- You are here:
- Home
Privacy policy
Basic
We provide this information in order to transparently explain how we handle your personal data (which, according to supreme court rulings, also includes the IP address) when you visit our website. According to Article 4 (1) of General Data Protection Regulation (in the following: “GDPR”), personal data is any information relating to an identified or identifiable natural person.
Privacy policy and information
We take the protection of your data and your privacy very seriously and comply with our obligations under data protection law. We collect and process your personal data in accordance with European and national legal requirements. We explicitly explain how and in what form we process your data in this privacy policy.
When visiting our website, we are forced to collect various personal data - this serves on the one hand to ensure the functionality of our website and on the other hand to increase the attractiveness of our website through the use of various tools.
In addition, we would like to point out that data transmission over the Internet is not possible without accepting possible security gaps. Even we cannot guarantee complete protection of your data, but we make every effort to protect your data comprehensively.
Why do we need your data?
Your data is collected so that we can display our website without errors. Other data could be used to analyze your user behavior.
Furthermore, the data collection is carried out on a legal basis:
If you have consented to data processing, we process your personal data on the basis of Article 6 Paragraph 1 Subparagraph 1 (a) GDPR respectively Article 9, Paragraph 2 (a) GDPR, if sensitive data are processed according to Article 9 Paragraph 1 GDPR. The processing of data according to Article 9 GDPR is only permitted in certain cases.
If you have consented to the storage of cookies or to the access to information on your device, such as by device fingerprinting, the data processing is based on Section 25 Paragraph 1 German Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG).
The consents can be revoked at any time with effect for the future. You assert the revocation by means of informal communication by e-mail to us. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.
If we collect your data to fulfill a contract or to carry out pre-contractual measures, your data will be processed on the basis of Article 6 Paragraph Subparagraph 1 (b) GDPR. If your data is required for the fulfillment of a legal obligation, we process your data on the basis of Article 6 Paragraph 1 Subparagraph 1 (c) GDPR.
Data processing may also be collected on the basis that we are exercising our legitimate interest in data processing. In this case, data processing is possible provided that your interests or the interests of third parties do not conflict with the data processing. According to this, data processing is carried out in accordance with Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.
We will specify the relevant legal basis in each individual case in the relevant section.
Who is responsible?
As the website operator, we are responsible for the data processing on our website under data protection law in accordance with Article 4 (7) GDPR. You can reach us at the following contact details:
KLUG-CONSERVATION Walter Klug GmbH & Co. KG
Michael Kühner, Peter Lang
Zollstraße 2, 87509 Immenstadt
Tel: +49 8323 965330
E-Mail: info@klug-conservation.de
How to reach our data protection officer
#KOMM#IT, Funke Solution GmbH & Co. KG, Salmas 52, 87534 Oberstaufen
Tel: +49 8325 927050, dsb@komm-it.info
How long do we store your data?
We adhere to the respective statutory retention period for the maximum duration of the storage of your personal data. Your data will only be stored by us until we no longer need it for our data processing. With regard to the storage of your data, we are bound by the purpose for which we collected your data. Unless a specific storage period is stated in this information, your personal data will remain with us until the purpose for data processing no longer applies.
If you assert a legitimate request for deletion or revoke your consent to data processing, we must delete your data in the event that there are no other legally permissible reasons for the continued storage of your data, such as retention periods under commercial and tax law. We can only comply with your request for deletion when these reasons no longer apply.
Where do we get your data?
We collect your data because you provide us with the data via a contact form or other means. There is additional data that is collected automatically or only after your consent when you visit our website. This is mainly technical data such as your operating system and the time of the page view
To whom do we provide your data?
We use tools from third-party companies based in and outside the EU and the EEA. Your personal data may be transferred to these third-party companies if you have activated these tools - unless they are necessary for the functionality of the website.
Furthermore, we also use tools from companies based in the USA or other third countries that are not secure under data protection law. Your personal data may also be transferred to these companies if you have activated the corresponding tools. In these countries, there is no level of data protection comparable to that in the EU
Such data transfer requires an adequacy decision issued by the EU Commission, which ensures a comparable level of protection of your personal data. In the event that there is no such adequacy decision, other appropriate safeguards pursuant to Article 44 GDPR et seq. must be taken.
How is the handling of money on this website?
We offer the direct conclusion of a contract with costs on our website. In order to be able to fulfil this contract and process the payment, you are required to provide us with your payment details. The payment details are the account number, IBAN, BIC, account holder, credit card number, validity period and other details required for the payment.
