Data protection

Data protection

  1. Information about the collection of personal data and contact details of the person responsible
  2. Data collection when you visit our website
  3. contact
  4. Cookies
  5. Data processing for order processing
  6. Data processing when opening a customer account and for contract processing
  7. Comment function
  8. Use of your data for direct advertising
  9. Contact us for a review reminder
  10. Use of social media: Social plugins
  11. Using Social Media: Video
  12. Online marketing
  13. Web analytics services
  14. Use of rating and seal graphics
  15. Tools and others
  16. Rights of the person concerned
  17. Duration of storage of personal data

  1. Information about the collection of personal data and contact details of the person responsible

1.1 Thank you for visiting our website. Below we would like to inform you about how your personal data is handled when you use our website. Personal data is basically all data with which you can be personally identified.

1.2 The person responsible for processing data on our website within the meaning of the General Data Protection Regulation (GDPR) is:

Ingo Gross

Königstr. 63

27798 Hude

Germany

Tel.: 04408-3596991

Fax: 04408-3596992

Email: info@sollomo.de.

1.3 In order to protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL or TSL) via HTTPS.

  1. Data collection when you visit our website

Every time our website is accessed, our system automatically records data and information that your browser transmits to our server (so-called “server log files”). The following data, which is technically necessary for us, is collected:

- Our visited website

- Date and time at the time of access

- Amount of data sent in bytes

- Source/reference from which you came to the page

- Operating system used

- Browser used

- IP address used (if necessary: ​​in anonymized form

The legal basis for processing is Article 6 Paragraph 1 Letter f of the GDPR due to our legitimate interest in improving the stability and maintaining the functionality of our website. The data will not be passed on or used in any other way. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. To do this, the user's IP address must remain stored for the duration of the session.

We reserve the right to subsequently check the server log files if there are concrete indications of illegal use. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the users' IP addresses are deleted or altered so that it is no longer possible to assign the calling client. The collection of data to provide the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility for the user to object.

  1. contact

If you contact us using the contact form, the data entered in the input mask will be transmitted to us and stored. The data collected can be found in the respective input mask. When you contact us via email, only the data you enter will be transmitted to us.

The data will only be used to process the conversation and your request. The legal basis for processing the data, if the user has given his consent, is Article 6 Paragraph 1 Letter a) GDPR. The legal basis for the processing of data transmitted in the course of sending an email is Article 6 Paragraph 1 Letter f) GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Letter b) GDPR. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected and provided that there are no legal retention obligations to the contrary. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be seen from the circumstances that the matter in question has been finally clarified. The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot continue.

  1. Cookies

Our website uses cookies.

Cookies are text files that are stored on the user's device. When a user accesses a website, a cookie can be stored on the user's operating system. Some functions of our website cannot be offered without the use of cookies. This requires that the browser is recognized even after a page change. The user data collected through technically necessary cookies is not used to create user profiles. For the purposes mentioned above, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 Para. 1 lit. f) GDPR.

In addition, our website may use cookies that enable an analysis of users' surfing behavior (so-called third-party cookies). Further information on the scope, purpose, legal basis and objection options can be found in the relevant sections of the respective chapter of this data protection declaration.

As a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate, restrict or delete the transmission of cookies. If you deactivate cookies for our website, you may no longer be able to use all functions of the website to their full extent. You can prevent the transmission of Flash cookies by changing the Flash Player settings.

You can find help with the settings in the respective help menu of your browser or under the following links: Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehne

Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Some of the cookies used here are deleted after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values ​​on an individual basis. Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie.

The checkout solution from Klarna used here (Klarna Bank AB (publ.), Sveavägen 46, 111 34 Stockholm, Sweden) uses cookies to ensure a smooth process for you when using Klarna's checkout.

More information about the individual cookies and an explanation of their respective purpose can be found for Germany at: http://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf and here for Austria https:/ /cdn.klarna.com/1.0/shared/content/policy/cookie/de_at/checkout.pdf .

  1. Data processing for order processing

5.1 If you would like to order in our web shop, in order to conclude the contract it is necessary that you provide your personal data that we need to process your order. We process the data you provide to process your order.

We sometimes work with external service providers to process your order. To do this, we must pass on the necessary personal data.

