Privacy policy

Privacy Policy 

Any collection, use, storage, deletion or other handling (hereinafter referred to as "processing") of data is solely for the purpose of providing our services. Our services are designed to use as little personal data as possible. "Personal data" (hereinafter also referred to as "data") refers to any information relating to an identified or identifiable natural person (the so-called "data subject").

 

The following privacy policy explains which types of personal data are processed when you access our website, what happens to this data, and how you can object to the processing of your data if necessary.

1. General Information on Data Processing on This Website
1. Data Controller

The controller in accordance with the EU General Data Protection Regulation (GDPR) is:

Gusti Leder GmbH

Address: Erich-Schlesinger-Straße 62

18057 Rostock

Email:info@gusti-leder.de 

Website: https://www.gusti-leder.de/  

2. Data Protection Officer

The Data Protection Officer is Anna Tiede at WS Datenschutz GmbH.

If you have any questions about data protection, you can contact WS Datenschutz GmbH at the following email address: gusti-leder@ws-datenschutz.de

WS Datenschutz GmbH

Dircksenstraße 51 

D-10178 Berlin

https://webersohnundscholtz.de

 

 

3. Protecting Your Data

We have implemented technical and organisational measures to ensure that the provisions of the GDPR are observed both by us and by external service providers working on our behalf.

If we collaborate with other companies—such as email or server providers—to deliver our services, this only takes place following a thorough selection process. Each service provider is carefully assessed for their suitability regarding technical and organisational data protection capabilities. This selection process is documented in writing, and a contract in accordance with Article 28(3) GDPR for the processing of personal data on behalf of a controller (data processing agreement) is only concluded if it meets the requirements of Article 28 GDPR.

Your data is stored on highly protected servers. Access is restricted to a limited number of specially authorised individuals.

Our website is SSL/TLS encrypted, which you can recognise by the “https://” at the beginning of the URL.

4. Deleting Personal Data

We process personal data only for as long as necessary. Once the purpose of the data processing has been fulfilled, the data will be blocked and deleted in accordance with the criteria of our deletion policy, unless legal provisions prevent deletion. 

2. Data Processing on This Website and Creation of Log Files
1. Description and scope of data processing

When you visit our website, our web servers temporarily store each access in a log file. The following personal data is collected and stored until automatically deleted:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Amount of data transferred
• Message indicating whether the retrieval was successful
• Identification data of the browser and operating system used
• Website from which access was made
• Name of your internet service provider

To provide our online services, we use the hosting services of Creoline GmbH. The data processing is carried out by:

Creoline GmbH, Bergstraße 9a, 48341 Altenberge, Germany. For more information, please refer to the privacy policy of Creoline GmbH at https://www.creoline.com/legal/privacy. 

2. Legal basis of data processing

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. b) GDPR. Our legitimate interest is based on providing you with access to our website.

3. Purpose of data processing

The data processing is carried out for the purpose of enabling the use of the website (establishing a connection). It serves system security, the technical administration of the network infrastructure, and the optimisation of the online service. The IP address is only analysed in the event of attacks on our network infrastructure or the network infrastructure of our internet service provider.

 

4. Duration of storage

The personal data will be deleted as soon as they are no longer required for the purposes mentioned above. This is the case when you close the website. Our hosting provider may use the data for statistical purposes. However, the data is anonymised for this purpose. The data will be deleted by our hosting provider after 12 months.

5. Right to rectification by the data subject

The collection of data to provide the website and its storage in log files is strictly necessary for the operation of the website. Therefore, the user only has a possibility to object afterwards. To exercise your right to object, please contact us or directly reach out to the Data Protection Officer of Creoline GmbH at: privacy@creoline.com.

3.  Use of Cookies
1. Description and scope of data processing

Our website uses cookies. These are stored on your computer when you use our website. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive, through which we or the entity setting the cookie receive certain information. Cookies cannot run programmes or transfer viruses to your computer. We use them to enable login, as well as to analyse the use of our website in an anonymised or pseudonymised form and to present you with interesting offers on this website. In this way, various data may be transmitted:

• Frequency of website visits
• Which functions of the website you use
• Search terms used 
• Your cookie settings  
• Your language settings
• Contents of your shopping basket 

When you visit the website, a cookie banner informs you about the use of cookies and provides a link to the privacy policy.

2. Legal basis of data processing

The legal basis for the processing of data through cookies that do not solely serve the functionality of our website is Article 6(1) Sentence 1 (a) GDPR.  

The legal basis for the data processing of cookies that solely serve the functionality of this website is Article 6(1) Sentence 1 (f) GDPR.

3. Purpose of data processing

Our legitimate interest arises from ensuring a smooth connection establishment and a comfortable use of our website, as well as for the evaluation of system security and stability. Data processing also takes place to enable statistical analysis of website usage.

4. Duration of storage

There are two types of cookies. Both are used on this website:

• Transient Cookies (a)
• Persistent Cookies (b)

a) Transient Cookies, which are automatically deleted when you close the browser. These include session cookies, which store a session ID that allows different requests from your browser to be assigned to the same session. This way, your computer can be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

b) Persistent Cookies, which are automatically deleted after a predefined duration, which may vary depending on the cookie.

5. Right to objection and erasure

You have the right to withdraw your consent to the processing of data through cookies that are not solely used for the functionality of the website at any time. Additionally, we only set cookies after you have consented to their use when accessing the site. This way, you can prevent data processing via cookies on our website.

You can also delete cookies at any time in the security settings of your browser. Please note that by doing so, you may not be able to use all the functions of this website. You can also prevent cookies from being set by adjusting the settings in your internet browser at any time.

4. Contact
1. Description and scope of data processing

Through our website, it is possible to contact us via a contact form. Various data are required for responding to the inquiry, and these are automatically stored for processing.

The following data are collected as a minimum (marked as mandatory fields) in the contact form:

• Email address
• First and last name

You may also voluntarily provide the following information:

• Order number
• Salutation
• Telephone number

The data will not be shared with third parties.

2. Legal basis of data processing

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.

3. Purpose of data processing

We process your data exclusively to handle your contact inquiry.

4. Duration of storage

Your data will be deleted by us as soon as the purpose of the data processing has been fulfilled, generally immediately after the inquiry has been answered. However, in rare cases, we may retain your data for a longer period. This may arise from legal, regulatory, or contractual obligations.

5. Right to objection and erasure

You can contact us at any time and object to the further processing of your data. In this case, we will unfortunately be unable to continue communication with you. All personal data that was processed by us during the contact process will be deleted, unless there are legal obligations preventing the deletion of your data.

6. WhatsApp
1. Description of data processing

We offer you the option to contact us via WhatsApp using your mobile phone. This is only possible if you have WhatsApp installed on your mobile phone or choose to install it. The advantage for you is that you can contact us through WhatsApp. For the data processing, we are jointly responsible with: WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. 

When you contact us via WhatsApp, we automatically receive the following information from WhatsApp:

• Your phone number
• Your WhatsApp username
• Your profile picture
• Your profile info
• Possibly your status
• Possibly when you were last online on WhatsApp
• Your message
• Possibly whether you have received and/or read our messages

 

For more information on how WhatsApp Web works and the privacy settings for your social media account, please refer to the privacy notices and terms of use of WhatsApp at:: https://www.whatsapp.com/legal/?lang=de#terms-of-service and https://www.whatsapp.com/legal/?lang=de

2. Legal basis of data processing

Contacting us via WhatsApp and the disclosure of your data in connection with this is voluntary. Therefore, the processing is based on Article 6(1)(a) of the GDPR.

3. Purpose of data processing

The purpose of data processing is to provide an easy and everyday communication channel for many people. This simplifies quick exchanges of general service information and tips for resolving issues with using our website for both you and us.

4. Duration of storage

Your data will be deleted by us immediately after responding to your service request. However, in rare cases, we may need to retain your data for a longer period. This may be due to legal or contractual obligations.

5. Right to objection and erasure

Contacting us via WhatsApp is voluntary and can be terminated at any time. You have the right to withdraw your consent to data processing, as per Article 7 of the GDPR. The withdrawal takes effect from the moment it is made and applies to future processing. You can withdraw your consent at any time. This can be done verbally, by post, by email, or by any other means. The extent of the disclosure of your data depends on your individual privacy settings in the WhatsApp Messenger. More information can be found here.: https://www.whatsapp.com/legal/?lang=de#privacy-policy-managing-and-deleting-your-information 

7. WhatsApp Web
1. Description of data processing

We offer you the opportunity to contact us via WhatsApp Web using your mobile phone. This is only possible if you have WhatsApp installed on your mobile phone or are willing to install it. The advantage for you is that you can now easily stay in touch with us via WhatsApp on your mobile phone. Through this connection, we automatically receive the following information from WhatsApp:

• Your phone number
• Numeric social media ID
• First and last name
• Gender
• WhatsApp username
• Whether the account is verified (e.g. "Yes")
• Link to your public profile on the selected social media service.

