Privacy Policy

Privacy Policy

Introduction
With the following data protection declaration we would like to inform you about what types of your personal data (hereinafter also referred to briefly as "data") we process for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications as well as within external online presences, such as our social media profiles (collectively referred to as "Online Offer").

The terms used are not gender specific.

As of 1 March 2024
Overview of processing
The following overview summarises the types of data processed and the purposes of their processing and refers to the affected persons.

types of processed data

  • stock data (e.g. names).
  • payment data (e.g. Paypal).
  • content data (e.g. inputs in online forms).
  • contact data (e.g. e-mail).
  • meta/communication data (e.g. device information, IP addresses).
  • usage data (e.g. websites visited, interest in content).

categories of affected persons

  • communication partners.
  • users (e.g. website visitors, users of online services).

purposes of processing

  • contact requests and communication.
  • safety measures.
  • IT infrastructure.
Relevant legal bases of the GDPR
Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

  • performance of the contract and pre-contractual enquiries (Art. 6 sec. 1 p. 1 lit. b. GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures, which take place at the request of the data subject.
  • Eligible interests (Art. 6 sec. 1 p. 1 lit. f. GDPR) - Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and the transmission and automated decision-making in individual cases, including profiling. In addition, the data protection laws of the individual federal states may apply.
Security
We shall take appropriate technical and organisational measures to ensure a level of protection commensurate with the risk, taking into account the state of the art, the cost of implementation and the nature, the scope of the processing, as well as the different probability of occurrence and the extent of the threat to the rights and freedoms of natural persons.

Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, entry, disclosure, securing availability and separation. In addition, we have established procedures that ensure the exercise of data subjects rights, the erasure of data and reactions to the risk of the data. Furthermore, we take into account the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technical design and through data protection-friendly presets.

TLS/SSL encryption (https): To protect users data transmitted through our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology used to secure internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) appears in the URL when a website is secured by an SSL/TLS certificate.
Payment
Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use other service providers in addition to banks and credit institutions for this purpose (collectively "payment service providers").

The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The details are required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transfer is to verify identity and creditworthiness. For this purpose, we refer to the terms and conditions and the data protection notices of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers apply to payment transactions, which can be accessed within the respective websites or transaction applications. We also refer to them for further information and to assert rights of revocation, information and other rights of data subject.

  • Types of data processed: inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); Contract data (e.g. subject matter of the contract, duration, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, timings, identification numbers, consent status).
  • Data Subjects: Customers. Interested parties.
  • Purposes of processing: Provision of contractual services and fulfilment of contractual obligations.
  • Legal basis: Performance of a contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing processes, procedures and services:

  • PayPal: payment services (technical integration of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: Performance of a contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.paypal.com/de. Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Provision of the online offer and web hosting
We process users data in order to be able to provide them with our online services. For this purpose, we process the user`s IP address, which is necessary to transmit the content and functions of our online services to the user`s browser or device.

  • Types of Data Processed: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, timings, identification numbers, consent status).
  • Data Subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.). Security Measures.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Collection of access data and log files: Access to our online services is logged in the form of so-called "server log files". The server log files may include the address and name of the websites and files accessed, date and time of access, data volumes transferred, notification of successful retrieval, browser type and version, the user`s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. On the one hand, the server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and, on the other hand, to ensure the utilization of the servers and their stability; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is necessary for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.
Contact
When contacting us (e.g. via contact form, e-mail, telephone or via social media), the information of the requesting persons will be processed, insofar as this is necessary to answer the contact requests and any necessary measures requested.

The answer to contact requests in the context of contractual or pre-contractual relationships is to fulfil our contractual obligations or to respond to (pre)contractual requests and, moreover, on the basis of the legitimate interests in answering the enquiries.

  • Processed data types: contact details (e.g. email, phone numbers); Content data (e.g. submissions in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, timings, identification numbers, consent status).
  • Affected persons: communication partner.
  • purposes of processing: contact requests and communication; managing and responding to requests; Feedback (e.g. collecting feedback via online form). Provision of our online offer and user-friendliness.
  • legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Performance of a contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).