If we commission transport companies to deliver your goods, we will pass on your data required for the delivery of the goods to the respective transport company. To process payments, we will pass on your data to the commissioned credit institution as necessary. If we use payment service providers, you will also be informed about this below.

The legal basis for passing on your data is Article 6 Paragraph 1 Letter b GDPR.

5.2 Transfer of your personal data to shipping service providers

- DHL

If the goods are delivered to you by the transport service provider DHL (Deutsche Post AG, Charlesde-Gaulle-Straße 20, 53113 Bonn), we only provide for the purpose of delivery and to the extent necessary in accordance with Art. 6 Para. 1 lit. b GDPR the name of the recipient and the delivery address to DHL. Only if you have given your express consent during the ordering process will we pass on your email address to DHL in accordance with Art. 6 Para. 1 lit. Your consent can be revoked at any time with future effect from the person responsible above or from the transport service provider DHL.

-DPD

If the goods are delivered to you by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg), we will only provide the name of the recipient for the purpose of delivery and to the extent necessary in accordance with Art. 6 Para. 1 lit. b GDPR and forward the delivery address to DPD. Only if you have given your express consent during the ordering process will we pass on your email address to DPD in accordance with Art. 6 Para. 1 lit. Your consent can be revoked at any time with future effect from the person responsible above or from the transport service provider DPD.

5.3 Use of payment service providers

-Amazon Pay

When paying via “Amazon Pay”, the payment is processed via Amazon Payments Europe sca, 5 Rue Plaetis, L-2338 Luxembourg (hereinafter referred to as “Amazon Payments”). The seller passes on the information provided by the customer during the ordering process to Amazon Payments in accordance with Article 6 (1) (b) GDPR exclusively for the purpose of payment processing and only to the extent necessary. Further information about Amazon Payments' data protection regulations can be found here: https://pay.amazon.com/de/help/201751600

5.4 Apple Pay

If you select the payment method "Apple Pay" (a service provided by Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland), payment is processed via the "Apple Pay" function of your device running iOS, watchOS or macOS Device by charging a payment card you have stored with “Apple Pay”.

Your transaction is protected using the security functions of the hardware and software of your device. If a payment is to be released, it must be released by entering a code and verifying it using the “Face ID” or “Touch ID” function of your device.

The information you provided during the ordering process, along with the information about your order, will be passed on to Apple in encrypted form for the purpose of payment processing. This data will then be encrypted again by Apple and then transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website on which the order was placed can access the payment data.

After payment, Apple sends the device account number and a transaction-specific, dynamic security code to the store website to confirm payment.

Personal data may be processed for the curtains mentioned. In this case, this is done for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.

When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple can process or store data. However, this is done in a format that cannot be used to identify you.

Information about Apple Pay’s data protection is available here: https://support.apple.com/de-de/HT203027 5.5 bancontact

When paying via "bancontact" via the PayPal checkout, the payment is processed via the payment service provider PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "Paypal").

You can find out more information about Paypal checkout in the relevant passage below.

5.6 blik

When paying via "blik" via the Paypal checkout, the payment is processed via the payment service provider PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "Paypal").

You can find out more information about Paypal checkout in the relevant passage below.

5.7 Google Pay

If you select the payment method “Google Pay” (a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”)), payment processing is carried out via the “Google Pay” application Your Android (at least 4.4 "KitKat") operated mobile device with an NFC function. Payment is made using one of your payment cards stored with Google Pay or a payment system verified there (e.g. PayPal). In order to approve a payment via Google Pay of more than EUR 25, you must first unlock your mobile device. The information you provided when placing your order will be passed on to Google for the purpose of payment processing. Google generates a unique transaction number that is sent to the order website to verify the payment. This transaction number is simply a numeric token that does not contain any information about your data. The actual transaction is carried out between the user and the ordering website by debiting the payment method stored in Google Pay. Personal data may be processed during the processes described. In this case, processing takes place for the purpose of payment processing in accordance with Article 6 Paragraph 1 Letter b GDPR.

The terms of use of Google Pay can be found here: https://payments.google.com/payments/apissecure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de . Further information on data protection with Google Pay can be found at the following internet address: https://payments.google.com/payments/apissecure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de .