For more information on how WhatsApp Web works and the privacy settings of your social media account, please refer to the privacy policy and terms of service. The data processing is carried out by: WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland. 

For more information on data processing by WhatsApp, please visit their privacy policy.: https://www.whatsapp.com/legal/#terms-of-service 

2. Legal basis of data processing

The registration via WhatsApp Web and the associated disclosure of your data is voluntary. The processing is therefore based on your consent, as per Article 6(1)(a) of the GDPR.

3. Purpose of data processing

The purpose of the data processing is to provide a simple and everyday communication channel through WhatsApp. This makes it easier for both you and us to arrange appointments and similar matters.

4. Duration of storage

The data will be deleted as soon as the purpose of the data processing has been fulfilled and there are no legal, regulatory, or contractual provisions preventing the deletion.

5. Right so objection and erasure

Contacting us via WhatsApp is voluntary and can be ended at any time. You have the option to withdraw your consent to data processing, in accordance with Article 7 of the GDPR. A withdrawal takes effect from the moment it is made and applies to future processing. You can withdraw your consent at any time. This can be done by phone, by post, by email, or through any other means. The extent of data disclosure depends on your individual privacy settings in the WhatsApp Messenger.

5. Registration on the Website
1. Description and scope of data processing

You can register on our website. To do so, you are required to enter personal data into the registration form. The following data will be collected as a minimum:

• Email address
• First and last name
• Salutation
• Address

The data you provide in the registration form will be used solely for processing and will generally not be shared with third parties.

2. Legal basis of data processing

If you provide personal data that corresponds to the mandatory fields in the input form, the data processing is based on Article 6(1)(b) GDPR.

3. Purpose of data processing

We process your data solely for the purpose of completing your registration and managing your account on our website.

4. Duration of storage

The data will be deleted as soon as they are no longer required for the purpose they were collected. This is the case when you close your account with us and no legal or regulatory retention periods prevent deletion.

5. Right to objection and erasure

Both during and after the registration process, you are free to modify, correct, or delete the personal data you have provided.

6. Data Processing in the Context of Applications
1. Data Processing in the Context of Email Applications
1. Description and scope of data processing

You can apply to us via email (personal@gusti-leder.de ) through our website. The personal data you provide will be processed and stored for the purpose of handling your application and for further processing within the respective application procedure.

2. Legal basis of data processing

The legal bases for the processing of personal data are Article 88 of the GDPR and Section 26 of the German Federal Data Protection Act (BDSG).

3. Purpose of data processing

We process your data solely for the purpose of carrying out the application procedure.

4. Duration of storage

If your application results in the establishment of an employment relationship, your personal data will be stored in accordance with legal requirements. If your application is not considered during the selection process for a potential candidate, it will be deleted in line with our internal deletion policy. In doing so, we take into account the provisions of the German General Equal Treatment Act (AGG), particularly the burden of proof as per Section 22 AGG.

This does not apply if legal obligations prevent deletion, or if you have consented to a longer retention period. In such cases, the continued storage of your personal data is based on Article 6(1)(c) or Article 6(1)(a) of the GDPR.

5. Right to objection and erasure

You may contact us at any time to object to the further processing of your data. In such cases, all personal data processed by us in connection with the application process will be deleted, unless mandatory legal provisions prevent deletion.

2. Recruitee
1. Description and scope of data processing 

We use the services of the application management software "Recruitee" for our recruitment portal, with whom we have concluded a data processing agreement. The data processing is carried out by: Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, the Netherlands.

Our recruitment portal can be found at the following link: https://gustileder.recruitee.com. On this page, you will find our current job openings along with all the important information related to each position. You can also apply directly for specific positions via the application form provided on the site.

For this purpose, Recruitee processes the following personal data on our behalf, among others:

• First and last name  
• Any contact details  
• CVs  
• Email correspondence  
• Professional background  
• Motivation letters and cover letters  
• Other application documents  
• Date and time of use of the application page  
• Cookies  
• HTTP requests and responses

For more information, you can find Recruitee’s privacy policy at the following link:: https://recruitee.com/privacy-policy 

2. Legal basis of data processing

The legal basis for the use of Recruitee is our legitimate interest in providing an application portal in accordance with Article 6(1)(f) of the UK GDPR.

3. Purpose of data processing 

The purpose of the data processing is to optimise our recruitment management.

4. Duration of storage 

The data will be deleted as soon as the purpose of the data processing has been achieved and there are no legal, contractual, or regulatory retention periods that prevent deletion.

5. Right to objection and erasure

You have the right to object to the data processing at any time by notifying our Data Protection Officer. If you have any questions regarding data protection with Recruitee, you can contact Recruitee at any time via the following email address: hello@recruitee.com.  

If you wish to opt out of data processing by Recruitee and do not want to use our application portal, you also have the option to send your application directly to us via email at personal@gusti-leder.de.

3. Google Meet 
1. Description and scope of data processing

For conducting virtual job interviews, we use Google Meet, a service provided by Google Ireland Limited. During use, personal data may also be transmitted to the parent company Google LLC in the USA. The data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.  

When using Google Meet, various personal data is collected and processed, including:  

• IP addresses  
• Email addresses  
• Device names  
• Audio and video data  
• Chat contents

2. Purpose of data processing 

The processing of personal data is carried out for the purpose of providing video conferencing services. This includes organising and conducting online meetings, as well as storing meeting content if a recording is initiated.

3. Legal basis of processing data 

The processing is based on Article 6(1)(f) GDPR (legitimate interest), as providing a secure and efficient communication tool is in the interest of the company.

4. Duration of storage 

The data from Google Meet is typically stored for as long as necessary for the purpose of data processing. No video recording of the conversation takes place.

5. Right to objection and erasure

You have the right to object to the processing of your data at any time by notifying our Data Protection Officer. For more information on data protection, we refer you to the following privacy policy from Google: https://policies.google.com/privacy?hl=en&gl=de 

7. Data processing in the context of events
1. Description and scope of data processing

In the context of organising and conducting events, we collect and process personal data of participants, for example, to send you the appropriate invitation. The data processed typically includes:

• Name,
• Contact details (such as email address and phone number),
• And, if applicable, specific information related to the event participation.

If the event is organised by a third party, you will be informed in advance that your participation data may be shared with them for this purpose.

2. Legal basis of data processing

The processing of your personal data is based on Article 6(1)(f) of the GDPR, where our legitimate interest lies in the efficient organisation and execution of our events.

3. Purpose of data processing

The collection and processing of your data is for the purpose of planning, organising, and conducting the event.

4. Duration of storage

Your personal data will be stored for as long as necessary to fulfil the purpose for which it was collected. After the event has concluded and all related obligations have been fulfilled, your data will be deleted unless legal retention obligations require otherwise.

5. Right to objection and erasure

You can contact us at any time and object to any further processing of your data. In this case, all personal data processed by us in connection with the event will be deleted, unless mandatory legal provisions prevent the deletion.

8. Newsletter
1. Description and scope of data processing

We offer the option to subscribe to our newsletter on our website. When ordering the newsletter, the provision of personal data for processing is required. The data requested in the newsletter input form are as follows. Input fields marked with an asterisk (*) are mandatory fields:

• Email address

These mandatory fields are necessary to send you the newsletter.

The newsletter is sent via email. You will only receive the newsletter after successfully subscribing. To comply with the requirements of the GDPR, we use the so-called DOI procedure ("Double Opt-In"). When you sign up for our newsletter, you will receive a confirmation email at the email address you provided in the input field. This email contains a confirmation link that you must click on. After completing this procedure, you have successfully subscribed to the newsletter. To carry out the procedure, your IP address, as well as the date and time of registration, will be stored. This is done to prevent misuse. In principle, your data will not be passed on to third parties.

2.  Legal basis of data processing

The legal basis for the data processing is your consent in accordance with Article 6(1) sentence 1 letter a) of the GDPR. Existing customers may receive newsletters from us without having explicitly given consent. However, this is only done within the narrow limits of Section 7(3) of the German Unfair Competition Act (UWG), which, in light of Article 95 of the GDPR, is to be understood in parallel with Article 6(1) sentence 1 letter f) of the GDPR. Our legitimate interest lies in informing our existing customers about our products through promotional emails and thus maintaining contact with these customers.

3.  Purpose of data processing

The newsletter is designed to inform you regularly about offers and news from us.

4.  Duration of storage

We will process your data only as long as necessary to fulfill the purpose, and as long as there are no legal or regulatory retention obligations preventing deletion.

5.  Right to objection and erasure

The consent to the processing of personal data in connection with the newsletter subscription can be withdrawn at any time. To do so, you can click the unsubscribe link included in each newsletter or notify us of your withdrawal in another way.

6. Sending service provider Klaviyo
1. Description and scope of data processing

The newsletter is sent via the provider Klaviyo. The data processing is carried out by:

Klaviyo, Inc., 60 South Street, Suite 910, Boston, Massachusetts 02111, USA.

