Privacy policy

Protecting your privacy when you use our website is particularly important to us. Therefore, you will find information below outlining how we collect anonymous and personal data.

1. Provider / Controller in accordance with Data Protection

This website is a Gusti Leder Stores GmbH service

Erich-Schlesinger-Straße 62
18059 Rostock, Germany

Telephone: +49 (0) 381 / 799 90031*

Email: info@gusti-leder.de

Represented by Managing Director Felicity Pietsch

Registered under HRB 181370 B in the Commercial Register of Berlin Charlottenburg, Germany

*Please note that this is not the phone number for our customer support team.

2. Data Protection Officer

WS Datenschutz GmbH

Anna Tiede, LL.B.
Dircksenstraße 51
D-10178 Berlin
Telephone: 030 / 88 72 07 88
Email: kontakt@ws-datenschutz.de

https://webersohnundscholtz.de

Registered under HRB 185725 B in the Commercial Register of Amtsgericht Berlin-Charlottenburg, Germany

Contact data for all internal and external data protection concerns:
Telephone: 030 88 72 07 88-4
Email: gusti-leder@ws-datenschutz.de

3. Competent Supervisory Authority

The State Data Protection and Freedom-of-Information Commissioner

Alt-Moabit 59-61,

10555 Berlin, Germany

Tel.: +49 30 13889-0

Fax: +49 30 2155050

Email: mailbox@datenschutz-berlin.de

4. Basics

Your personal data (e.g. title, name, address, email address, telephone number, bank details, credit card number) are stored and processed by us in accordance with the relevant legal data protection regulations, specifically the General Data Protection Regulation (GDPR), the German Data Protection Act (BDSG) and other data-related laws, e.g. the German Data Protection and Privacy of Telecommunication and Telemedia Services Act (TTDSG).

In accordance with the GDPR and other regulations, the processing and use of data is only permitted if it is expressly permitted by the GDPR or another legal provision, or if the data subject consents (prohibition with reservation of permission). In accordance with these legal principles, the processing and use of data is only permitted if the data subject has given their permission for their personal data to be processed for one or more specific purposes;

a) processing is necessary to perform a contract that the data subject is party to or to carry out pre-contractual measures, which are conducted at the data subject’s request;

b) processing is necessary to fulfil a legal obligation that the controller is subject to;

c) processing is necessary to protect the data subject’s, or another natural person’s, vital interests;

d) processing is necessary to perform a task of public interest or when carrying out the exercise of official authority entrusted to the controller;

e) processing is necessary to safeguard the controller’s, or a third party’s, legitimate interests, unless the data subject’s interests or fundamental rights and freedoms which require the protection of personal data outweigh this, in particular, if the data subject is a child.

Accordingly, we only use and process your personal data within the permissible scope of executing a contract or if you have given us informed consent.

We do not share your personal data, including your address and email address, with third parties. Our service partners who require the transmission of data for the processing of the contractual relationship, where we have expressly highlighted this, are excluded from this. In such cases, however, the amount of data transmitted is always limited to the minimum required.

5. Anonymous Data Collection

You can always visit our website without telling us who you are. We only know:

- The name of your internet service provider

- The website you’re visiting us from (the referring URL)

- The pages that you visit on our website

- The time and date of your visit and the amount of data transferred

- Report of successful data retrieval

- The browser type and version of the requesting computer/terminal

- The operating system of the requesting computer/terminal

- The IP addresses of the requesting computer/terminal

This information is assessed for statistical purposes only. As an individual user, you will mainly remain anonymous; your personal data will not be merged unless you have expressly consented to this, or one of the following cases applies.

6. Collection of Personal Data when Visiting our Website and when Using our Services in General

In principle, we only collect personal data that you provide voluntarily. This can be done, for example, when placing an order or registering for services that require your personal data (e.g. orders, special promotions, competitions, newsletter, etc.). In these cases, we only collect data we are legally authorised to collect and that is absolutely necessary to fulfil the services you have requested (e.g. to place an order, we require your name, address, telephone number, and email address, but to sign up to our newsletter we only require your email address). If we collect personal data from you (e.g. via a contact form or order form), then you only ever need to provide the required data. Mandatory data fields are marked with an asterisk (*). Any additional information you provide is done on a purely voluntary basis and is not a requirement. If you provide this information anyway, you give us your consent that you are aware we may also store and process this data for the specified purpose; in some cases, we may also request your express consent for data protection purposes, which require your express consent that you may grant voluntarily and is not bound by any other condition and may be revoked at any time in the future.