A payment transaction via the common means of payment such as Visa, MasterCard or direct debit is carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes to https://. Furthermore, you can recognise it by the lock symbol in your browser line. With encrypted communication, your payment data cannot usually be read by third parties.
What rights do you have? - Your data subject rights
You can assert your rights according to Article 12 GDPR et seq. can be asserted.
Revocation of consent to data processing
In part, we process your data with your express consent. You can revoke an already given consent at any time with effect for the future. You assert the revocation by means of informal communication by e-mail to us. You can also contact our data protection officer, he will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.
Objection in special cases / against direct advertising, Article 21 GDPR
If the data processing is carried out on the basis of Article 6 Paragraph 1 Subparagraph 1 (f) GDPR, then you can object to the processing of your personal data for reasons that arise from your particular situation. This also applies to any profiling - the legal basis for such profiling can be found in this information. If you exercise your right to object, your personal data concerned will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims under Article 21 Paragraph 1 GDPR.
If we process your personal data for direct marketing, you have the right to object to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling insofar as it is related to direct advertising. If you object, your personal data will subsequently no longer be sent for the purpose of direct advertising in accordance with Article 21 Paragraph 2 GDPR.
Right to data portability
You have the right to have data that we process automatically handed over to you or to a third party in a common machine-readable format. If you request the transfer of the data to another controller, it will only be done if it is technically possible.
Right to information, deletion and correction
Within the scope of Article 15 Paragraph 1 GDPR, you can assert the right to free information about your stored personal data, their origin, recipients and the purpose of data processing. Furthermore, you could assert a right to correction or deletion of this data, if applicable. If you have any questions about your rights, you can contact us or our data protection officer at any time.
Right to restriction of processing
You may also request the restriction of the processing of your personal data. If you have any questions about this right, you can contact us or our data protection officer at any time. A right to restriction exists in the cases specified by law. If you dispute the accuracy of your data, we need time to verify this. For this period, you have the right to request restriction of your data. In the event that the processing of your data is unlawful, you can demand the restriction of processing instead of the deletion of the data. If we no longer need your personal data, but you wish to exercise, defend or assert legal claims, you have the right to request at least the restriction of data processing. If you have lodged an objection in accordance with Article 21 Paragraph 1 GDPR, we must weigh your interests against ours, during which time you have the right to request the restriction of the data.
If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or any Member State.
Right of complaint to a competent supervisory authority
As a data subject, you still have the right to file a complaint with a supervisory authority in the event of violations of the GDPR. This must be the competent supervisory authority under data protection law in your federal state. You always have the right to file a complaint, regardless of what other measures you take.
More information
We expressly object to the sending of unsolicited advertising and information material to our contact data. We expressly reserve the right to take legal action against unsolicited advertising, such as the sending of spam e-mails.
For security reasons and to protect the transmission of confidential content, we use an SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
Server log files
The site provider collects and stores information in server log files that your browser automatically transmits to us. This includes the following data: Browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request and furthermore also your IP address.
Your data will not be merged with data from other data sources. The legal basis for data processing is Article 6 Paragraph 1 Subparagraph 1 (f) GDPR, as we as site operator have a legitimate interest in the technically error-free presentation and optimisation of our website. Server log files must be collected for this purpose.
Hosting of our website
We host our website with an external provider.
HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA
communication data, contract data, contact data, names, accesses and other data generated via a website are stored on the hoster's servers.
The legal basis for the processing of your personal data is Article 6 Paragraph 1 Subparagraph 1 (f) GDPR. Our legitimate interest lies in the most reliable presentation of our website.
In the event that we have requested your consent, the processing of your data is based on Article 6 Paragraph 1 Subparagraph 1 (a) GDPR and Section 25 Paragraph 1 TDDDG, if the data use is subject to the consent to store cookies or access information in the user's terminal device, such as device fingerprinting, as defined by the TDDDG. Consent can be revoked at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.
In order to demonstrate data protection-compliant processing and to outline our respective obligations, we have concluded an agreement on commissioned processing. This is a contract required under Article 28 Paragraph 3 GDPR, which ensures that our order processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPR. Our hosting provider is called:
Setting cookies
We use cookies on our website. These are small text files and data packets that are placed on the end devices but do not cause any damage there. The cookies are stored either temporarily for a session as session cookies or permanently as permanent cookies on your terminal device. Session cookies are automatically deleted at the end of the session, whereas permanent cookies are stored on the end device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies could also be stored on your end devices; these are third-party cookies. They enable the use of services of this company, such as cookies for processing payment services.