5.8 mybank

When paying via "mybank" via the PayPal checkout, the payment is processed via the payment service provider PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "Paypal").

You can find out more information about Paypal checkout in the relevant passage below.

-Paypal

If you select the payment method PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal, payment is processed via PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).

We pass on your personal data to PayPal to the extent necessary in accordance with Article 6 Paragraph 1 Letter b of the GDPR. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal.

For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 Paragraph 1 Letter f of the GDPR due to PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values ​​(so-called score values). To the extent that score values ​​are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, but is not limited to, address data.

Which other data is collected by PayPal can be found in PayPal's respective data protection declaration. This can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

5.9 Paypal Checkout

We use PayPal Checkout (PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal") on this website.

PayPal Checkout is an online payment solution from PayPal that supports both PayPal payment methods and local payment methods from third-party providers.

If you select the payment methods PayPal, credit card via PayPal, direct debit via PayPal or "Pay later" via PayPal (if offered), we will pass on your necessary payment data to PayPal for the purpose of payment processing. The transfer is permitted in accordance with Article 6 Paragraph 1 Letter b GDPR.

For the payment methods credit card via PayPal, direct debit via PayPal or "Pay later" via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, PayPal may pass on your necessary payment details to credit agencies. The processing takes place on the legal basis of Article 6 Paragraph 1 Letter f GDPR. PayPal has a legitimate interest in determining your ability to pay. You can object to this processing of your data at any time by sending a message to PayPal, although further processing of your personal data by PayPal may still be permitted if this is necessary for the contractual payment processing.

If you select the payment method PayPal purchase on account, we will first transmit your payment data to PayPal in accordance with Art. 6 Paragraph 1 Letter b GDPR. PayPal will then forward your data to Ratepay GmbH, Ritterstr., to carry out the payment. 12-14, 10969 Berlin. RatePay then carries out an identity and creditworthiness check on its own behalf. The legal basis for this is Article 6 Paragraph 1 Letter f GDPR, the legitimate interest in determining solvency. For this purpose, RatePay passes on your payment data to credit agencies in accordance with Article 6 Paragraph 1 Letter f of the GDPR.

Ratepay can access the following credit agencies: https://www.ratepay.com/legal-payment-creditagencies/ If you choose the payment method of a local third-party provider, we will first pass your payment details to PayPal in accordance with Art. 6 Para. 1 lit. b GDPR further. PayPal will then forward your payment data to the provider you have selected to carry out the payment (6 Para. 1 lit. b GDPR):

- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)

- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main

- Immediately (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)

- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)

- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)

- blik (Polski Standard P?atno?ci sp. z oo, ul. Czerniakowska 87A, 00-718 Warsaw, Poland)

- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Pozna?, Poland)

- MyBank (PRETA SAS, 40 Rue de Courcelles, F-75008 Paris, France)

Further information can be found in PayPal's privacy policy:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full

- IMMEDIATELY

If you select the payment method "SOFORT", payment is processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter referred to as "SOFORT"). We pass on your personal data, along with the information about your order, to SOFORT in accordance with Article 6 Paragraph 1 Letter b of the GDPR exclusively for the purpose of payment processing and only to the extent necessary.

Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden).

SOFORT's data protection regulations can be viewed here: https://www.klarna.com/sofort/datenschutz

- IMMEDIATELY

When paying with "SOFORT" via the Paypal checkout, the payment is processed via the payment service provider PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "Paypal").

For this purpose, Paypal uses the service of SOFORT GmbH, Theresienhöhe 12, 80339 Munich (hereinafter “SOFORT”).

You can find further information about data protection in the Paypal checkout in the relevant passage below

- Shopify Payments

We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, the payment is processed via the technical service provider Stripe Payments Europe Ltd. , 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we communicate the information you provided during the ordering process, together with the information about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Article 6 Paragraph 1 Letter b GDPR. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. Further information about Shopify Payments’ data protection can be found at the following internet address: https://www.shopify.com/legal/privacy

Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy

  1. Data processing when opening a customer account and for contract processing

If you open a customer account with us, personal data will be collected and processed in accordance with Article 6 Paragraph 1 Letter b GDPR. The scope of the data can be seen from the input form. The data you enter will be stored and used by us to process the contract.