To ensure your data is secure, it is encrypted and transferred using TLS encryption. This is intended to prevent third parties from misusing your data. Your data will only be stored and processed on servers within the European Union. Your data shall not, in principle, be transferred to a third country unless we are legally entitled and/or obliged to do so, or you have given your express consent prior to the transfer. These cases shall be clearly indicated.

7. Processing Data to Fulfil a Contract

7.1 Purpose of Processing

You provide us with your personal data in the context of placing an order with us. The mandatory information that is required to enter into a contract with us is personal data and marked with an asterisk (*). You are not obliged to provide your personal data. However, we cannot provide you with the desired service (e.g. fulfilment of the contract) if you do not provide the required data (e.g. your address in the case of placing an order). We may be required to pass data onto our selected payment service provider when proceeding through the payment procedure. The data you enter when placing an order is always used for the purpose of fulfilling the contract.

7.2 Legal Basis

The legal basis for this processing is Article 6.1(b) of the GDPR.

7.3 Categories of Recipients

Payment service providers, shipping service providers, merchandise management systems, and suppliers (dropshipping).

Your personal data will not be transferred to third parties for purposes other than those listed below. In particular, it will not be disclosed to third parties, e.g. for advertising purposes, without your express consent.

We will only share your personal data with third parties if:

you have given us your express consent to do so, in accordance with Article 6.1 (a) of the GDPR;
it is necessary to perform the contract, e.g. transferring data to credit institutions to process contractually agreed payments, or to lawyers and legal service companies in the event of the non-fulfilment of contractually agreed payments for the purpose of legal enforcement, in accordance with Article 6.1(b) of the GDPR;
in the event transfer is necessary for compliance with a legal obligation, in accordance with Article 6.1(c) of the GDPR; or
in the event transfer is necessary for the purpose of establishing, exercising or defending legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data, in accordance with Article 6.1(f) of the GDPR.

7.4 Storage Time

We store data required to process a contract until the expiry of the statutory warranty and contractual warranty periods, where applicable.

We retain the data required by German commercial and tax law for the periods stipulated by law, consistently ten years (§257 German Commercial Code, §147 German Tax Law).

Email addresses that we receive for the sole purpose of sending newsletters will be deleted immediately when you unsubscribe from the newsletter.

8. Use of Cookies

We use cookies to enhance your visit to our website and enable you to use certain features. Cookies are small text files that are stored on your device. Most of the cookies we use are deleted from your hard drive when you end the browser session or when you log out (session cookies). Other cookies remain on your device and allow us to recognise your device during your next visit (persistent cookies). These persistent cookies are stored for different periods of time. When you visit our website for the first time, you will see a pop-up (the cookie manager) with a short statement explaining which cookies we use. When you click “accept”, you are giving us permission to use all cookies, plugins, and services described in the cookie manager and the related privacy policy. You can deactivate the use of cookies in your browser at any time. Please note, if you do this, our website may not function properly. If you wish to adjust your previously saved cookie selection and revoke any consent granted in the past, you can manage and delete cookie use settings manually in your browser. If you delete all of the cookies, you will be asked to adjust your cookie settings the next time you visit our website.

You will find detailed instructions about customising your cookie settings for the most common browsers below:

Mozilla Firefox:

https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox

Microsoft Edge:

https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09#:~:text=Select%20Settings%20%3E%20Privacy%2C%20search%2C,and%20then%20select%20Clear%20now.

