Privacy Policy
Introduction |
With the following data protection declaration we would like to inform you about what types of your personal data (hereinafter also referred to briefly as "data") we process for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications as well as within external online presences, such as our social media profiles (collectively referred to as "Online Offer"). The terms used are not gender specific. As of 1 March 2024 |
Overview of processing |
The following overview summarises the types of data processed and the purposes of their processing and refers to the affected persons. types of processed data
categories of affected persons
purposes of processing
|
Relevant legal bases of the GDPR |
Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and the transmission and automated decision-making in individual cases, including profiling. In addition, the data protection laws of the individual federal states may apply. |
Security |
We shall take appropriate technical and organisational measures to ensure a level of protection commensurate with the risk, taking into account the state of the art, the cost of implementation and the nature, the scope of the processing, as well as the different probability of occurrence and the extent of the threat to the rights and freedoms of natural persons. Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, entry, disclosure, securing availability and separation. In addition, we have established procedures that ensure the exercise of data subjects rights, the erasure of data and reactions to the risk of the data. Furthermore, we take into account the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technical design and through data protection-friendly presets. TLS/SSL encryption (https): To protect users data transmitted through our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology used to secure internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) appears in the URL when a website is secured by an SSL/TLS certificate. |
Payment |
Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use other service providers in addition to banks and credit institutions for this purpose (collectively "payment service providers"). The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The details are required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transfer is to verify identity and creditworthiness. For this purpose, we refer to the terms and conditions and the data protection notices of the payment service providers. The terms and conditions and data protection notices of the respective payment service providers apply to payment transactions, which can be accessed within the respective websites or transaction applications. We also refer to them for further information and to assert rights of revocation, information and other rights of data subject.
Further information on processing processes, procedures and services:
|
Provision of the online offer and web hosting |
We process users data in order to be able to provide them with our online services. For this purpose, we process the user`s IP address, which is necessary to transmit the content and functions of our online services to the user`s browser or device.
Further information on processing processes, procedures and services:
|
Contact |
When contacting us (e.g. via contact form, e-mail, telephone or via social media), the information of the requesting persons will be processed, insofar as this is necessary to answer the contact requests and any necessary measures requested. The answer to contact requests in the context of contractual or pre-contractual relationships is to fulfil our contractual obligations or to respond to (pre)contractual requests and, moreover, on the basis of the legitimate interests in answering the enquiries.
|