You can delete your customer account at any time. This can be done by sending a message to the address of the person responsible or, if offered, directly in the customer account. In this case, we will also block your data in consideration of tax and commercial law retention periods and delete it after these periods have expired. This can only be opposed by your consent to permanent storage or further use of data on our part as permitted by law.

  1. Comment function

If you use the comment function on our website, in addition to your comment content, information about the time the comment was created and the commenter name you chose will be saved and published on the website. In addition, your IP address is logged and stored. The legal basis for storing your data is Article 6 Paragraph 1 Letters b and f GDPR. The IP address is stored for security reasons and in the event that the person concerned violates the rights of third parties or publishes illegal content through a comment made. Your email address is required to contact you if a third party should complain that your published content is illegal. We reserve the right to delete comments if they are criticized by third parties as being unlawful.

7.1 If you subscribe to follow-up comments, you will first receive a confirmation email (double opt-in procedure) in which you must confirm that you are the owner of the email address provided. The legal basis for data processing when subscribing to comments is Article 6 Paragraph 1 Letter a GDPR. A comment subscription can be canceled at any time with future effect as specified in the confirmation email.

  1. Use of your data for direct advertising

Newsletter

You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input mask is transmitted to us. The only mandatory information is your email address. If you make further voluntary entries, these will only be used for personal contact.

The legal basis for processing your data after registering for the newsletter is Art. 6 Para. 1 lit. a GDPR if the user has given his consent. We collect this by sending you a confirmation email containing a confirmation link after registering for the newsletter. If you click on this link, you also give your consent to receive the newsletter.

When you register for the newsletter, we save your IP address as well as the date and time of registration. This storage serves to track possible misuse of your email address.

We use the data we collect when registering for the newsletter exclusively for the purpose of sending the newsletter.

You can cancel your subscription to the newsletter at any time. For this purpose, there is a corresponding link in every newsletter. This also makes it possible to revoke your consent to the storage of personal data collected during the registration process.

  1. Contact us for a review reminder

9.1 Your own rating reminder

After your express consent in accordance with Art. 6 Para. 1 lit. a GDPR, you will receive a one-time reminder from us to submit a review of your order. You can revoke your consent at any time by sending a message to the person responsible for processing your data.

9.2 Rating reminder by distinguished.org

Based on your express consent in accordance with Art. 6 Para. 1 lit. You will receive a review reminder via email from excellent.org. You can revoke your consent at any time by sending a message to the person responsible for processing your data or to distinguished.org.

  1. Use of social media: Social plugins

10.1 Facebook as standard plugin

We use social plugins ("plugins") from the social network Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) (hereinafter referred to as "Facebook") on our website.

You can usually recognize the plugins by the Facebook logo, usually a white “f” on a blue background. You can view other versions of the Facebook plugin here: https://developers.facebook.com/docs/plugins

When you access one of our websites in which such a plugin is integrated, your browser establishes a direct connection to Facebook's servers and transmits Facebook the content of the plugin directly to your browser, even if you do not have a Facebook profile or do not currently have one are logged in to Facebook. This information (including your IP address) can be transmitted from your browser directly to a Facebook server in the USA and stored there.

If you are logged in to Facebook at the relevant time, Facebook can directly assign your visit to our website to your Facebook profile. When you interact with a plugin (e.g. the “Like

If you click on the mir"/"like" button or comment on something), this information will also be transmitted directly to a Facebook server and stored there. The actions can be published on your Facebook profile and displayed to your Facebook friends.

Our legitimate interest lies in displaying personalized advertising and exploiting the full financial potential of our website. The legal basis is Article 6 Paragraph 1 Letter f GDPR.

Facebook's legitimate interest lies in the display of personalized advertising in a needs-based design of the service. The legal basis is Article 6 Paragraph 1 Letter f GDPR.

If you do not want the data collected via our website to be assigned to your Facebook profile, you must log out of Facebook before visiting our website. You can also prevent the Facebook plugins from loading with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).

Meta Platforms, Inc., based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU.

Further information can be found in Facebook's data protection information: http://www.facebook.com/policy.phphttps://www.facebook.com/legal/EU_data_transfer_addendum

10.2 Instagram as default plugin

We use social plugins (“plugins”) from the social network Instagram (operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) (hereinafter referred to as “Instagram”) on our website.