Google Chrome:

https://support.google.com/chrome/answer/95647?hl=en-GB&co=GENIE.Platform%3DDesktop

Apple Safari:

https://support.apple.com/en-gb/guide/safari/sfri11471/mac

Opera:

https://help.opera.com/en/latest/web-preferences/

9. Google Services

a) Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”). Google Analytics uses cookies that are stored on your computer and allow your use of our website to be analysed. The information the cookie generates about your use of this website is usually transmitted to a Google server in the USA and stored there. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the Google Analytics service. The corresponding legal basis for this processing is found in Article 6.1(a) of the GDPR. Once you agree to the use of Google Analytics on our website, a connection to Google’s servers will be established. The following information is shared with the Google server:

- App updates

- Click path

- Time and date of the visit

- Device information

- Downloads

- Flash version

- Location information

- IP address

- JavaScript support

- Pages visited

- Purchase activity

- Referring URL

- Usage data

- Widget interactions

- Browser information

If you are logged into your Google account, you allow Google to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Google account. In addition to this, when you use Google Analytics, this data is transferred to the following recipients:

- Google Ireland Limited

- Alphabet Inc.

- Google LLC

Google may also forward data collected to another country. Please note that Google may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Google, your data may be transferred to the countries listed below. This may be for various purposes, e.g. processing or storing data:

- United States of America

- Singapore

- Chile

- Taiwan

Google also stores various cookies on your device. These cookies help Google obtain information about visitors to our website. This information is used for marketing and analysis purposes. The cookies may remain on your device for up to 2 years. You will find an overview of the cookies that may be associated with using Google Analytics below:

Name: _ga

This is used to distinguish one user from another

Type: Cookie

Storage time: 2 years

Name: _gid

This is used to distinguish one user from another

Type: Cookie

Storage time: 1 day

Name: _gat

This is used to throttle request rate

Type: Cookie

Storage time: 1 minute

Name: _dc_gtm_xxx

This is used to distinguish one user from another

Type: Cookie

Storage time: 1 minute

Name: _gat_gtag_xxx

This is used to distinguish one user from another

Type: Cookie

Storage time: 1 minute

Name: _gac_xx

This contains information about which ad was clicked

Type: Cookie

Storage time: 2 months, 29 days

Name: IDE

This ID cookie helps Google recognise the same user across different websites and domains and display personalised ads

Type: Cookie

Storage time: 1 year

The use of Google Analytics may trigger further data processing operations if necessary, which we have no influence over. If you wish to prevent your data from being shared, you can do so by rejecting Google Analytics’ functions. Regardless of this, we recommend that you regularly log out of your user account after using social media, especially before activating integrated content as this helps you avoid having data assigned to your profile by the respective service provider.

According to Google, any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. You can find more information about Google’s data protection and use of data on the following website: https://policies.google.com/privacy?hl=en-US

b) Google Tag Manager

We use Google Tag Manager on our website, a service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”). Google Tag Manager is a tag management system. It allows the user to update measurement codes and their associated code fragments, collectively referred to as “tags”, on the user website or mobile app. Google Tag Manager, which implements the tags, is a cookie-free domain and does not collect any personal data. Google Tag Manager triggers other tags that may collect data. Google Tag Manager does not access this data. If Google Tag Manager has been deactivated at a domain or cookie level, this will remain in effect for all tracking tags implemented by Google Tag Manager. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the Google Tag Manager service. The corresponding legal basis for this processing is found in Article 6.1(a) of the GDPR. The following data is processed when using Tag Manager:

- Aggregated tag triggering data

If you are logged into your Google account, you allow Google to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Google account. When using Google Tag Manager, this data is transferred to the following recipients:

- Google Ireland Limited

- Alphabet Inc.