Cookies fulfill different functions. In part, they are technically necessary for certain applications on the website to function at all, such as the shopping cart function. Other cookies are used to evaluate user behavior on our site or to display advertising. Cookies that are technically absolutely necessary and are therefore to be regarded as necessary cookies are stored on the basis of Section 25 Paragraph 2 TTDSG, unless another legal basis is explicitly stated. The storage of cookies is mandatory in order to be able to create the technical prerequisites for an error-free and optimized website. For cookies that are not technically mandatory, consent is requested in accordance with Section 25 Paragraph 1 TTDSG. In this case, the cookies will only be stored on the basis of this consent. The consent can be revoked at any time with effect for the future. You assert the revocation by means of informal communication by e-mail to us. You can also contact our data protection officer, he will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.
You can set your browser to inform you about the setting of cookies and to allow them only in individual cases. Furthermore, you can also generally exclude the storage of cookies and activate automatic deletion of cookies when closing the browser. We would recommend this procedure. In the event that you generally deactivate cookies, the functionality of our website as well as the display may be limited. When using cookies from third-party companies and for analysis purposes, we will again inform you separately. In this case, we will additionally request your consent.
Cookie banner on our website:
Our cookie banner on our website (request for consent) comes from a third-party provider.
With the help of the cookie banner, we obtain your consent that certain cookies that are not required for the technical presentation of the website may be stored on your end device. We need this consent in order to be able to demonstrate a legal basis for the storage.
When you enter our website, personal data is transmitted to our cookie banner provider. This involves the following data: Your response to our consent request in the context of the cookie banner, your IP address, information about your browser and your terminal device as well as the time of your visit to our website.
When you enter our website, a connection is established to the provider's servers so that your consent or other declarations regarding the setting of cookies can be obtained. After the declaration has been made, our provider stores a cookie in your internet browser so that it can assign whether you have consented to the cookies being set or whether you have rejected them. Furthermore, it is used to allocate any revocation that may have taken place at a later date. This data is stored until you request us to delete the data, delete the cookie yourself or the purpose for data processing no longer applies. If the deletion conflicts with legal retention periods, these remain unaffected.
The legal basis for obtaining consent is Section 25 Paragraph 1 TDDDG. You can revoke your consent at any time with effect for the future. If you wish to change your settings, please contact us or follow the instructions on our website. You can assert a possible revocation by means of an informal message sent to us by e-mail. You can also contact our data protection officer, who will inform us of your request. However, the lawfulness of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.
In order to demonstrate data protection-compliant processing and to outline our respective obligations, we have concluded an agreement on commissioned processing. This is a contract required under Article 28 Paragraph 3 of GDPR, which ensures that our order processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPR. The provider of the cookie banner is called:
HubSpot, Inc.
Two Canal Park, Cambridge, MA 02141 USA
Special offers on our website
We offer services on our website that are specifically tailored to our industry. These are the following services:
Integration of Microsoft Forms
We have integrated online forms from Microsoft on our website. The provider is Microsoft Ireland Operations Limited, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter referred to as “Microsoft”).
The purpose of integration is to record your inquiries and input in a structured manner. The data entered is stored on Microsoft servers. In addition, Microsoft stores a cookie with a unique ID in your browser. The legal basis for data processing is our legitimate interest in processing your request in the most user-friendly and straightforward manner possible in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR. In the event that we have requested your consent, data processing will only take place on the basis of your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR. You can revoke your consent at any time with future effect. To do so, simply send us an informal email. However, this does not affect the lawfulness of our data processing until revocation.
The data processed by Microsoft is also transferred to the USA and other third countries. Data transfer to the USA is again based on an adequacy decision by the EU Commission. Microsoft is a certified partner for the EU-US Privacy Framework (data protection framework). The data you provide will remain with us until you request its deletion or revoke your consent to its storage. Mandatory legal provisions, such as statutory retention periods, remain unaffected by this.
To prove that data is processed in accordance with data protection regulations and to outline our respective obligations, we have concluded a data processing agreement. This is a contract required under data protection law in accordance with Art. 28 (3) GDPR, which ensures that our data processor only processes the personal data of visitors to our website in accordance with our instructions and in compliance with the GDPR.
Contact options on our website
We offer various ways to contact us on our website.
Option to register on our website for processing orders
You have the option of registering on our website and creating a customer account for orders. You can use this registration to unlock additional features on our site and maintain a customer account. We will only use the data you enter in the registration form for the purposes for which you registered. We can only register you if you provide all the information that is mandatory for registration. Otherwise, we will unfortunately have to reject your registration. If changes are absolutely necessary, we will use the email address you provided to contact you.