You can usually recognize the plugins by the “Instagram camera”. You can view other versions of the Instagram plugin here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.

When you access one of our websites in which such a plugin is integrated, your browser establishes a direct connection to Instagram's servers and Instagram transmits the content of the plugin directly to your browser, even if you do not have an Instagram profile or do not currently have one are logged in to Instagram. This information (including your IP address) is transmitted from your browser directly to an Instagram server in the USA and stored there.

If you are logged in to Instagram at the relevant time, Instagram can directly assign your visit to our website to your Instagram profile. If you interact with a plugin (e.g. click the "Instagram" button or comment on something), this information is also transmitted directly to an Instagram server and stored there. The actions can be published on your Instagram profile and shown to your Instagram friends.

Our legitimate interest lies in displaying personalized advertising and exploiting the full financial potential of our website. The legal basis is Article 6 Paragraph 1 Letter f GDPR.

If you do not want the data collected via our website to be assigned to your Instagram profile, you must log out of Instagram before visiting our website. You can also prevent the Instagram plugins from loading with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).

Meta Platforms, Inc., based in the USA, is responsible for the US-European Data Protection Convention "EU-US Data

Privacy Framework", which ensures compliance with the data protection level applicable in the EU.

Further information can be found in Instagram's privacy policy: https://instagram.com/about/legal/privacy/

10.3 LinkedIn as standard plugin

We use social plugins ("plugins") from the social network LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA) (hereinafter referred to as "LinkedIn") on our website.

You can usually recognize the plugins by the LinkedIn logo or the “Recommend button”.

When you access one of our websites in which such a plugin is integrated, your browser establishes a direct connection to LinkedIn's servers and transmits LinkedIn transmits the content of the plugin directly to your browser, even if you do not have a LinkedIn profile or do not currently have one are logged in to LinkedIn. This information (including your IP address) is transmitted from your browser directly to a LinkedIn server in the USA and stored there.

If you are logged in to LinkedIn at the relevant time, LinkedIn can directly assign your visit to our website to your LinkedIn profile. If you interact with a plugin (e.g. click on a "LinkedIn" button), this information is also transmitted directly to a LinkedIn server and stored there. The actions can be published on your LinkedIn profile and shown to your LinkedIn friends.

Our legitimate interest lies in displaying personalized advertising and exploiting the full financial potential of our website. The legal basis is Article 6 Paragraph 1 Letter f GDPR.

LinkedIn's legitimate interest lies in the display of personalized advertising in a needs-based design of the service. The legal basis is Article 6 Paragraph 1 Letter f GDPR.

If you do not want the data collected via our website to be assigned to your LinkedIn profile, you must log out of LinkedIn before visiting our website. You can also prevent the InLinkedIn plugins from loading with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://de.linkedin.com/legal/l/dpaData protection information from LinkedIn:https://www.linkedin.com/legal/privacy-policy

10.4 Pinterest as default plugin

We use social plugins (“plugins”) from the social network Pinterest (Pinterest Inc., 808 Brannan Street, San Francisco, CA, 94103, USA) (hereinafter referred to as “Pinterest”) on our website.

You can usually recognize the plugins by the “Pin it” button. You can find further designs of Pinterest plugins here: https://developers.pinterest.com/docs/getting-started/introduction/

When you access one of our websites in which such a plugin is integrated, your browser establishes a direct connection to Pinterest's servers and transmits the content of the plugin directly to your browser, even if you do not have a Pinterest profile or are not currently on Pinterest are logged in. This information (including your IP address) is transmitted from your browser directly to a Pinterest server in the USA and stored there.

If you are logged in to Pinterest at the relevant time, Pinterest can directly assign your visit to our website to your Pinterest profile. If you interact with a plugin (e.g. click a "pin it" button), this information is also transmitted directly to a Pinterest server and stored there. The promotions can be published on your Pinterest profile and shown to your Pinterest friends.

Our legitimate interest lies in displaying personalized advertising and exploiting the full financial potential of our website. The legal basis is Article 6 Paragraph 1 Letter f GDPR.

Pinterest's legitimate interest lies in the display of personalized advertising in a needs-based design of the service. The legal basis is Article 6 Paragraph 1 Letter f GDPR.