- Google LLC

Google may also forward the data collected to another country. Please note that Google may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Google, your data may be transferred to the countries listed below. This may be for various purposes, e.g. processing or storing data:

- United States of America

- Singapore

- Chile

- Taiwan

If you wish to prevent your data from being shared, you can do so by rejecting Google Tag Manager’s functions. Regardless of this, we recommend that you regularly log out of your user account after using social media, especially before activating integrated content as this helps you avoid having data assigned to your profile by the respective service provider.

c) Google DoubleClick

We use DoubleClick on our website, an online marketing tool provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”). DoubleClick uses cookies, small text files stored locally in your web browser’s cache on your device. Google uses a cookie ID to record which ads are displayed in which web browser. This can help prevent ads from being displayed multiple times. DoubleClick can also use cookie IDs to record conversions that are related to ad requests. This is the case if, for example, you see a DoubleClick ad and then later use the same web browser to visit the advertiser’s website and buy something there. According to Google, these cookies do not contain any personal data. Your browser automatically connects to the Google server when you use DoubleClick. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the DoubleClick service. The corresponding legal basis for this processing is found in Article 6.1(a) of the GDPR. Once you agree to the use of Google Analytics on our website, a connection to Google’s servers will be established. The following (personal) data is collected when DoubleClick is in use:

- Browser information

- Click path

- Cookie information

- Time and date of the visit

- Demographics

- Device identification

- Location information

- Hardware/software

- Internet service provider

- IP address

- Frequency ads are viewed at

- Providing domains

- Interaction data

- Page views

- Search history

If you are logged into your Google account, you allow Google to assign your surfing behaviour directly to your personal profile. Even if you do not have a Google account or are not logged into it, Google may find and store your IP address. When using DoubleClick, this data is transferred to the following recipients:

- Google Ireland Limited

- Alphabet Inc.

- Google LLC

Google may also forward the data collected to another country. Please note that Google may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Google, your data may be transferred to the countries listed below. This may be for various purposes, e.g. processing or storing data:

- United States of America

Google also stores various cookies on your device. Google uses these cookies to help gather information about visitors to our website. This information is used for marketing and analysis purposes. The cookies remain on your device for up to one year. The use of Google Analytics may trigger further data processing operations if necessary, which we have no influence over. DoubleClick uses various methods to store information on a user’s device, listed below:

Name: Test_cookie

Description: Test the user’s browser setting permissions

Type: Cookie

Storage time: 1 day

Domain: doubleclick.net

Name: IDE

Description: Contains a randomly generated user ID. This ID helps Google identify the same user across different domains and websites to display personalised ads.

Type: Cookie

Storage time: 1 year

Domain: doubleclick.net

If you wish to prevent your data from being shared, you can do so by rejecting Google Analytics’ functions. Regardless of this, we recommend that you regularly log out of your user account after using social media, especially before activating integrated content as this helps you avoid having data assigned to your profile by the respective service provider. According to Google, any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. You can find more information about Google’s data protection and use of data on the following website: https://policies.google.com/privacy?hl=en-US

d) Google reCAPTCHA

We use Google reCAPTCHA on our website, a service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”). We use Google reCAPTCHA to verify whether information entered into our forms is done so by a human being or has been automatically inserted by a machine. This is our legitimate interest in using Google reCAPTCHA. The legal basis for this can be found in Article 6.1(f) of the GDPR. Google reCAPTCHA is a free captcha service that protects websites from spam software and misuse by non-human visitors. This service is most commonly used when filling out forms online. A captcha service is a type of automatic test designed to ensure that an action carried out online is done by a person, not a bot. Classic captchas work using small tests that are easy for humans to solve but cause considerable difficulties for machines. You no longer have to actively solve puzzles with reCAPTCHA. The tool uses modern risk techniques to distinguish between humans and bots. You just have to check the field “I am not a robot”, however, this field is no longer necessary with Invisible reCAPTCHA. A JavaScript element is integrated into the source code with reCAPTCHA, the tool then runs in the background and analyses your behaviour as a user. The software uses these user actions to calculate a captcha score. Google uses this score to calculate how likely it is that you are a human before entering the captcha. reCAPTCHA or captchas in general are always used when bots could manipulate or misuse certain actions (e.g. registrations, surveys, etc.).

reCAPTCHA collects users’ personal data in order to determine whether the actions on our website actually come from people. This means that your IP address and other data required by Google for reCAPTCHA services may be sent to Google. IP addresses within the EU or other states that are part of the European Economic Area Agreement are almost always truncated in advance of data being transferred to a server in the USA. According to Google, IP addresses will not be merged with other Google data unless you are logged into your Google account while using reCAPTCHA. You can find an overview of the personal data that may be processed by Google when using reCAPTCHA below:

- Referring URL (the address of the page the visitor accessed our website from)

- IP address (e.g. 256.123.123.1)

- Operating system information (e.g. Windows, Mac OS X, or Linux)

- Cookies

- Keyboard and mouse behaviour (any action you perform using your mouse or keyboard is saved)

- Date and language settings (the date and language you have set up on your PC are saved)

- All JavaScript objects

- Screen resolution (shows the pixel size of the image being displayed)

Google may also forward the data collected to another country. Please note that Google may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Google, your data may be transferred to the countries below. This may be for various purposes, e.g. processing or storing data:

- United States of America

Furthermore, reCAPTCHA stores various cookies on your device. Google uses these cookies to help gather information about visitors to our website. You can find an overview of the cookies that may be associated with the use of Google reCAPTCHA below:

Name: IDE

Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-331669209164-8

Purpose: This cookie is set by DoubleClick (also owned by Google) in order to record and report user actions on a website in terms of advertisements. It helps measure the effectiveness of advertisements and ensures appropriate measures are taken to optimise this. The IDE cookie is stored in browsers under the domain: doubleclick.net.

Expiration date: After one year

Name: 1P_JAR

Value: 14/05/2019-12

Purpose: This cookie collects statistics about website usage and measures conversions. A conversion is when a user becomes a buyer. This cookie is also used to display relevant ads to users. The cookie can be used to prevent a user from seeing the same ad more than once.

Expiration date: After one month

Name: ANID

Value: U7j1v3dZa3316692091640xgZFmiqWppRWKOr

Purpose: We were unable to find much information about this cookie. Google’s privacy policy states that this cookie is connected to the advertising cookies, like DSID, FLC, AID, TAID. ANID is stored under the domain: google.com.

Expiration date: After 9 months

Name: CONSENT

Value: Yes+AT.de+20150628-20-0

Purpose: This cookie stores the status of a user’s consent to the use of various Google services. CONSENT is also used for security purposes to verify users, prevent fraud with login credentials, and protect user data from unauthorised attacks.

Expiration date: After 19 years

Name: NID

Value: 0WmuWqy331669209164zILzqV_nmt3sDXwPeM5Q

Purpose: Google uses NID cookies to customise ads to match your Google search. This cookie helps Google remember your most frequently entered search queries or your previous interaction with ads. So that you always get tailored ads. This cookie contains a unique ID to collect the user’s personal settings for advertising purposes.

Expiration date: After 6 months

Name: DV

Value: GEAABBCjJMXcI0dSAAAANbqc331669209164-4

Purpose: Once you have clicked the “I am not a robot” box, this cookie will be set. Google Analytics uses this cookie for personalised advertising. The DV cookie collects anonymous information and is used to help distinguish between users.

Expiration date: After 10 minutes

The use of Google reCAPTCHA may trigger further data processing operations if necessary, which we have no influence over. Regardless of this, we recommend that you regularly log out of your user account after using social media, especially before activating integrated content as this helps you avoid having data assigned to your profile by the respective service provider. According to Google, any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. You can find more information about Google’s data protection and use of data on the following website: https://policies.google.com/privacy?hl=en-US

e) Google Fonts

We use fonts provided by Google on our website to ensure consistency across our website. Google Fonts is a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google"). When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of Google Fonts. The corresponding legal basis for this processing is found in Article 6.1(a) of the GDPR.

If you agree to the use of Google Fonts, a connection to Google’s servers will be established and the appropriate font will be loaded in your browser cache. The following data will be processed:

-IP address

-Accumulated user data

-Referring URL

-CSS request

-Font requirements

If you are logged into your Google account, you allow Google to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Google account. In addition to this, when you use Google Fonts, this data is transferred to the following recipients:

-Alphabet Inc.

-Google LLC

-Google Ireland Limited

If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Google, your data may be transferred around the world. This may be for various purposes, e.g. processing or storing data. According to Google, any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. If your browser does not support web fonts, or you reject their use, your computer will use a default font.