The email addresses of our newsletter recipients, as well as other data described in these notes, are stored on Klaviyo's servers. Klaviyo uses this information to send and evaluate the newsletters on our behalf. The newsletters contain a so-called "web beacon," which is a pixel-sized file that is retrieved from the Klaviyo server when the newsletter is opened. During this retrieval, information such as details about your system, your contact data, demographic data, and the time of retrieval are collected.

The statistical data also includes determining whether the newsletters are opened, how often they are opened, and which links are clicked. Although this information can technically be attributed to individual newsletter recipients, it is neither our intention nor Klaviyo's to monitor individual users. We rely on the reliability and IT and data security of Klaviyo. For additional information about data protection at Klaviyo, please refer to: https://www.klaviyo.com/privacy  

2. Legal basis of data processing

The data processing by Klaviyo is based on our legitimate interest in the effective and secure delivery of the newsletter to you, in accordance with Art. 6(1) sentence 1 lit. f) GDPR.

3. Purpose of data processing

We use Klaviyo as our delivery service provider to ensure effective address management and to stay in contact with you through the newsletter.

4. Duration of storage

According to Klaviyo, they store your personal data only as long as we use it for the newsletter dispatch. Klaviyo deletes your data if you request deletion and we remove you from our address list.

5. Right to objection and erasure

You can object to the processing of your data by Klaviyo with us. We will then review your justified objection and inform you whether and why we will continue processing your data. Additionally, you are always free to use the "Opt out" link at the end of each email, which will result in us removing your email address from our address list, and consequently, Klaviyo will no longer process your personal data. However, this will not affect address lists that Klaviyo manages on behalf of other clients. If you have questions about data protection with Klaviyo or wish to exercise your rights with Klaviyo, you can contact Klaviyo at the following address:: privacy@klaviyo.com 

9. Shopping via the online store
1. Description and scope of data processing

When you shop with us and arrange for a delivery, we process your name, address, and email address. For parcel deliveries, we also share your name, address, and email address with our contracted processors and service providers.

2. Legal basis of data processing

The legal basis for the data processing associated with this is Article 6(1) sentence 1 letter b) of the GDPR, i.e. the processing of your data is necessary for the fulfilment of the purchase contracts and delivery agreements.

3. Purpose of data processing

We process your data to conclude the purchase contract, including the delivery agreement with you, to process the purchase contract, including invoicing by email or post and receipt of payment, to ensure timely delivery, and to inform you about delivery dates and/or changes to the delivery.

We share your data with our service providers so they can handle the delivery and, if necessary, communicate with you to announce and coordinate the delivery of your ordered goods.

4. Duration of storage

Your data will only be stored for as long as necessary to fulfil the purpose and for as long as we are required to retain your data due to legal, contractual, or regulatory obligations.

5. Right to objection and erasure

The data processing is strictly necessary to process your purchase contract, which means it cannot be waived. Therefore, there is no option to remove it.

6. Heidelpay
1. Description and scope of data processing 

As we do not process your payment directly, the collection, processing, and storage of data for the electronic payment transaction is carried out exclusively by our partner. The data processing is performed on our behalf by: Heidelberger Payment GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany. 

Heidelpay receives the following data directly from you in connection with your order during the processing of the electronic payment transaction:

• First name
• Last name
• Address
• Postal code
• City
• Country
• Email address
• Mobile number
• Type of payment
• Identifying details required for the transaction.

If payment is made by credit card, the following additional information is transmitted to Heidelpay:

• Credit card number
• Credit card holder
• Credit card expiration date (month and year)
• Credit card CVC.

If payment is made by direct debit, the following additional information is transmitted to Heidelpay:

• IBAN
• BIC.

The aforementioned data is never transmitted to us.

2. Legal basis of data processing

The legal basis is based on Article 6(1) sentence 1 letter (b) of the GDPR.

3. Purpose of data processing

The data processing is carried out solely for the purpose of processing your payment for the order you placed with us.

4. Duration of storage

Your data will be stored only for as long as necessary for processing the purchase and invoicing, unless legal or contractual retention periods prevent the deletion of your data.

5. Right to objection and erasure

The data processing is strictly necessary to process your payment through Heidelpay, and therefore cannot be waived if you have chosen this payment method. There is no option for removal in this case.

7. Credit card
1. Description and scope of data processing

If you wish to pay for your order via credit card on our online shop, we require certain data for the payment processing. Specifically, we ask for:

• Name,
• Address,
• Email address,
• Credit card number,
• Name of the credit card holder, and
• The expiry date of the credit card.

We will verify the entered data along with the details of your order.

2. Legal basis of data processing

The legal basis for the associated data processing is Article 6(1) sentence 1 (b) of the GDPR, meaning the processing of your data is necessary for the fulfilment of the agreement regarding payment by credit card.

3. Purpose of data processing

We process this data to detect any fraudulent use of the credit card or the payment method by credit card at an early stage and use the data after successful verification to process the agreed payment by credit card.

4. Duration of storage

Your data will be stored only as long as necessary for processing the purchase and invoicing, unless legal or contractual retention periods prevent the deletion of your data.

5. Right to objection and erasure

The data processing is strictly necessary to process your payment via credit card, which is why it cannot be waived if you have chosen this payment method. Therefore, there is no option to remove it.

8. PayPal
1. Description and scope of data processing 

We offer PayPal as a possible payment service. PayPal is a virtual account model and payment method. To use the payment service via PayPal, prior registration with PayPal is required. The data processing is carried out by: PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If you use PayPal as a payment method, your personal data will be transmitted to PayPal. The personal data includes:

• First name,
• Last name,
• Address,
• Email address,
• IP address,
• Phone number,
• Possibly mobile number, and
• Other data necessary for the final payment processing.

In addition to sharing the data with credit bureaus, it is also possible that PayPal may forward the personal data to affiliated companies, including subcontractors, as far as required to fulfill contractual obligations. The same applies for data processing on behalf of third parties. PayPal uses binding internal data protection regulations (Binding Corporate Rules):: https://www.paypal.com/uk/legalhub/paypal/bcr?locale.x=en_GB, to secure the data processing. For information on PayPal’s privacy policy, please refer to the following link: https://www.paypal.com/uk/legalhub/paypal/privacy-full 

2. Legal basis of data processing

The legal basis is based on Article 6(1) sentence 1 letter b) of the GDPR.

3. Purpose of data processing

The transmission of the data is necessary to prevent potential misuse. We inform you that PayPal may transmit your personal data to credit reference agencies, as PayPal reserves the right to check your identity and creditworthiness.

4. Duration of storage

Your data will be stored only as long as necessary for the completion of the purchase and invoicing process, unless legal or contractual retention periods prevent the deletion of your data.

5. Right to objection and erasure

The data processing is strictly necessary to process your payment via PayPal, and therefore cannot be waived if you have chosen this payment method. There is no option to remove it.

9. Purchase on invoice - Klarna
1. Description and scope of data processing

We use the "Purchase on Invoice" payment service provided by Klarna (hereinafter referred to as "Purchase on Invoice"). For this, we have integrated components of Klarna on our website. The data processing is carried out by: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter Klarna).

If you wish to use the "Purchase on Invoice" payment option for processing your payment, your personal data will be transmitted to Klarna. This includes the following categories of personal data:

• Contact and identification details,
• Information about goods/services,
• Payment information,
• Other data that may be necessary for payment processing.

In the case of "Purchase on Invoice," Klarna also passes personal data on to credit agencies to carry out an identity and creditworthiness check on the individual concerned. It is also possible that Klarna may forward personal data to affiliated companies and/or subcontractors, if necessary to fulfill contractual obligations. For more information, please refer to https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en_gb/privacy as well as https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/invoice.

2. Legal basis of data processing

The legal basis for the data processing is Article 6(1) sentence 1 lit. f) GDPR. It is in our legitimate interest to transfer the risk arising from a "Purchase on Invoice" to a service provider.

3. Purpose of data processing

We use Klarna to make the payment processing for "Purchase on Invoice" simple and quick.

4. Duration of storage

We store your data only for as long as necessary for processing the purchase and invoicing, unless legal or contractual retention periods prevent the deletion of your data. For billing purposes with the online provider and to fulfil legal retention obligations, Klarna stores your name, account number, bank code, subject, date, and transfer amount within the statutory retention periods. In the case of SEPA transfers, and depending on your bank, Klarna also stores the BIC and IBAN if they are required to process the transfer in your online banking account, within the statutory retention periods. The legal retention periods range from three to ten years.

5. Right to objection and erasure

The data processing is strictly necessary to process your payment if you have chosen the "Pay by Invoice" option, which means it cannot be waived.

10. Prepayment (Bank transfer by customer)
1. Description and scope of data processing

If you choose advance payment, you will transfer the agreed invoice amount to us from a financial institution of your choice. This institution will transmit the following payment data to us:

• Account holder's name,
• IBAN,
• Order number, and
• Invoice amount.