If you do not want the data collected via our website to be assigned to your Pinterest profile, you must log out of Pinterest before visiting our website. You can also prevent the Pinterest plugins from loading with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea Pinterest's privacy policy: https://about.pinterest.com/de/privacy-policy

10.5 X (Formerly Twitter) as default plugin

We use social plugins (“plugins”) from the online service X (X Corp., 1355 Market St, Suite 900, San Francisco, CA 94103, US) (hereinafter referred to as “X”) on our website.

You can recognize the plugins by the X logo or the blue bird. You can find further versions of the X plugin here: https://publish.twitter.com/

When you access one of our websites in which such a plugin is integrated, your browser establishes a direct connection to X's servers and transmits the content of the plugin directly to your browser, even if you do not have an are logged in to X. This information (including your IP address) is transmitted from your browser directly to an X server in the USA and stored there.

If you are logged in to X at the relevant time, X can directly assign your visit to our website to your X profile. If you interact with a plugin (e.g. click an "X" button), this information is also transmitted directly to an X server and stored there. The actions can be published on your X profile and shown to your X friends.

Our legitimate interest lies in displaying personalized advertising and exploiting the full financial potential of our website. The legal basis is Article 6 Paragraph 1 Letter f GDPR.

X's legitimate interest lies in the display of personalized advertising in a needs-based design of the service. The legal basis is Article 6 Paragraph 1 Letter f GDPR.

If you do not want the data collected via our website to be assigned to your X profile, you must log out of X before visiting our website. You can also prevent the Twitter plugins from loading with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details

can be found here: https://twitter.com/de/privacy

Twitter data protection information: https://twitter.com/privacy

  1. Using Social Media: Video

Use of YouTube videos

On this website we use the YouTube embedding function to display and play videos from the provider "Youtube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Here we use the extended data protection mode, which, according to the provider, only starts saving user information when the video(s) are played. When you start playing embedded YouTube videos, the provider “YouTube” uses cookies to collect information about your user behavior. According to YouTube, these serve, among other things, to record video statistics, improve user-friendliness and prevent abusive behavior. If you are logged in to Google, your data will be assigned directly to your account.

If you do not want it to be associated with your YouTube profile, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them.

Such an evaluation is carried out in particular in accordance with Art. 6 Para. 1 lit. a GDPR on the basis of your express consent.

You have the right to object to the creation of these user profiles; to exercise this you must contact YouTube. Regardless of whether the embedded videos are played, every time this website is accessed, a connection to the Google "DoubleClick" network is established, which can trigger further data processing operations without our influence.

Data may also be transmitted to the Google LLC servers. come to the USA. Further information on data protection at "YouTube" can be found in the provider's data protection declaration at: https://policies.google.com/privacy?hl=de Settings for personalized advertising are possible at: https://adssettings.google.com/ authenticated .

Google LLC, based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/

  1. Online marketing

Use of Google Ads conversion tracking

This website uses the online advertising program “Google Ads” and, as part of Google Ads, conversion tracking from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Our offers are advertised on external websites using advertising materials (so-called Google Adwords). Our legitimate interest lies in displaying advertising that is of interest to you and in achieving a fair calculation of advertising costs. The legal basis is Art. 6 Para. 1 lit.a GDPR, namely your express consent.

Google Ads uses cookies for conversion tracking that are set when you click on an AdWords ad placed by Google.

These cookies usually expire after 30 days and are not used for personal identification. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across Ads customers' websites.

The information obtained in this way is used to create conversion statistics for Ads customers on the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag.

This means you cannot be personally identified.

If you would like to prevent tracking, you can deactivate the Google conversion tracking cookie via your Internet browser under user settings.

Google LLC, based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU. You can find further information about Google's data protection regulations at the following Internet address: http: //www.google.de/policies/privacy/You can permanently deactivate the conversion cookies by setting your browser accordingly or by downloading and installing the browser plug-in available at the following link: http://www.google.com/settings /ads/plugin?hl=de

In this case, certain functions of this website may not be able to be used or may only be used to a limited extent.

  1. Web analytics services

13.1 Google Analytics 4

On our website we use Google Analytics 4, a web analysis service provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) (hereinafter referred to as "GA4").