You can find further information about Google Web Fonts and Google’s Privacy Policy, respectively, here: https://developers.google.com/fonts/faq, https://policies.google.com/privacy?hl=en-US

f) Google Ads

We use Google Ads (formerly Google AdWords) on our website. This service is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”).

Google Ads helps us attract customers using advertising materials on external websites. This helps us determine how successful our individual promotions were. Google delivers these advertising materials via AdServer. We use AdServer cookies, which contain certain parameters that can be used to measure success, such as displaying ads or user clicks. The information the cookie generates about your use of this website is usually transmitted to a Google server in the USA and stored there. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the Google Ads service. The corresponding legal basis for this processing can be found in Article 6.1(a) of the GDPR. Once you agree to the use of Google Ads on our website, a connection to Google’s servers will be established. The following information is shared with the Google server:

-Viewed ads

-Cookie ID

-Time and date of the visit

-Device information

-Geographic location

-IP address

-Search terms

-Displayed ads

-Customer ID

-Impressions

-Online identifiers

-Browser information

If you are logged into your Google account, you allow Google to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Google account. In addition to this, when you use Google Ads, this data is transferred to the following recipients:

-Alphabet Inc.

-Google LLC

-Google Ireland Limited

Google may also forward the data collected to another country. Please note that Google may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Google, your data may be transferred to the countries listed below. This may be for various purposes, e.g. processing or saving data:

-Chile

-Singapore

-United States of America

-Taiwan

Google also stores various cookies on your device. These cookies help Google obtain information about visitors to our website. This information is used for marketing and analysis purposes. The cookies may remain on your device for up to 1 year. You will find an overview of the cookies below:

Name: Test_cookie

Description: This is a test that checks whether the browser allows cookies to be set. It does not contain any information that you can be identified from.

Type: Cookie

Storage time: 15 minutes Domain: doubleclick.net

Name: IDE

Description: Contains a randomly generated user ID. This ID helps Google identify the same user across different domains and websites to display personalised ads.

Type: Cookie

Storage time: 1 year Domain: doubleclick.net

The use of Google Ads may trigger further data processing operations if necessary, which we have no influence over. If you wish to prevent your data from being shared, you can do so by rejecting Google Ads’ functions. Regardless of this, we recommend that you regularly log out of your user account after using social media, especially before activating integrated content as this helps you avoid having data assigned to your profile by the respective service provider.

g) Google Maps

We use Google Maps on our website, an online mapping service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”). This service allows us to display interactive maps on our website and allows you to use these maps. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the Google Maps service. The corresponding legal basis for this processing can be found in Article 6.1(a) of the GDPR. Please note that if you reject the use of Google Maps, you will not be able to see the map content. If you accept the use of Google Maps, Google will be notified that you have accessed the corresponding subpage on our website. Your IP address will be transferred to Google. This is a requirement so that we can provide you with the map and is done regardless of whether Google provides a user account, which you may be logged into, or not. The following information is shared with the Google server when using Google Maps:

- Device information

- IP address

- Referring URL

If you are logged into your Google account, you allow Google to assign your data directly to your personal profile. You can prevent this by logging out of your Google account. Google stores your data as usage profiles and uses it for advertising, market research, or other purposes. Google may also forward the data collected to another country. Please note that Google may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Google, your data may be transferred around the world. This may be for various purposes, e.g. processing or storing data. Any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses.

If you wish to prevent your data from being shared, you can do so by rejecting Google Maps’ functions. Regardless of this, we recommend that you regularly log out of your user account after using social media, especially before activating integrated content as this helps you avoid having data assigned to your profile by the respective service provider. You can find more information about Google’s use of data, settings and rejection options, as well as data protection in Google’s Privacy Policy: https://policies.google.com/privacy?hl=en-US

h) YouTube

We integrate YouTube videos onto our website. YouTube is a social media platform provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as “YouTube”). YouTube connects to Google DoubleClick’s network when you watch a video. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of YouTube’s service. The corresponding legal basis for this processing can be found in Article 6.1(a) of the GDPR. Your browser connects to the Google server when you watch a YouTube video on our website. The following information is transmitted to the YouTube server:

-Device information

-IP address

-Referring URL

-Videos viewed

If you are logged into your YouTube account, you allow YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. When using YouTube, this data is transferred to the following recipients:

-Alphabet Inc.