We process your entered data on the basis of your consent pursuant to Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you. Your data will be stored by us for as long as you are registered on our website. Your data will then be deleted, whereby legal retention periods remain unaffected.
Subscribe to our newsletter
You can register voluntarily for our newsletter. We process the data you provided in the registration form as well as your email address in order to process your registration and in case we have follow-up questions for you. However, we do not pass on your data to third parties without your consent.
The legal basis for the processing of your data is your consent according to Article 6 Paragraph 1 Subparagraph 1 (a) GDPR and Section 25 Paragraph 1 TDDDG. You can revoke your consent at any time with effect for the future. For this purpose, an informal communication by e-mail to us is sufficient. However, this does not affect the lawfulness of our data processing until revocation has taken place.
The data you provide will remain with us until you request us to delete it or revoke your consent to store it. Mandatory legal provisions such as statutory retention periods remain unaffected.
Enquiries via contact form
You can use our contact form at any time to send us enquiries. We process the data you have provided in the contact form, as well as your e-mail address, in order to be able to process your enquiry and in the event that we still have follow-up questions for you. However, we do not pass on your data to third parties without your consent.
The legal basis for the processing of your data is Article 6 Paragraph 1 Subparagraph 1 (b) GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures.
In other cases, the processing is based on our legitimate interest in the effective processing of your request in accordance with Article 6 Paragraph 1 Subparagraph 1 (f) GDPR
or on your consent pursuant to Article 6 Paragraph 1 Subparagraph 1 (a) GDPR, if this has been requested by us. You can revoke your consent at any time with effect for the future. An informal communication by e-mail to us is sufficient for this purpose. However, this does not affect the legality of our data processing until the revocation has taken place.
The data you provide will remain with us until you request us to delete it or revoke your consent to store it. Mandatory legal provisions such as statutory retention periods remain unaffected.
Inquiries by e-mail, telephone and fax
You can contact us at any time by e-mail, telephone and fax. In doing so, we process the data that you have provided to us in order to be able to process your inquiry. However, we will not pass on your data to third parties without your consent.
The legal basis for the processing of your data is Article 6 Paragraph 1 Subparagraph 1 (b) GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures or based on your consent according to Article 6 Paragraph 1 Subparagraph 1 (a) GDPR, if this was requested by us. You can revoke your consent at any time with effect for the future. For this purpose, an informal communication by e-mail to us is sufficient. However, the legality of our data processing until the revocation is not affected.
The data you provide will remain with us until you request us to delete it or revoke your consent to store it. Mandatory legal provisions such as statutory retention periods remain unaffected.
In other cases, the processing is based on our legitimate interest in the effective processing of your request in accordance with Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.
Mailing of postal advertising
We use your address to send you postal advertising.
The legal basis for the processing of your data is our legitimate interest in direct marketing according to Article 6 Paragraph 1 Subparagraph 1 (f) in conjunction with EW 47 of GDPR.
In the event that we have requested consent, the data processing will only be carried out on the basis of Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. All you need to do is send us an informal e-mail. However, the lawfulness of our data processing up to the point of revocation is not affected by this.
The data you provide will remain with us until you request us to delete it or revoke your consent to store it. Mandatory legal provisions such as statutory retention periods remain unaffected.
Use of Typeform
We integrate Typeform into our website. The provider is Typeform S.L., Carrier Bac de Roda, 163, 08018 Barcelona, Spain (hereinafter: “Typeform”).
Typeform allows us to create online forms and integrate them into our website. The data you enter in the forms is stored on Typeform's servers.
The legal basis for the processing of your data is our legitimate interest in the functioning of online forms in accordance with Article 6 paragraph 1 subparagraph 1 (f) GDPR.
In the event that we have requested your consent, data processing will only take place on the basis of Article 6 paragraph 1 subparagraph 1 (a) GDPR and § 25 paragraph 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TDDDG. You can revoke your consent at any time with effect for the future. To do so, simply send us an informal email. However, this does not affect the lawfulness of our data processing until revocation.
The data you provide will remain with us until you request its deletion or revoke your consent to its storage. Mandatory legal provisions, such as statutory retention periods, remain unaffected by this.
To prove that data is processed in accordance with data protection regulations and to demonstrate our respective obligations, we have concluded an agreement on order processing. This is a contract required by data protection law in accordance with Art. 28 (3) GDPR, which ensures that our order processor processes the personal data of visitors to our website only in accordance with our instructions and in compliance with the GDPR.