Google Analytics uses “cookies”. These are small text files that are stored on your device and enable your use of the website to be analyzed. The information generated in this way about your use of this website (including the shortened IP address) is transmitted to a Google server and stored and further processed there, although transfer to the USA is possible. The IP addresses are anonymized by default. For IPv4 addresses, the last octet and for IPv6 addresses the last 80 bits in memory are set to zero and thus "anonymized". A personal reference is excluded. A transfer to Google LLC servers based in the USA is not excluded.

During your website visit, GA4 records your user behavior in the form of "events", such as: page views, first visit to the website, start of the session, your "click path", interaction with the website, scrolls, clicks on external links, internal search queries, Interaction with videos, file downloads, ads seen/clicked, language setting. GA4 also records your approximate location (region), your IP address (in anonymized form), technical information about your browser and the devices you use (e.g. language setting, screen resolution), your Internet provider, the referrer URL (via which website/via which advertising material you came to this website).

On our behalf, Google uses this information to evaluate your use of the website, create reports on website activity and provide us with other services related to website activity and internet usage. There will be no merging of yours in this framework

The anonymized IP address collected is combined with other data from Google.

The data collected in this context will be stored for fourteen months.

The legal basis for the data processing described here and the setting of cookies is your express consent in accordance with Article 6 Paragraph 1 Letter a GDPR. This consent can be revoked at any time with future effect, for example by deactivating this Google service via the cookie consent tool in which you have already given your consent.

Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your consent at any time with future effect. To exercise your right of withdrawal, please deactivate this service using the “cookie consent tool” provided on the website.

Google LLC, based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU. We have also concluded an order processing agreement with Google.

Further information about data protection through Google Analytics 4 can be found on the following websites:

https://policies.google.com/technologies/partner-sites and https://policies.google.com/privacy?hl=de&gl=de

Demographic characteristics

GA4's "demographic characteristics" function can generate statistics that can be used to determine the age, gender and interests of site visitors. For this purpose, advertising and information from third-party providers are analyzed and target groups for specific marketing activities are identified. However, there is no personal assignment of data. The data will be deleted after fourteen months.

UserIDs

If we use the extended “UserIDs” function, your activities (including conversions) can be analyzed across devices. In this case the analysis is not carried out pseudonymously.

This is possible if you have given your consent to the use of Google Analytics 4 in accordance with Article 6 (1) (a) GDPR, have set up an account on this website and log in with this account on different devices.

Google Signals

If we use the “Google Signals” extension, we can create cross-device reports about your usage behavior. However, we only receive statistics and no personal data. This analysis is only possible if you have activated personalized ads in your Google account and linked your devices to a Google account. You must also have given your consent to use Google Analytics in accordance with Article 6 Paragraph 1 Letter a of the GDPR. Cross-device analysis can be prevented by deactivating the “personalized advertising” function in your Google account. Further information about Google Signals can be found here: https://support.google.com/analytics/answer/7532985?hl=de

13.2 Shopify Analytics

We use the web analytics service from Shopify (Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland).

To protect our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes, Shopify collects, evaluates and stores pseudonymized visitor data, from which pseudonymized usage profiles can be created and evaluated. Shopify uses cookies to recognize the browser and thus enable more precise determination of statistical data. Your IP address is also collected, but is pseudonymized immediately after collection and before storage, so that personal reference is excluded.

The legal basis is Article 6 Paragraph 1 Letter a GDPR, namely your express consent.

Shopify does not associate your IP address with other Shopify data.

In order to object to the collection of data and the creation of pseudonymized user profiles and the setting of cookies in the future, you can generally deactivate the use of cookies on your computer by setting your Internet browser so that no cookies can be stored on your computer in the future. Cookies that have already been stored will be deleted. However, switching off all cookies may mean that some functions on our website can no longer be fully used.

Shopify's privacy policy can also be found at: https://www.shopify.de/legal/datenschutz

  1. Use of rating and seal graphics

Rating seal from Excellent.org

On our website we include the Auszeichen.org rating seal (AUBII GmbH, Alsterufer 34, 20354 Hamburg) to display any reviews that may have been collected and to enable users to rate themselves. Our legitimate interest lies in the optimal marketing of our offer. The legal basis is Article 6 Paragraph 1 Letter f GDPR.