-Google LLC

-Google Ireland Limited

YouTube may also forward the data collected to another country. Please note that YouTube may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to YouTube, your data may be transferred around the world. This may be for various purposes, e.g. processing or storing data.

YouTube also stores various cookies on your device. YouTube uses these cookies to obtain information about our website visitors. According to YouTube, this information is used to collect video statistics, improve user experience, and prevent fraud, among other things.

The cookies may remain on your device for up to 10 years. Starting to watch a YouTube video may trigger further data processing operations if necessary, which we have no influence over.

If you wish to prevent your data from being shared, you will not be able to use the YouTube feature on our website. Regardless of this, we recommend that you regularly log out of your user account after using social media, especially before activating integrated content as this helps you avoid having data assigned to your profile by the respective service provider. According to Google, any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. You can find more information about Google’s and YouTube’s data protection and use of data on the following website: https://policies.google.com/privacy?hl=en-US

1. Functional and Web Design Services

a) jQuery

JavaScript code from jquery.com is integrated into our website to help make the website more appealing to customers. This service is provided by the JSFoundation Inc., Attn: Privacy Office, 1 Letterman Drive, San Francisco, CA 94129, USA (hereinafter referred to as “jQuery”). jQuery is a feature-rich JavaScript library that allows us to make our website more interesting for visitors. When you visit our website, animations and other files are retrieved from the jQuery server and stored in your browser’s cache on our website. When you visit our website, your browser establishes a direct connection with the jQuery.com servers. jQuery receives information that your IP address is visiting our website. In addition to this, cookies are stored on your computer that enable us to recognise you when you visit our website again. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the jQuery service. The corresponding legal basis for this processing can be found in Article 6.1(a) of the GDPR.

jQuery collects and stores usage data in pseudonymous profiles according to its own information which is stored on jQuery’s servers and protected from interference and changes by unauthorised third parties. We have no influence on the scope and further use of data collected when using jQuery. You can prevent your personal data from being processed by deleting existing cookies or generally restricting cookie storage. You can restrict the storage of cookies using your browser settings or our cookie manager when you open our website. Please note that if you turn off cookie storage, you may not be able to use the entire website.

You can find more information about jQuery’s privacy policy at: http://jquery.com/ and https://privacy-policy.openjsf.org/

b) MyFonts

We use the web font service from MyFonts on our website. This service is provided by the US company Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA.

When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the MyFonts service. The corresponding legal basis for this processing can be found in Article 6.1(a) of the GDPR. Once you agree to the use of MyFonts, a connection to MyFonts’ servers will be established and the corresponding font will be loaded into your browser’s cache.

MyFonts processes data in the USA, among other places. We would like to highlight that, according to the European Court of Justice, there is no adequate data protection for data transferred to the USA. This transfer may pose risks to the legality and security of data being processed there.

MyFonts uses the European Commission’s Standard Contractual Clauses (Article 46.2 and 46.3 of the GDPR) as the basis for processing data for recipients in third party countries (outside of the European Union, Iceland, Liechtenstein, Norway and the USA) or the transfer of data to these countries. These clauses mean that MyFonts is obliged to comply with a certain level of EU data protection regulations when processing relevant data outside of the EU. These clauses are based on the European Commission’s decision to implement them. You will find the clauses, among other things, here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find more information about data processed by MyFonts in their privacy policy: https://www.monotype.com/legal/privacy-policy

c) Cloudflare CDN

We use the Content Delivery Network, provided by Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331, Munich, Germany (hereinafter “Cloudflare”), to increase the security and delivery speed of content on our website. Cloudflare uses cookies and processes user data. Cloudflare offers a Content Delivery Network, along with various security services. A Content Delivery Network (also known as a “CDN”) is a network of interconnected servers that are distributed globally. This helps web pages load faster.

When you visit our website, a load balancer ensures that most of our website is delivered to you by the server that can display this content the fastest. A CDN shortens the length of data transmission to your browser significantly, thus speeding up the website’s loading time.