We do not process the payment data ourselves; instead, it is processed directly by the service provider handling the payment.

The data processing is carried out by:

Commerzbank Aktiengesellschaft

Business address: Kaiserplatz, 60311 Frankfurt am Main

Postal address: 60261 Frankfurt am Main

Telephone: 069 1 36 20

Emai address: info@commerzbank.com

Website: https://www.commerzbank.de/

Our service provider cannot associate this information with other details (such as your address or email address). Please refer to the privacy policy of our service provider:

https://www.commerzbank.de/hinweise/rechtliche-hinweise/#datenschutz

 

2. Legal basis of data processing

The legal basis for the data processing is Article 6(1) sentence 1(b) of the GDPR.

3. Purpose of data processing

The processing of the data is necessary for payment by prepayment and thus for the execution of the contract.

4. Duration of storage

Your data will only be stored for as long as necessary for the completion of the purchase and invoicing, unless statutory or contractual retention periods prevent the deletion of your data.

5. Right to objection and erasure

The data processing is essential in order to process your advance payment, and therefore cannot be waived if you have selected this payment method. There is no possibility to remove it.

11. Immediate bank transfer - sofort.com / Klarna
1. Description and scope of data processing

We use the payment service "Sofortüberweisung - sofort.com" from Klarna (hereinafter "Sofortüberweisung"). For this purpose, we have integrated components of "Sofortüberweisung" on our website. To process payments, "Sofortüberweisung" uses a technical procedure through which we receive an immediate payment confirmation. This allows us to promptly determine whether a payment has been received, after which the investment can be made. The data processing is carried out by: Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany, as a member of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.

 

If you wish to use the "Sofortüberweisung" payment option for payment processing, your personal data will be transmitted to "Sofortüberweisung". The following personal data will be processed:

• PIN and TAN
• Technical verification of account balance or coverage
• Transmission of the transaction confirmation to us
• First name,
• Last name,
• Address,
• E-mail address,
• IP address,
• Telephone number,
• Mobile number
• Other data necessary for payment processing.

 

It is possible that "Sofortüberweisung" will also share personal data with credit agencies to perform an identity and credit check of the affected person. Furthermore, "Sofortüberweisung" may pass on personal data to affiliated companies and/or subcontractors if this is necessary to fulfill contractual obligations. For more information, please refer to: https://www.sofort.de/datenschutz.html as well as https://www.klarna.com/international/privacy-policy/ 

2. Legal basis of data processing

The legal basis for data processing is Article 6(1) sentence 1(b) of the GDPR.

3. Purpose of data processing

We use Sofortüberweisung - sofort.com to make the payment processing simple and quick for you.

4. Duration of storage

We store your data only as long as necessary for processing the purchase and invoicing, unless there are legal or contractual retention periods preventing the deletion of your data. For billing purposes with the online provider and to comply with legal retention obligations, Klarna stores the name, account number, bank code, subject, date, and transfer amount within the statutory retention periods. For SEPA transfers, and depending on your bank, Klarna also stores the BIC and IBAN if required to process the transfer into your online banking account, within the statutory retention periods. The statutory retention periods range from three to ten years.

5. Right to objection and erasure

The processing of data is absolutely necessary in order to complete your payment, and therefore cannot be omitted if you have chosen this method of payment.

12. Google Pay
1. Description and scope of data processing

You also have the option to complete your purchase via Google Payment. Data processing for the European Economic Area and Switzerland is carried out by:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

In addition to the registration details and the information processed by Google Payment via third parties, the following data may be processed by Google during each transaction:

• The date, time, and amount of the transaction, the merchant’s location and description, a description of the goods or services purchased as provided by the seller, any photos you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction, and any offer associated with the transaction, where applicable.

When you make a purchase or transaction via Google Payments, Google provides us with certain personal data about you. If you make a purchase through our website, we may also verify whether you have a Google Payments account with a payment method that can be used for payment on our site.

For more information about Google Payments and data protection at Google, please click here:  https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de; https://policies.google.com/privacy?hl=en 

2. Legal basis of data processing

The legal basis for data processing is Article 6(1)(b) Sentence 1 of the GDPR.

3. Purpose of data processing

The processing of data is necessary for payment via Apple Pay and therefore for the performance of the contract.

Google processes the data in order to provide you with Google Payments services and to protect you against fraud, phishing, or other violations. This information may also be used to assist third-party providers in delivering products or services that you have requested from them. Google also uses the information to verify your Google Payments account, in order to determine whether you meet the terms of service and other legitimate business requirements associated with the Google Payments transactions you initiate.

4. Duration of storage

We only retain your data for as long as is necessary to process your purchase and issue the invoice, unless legal or contractual retention periods prevent the deletion of your data.

Google deletes the data as soon as it is no longer required for record-keeping purposes and no regulatory, legal, or contractual provisions prevent its deletion.

5. Right to objection and erasure

The processing of data is absolutely necessary in order to complete your payment via Google Pay, and therefore cannot be omitted if you have chosen this payment method.

In your Google Payment settings, you can prevent Google LLC or its subsidiaries from sharing information with third-party providers—whose websites or apps you visit—about whether you have a Google Payments account that can be used to make payments with those providers.

13. Amazon Pay 
1. Description and scope of data processing

You have the option to complete your purchase via Amazon Pay. Data processing is carried out by: Amazon Payments Europe S.C.A., 38 Avenue J.F. Kennedy, L-1855 Luxembourg.

In addition to registration information, Amazon Pay processes the following data for each transaction: the date, time, and amount of the transaction, the merchant's name, a description of the goods or services purchased, the payment method, as well as your email address and delivery address. This data is transmitted to Amazon for the purpose of processing the payment. Amazon Pay uses the data to execute the payment and for fraud prevention.

For more information about data protection at Amazon Pay, please click here: https://pay.amazon.co.uk/help/201751600 

2. Legal basis of data processing

The legal basis for data processing is Article 6(1)(b) Sentence 1 of the GDPR.

3. Purpose of data processing

The processing of the data is necessary for payment via Amazon Pay and therefore for the performance of the contract.

4. Duration of storage

We only retain your data for as long as is necessary to process your purchase and issue the invoice, unless legal or contractual retention periods prevent the deletion of your data.

5. Right to objection and erasure

The processing of data is absolutely necessary in order to complete your payment via Amazon Pay, and therefore cannot be omitted if you have chosen this payment method.

14. Apple Pay
1. Description and scope of data processing

You have the option to complete your purchase via Apple Pay. Data processing is carried out by: Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA.

Apple Pay processes the following data for each transaction: the date and time of the transaction, the amount, the merchant's name, the payment method used, as well as your device ID with model number and, if applicable, your billing address. Apple does not store full credit card numbers and only uses anonymised transaction data to improve its services. However, the user's bank receives certain personal data, such as name and billing address, for payment processing.

For more information about data protection at Apple Pay, please click here: https://support.apple.com/en-gb/101554 

2. Legal basis of data processing

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.

3. Purpose of data processing

We use Apple Pay as a convenient and fast option for you to process your payment. The transmission of data is not only necessary for the processing of payments, but also to prevent misuse.

4. Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

5. Right to objection and erasure

Data processing is mandatory in order to process your payment with Apple Pay, so it cannot be waived if you have chosen this payment method. There is therefore no option to object

 

9.15 iDeal

9.15.1 Description and scope of data processing

We use the payment service iDeal. For this purpose, we have integrated components for iDeal on this website. Data processing is carried out by:

Currence Holding BV, Beethovenstraat 300 Amsterdam, The Netherlands.

If the user wishes to use the payment option iDeal for payment processing, personal data will be transmitted to iDeal. The following personal data is processed:

• PIN and TAN
• Technical check of the account balance or account coverage
• Transmission of the confirmation of the transaction to us
• First name
• Last name
• Address
• Email address
• Mobile phone number
• other data if this is necessary for payment processing.

It is possible that iDeal transfers the personal data also to credit bureaus in order to carry out an examination of the identity and creditworthiness of the user. It is also possible that iDeal transfers the personal data to affiliated companies and / or subcontractors if this is necessary to fulfill contractual obligations. Regarding the privacy policy, please refer to the following link: iDEAL_Privacy_Statement_EN.pdf.

9.15.2 Legal basis of data processing

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.

9.15.3 Purpose of data processing

We use iDeal as a convenient and fast option for you to process your payment. The transmission of data is not only necessary for the processing of payments, but also to prevent misuse.

9.15.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

9.15.5 Right to objection and erasure

Data processing is mandatory in order to process your payment with iDeal, so it cannot be waived if you have chosen this payment method. There is therefore no option to object

 

9.16 mollie

9.16.1 Description and scope of data processing

We use the payment service provider mollie B.V., Keizersgracht 121, 1015 CJ Amsterdam, the Netherlands. We use mollie to offer a variety of payment options in our online store. The provider acts as an intermediary between buyers and sellers by handling the payment process. This includes the integration of all payment methods.