When the rating seal is called up, a technically necessary session cookie is set, which is automatically deleted after the session and is used for server allocation. No personal data is transmitted.

  1. Tools and others

15.1 Google reCAPTCHA

We use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") in accordance with Art. 6 Para. 1 lit. f GDPR due to our legitimate interest in avoiding misuse and spam .

reCAPTCHA is a function that is intended to ensure that an entry is made by a natural person.

The service sends your IP address and any other data required by Google for the reCAPTCHA service to Google.

When using Google reCAPTCHA, your personal data may also be transmitted to the servers of Google LLC. come to the USA.

Google LLC, based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU. You can find further information about Google's data protection regulations at the following Internet address: http://www.google.de/policies/privacy/

15.2 Google Tag Manager

We use Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.

With the help of Google Tag Manager we can integrate tracking or statistical tools and other technologies on our website via tags. Tags are not sections of code that record specific activities on the website. The tags usually come from other Google programs, but can also be integrated by other companies. The tags can collect browser data, integrate buttons or set cookies.

However, the Google Tag Manager itself does not create user profiles, does not store cookies or carries out independent analyses, but only serves to manage and display the tools integrated through it.

Your IP address is recorded via Google Tag Manager and may also be transferred to Google's parent company in the United States.

The legal basis for the use of the Google Tag Manager is Art. 6 Para. 1 lit. a GDPR, namely your consent.

Google LLC, based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU. You can find further information about Google's data protection regulations at the following Internet address: http://www.google.de/policies/privacy/

  1. Rights of the person concerned

16.1 The applicable data protection law grants you comprehensive data subject rights (rights of information and rights of intervention) vis-à-vis the person responsible for the processing of your personal data, about which we will inform you below:

- Right to information in accordance with Art. 15 GDPR:

You can request confirmation from the person responsible as to whether personal data concerning you is being processed by the person responsible. In addition, you have the right to information about the purpose, the categories of personal data, the recipients, the planned duration of storage and the existence of other rights such as correction of the data or the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these were not collected by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing affecting you, as well as your right to be informed about the guarantees in accordance with Art. 46 GDPR Your data may be forwarded to third countries;

- Right to rectification in accordance with Art. 16 GDPR:

You have the right to have any incorrect data concerning you immediately corrected and/or the incomplete data we have stored about you to be completed; The correction or completion must be made immediately.

- Right to restriction of processing in accordance with Art. 18 GDPR:

You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data that you dispute is verified, if you refuse to have your data deleted due to unlawful data processing and instead request the restriction of the processing of your data if you reject your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons relating to your particular situation, as long as it is not yet clear whether our legitimate reasons outweigh them;

If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction on processing has been restricted, you will be informed by the person responsible before the restriction is lifted.

- Right to deletion in accordance with Art. 17 GDPR:

You have the right to have your personal data deleted immediately if the requirements of Article 17 Para. 1 GDPR are met. However, this right to deletion does not apply in particular - but not exclusively - if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims

- Right to information in accordance with Art. 19 GDPR:

If you have exercised your right to rectification, deletion or restriction of processing, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or deletion of data or restriction of processing, unless this is impossible or disproportionate effort is involved. You also have the right to be informed about these recipients.

- Right to data portability in accordance with Art. 20 GDPR:

You have the right to receive the personal data you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible, if this is technically possible;

- Right of revocation in accordance with Art. 7 Para. 3 GDPR:

You have the right to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 Paragraph 1 Letter e) or f) GDPR; This also applies to profiling based on these provisions.

You also have the right to revoke your declaration of consent under data protection law at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.

- Right to complain in accordance with Art. 77 GDPR:

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you is contrary to violates the GDPR.

16.2 Right to object

You have the right to object to the processing of your data at any time with future effect if we process your data based on our overriding legitimate interest after weighing up our interests.

If you make use of this right to object, we will stop processing your data unless it can be proven that there are overriding compelling reasons worthy of protection that prevent the termination or if further processing serves to exercise or defend legal claims.

  1. Duration of storage of personal data

The duration of storage of personal data depends on legal retention periods. After expiry, we routinely delete the data if it is no longer required to fulfill or initiate the contract and/or we have no legitimate interest in continuing to store it.