The use of chatbots
To communicate with you more easily, we use chatbots. Chatbots can answer questions and other inputs without the need for human assistance. Chatbots collect your personal data, which includes: Name, email address, contact details, customer number, other identification data, orders and chat history. Chatbots also collect metadata, your IP address, log files and location information. The collected data is stored on the chatbot's servers. User profiles are created using the collected data and used for advertising, provided that the legal requirements - in particular consent - are met. In order to be able to implement this, chatbots are linked to analysis and advertising tools. We use your data to improve the chatbot's responses.
We use a chatbot from an external provider. It can be used via a social network such as Instagram and Meta Messenger. The stored data may therefore be made available to Meta. The processed data may therefore also be transferred to the USA and other third countries. Data transfer to the USA is currently based on an adequacy decision by the EU Commission, which legitimizes data transfer to certified partners.
The legal basis for the processing of your data is Article 6 Paragraph 1 Subparagraph 1 (b) GDPR, if your request serves to initiate or fulfil a contract. In the event that we have requested consent, data processing is only carried out on the basis of Article 6 Paragraph 1 Subparagraph 1 (a) GDPR and Section 25 Paragraph 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device as defined by the TDDDG. You can revoke your consent at any time with effect for the future. To do so, it is sufficient to send us an informal message by e-mail. However, the lawfulness of our data processing up to the point of revocation is not affected by this.
In all other cases, the chatbot is used on the basis of our legitimate interest in effective customer communication pursuant to Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.
The data you provide will remain with us until you request us to delete it or revoke your consent to store it. Mandatory legal provisions such as statutory retention periods remain unaffected.
In order to demonstrate data protection-compliant processing and to outline our respective obligations, we have concluded an agreement on commissioned processing. This is a contract required under Article 28 Paragraph 3 of GDPR, which ensures that our order processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPR. This service is provided by:
Hubspot Inc.
Two Canal Park, Cambridge, MA 02141 USA
Content Delivery Network integration on our website
We use a Content Delivery Network on our website.
Cloudflare
We use the Cloudflare Content Delivery Network. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as “Cloudflare”). Cloudflare provides information transfer between your browser and our website via the Cloudflare network. This allows Cloudflare to analyse the data traffic between your browser and our website and act as a filter between our servers and potentially malicious data traffic.
The legal basis for Cloudflare's data processing is our legitimate interest in the error-free and secure provision of our website in accordance with Article 6 paragraph 1 subparagraph 1 (f) GDPR. Cloudflare also uses cookies to recognise users.
The data processed by Cloudflare is also transferred to the USA and other third countries. The transfer of data to the USA is again based on an adequacy decision by the EU Commission. Cloudflare is a certified partner for the EU-US Privacy Framework (data protection framework). Details can be found at: https://www.cloudflare.com/privacypolicy/. Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.
To prove that data is processed in accordance with data protection regulations and to outline our respective obligations, we have concluded a data processing agreement. This is a contract required by data protection law in accordance with Art. 28 (3) GDPR, which ensures that our data processor only processes the personal data of visitors to our website in accordance with our instructions and in compliance with the GDPR.
Data processing by social networks
We use a publicly accessible profile on various social networks.
The social networks may already analyse your behaviour when you visit our website, as we have integrated plug-ins of the social networks or other links. Personal data is also collected if you are not logged in as a user or do not have an account with the respective provider. Your data is collected via cookies that are stored in your terminal device or by recording your IP address.
The social networks create user profiles. In these profiles, they store your interests and preferences so that you are shown interest-based advertising. If you maintain a profile with the respective provider, the advertising will be displayed on all devices on which you are or were logged in.
The data you provide will remain with us until you request us to delete it or revoke your consent to store it. Mandatory legal provisions such as statutory retention periods remain unaffected. Stored cookies, unless they are session cookies, remain on your device until you delete them.
In order to prove data protection-compliant processing and to outline our respective obligations, we have concluded an agreement on commissioned processing with the respective provider. This is a contract prescribed by data protection law in accordance with Art. 28 Paragraph 3 GDPR, which ensures that our commissioned processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DS-GVO.
Meta Plug-In and Meta Profile
We maintain a profile on Meta (formerly Facebook). The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: "Meta"). In addition, we have integrated a plug-in from Meta on our website. You can recognise these by the Meta profile button or the "Like" button. You can find an overview of the Facebook/Meta plug-ins at: https://developers.facebook.com/docs/plugins/?locale=de_DE.