Depending on the selected payment method, different personal data is processed:

Payment data:

• Bank account number
• Credit card number
• Amount of the transaction
• Date and time of payment

Personal data:

• First and last name
• Address (postal address)
• Email address
• Telephone number (if necessary)

Technical data:

• IP address
• Browser and device type
• Information about the website or app used

Transaction-related data:

• Information about the product or service purchased
• Customer ID or order number

Usage data:

• Start and end of website visit
• Content accessed on the website

For more information about data protection at mollie, please refer to the mollie privacy policy: https://www.mollie.com/de/privacy.

9.16.2 Legal basis for processing personal data

The legal basis for data processing is Art. 6 para. 1 s.1 lit. b GDPR.

9.16.3 Purpose of data processing

The purpose of data processing is to process and provide various payment methods.

9.16.4 Duration of storage

The data is stored until the purpose of the data processing has been achieved and no statutory, contractual or official retention requirements prevent deletion.

9.16.5 Right to objection and erasure 

This data processing is absolutely necessary in order to process your payment, which is why it cannot be dispensed with if you wish to order from our online store.

9.17 Przelewy24

9.17.1 Description and scope of data processing

We use the payment service Przelewy24. For this purpose, we have integrated components of Przelewy24 on this website. Data processing is carried out by:

PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland.

If the user wishes to use the payment option Przelewy24 for payment processing, personal data will be transmitted to Przelewy24. The following personal data is processed:

• First name
• Last name
• Home address
• Address for correspondence
• Email-address
• Number of payment accounts, including bank accounts
• Payment card number
• Other identifier of the payment instrument used
• Mobile number 
• IP address 

It is possible that Przelewy24 transfers the personal data also to credit bureaus in order to carry out an examination of the identity and creditworthiness of the user. It is also possible that Przelewy24 transfers the personal data to affiliated companies and / or subcontractors if this is necessary to fulfill contractual obligations. Regarding the privacy policy, please refer to the following link: Information obligation - GDPR - Przelewy24.

9.17.2 Legal basis of data processing

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.

9.17.3 Purpose of data processing

We use Przelewy24 as a convenient and fast option for you to process your payment. The transmission of data is not only necessary for the processing of payments, but also to prevent misuse.

9.17.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

9.17.5 Right to objection and erasure

Data processing is mandatory in order to process your payment with Przelewy24, so it cannot be waived if you have chosen this payment method. There is therefore no option to object.

10. Social Media Links

We have integrated social media platforms into our services via links, which may result in the social media providers receiving data about you. If you click on a social media link, the website of the respective social media provider will be opened. By accessing the social media provider's website through our services, the provider receives the corresponding referral data. This informs the social media provider that you have visited us.

Note on data processing in the USA: 

If you click on a social media link, your data may be processed by the respective provider in the USA. According to the European Court of Justice, the level of data protection in the USA is inadequate, and there is a risk that your data may be accessed and processed by U.S. authorities for monitoring and surveillance purposes—possibly without any legal remedy. If you do not click on the social media links, no data will be transmitted.

You can find more information on how social media providers process your data here:

Meta:https://de-de.facebook.com/help/pages/insights, 

https://www.facebook.com/privacy/policy/?section_id=0-WhatIsThePrivacy, 

https://de-de.facebook.com/full_data_use_policy 

Instagram: https://help.instagram.com/155833707900388 https://www.instagram.com/about/legal/privacy/

YouTube:https://www.google.de/intl/de/policies/privacy/

Pinterest:https://policy.pinterest.com/de/privacy-policy

 

11. Social Media Plugins

We have integrated social media platforms into our website using so-called “social plugins,” which may result in the social media providers receiving data about you. We explain these in detail for you below.

 

1. Youtube
1. Description and scope of data processing

We use YouTube as a provider for embedding videos on our website. The entity responsible for data processing, together with us, is: YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Typically, when accessing certain pages of our website with embedded videos, your IP address is sent to YouTube, and cookies are installed on your device. If you click on the video, your IP address will be transmitted to YouTube, and YouTube will be informed that you have viewed the video. If you are logged into YouTube, this information will also be associated with your user account. We have no knowledge of or control over the subsequent collection and use of your data by YouTube. For more information on data protection, we refer you to the following privacy policy of YouTube or Google: https://policies.google.com/privacy?hl=en&gl=de 

2. Legal basis of data processing

The legal basis for data processing is your consent in accordance with Article 6(1)(a) Sentence 1 of the GDPR.

3. Purpose of data processing

We use social media to raise awareness of our company. Additionally, we want to offer you the opportunity to interact with social media through our website.

4. Duration of storage

The data collected by YouTube (Google) through plugins and advertisements is deleted by the data controller after a fixed retention period. According to Google, this period is 9 or 18 months.

5. Right to objection and erasure

You have the right to withdraw your consent to data processing at any time. To do so, please contact our data protection officer. In order to prevent data processing by YouTube, you can log out of YouTube before visiting our website and delete all cookies from your browser history. Further settings and objections regarding the use of data for advertising purposes can be made within the YouTube profile settings. These settings are platform-independent, meaning they will apply to all devices, such as desktop computers or mobile devices.

12. Tracking and analysis tools

To continuously improve our website offerings, we use the following analytics tools. The data processed by each tool and how you can contact the respective service providers are detailed below:

1. Facebook Custom Audience / Facebook Pixel
1. Description and scope of data processing

Our website uses the Facebook Pixel from Meta for conversion tracking. Data processing is carried out by: Meta Platforms Ireland Limited, 1 Hacker Way, Menlo Park, CA 94025, USA.

With the help of the Facebook Pixel, the behavior of website visitors can be tracked after they visit our site. This allows the effectiveness of Meta ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized. Meta receives the following categories of data: the referring URL, browser information, and the Facebook user ID of the person, if they have a Facebook account and are logged in to Facebook.

The data is stored and processed by Meta, allowing it to be linked to the respective user profile, and Meta can use the data for its own advertising purposes in accordance with Meta's data usage policy. This enables Meta to serve ads on Meta pages as well as outside of Meta. This use of the data cannot be influenced by us as the site operator.

The data we receive includes: email address, gender, first and last name, postal code, city, and country. We use this data for our advertising purposes and can establish a personal reference.

Meta’s privacy policy can be found at the following address: https://www.facebook.com/about/privacy/. 

2. Legal basis of data processing

The legal basis for using the application is your consent, in accordance with Article 6(1)(a) Sentence 1 of the GDPR.

3. Purpose of data processing

We process your data for the purpose of the needs-based and ongoing optimisation of our website. This also constitutes our legitimate interest in data processing.

4. Duration of storage

The data will be deleted as soon as it is no longer needed for our record-keeping purposes and no legal, regulatory, or contractual provisions prevent its deletion.

5. Right to objection and erasure

You have the right to withdraw your consent to data processing at any time. To do so, please contact our data protection officer. You can disable the "Custom Audiences" remarketing feature in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen, if you have a Facebook account. If you do not have a Facebook account, you can opt out of Meta's use of interest-based advertising by visiting the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/. 

2. Google Analytics 4.0
1. Description and scope of data processing

Our online offering uses Google Analytics 4.0. This is a service provided by Google LLC ("Google") for analysing website traffic, which allows us to improve our online presence. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The information collected may include:

• IP address
• Access time
• Duration of access
• The website from which you arrived at our site
• Interaction on the website
• Demographic characteristics, if the website visitor is logged into their Google account
• Device categories, browser type, operating system, screen resolution

This data is transmitted to a Google server in the USA and stored there. The analysis of your activities on our website is provided to us in the form of reports. Google may share the collected information with third parties if required by law or if third parties process this data on behalf of Google. IP anonymisation is performed by Google as standard and cannot be disabled, meaning IP addresses are truncated during processing to exclude any potential direct personal reference to you.      

You can find more information about the terms of use and data protection for Google Analytics at the following links: https://policies.google.com/?hl=en&gl=de, https://support.google.com/analytics/answer/6004245?hl=en&ref_topic=2919631&sjid=4182536640307201767-EU#zippy=%2Ccookies-und-kennzeichnungen-von-google-analytics, https://support.google.com/analytics/answer/9019185?hl=en&sjid=4182536640307201767-EU#zippy=%2Cthemen-in-diesem-artikel%2Cin-this-article 

2. Legal basis of data processing

The legal basis for the processing of personal data is your consent in accordance with Article 6(1)(a) Sentence 1 of the GDPR.

3. Purpose of data processing

The processing of your personal data allows us to analyse your browsing behaviour. By evaluating the collected data, we are able to compile information about the use of the individual components of our website. This helps us continuously improve our website and its user-friendliness. The anonymisation of the IP address ensures that the interest of users in protecting their personal data is adequately considered.

4. Duration of storage

The data will be deleted 14 months after your last visit to our website.