Cloudflare also provides various security services, such as DDoS protection or a web application firewall. This includes a reverse proxy and the content delivery network.

Cloudflare blocks threats, bots, and crawlers that misuse and waste our bandwidth and server resources. Cloudflare helps us reduce our bandwidth usage by approximately 60% by storing our website in local data centres and blocking spam. In addition to this, it reduces the average page loading time by approximately 50%. Cloudflare states that the “I’m under attack” setting can be used to mitigate further attacks by displaying a JavaScript calculation task that the visitor has to solve before they can access the website.

Using Cloudflare ensures our website is more powerful and less susceptible to spam or attacks. The legal basis for this type of processing is our legitimate interest to optimise and increase the security of our website, in accordance with Article 6.1(f) of the GDPR.

Please note that Cloudflare may transfer data outside of the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Cloudflare, your data may be transferred to the countries listed below. This may be for various purposes, e.g. processing or saving data:

- USA

Generally speaking, Cloudflare stores processed user data for less than 24 hours, with a maximum storage time of seven days. However, if an IP address triggers a security warning to Cloudflare, the aforementioned storage time may vary. According to Cloudflare, data is stored anonymously and no personal data is stored. You can prevent Cloudflare from collecting and processing your data by disabling the script code in your browser or by using a script blocker in your browser. According to Cloudflare, any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. You can find more information about Cloudflare’s data protection and use of data on the following website: https://www.cloudflare.com/de-de/privacypolicy/?tid=331669194442

d) Usercentrics Consent Management Platform

We use the Usercentrics Consent Management Platform (hereinafter “Usercentrics”) provided by Usercentrics GmbH, Rosental 4, 80331, Munich, Germany. Usercentrics collects log file data and consent data using JavaScript. JavaScript allows us to inform the user about their consent to certain cookies and other technologies on our website. It allows us to collect, manage, and document them.

The legal basis for this can be found in Article 6.1(c) of the GDPR. Its aim is to understand user preferences and behave accordingly.

The data will be deleted as soon as we no longer need it for our logging. The cookie lasts for 60 days. Consent data must be stored for six years, in accordance with §257 of the German Commercial Code. A withdrawal certificate of previously granted consent shall be stored for three years. This storage is based on our accountability, in accordance with Article 5.2 of the GDPR. This requires us to comply with the processing of personal data in accordance with the General Data Protection Regulation.

The storage period within the regular limitation period is three years, in accordance with §195 of the German Civil Code.

You can permanently stop JavaScript from running at any time by changing the appropriate settings in your browser. This would also prevent Usercentrics from running JavaScript.

You can find more information about Usercentrics’ data protection on the following website: https://usercentrics.com/privacy-policy/

2. Marketing Services

a) Meta Pixel

We use a Visitor Action Pixel, provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”) to identify user behaviour on our website. This conversion tool allows us to track your actions after you have seen or clicked a Facebook ad. It is used to monitor and analyse the effectiveness of our Facebook ads for statistical and market research purposes. You’ll find a list of all the (personal) data collected when using this service below:

-Viewed ads

-Viewed content

-Device information

-Geographic location

-HTTP header

-Interaction with ads, services, and products

-IP address

-Elements clicked

-Marketing information

-Non-confidential user-defined data

-Pages visited

-Pixel ID

-Referring URL

-Marketing campaign success

-Usage data

-User behaviour

-Facebook cookie information

-Facebook user ID

-Usage/click behaviour

-Browser information

This data is also stored and processed by Facebook, although it can only be recognised in its anonymised form. We do not know exactly what Facebook does with this data; however, we assume that Facebook can and will connect this data to your Facebook account. Facebook may use this information for advertising, market research and the needs-based design of Facebook pages. To do so, Facebook and its partners create usage, interest and relationship profiles to, for example, assess how you use our website in regard to ads displayed on Facebook, inform other Facebook users about your activity on our website, and provide other services related to using Facebook. To do so, Facebook uses various methods to store information on a user’s device, listed as follows:

Name: _fbp