The mere integration of the plug-in does not lead to any direct data transmission to Meta. Personal data is only processed when information is called up that goes beyond the start page of a Meta profile; this processing is no longer attributable to us as the operator, as you have voluntarily placed yourself under Meta's data sovereignty with your consent through the "two-click solution".
The legal basis for our data processing is our legitimate interest in achieving the greatest possible visibility in social media in accordance with Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.
If a corresponding consent has been requested, Meta's data processing is based on your consent in accordance with Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.
The use of a Meta profile does not result in joint responsibility for any data processing of personal data according to Art. 26 GDPR. By using the "two-click solution" provided by us, you voluntarily decide to place yourself under the data sovereignty of Meta. Contrary to the ECJ ruling of 05.06.2018, C-210/16, there is therefore no responsibility based on a joint decision on the purposes and means of data processing, as Meta only processes personal data at the time when you have already voluntarily placed yourself under Meta's data sovereignty. The processing of personal data that takes place after the transfer to Meta is not attributable to us. Furthermore, in the event of joint responsibility, the required agreement pursuant to Art. 26 Paragraph 3 of GDPR can be found in the addendum provided by Meta: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are obliged to provide the data protection information in accordance with Article 13 GDPR et seq. and to integrate the Meta-Tool on our website in a data protection compliant manner. You can assert your data protection rights directly with Meta. In the event that you assert your data protection rights with us in relation to the use of Meta, we are obliged to forward your request to Meta.
The data processed by Meta is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision of the EU Commission. Meta is a certified partner for the EU-US Privacy Framework. Details can be found at: https://facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://facebook.com/policy.php. Further information can be found in the Terms of Use and the Privacy Policy. These can be found at: https://de-de.facebook.com/about/privacy/ and https://de-de.facebook.com/legal/terms/.
Instagram plug-in and Instagram profile
We maintain a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: "Meta"). In addition, we have integrated a plug-in from Instagram on our website. You can recognise this by the Instagram profile button.
The mere integration of the plug-in does not lead to any direct data transmission to Meta. Personal data is only processed when information is called up that goes beyond the start page of an Instagram profile; this processing is no longer attributable to us as the operator, as you have voluntarily placed yourself under Meta's data sovereignty with your consent through the "two-click solution".
The legal basis for our data processing is our legitimate interest in achieving the greatest possible visibility in social media in accordance with Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.
If a corresponding consent has been requested, Meta's data processing is based on your consent in accordance with Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.
The use of an Instagram profile does not result in joint responsibility for any data processing of personal data according to Article 26 GDPR. By using the "two-click solution" provided by us, you voluntarily decide to place yourself under the data sovereignty of Meta. Contrary to the ECJ ruling of 05.06.2018, C-210/16, there is therefore no responsibility based on a joint decision on the purposes and means of data processing, as Meta only processes personal data at the time when you have already voluntarily placed yourself under Meta's data sovereignty. The processing of personal data that takes place after the transfer to Meta is not attributable to us. Furthermore, in the event of joint responsibility, the required agreement pursuant to Art. 26 Paragraph 3 of GDPR can be found in the addendum provided by Meta: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are obliged to provide the data protection information in accordance with Article 13 GDPR et seq. and to integrate the Meta-Tool on our website in a data protection compliant manner. You can assert your data protection rights directly with Meta. In the event that you assert your data protection rights with us in relation to the use of Instagram, we are obliged to forward your request to Meta.
The data processed by Meta is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision of the EU Commission. Meta is a certified partner for the EU-US Privacy Framework. Details can be found at: https://facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://facebook.com/policy.php. Further information can be found in the Terms of Use and the Privacy Policy. These can be found at: https://de-de.facebook.com/about/privacy/ and https://de-de.facebook.com/legal/terms/.
We use LinkedIn. The provider is LinkedIn Ireland Limited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter: “LinkedIn”).
When you access LinkedIn content on this website, a connection to LinkedIn servers is established. LinkedIn receives the information that you have visited our website. If you click on the LinkedIn button, your visit can be assigned to your profile.
The legal basis for our data processing is our legitimate interest in the widest possible visibility on social media in accordance with Article 6 paragraph 1 subparagraph 1 (f) GDPR.
If corresponding consent has been requested, the data processing by LinkedIn is based on your consent in accordance with Article 6 paragraph 1 subparagraph 1 (a) GDPR. You can revoke your consent at any time with future effect. You can do this by sending us an informal email. You can also contact our data protection officer, who will forward your request to us. However, the lawfulness of the data processing carried out until the revocation remains unaffected by your revocation.