5. Right to objection and erasure

You have the right to withdraw your consent to data processing at any time. To do so, please contact our data protection officer. Additionally, you can prevent the installation of cookies from Google Analytics by adjusting the settings of your browser software. However, in this case, it may occur that you cannot fully use all the features of our online services. Google Analytics can also be disabled and controlled through browser extensions, such as  https://tools.google.com/dlpage/gaoptout?hl=en 

3. Google Tag Manager
1. Description and scope of data processing

Google Tag Manager is a solution that allows us to manage website tags through a single interface (for example, integrating Google marketing services into our online offering). The Tag Manager acts as the "administrator" of the implemented tags. This allows us to centrally manage integrated Google products or other analytics tools on our website. The tags embedded on the website are code snippets that enable tracking of your activities on our website. By using our website, the Google Tag Manager is downloaded, which automatically causes the user's IP address to be forwarded to Google. Regarding the processing of personal data, the information about Google's services is referenced. 

 

Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

You can access the terms of use for Google Tag Manager here: https://www.google.com/intl/de/tagmanager/use-policy.html 

2. Legal basis of data processing

The legal basis for the processing of personal data is your consent in accordance with Article 6(1)(a) Sentence 1 of the GDPR.

3. Purpose of data processing

The Google Tag Manager simplifies the management and organisation of the analytics tools used on the website. To integrate an analytics tool, JavaScript codes need to be embedded into the website. With the use of Google Tag Manager, we are able to manage these embedded codes from a central location.

4. Duration of storage

Since data storage is not directly carried out by the Google Tag Manager, but rather the data is forwarded to the tracking tools, it is necessary to check the individual tracking tools to determine how long the data is stored.

5. Right to objection and erasure

You have the right to withdraw your consent to data processing at any time, with effect for the future. To do so, you would need to contact the respective data protection officers of the tools. Further information regarding the management of your data can be found in the privacy policies of the tools used.

4. Matomo 
1. Description and scope of data processing

We use the web analytics service Matomo (formerly PIWIK). Data processing is carried out by: InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.

Matomo is based in New Zealand, a third country with an adequate level of protection certified by the EU Commission in accordance with Article 45(3) of the GDPR, https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32013D0065

Matomo uses a cookie. For an explanation of the cookies, please refer to the relevant section above. The following data is stored:

• Two bytes of the IP address of the requesting system
• The website accessed
• The website from which you arrived at the accessed website (referrer)
• The subpages accessed from the accessed website
• The duration of time spent on the website
• The frequency of visits to the website

The software is configured so that IP addresses are not fully stored; instead, 2 bytes of the IP address are masked (e.g., 192.168.xxx.xxx). In this way, the shortened IP address cannot be assigned to the requesting computer.

For more information on Matomo's privacy policy, please refer to the following links: https://matomo.org/privacy/ and https://matomo.org/privacy-policy/ 

2. Legal basis of data processing

The legal basis for the processing of personal data is your consent in accordance with Article 6(1)(a) Sentence 1 of the GDPR.

3. Purpose of data processing

The web analytics service Matomo is primarily used by us to optimise the website and for cost-benefit analysis. Matomo is also used to analyse the flow of visitors to the website. It is in our interest to make our website offering clear and user-friendly for you.

4. Duration of storage

We process personal data only as long as necessary. Once the purpose of data processing has been fulfilled, the data will be blocked and deleted in accordance with the applicable deletion policy, unless legal, regulatory, or contractual obligations prevent deletion.

5. Right to objection and erasure

You have the right to withdraw your consent to data processing at any time. Please contact our data protection officer for this. The setting of cookies can also be prevented at any time by adjusting the settings in your internet browser. Additionally, any cookies that have already been set can be deleted in the browser settings for the future. We would like to point out that preventing the setting of cookies may result in some functions not being fully available.

For any privacy-related questions regarding Matomo, you can contact Matomo at the following email address: privacy@matomo.org 

13. Advertising and marketing tools

Our website also incorporates tools that ensure our website is displayed as a relevant search result or as an advertisement when you search the internet. Below, we have outlined the programs used in connection with our website:

1. Google Ad Manager (formerly Double Click)
1. Description and scope of data processing

Our website uses Google Ad Manager. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.  

Google Ad Manager is used to display ads when you visit our website. Google Ad Manager uses information about your visits to this and other websites to display ads for products and services that may interest you. If you would like to learn more about these methods or find out what options you have to prevent Google Ad Manager from using this information, click here: https://policies.google.com/technologies/ads?gl=de&hl=en 

2. Legal basis of data processing

The data processing is based on your consent in accordance with Article 6(1) Sentence 1 lit. a) of the GDPR.

3. Purpose of data processing

Our interest lies in entering into partnerships with other companies in order to participate economically in these collaborations.

4. Duration of storage

The data will be deleted as soon as it is no longer needed for our record-keeping purposes and there are no legal, regulatory, or contractual obligations preventing its deletion.

5. Right to objection and erasure

You have the right to withdraw your consent to data processing at any time. Please contact our Data Protection Officer for this.  

The setting of cookies can be prevented at any time by adjusting the settings in your internet browser. Cookies that have already been set can also be deleted in your browser settings. Please note that preventing the setting of cookies may result in some features not being fully available.

2. Google Ads and Google Conversion Tracking
1. Description and scope of data processing

We have integrated the services of Google Ads (formerly Google AdWords) on this website. Google Ads is an internet advertising service. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.  

If you have reached our website via a Google ad, Google sets a so-called conversion cookie on your system. For explanations regarding cookies, please refer to the section on cookies. The conversion cookie is used to generate and analyze visit statistics. The conversion cookie stores the IP address when visiting the website. This data is stored in the USA. It is possible that Google may also share this data with third parties. For further privacy notices from Google, please refer to: https://policies.google.com/privacy?hl=en&gl=de 

2. Legal basis of data processing

The legal basis for data processing is your consent in accordance with Article 6(1) Sentence 1 lit. a) of the GDPR.

3. Purpose of data processing

We use Google Ads to strategically place advertisements for our company in Google search engine results.

4. Duration of storage

30 days after the conversion cookie is set, it expires, meaning that you can no longer be identified. Within these 30 days, both we and Google can track which subpages have been visited due to the conversion cookie.

5. Right to objection and erasure

You have the right to withdraw your consent to data processing at any time. Please contact our Data Protection Officer for this.  

The setting of cookies can be prevented at any time by adjusting the settings in your internet browser. Cookies that have already been set can also be deleted in your browser settings. Please note that preventing the setting of cookies may result in some features not being fully available.

You can permanently prevent data processing in your browser using this link: http://www.google.com/settings/ads/plugin. As a result, some features of our website may no longer be fully available.

It is also possible to object to the cookies for conversion tracking and user-related advertising by Google in your browser settings. To do so, please click on the following link:https://adssettings.google.de/anonymous?hl=en. Please note that a reconfiguration will be required if you delete the cookies in your browser.

 

3. Google AdSense
1. Description and scope of data processing

We use Google AdSense on our website. This is an online service used for advertising purposes. Google AdSense facilitates the placement of ads on third-party websites. The data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When using Google AdSense, a cookie is set on the user’s device. For details on cookies, please refer to the section on cookies. The information stored in the cookie can be recorded, collected, and analyzed by Google Inc. or third parties. Additionally, Google AdSense uses so-called "Web Beacons" (small invisible graphics) to collect information. By using these, actions such as visitor traffic on the website can be recorded, collected, and analyzed.

The information generated by the cookie and/or Web Beacon about your use of this website is transferred to a server in the USA and stored there. Google uses the information obtained to evaluate your usage behavior concerning the AdSense ads. Google may also transfer this information to third parties, if required by law or if third parties process this data on behalf of Google. Google will not associate your IP address with other data stored by Google. For further information about Google AdSense, please refer to the following link:  https://www.google.de/intl/de/adsense/start/

2. Legal basis of data processing

The legal basis for data processing is your consent according to Art. 6 para. 1 sentence 1 lit. a) GDPR.

3. Purpose of data processing

Our interest lies in increasing our brand awareness by enabling user-specific advertisements. Through advertising, we reach a larger audience and potential customers, thereby enhancing our visibility.

4. Duration of storage

The data will be deleted as soon as it is no longer needed for our recording purposes and there are no legal, regulatory, or contractual obligations preventing its deletion.

5. Right to objection and erasure

You have the right to withdraw your consent to data processing at any time. Please contact our data protection officer for this. The setting of cookies and the display of WebBeacons can be prevented at any time by adjusting the settings in your internet browser. Already set cookies can also be deleted in your browser settings. Please note that preventing the setting of cookies may result in certain functions of the website not being fully available.

