interests. Our legitimate interests consist of avoiding economic disadvantages through credit checks, inviting you to events, asserting legal claims and avoiding legal disadvantages (e.g., in the event of insolvency), defending against threats and liability claims and avoiding legal risks, sending emails, and preventing criminal offenses.
Data Categories and Data Sources
We process the following categories of data:
Master and contact data: Title, name (first and last name), department and position within the company, address, email, phone, fax, date of birth, purchase history, contract data, billing data.
The data from the aforementioned categories was provided to us directly by our customers and prospective customers.
Recipients
We do not disclose your personal data to third parties. Exceptions to this include our service partners when necessary to fulfill the contract, such as parcel and mail carriers, banks for direct debit collection, tax authorities, and, where applicable, other entities such as credit bureaus, etc.
Duration of storage
The data stored about you will be deleted after the contract has been fulfilled, provided that no further legal retention obligations apply. Such data includes, for example, commercial and financial data. These will be deleted after ten years in accordance with legal regulations, unless longer retention periods are prescribed or required for legitimate reasons. If you revoke your consent to the use of your data, it will be deleted immediately, provided that the reasons stated above do not preclude this.
Right to Object
You have the right to object to the processing of your data. You may object to the use of your data at any time for the future.
Provision of Data
The provision of personal data is contractually required or necessary for the conclusion of a contract. If the required personal data is not provided, this would mean that we are unable to enter into a business relationship with you.
Cookie Box
The Cookie Box informs you about the necessary and optional cookies set by the website when you visit our website. Settings you have made can be viewed and adjusted at any time. To do so, you must reopen the Cookie Box (accessible via the button below).
Meta Pixel
Our website uses “Meta Pixel” (formerly “Facebook Pixel”), a service provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as “Facebook”). Meta-Pixel enables Facebook to display our ads on Facebook, known as “Facebook Ads,” only to those Facebook users who have visited our website, particularly those who have shown interest in our offerings or in specific topics or products. Meta Pixel is also used to verify whether a user was redirected to our website after clicking on our Facebook Ads. Furthermore, so-called “events” are tracked via Meta Pixel. This involves recording individual actions on our website, such as adding an item to the shopping cart or completing a purchase, which provide us with insights into how to improve the performance and measurement of Facebook advertising campaigns.
Meta Pixel uses, among other things, cookies that are stored locally in the web browser’s cache on your device. If you are logged into Facebook with your user account, your visit to our online offering will be recorded in your user account . The data collected about you is anonymous to us, meaning it does not allow us to identify you. However, Facebook may associate this data with your Facebook user account. We have no influence over the scope and further use of data processed by Facebook through the use of Meta Pixel. Even if you are not registered with Facebook or are not logged in, there is a possibility that Facebook may obtain and store your IP address and, if applicable, other identifying characteristics.
We use Meta-Pixels for marketing and optimization purposes, in particular to display ads on Facebook that are relevant and interesting to you, thereby improving our offering, making it more appealing to you as a user, and avoiding intrusive ads. The legal basis is Art. 6(1)(a) GDPR (consent) and § 25(1) TTDSG.
You may revoke your consent to the processing of personal data by Meta Pixel and the use of your data for the display of Facebook ads at any time with future effect. You can adjust settings regarding the types of ads displayed to you on Facebook directly on the Facebook website: https://www.facebook.com/settings?tab=ads. Please note that this setting will be deleted if you clear your cookies in your browser.
You can also prevent participation in tracking by deactivating the providers’ interest-based ads by clicking on one of the links listed. As part of the self-regulation campaigns, a so-called opt-out cookie is set for this purpose. However, this setting will be deleted when you clear your cookies.
http://optout.networkadvertising.org/
http://www.aboutads.info/choices
http://www.youronlinechoices.com/uk/your-ad-choices/
Information on data processing based on standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.
Third-party provider information: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information from the third-party provider regarding data protection can be found on the following Facebook website: https://www.facebook.com/about/privacy. Information regarding Facebook Pixel can be found on the following Facebook website: https://www.facebook.com/business/help/651294705016616.
[borlabs-cookie type=”btn-cookie-preference” title=”Cookie Box aufrufen”/]