The data processed by LinkedIn is also transferred to the USA and other third countries. The transfer of data to the USA is again based on an adequacy decision by the EU Commission. LinkedIn is a certified partner for the EU-US Privacy Framework (data protection framework). Details can be found at: https://www.linkedin.com/help/linkedin/answer/62538/datenuebertragung-aus-der-eu-den-ewr-und-der-schweiz?lang=de. Further information can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.
Integration of analysis tools and plug-ins
We use various analytics and advertising tools
To provide evidence of data protection-compliant processing and to outline our respective obligations, we have concluded an agreement on commissioned processing with the respective provider. This is a contract required by Article 28 Paragraph 3 GDPR under data protection law, which ensures that our order processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPR
Integration of Google Tag Manager
We use the Google Tag Manager to integrate tracking or statistical tools on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google Tag Manager").
The technology does not create a user profile, does not store cookies and does not perform any analyses itself, it only stores your IP address. The Google Tag Manager manages the integrated tools.
The data processed by Google is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision of the EU Commission. Google is a certified partner for the EU-US Privacy Framework. Details can be found at: https://privacy.google.com/businesses/controllerterms/mccs/
Integration of Google Analytics
We use the web analytics services of Google Analytics to perform user analysis. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google").
Google collects personal data for the analysis of user behaviour, which is stored on our server, whereby the storage of the IP address is only anonymised. Google helps us to collect data on when our site was accessed and from which region, as well as whether and which purchases were made via the website. In order to carry out this analysis, Google stores log files such as the IP address, referrers, browsers used and operating systems. In addition, Google may also record your mouse and scrolling movements as well as your clicks.
The legal basis for data processing is our legitimate interest in anonymised analysis to improve our services in accordance with Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.
If a corresponding consent was requested, the data processing by Google is based on your consent in accordance with Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.
The data processed by Google is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision of the EU Commission. Google is a certified partner for the EU-US Privacy Framework. Details can be found at: https://privacy.google.com/businesses/controllerterms/mccs/
Google stores the data for two months, after which it is anonymised. You can view details on this at the following link: https://support.google.com/analytics/answer/7667196?hl=de
Use of Google Signals: When using Google Signals, Google Analytics also collects your location, search history and YouTube history, if applicable, as well as demographic data such as visitor data. Google Signals uses this data to send you personalised advertising. If you have a Google account and are logged in to it, Google Signals will also pull your data from your Google account. Furthermore, Google also uses the data to create anonymised user profiles and to display user behaviour in statistics.
"E-commerce measurement": With the help of this measurement, we analyse the purchasing behaviour of our website visitors in order to improve our offer on our website. Google stores information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product. Google then summarises this information and assigns it to the respective user.
YouTube integration
We use YouTube videos for the visual presentation. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google").
YouTube transmits data to its partners and establishes a connection to Google due to the integration on our website regardless of whether a video is viewed or not. However, if you watch a video, YouTube connects to YouTube's servers, which is told which page you are visiting. Provided that you are logged into your account, profiling by YouTube takes place. To prevent this, you must log out of your account.
After starting a video, various cookies are stored on your terminal device to obtain information about our website visitors. We have no influence on the data processing by YouTube.
The legal basis for data processing is our legitimate interest in an appealing and uniform presentation of our online offer pursuant to Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.
If a corresponding consent was requested, the data processing is based on your consent according to Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You assert the revocation by means of informal communication by e-mail to us. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.
The data processed by YouTube is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision of the EU Commission. Google is a certified partner for the EU-US Privacy Framework. Details can be found at:https://privacy.google.com/businesses/controllerterms/mccs/. For further information, please refer to the following link: https://policies.google.com/privacy?hl=de.
Integration of Google Fonts
We use web fonts provided by Google for the uniform display of fonts. The fonts are installed locally, for this reason no connection to Google's servers is established.
Integration of Google Maps
We use Google Maps to display our location. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google").
Google Maps stores your IP address, which is transmitted to Google's servers. We have no influence on the data processing by Google. Google may additionally embed Google Web Fonts when using Google Maps.
The legal basis for the data processing is our legitimate interest in an appealing presentation of our online offer according to Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.
If a corresponding consent was requested, the data processing by Google is based on your consent according to Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You assert the revocation by means of informal communication by e-mail to us. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.
The data processed by Google is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision of the EU Commission. Google is a certified partner for the EU-US Privacy Framework. Details can be found at: https://privacy.google.com/businesses/controllerterms/mccs/
Payment transactions on our website
We have integrated an online store on our website and therefore use online payments.