4. Google Remarketing
1. Description and scope of data processing

Our online offering uses Google Remarketing. By using and implementing Google Remarketing, we can display advertisements to you. This is also possible when visiting other websites if you have previously signed up on our website. Google Remarketing enables user-specific advertising. The data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The functionality of Google Remarketing is designed in such a way that a cookie is set. By using this cookie, Google has the ability to recognize you when you visit a website that also uses Google Remarketing. As a result, Google can track your IP address and browsing behavior. For more information on the applicable privacy policies of Google, please refer to: https://policies.google.com/privacy?hl=en&gl=de 

2. Legal basis of data processing

The data processing is based on your consent pursuant to Article 6(1) sentence 1 lit. a) GDPR.

3. Purpose of data processing

Our interest is to increase our visibility through the use of advertising. The purpose of the processing is to enable user-specific advertisements. Through advertising, we expand our user and prospect base and thereby enhance our brand awareness.

4. Duration of storage

The data will be deleted as soon as it is no longer needed for our recording purposes and no legal, regulatory, or contractual obligations prevent deletion.

5. Right to objection and erasure

You can withdraw your consent to data processing at any time. Please contact our Data Protection Officer for this.

The setting of cookies can be prevented at any time by adjusting the settings in your internet browser. Already set cookies can also be deleted in your browser settings. We would like to point out that preventing the setting of cookies may result in certain functions not being fully available.

You can object to user-specific advertising by Google at any time. For this, we refer you to: www.google.de/settings/ads.

5. TikTok Pixel
1. Description and scope of data processing

We use the TikTok Pixel for marketing purposes and have integrated the service on our website. TikTok Pixel is a tracking plugin that provides us with aggregated data about the performance of our ads, helping us measure the effectiveness of our advertising campaigns. The data processing is carried out by: TikTok Inc., 5800 Bristol Pkwy, Suite 100, Culver City, CA 90230, USA.

For this purpose, TikTok processes the following data:

• Technical data: Device and network connection data (your device model, your operating system, typing patterns or rhythms, your IP address, and your system language)
• Service-related, diagnostic, and performance data, including crash reports and performance logs
• Automatically generated device ID and user ID
• Usage data: Content you viewed, duration and frequency of use, interactions with other users, search history on the platform, your settings, and information related to user interactions with digital properties, including advertisements displayed in connection with the services
• Performance metrics and metrics related to ad impressions

Based on this data, aggregated reports are generated and made available to us, which relate to how you interact with ads on our website.

For more information on privacy with the service provider, please refer to: https://www.tiktok.com/legal/page/eea/privacy-policy/en. 

2. Legal basis of data processing

The data processing is based on your consent according to Art. 6 (1) sentence 1 lit. a) GDPR.

3. Purpose of data processing

The service helps us better understand your interactions on our website and allows us to display targeted ads to you.

4. Duration of storage

The data will be deleted once the purpose of data processing has been achieved and no legal, contractual, or regulatory requirements prevent deletion. All audience data defined by the data, which were created using event data, will be retained by TikTok until you delete them via your account tools or 12 months from the date the audience was last modified or used. Advertiser audience data will be immediately deleted after the matching process is completed.

5. Right to objection and erasure

You have the right to withdraw your consent at any time. To do so, please contact our Data Protection Officer. You can also contact TikTok Inc. directly. Please use this form: https://www.tiktok.com/legal/report/privacy

14. Other third party tools

Furthermore, we use third-party providers who assist us with the display and functionality of the website. These providers are listed below:

1. Google Web Fonts
1. Description and scope of data processing

We use Webfonts on the website to ensure a consistent display of fonts. The data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit a page, your browser loads the required Webfonts into its cache to properly display texts and fonts. For this purpose, the browser you are using must establish a connection to Google’s servers. This allows Google to learn that our website has been accessed via your IP address. If your browser does not support Web Fonts, a default font from your computer will be used.

For more information about Google Web Fonts, please visithttps://developers.google.com/fonts/faq and in Google’s privacy policy here: https://policies.google.com/privacy?hl=en&gl=de 

2. Legal basis of data processing

The legal basis for this data processing is Article 6(1) sentence 1 lit. a) of the GDPR, which is your consent.

3. Purpose of data processing

The purpose of data processing is to ensure the consistent display of fonts on this website. Without this, we would not be able to present our online offer effectively.

4. Duration of storage

The data will be deleted as soon as they are no longer required for the purpose of data processing, unless legal, regulatory, or contractual provisions prevent deletion.

5. Right to objection and erasure

You can withdraw your consent at any time via our consent banner. You can also configure your browser settings to prevent fonts from being loaded from Google's servers. If your browser does not support Google Fonts or you block access to Google's servers, the text will be displayed in the system's default font.

2. MyFonts
1. Description and scope of data processing

We use so-called web fonts on our website to ensure a consistent display of typefaces. In this case, we use the services of "MyFonts", operated by Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA. 

When using MyFonts, page view tracking data is collected in accordance with the licensing terms. This involves counting the number of page views for statistical purposes and transmitting this data to MyFonts. In doing so, information such as the IP address and technical details of the website visitor’s device may be captured. These data allow MyFonts to monitor the use of the licensed fonts and ensure compliance with the licensing conditions.

2. Legal basis of data processing

The legal basis is your consent in accordance with Article 6(1)(a) of the UK GDPR.

3. Purpose of data processing

The purpose of data processing is to ensure the consistent display of fonts on this website, in order to offer a visually appealing and user-friendly experience.

4. Duration of storage

Monotype does not retain the IP address after the page view has been counted.

5. Right to objection and erasure

You can withdraw your consent at any time via our consent banner. You can also configure your browser settings to prevent fonts from being loaded from Monotype's servers. If your browser does not support Monotype Fonts or you block access to Monotype's servers, the text will be displayed in the system’s default font.

Website visitors have the right to request information about the processing of their personal data and may, under certain conditions, request the correction or deletion of their data. Enquiries can be directed to MyFonts or Monotype Imaging Holdings Inc. directly. For more detailed information, it is recommended to consult the full privacy policy of MyFonts: https://www.myfonts.com/de/a/font/legal/website-use-privacy-policy 

 

15. Privacy notice for our social media profiles

We operate the following official profiles on social media platforms:

• Facebook:https://de-de.facebook.com/gusti.leder/   

• Instagram:https://www.instagram.com/gustileder/   

• LinkedIn:https://de.linkedin.com/company/gusti-leder-stores-gmbh  

• Pinterest:https://de.pinterest.com/gustileder/  

• XING:https://www.xing.com/pages/gustiledergmbh  

• YouTube:https://www.youtube.com/user/newgustileder  
• X:https://x.com/gusti_leder

In doing so, we make use of the services provided by the following companies:

• Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, and Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)
• Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, and Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Instagram”)
• LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland, and LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA (“LinkedIn”)
• Pinterest Inc., 635 High Street, Palo Alto, CA 94301, USA (“Pinterest”)
• XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (“XING”)
• YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, represented by: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data processing within the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”)
• X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“X”)

Following the judgment of the European Court of Justice dated 5 June 2018 (available athttps://curia.europa.eu/juris/document/document.jsf?text=&docid=202543&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=298398), operators of social media profiles and the social media platforms themselves are considered joint controllers with regard to data processing.

Please note that you use our social media profiles and their functions under your own responsibility. This applies in particular to the use of interactive features (e.g. commenting, sharing, liking). Alternatively, you can also access the information we provide on social media via our own website.

1. Data Protection Officer

You can contact the Data Protection Officers of the respective social media platforms through the following links:

• For Facebook and Instagram, you can reach the Data Protection Officer via the following linked contact form:https://www.facebook.com/help/contact/540977946302970
• For LinkedIn, you can reach the Data Protection Officer via the following linked contact form:https://www.linkedin.com/help/linkedin/ask/TSO-DPO
• For Pinterest, you can reach the Data Protection Officer via the following linked contact form:https://help.pinterest.com/de/data-protection-officer-contact-form
• For XING, you can reach the Data Protection Officer via the following email address: Datenschutzbeauftragter@xing.com 
• For Google and YouTube, you can reach the Data Protection Officer via the following linked contact form:https://support.google.com/policies/contact/general_privacy_form?sjid=10990068199381290885-EU
• For X, you can reach the Data Protection Officer via the following linked contact form:https://help.x.com/de/forms/privacy
  
  

2. Data processed by social media platforms

When you visit our profiles on social media, the operators of the social media platforms collect, among other things, your IP address as well as other information stored in the form of cookies on your computer. This information is used to provide us, as the operator of the profile, with statistical data on the usage of the page. The data collected about you in this context is processed by the operators of the social media platforms and may be transferred to countries outside the European Union. The information that the operator of the respective social network receives and how it is used is described in the privacy policies of the respective social networks. There, you will also find information on how to contact them.