General information
In this context, we only process your personal data if it is necessary in connection with the execution of the contract or in the context of pre-contractual measures according to Article 6 Paragraph 1 Subparagraph 1 (b) GDPR. We process your usage data if it is necessary to offer you our online service in connection with an online payment.
Your data will be deleted after termination of the business relationship or after completion of the order, provided that no legal retention periods prevent deletion.
When ordering goods or providing services, your personal data will be passed on to our transport company, any other partners as well as to the payment service provider integrated by us. The data transfer is limited to the data that is absolutely necessary for the fulfillment of the respective task.
The legal basis for the data processing is Article 6 Paragraph 1 Subparagraph 1 (b) GDPR. If you have given your consent according to Article 6 Paragraph 1 Subparagraph 1 (a) GDPR, your e-mail address will be transferred to our transport company so that you can track the shipping status of your order. You can revoke your consent at any time with effect for the future. You assert the revocation by means of informal communication by e-mail to us. You can also contact our data protection officer, he will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.
Payment service provider
We use various payment service providers for the processing of our contracts. The payment service provider receives parts of your personal data from us that are necessary for its task fulfillment, namely name, payment amount, account details and credit card information. The legal basis for the data processing is Article 6 Paragraph 1 Subparagraph 1 (b) GDPR.
Furthermore, the legal basis is our legitimate interest in a smooth, convenient and secure payment processing according to Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.
If a corresponding consent was requested, the data processing is based on your consent according to Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You assert the revocation by means of informal communication by e-mail to us. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.
If the respective provider also transfers the processed data to the USA and other third countries, this data transfer to the USA is based on an adequacy decision of the EU Commission. The decisive factor is whether the respective partner is certified for the EU-US Privacy Framework. Details can be found in the information on the respective provider.
To provide evidence of data protection-compliant processing and to outline our respective obligations, we have concluded an agreement on commissioned processing with the respective provider. This is a contract required by Art. 28 Paragraph 3 GDPR under data protection law, which ensures that our order processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPR.
Paypal
We offer an uncomplicated payment via PayPal. Provider is PayPal (Europe) S.a.r.l. et Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal"). Data transfer: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full - Privacy policy details: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Giropay
We offer a straightforward payment method via giropay. The provider is paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main (hereinafter referred to as “giropay”).
We offer a straightforward payment method via American Express. The provider is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main. Data transmission: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/. Details on the privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklaerung.html.
Instant bank transfer
We offer an uncomplicated payment via Sofortüberweisung. The provider is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter: "Sofort GmbH"). Privacy policy details: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/
Sofort GmbH sends us a payment confirmation within seconds and will immediately fulfill our contract. You transmit a PIN and a TAN to Sofort GmbH, which then logs into your online banking account and checks your account balance. Sofort GmbH will carry out the transfer to us. Sofort GmbH processes your personal data such as name, address, telephone number, e-mail address, IP address and payment data.
Mastercard
We offer a straightforward payment via your Mastercard credit card. Provider is Mastercard Europe SA, Chausée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter: "Mastercard"). Data transfer:https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf - Privacy policy details: https://www.mastercard.de/de-de/datenschutz.html.
VISA
We offer a straightforward payment via your VISA credit card. Provider is Visa Europe Service Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter: "VISA"). Data transfer: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zuzustandigkeitsfragen-fur-den-ewr.html - Privacy policy details: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
Our own services - dealing with applicants
You have the opportunity to send us an unsolicited application or apply for an advertised position at any time. We accept applications by e-mail, by post and via our online application form. In the following, we would like to inform you about the data processing within the application process.
We process your personal data such as contact and communication data, application documents and notes in the context of job interviews, insofar as they are necessary for the establishment of an employment relationship.
In the event that we introduce you to an employment relationship, your data will be further processed for the performance of your employment.
If we are unable to offer you a position, you decline our offer or withdraw your application, we reserve the right to retain your documents for up to six months after the end of the application process. After this period, your data will be deleted and destroyed. Mandatory legal retention periods remain unaffected. If you have given us your consent to store your data for a longer period, it may be stored for a longer period.
The legal basis for our data processing is Article 6 Paragraph 1 Subparagraph 1 (b) GDPR in conjunction with. Section 26 of German Bundesdatenschutzgesetz (BDSG). If you have given your consent in accordance with Article 6 Paragraph 1 Subparagraph 1 (a) GDPR, the data processing is based on your consent. You can revoke your consent at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.
You have the option of being included in our applicant pool. This includes all documents and information from your application so that we can contact you if there are suitable vacancies. The legal basis for this data processing is your express consent in accordance with Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.