For more details, please refer to the following links: 

Facebook:https://de-de.facebook.com/help/pages/insights 
https://de-de.facebook.com/about/privacy 
https://de-de.facebook.com/full_data_use_policy 

Google and YouTube:https://www.google.de/intl/de/policies/privacy/ 

Instagram:https://help.instagram.com/155833707900388 
https://www.instagram.com/about/legal/privacy/ 

LinkedIn:https://www.linkedin.com/legal/privacy-policy  

Medium:https://policy.medium.com/medium-privacy-policy-f03bf92035c9  

Pinterest:https://policy.pinterest.com/de/privacy-policy

Xing:https://www.xing.com/privacy 
https://www.xing.com/app/share?op=data_protection 

X:https://x.com/de/privacy

The way in which the operators of the social media platforms use data from visits to our profiles for their own purposes, to what extent activities on social media profiles are assigned to individual users, how long the operators store this data, and whether data from a visit to social media profiles is shared with third parties is not definitively and clearly stated by the operators of the social media platforms and is not known to us.

When accessing our profiles on social media, the IP address assigned to your device is transmitted to the operator of the respective social network. Additionally, the social networks store information about users' devices (e.g., as part of the "login notification" function); this may allow the operators of the social media platforms to associate IP addresses with individual users.

If you are currently logged into the respective social network, a cookie with your unique ID is stored on your device. This allows the operator of the social network to track that you visited a particular page and how you interacted with it. Based on this data, content or advertising may be tailored to your previous visits to websites.

If you wish to avoid this, you should log out of the respective social network, deactivate the "stay logged in" function, delete the cookies stored on your device, and close and restart your browser. This will remove login information that can directly identify you. This way, you can use our social media profiles without revealing your user ID. If you access interactive features on the page (like, comment, share, messages, etc.), a login screen will appear. After any login, you will once again be recognised as a specific user by the social network.

For information on how to manage or delete the data within the social network, please refer to the support pages of the respective social network mentioned above.

3. Data processed by us
1. Type and scope of data processing

The data you enter into social networks, especially your username and the content published under your account, is processed by us to the extent that we may respond to your messages. Additionally, your published posts, reviews, and comments reference your account on the respective social network. If you mention us using @, #, or similar, this mention may be published on our page under your username. The data you freely publish and share on the respective social network may, therefore, be incorporated into our content and made accessible to other users of that network. If you mark our profile on social media with "Like," "Follow," or a similar interaction, the respective social network will inform us of this action, along with your username and a link to your account.

2. Legal basis for processing

The data processing on our part is based on Article 6(1)(f) of the GDPR. Our legitimate interest arises from the promotional function of social media. We use these platforms to increase the visibility of our company.

3. Purpose of processing

The data you provide in this context and that may be accessible to us (e.g., username, images, possible interests, contact details) is processed exclusively for the purpose of customer and prospect communication. Our legitimate interest lies in providing you with a platform where we can present you with up-to-date information, and through which you can direct your inquiries to us, allowing us to respond to your concerns as quickly as possible.. 

4. Duration of storage

Your data will be deleted, insofar as it is possible for us, when we deactivate our presence on social media.

16. Data Transfer to a Third Country

In order to provide our services, we rely on the support of service providers from both the European region and third countries. To ensure the protection of your personal data even in the case of data transfers to third countries, we enter into specific data processing agreements with each of the carefully selected service providers. All of the service providers we use provide sufficient evidence that they ensure data security through appropriate technical and organisational measures. Our service providers from third countries are either located in countries that have been recognised by the European Commission as having an adequate level of data protection (Article 45 GDPR) or have provided appropriate safeguards (Article 46 GDPR).

Adequate Level of Protection: The provider is located in a country whose data protection level has been recognised as adequate by the European Commission. Further information can be found at:Adequacy decisions (europa.eu)

EU Standard Contractual Clauses: Our provider has adhered to the EU standard contractual clauses to ensure secure data transfer. For more details, see:EU Standard Contractual Clauses

Binding Corporate Rules: The GDPR provides, under Article 47, the possibility of ensuring data protection when transferring data to a third country through binding internal data protection policies. These are reviewed and approved by the relevant supervisory authorities under the coherence procedure set out in Article 63 GDPR.

Consent: Furthermore, a data transfer to a third country without an adequate level of protection will only take place if you have given your consent in accordance with Article 49(1)(a) GDPR, or if another exception under Article 49 GDPR applies for the data transfer.

17. Your rights

You have the following rights regarding your personal data that we process:

1. Right to Withdraw Consent (see Article 7 GDPR)

If you have given consent for the processing of your data, you can withdraw it at any time. Such a withdrawal will not affect the lawfulness of the processing of your personal data carried out prior to the withdrawal. You can withdraw your consent either orally or in writing via post or email.

2. Right of Access (see Article 15 GDPR)

In the case of a request for access, you must provide sufficient details to verify your identity and demonstrate that the data in question relates to you. The access request will cover the following information:

 

• The purposes for which your personal data is being processed;
• The categories of personal data being processed;
• The recipients or categories of recipients to whom your personal data has been or will be disclosed;
• The intended duration of storage for your personal data or, if specific details cannot be provided, the criteria used to determine the storage duration;
• The existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller, or a right to object to such processing;
• The existence of a right to lodge a complaint with a supervisory authority;
• Any available information regarding the source of the data if the personal data was not collected from the data subject;
• The existence of automated decision-making, including profiling, under Article 22(1) and (4) GDPR, and—at least in such cases—meaningful information about the logic involved, as well as the significance and intended consequences of such processing for the data subject.

3. Right to Rectification or Erasure (see Articles 16, 17 GDPR)

You have the right to request the rectification and/or completion of your personal data that we process, if the data concerning you is inaccurate or incomplete. The controller must carry out the rectification without delay.

Furthermore, you can request the erasure of your personal data concerning you, if one of the following reasons applies:

• The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
• You withdraw your consent on which the processing is based under Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
• You object to the processing under Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing under Article 21(2) GDPR.
• The personal data concerning you has been unlawfully processed.
• The erasure of your personal data is required to fulfil a legal obligation under Union or Member State law to which the controller is subject.
• The personal data concerning you was collected in relation to the offering of information society services under Article 8(1) GDPR.

If we have made your personal data public and are required to erase it under Article 17(1) GDPR, we will take all reasonable measures to inform other controllers of the data processing about your request for erasure of all links to, or copies or replications of, your personal data.

The right to erasure does not exist if the processing is necessary:

• For the exercise of the right to freedom of expression and information;
• For compliance with a legal obligation that requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• For reasons of public interest in the area of public health under Article 9(2)(h) and (i) and Article 9(3) GDPR;
• For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes under Article 89(1) GDPR, insofar as the right to erasure is likely to seriously impair or prevent the achievement of the objectives of that processing;
• For the establishment, exercise, or defence of legal claims.

4. Right to Restriction of Processing (see Article 18 GDPR)

You have the right to request the restriction of processing of your personal data under the following circumstances:

• If you contest the accuracy of your personal data, for a period enabling us to verify the accuracy of your personal data;
• If the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of its use;
• If we no longer need the personal data for the purposes of processing, but you require it for the establishment, exercise, or defence of legal claims;
• If you have objected to the processing under Article 21(1) GDPR and it has not yet been determined whether our legitimate grounds override your grounds.

If the processing of your personal data has been restricted, such data may only be processed – aside from its storage – with your consent or for the establishment, exercise, or defence of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

If the restriction of processing is lifted based on the above conditions, we will notify you before the restriction is removed.

5. Right to Notification (see Article 19 GDPR)

If you have exercised your right to rectification, erasure, or restriction of processing with us, we are obligated to inform all recipients of your personal data about the rectification, erasure, or restriction of processing. This obligation applies only to the extent that such notification is not impossible or would involve a disproportionate effort.

You have the right to be informed of the recipients of your personal data.

6. Right to Data Portability (see Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format from us, and to transfer it to another data controller, provided that:

• The processing is based on your consent in accordance with Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract in accordance with Article 6(1)(b) GDPR; and
• The processing is carried out using automated means.

When exercising your right to data portability, you have the right to request that your personal data be directly transmitted by us to another data controller, where technically feasible.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

7. Right to Object to Processing (see Article 21 GDPR)

Where we base the processing of your personal data on legitimate interests (according to Article 6(1)(f) GDPR), you have the right to object to the processing. The same applies if we base the processing on Article 6(1)(e) GDPR.

When exercising such an objection, we kindly ask you to provide reasons why you believe we should not process your personal data as we have been doing. In the event of a justified objection, we will review the situation and either cease or modify the data processing, or we will provide you with our compelling legitimate grounds for continuing the processing. 

8. Right to Lodge a Complaint with the Supervisory Authority (see Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your place of residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data is in violation of the GDPR.

The supervisory authority where the complaint is filed will inform you of the progress and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

18. How to Exercise These Rights

To exercise these rights, please contact our Data Protection Officer:

Anna Tiede von der WS Datenschutz GmbH

gusti-leder@ws-datenschutz.de 

oder via post:

WS Datenschutz GmbH

Dircksenstraße 51 

D-10178 Berlin

19. Right to Amend

We reserve the right to amend this privacy policy in compliance with legal requirements.

December 2024

 

Please note that this text is a translated version of our German Privacy Policy and has been created for informational purposes.