Privacy

§ 1 Data Protection

General information

The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data means all data by which you can be personally identified. Detailed information on data protection can be found in our Privacy Policy listed below this text.

Data collection on our website

Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the site’s legal notice (Imprint).

How do we collect your data?

Some data are collected when you provide them to us. This can be, for example, data you enter in a contact form. Other data are collected automatically by our IT systems when you visit the website. These are mainly technical data (e.g. internet browser, operating system, or the time of the page view). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right at any time to obtain free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction, blocking, or deletion of this data. You can contact us at any time at the address given in the Imprint regarding this and other questions about data protection. You also have the right to lodge a complaint with the competent supervisory authority.

Analytics tools and third-party tools

When you visit our website, your surfing behavior may be statistically evaluated. This happens mainly with cookies and with so-called analytics programs. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You will find detailed information in the following Privacy Policy.

You can object to this analysis. We will inform you about your opt-out options in this Privacy Policy.

§ 2 General notes and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations as well as this Privacy Policy. When you use this website, various personal data are collected. Personal data are data by which you can be personally identified. This Privacy Policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmission on the internet (e.g. communication by email) can have security gaps. A complete protection of data against access by third parties is not possible.

Note on the controller The controller responsible for data processing on this website is:

  • 43einhalb GmbH
  • Edelzeller Straße 51
  • 36043 Fulda
  • Phone: +49 661 3605693
  • Email: info@43einhalb.com

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Withdrawal of your consent to data processing

Many data processing operations are only possible with your express consent. You may revoke consent you have already given at any time. An informal email to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to data portability

You have the right to have data which we process on the basis of your consent or in fulfillment of a contract delivered to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will be done only as far as it is technically feasible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If, after concluding a contract requiring payment, there is an obligation to transmit your payment data (e.g. account number for direct debit), this data will be required for payment processing. Payment transactions using common means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the browser’s address line switching from "http://" to "https://" and by the lock icon in your browser line. With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

Right of access, blocking, deletion

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients, and the purpose of the data processing and, if applicable, a right to correction, blocking, or deletion of this data at any time. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the Imprint.

Objection to promotional emails

We hereby object to the use of contact data published within the scope of the legal notice obligation to send advertising and information material not expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.

§ 3 Data Protection Officer

Statutory Data Protection Officer

Appointed Data Protection Officer of 43einhalb GmbH:

  • SITsolutions
  • Jörg Schmidt
  • Email: datenschutz@sitsolutions.de

§ 4 Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain viruses. Cookies help make our offer more user-friendly, effective, and secure. Cookies are small text files stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit.

You can configure your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, as well as to enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Cookies necessary to carry out the electronic communication process or to provide certain functions you request (e.g. shopping cart) are stored on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. for analyzing your surfing behavior) are stored, these are treated separately in this Privacy Policy.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

A combination of this data with other data sources is not carried out.

The basis for data processing is Art. 6(1)(f) GDPR, which permits the processing of data to fulfill a contract or for pre-contractual measures.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of the data entered in the contact form is therefore based exclusively on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time. An informal email is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Registration with Facebook Connect

Instead of registering directly on our website, you can register using Facebook Connect. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

If you decide to register with Facebook Connect and click the “Login with Facebook” / “Connect with Facebook” button, you will be automatically redirected to Facebook’s platform. There you can log in with your usage data. Your Facebook profile will thus be linked to our website and services. Through this link we gain access to the data stored on Facebook. These are, above all:

  • Facebook name
  • Facebook profile and cover picture
  • Facebook cover picture
  • Email address stored on Facebook
  • Facebook ID
  • Facebook friends lists
  • Facebook likes
  • Birthday
  • Gender
  • Country
  • Language

This data is used to set up, provide, and personalize your account.

Further information can be found in Facebook’s Terms of Service and Privacy Policy: https://de-de.facebook.com/about/privacy/ and https://www.facebook.com/legal/terms/.

Processing data (customer and contract data)

We collect, process, and use personal data only to the extent necessary to establish, define the content of, or change the legal relationship (inventory data). This is done on the basis of Art. 6(1)(b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. Personal data on the use of our internet pages (usage data) are collected, processed, and used only to the extent necessary to enable or charge the user for the use of the service.

Collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data transmission upon contract conclusion for online shops, retailers, and shipment of goods We transmit personal data to third parties only if this is necessary in the context of contract processing, for example to the company entrusted with the delivery of the goods or the credit institution entrusted with payment processing. No further transmission of the data takes place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without express consent, for example for advertising purposes.

The basis for data processing is Art. 6(1)(b) GDPR, which permits the processing of data to fulfill a contract or pre-contractual measures.

§ 5 Social media

Facebook plugins (Like & Share button)

Plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our page. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.

When you visit our pages, a direct connection between your browser and the Facebook server is established via the plugin. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. This allows Facebook to assign the visit to our pages to your user account. We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data and their use by Facebook. You can find more information in Facebook’s Privacy Policy at: https://de-de.facebook.com/policy.php.

If you do not want Facebook to assign the visit to our pages to your Facebook user account, please log out of your Facebook user account.

Twitter plugin

Functions of the Twitter service are integrated on our pages. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and disclosed to other users. Data are also transmitted to Twitter. We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data and their use by Twitter. For more information, please see Twitter’s Privacy Policy at: https://twitter.com/privacy.

You can change your privacy settings at Twitter in the account settings at https://twitter.com/account/settings.

Instagram plugin

Functions of the Instagram service are integrated on our pages. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to assign the visit to our pages to your user account. We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data nor of its use by Instagram.

Further information can be found in Instagram’s Privacy Policy: https://instagram.com/about/legal/privacy/.

Pinterest plugin

We use social plugins of the social network Pinterest, operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA (“Pinterest”).

When you access a page that contains such a plugin, your browser establishes a direct connection to Pinterest’s servers. The plugin transmits log data to Pinterest’s server in the USA. These log data may include your IP address, the address of the websites you visit that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, how you use Pinterest, and cookies.

The use of the Pinterest plugin is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the widest possible visibility in social media.

Further information on the purpose, scope, and further processing and use of the data by Pinterest as well as your rights in this respect and options for protecting your privacy can be found in Pinterest’s Privacy Policy: https://policy.pinterest.com/de/privacy-policy.

Messaging services

By sending a start message to 43einhalb GmbH, Edelzeller Straße 51, 36043 Fulda (hereinafter “sender”), I consent pursuant to Art. 6(1)(a) GDPR to the sender using my personal data (e.g. first and last name, phone number, messenger ID, profile picture, messages) for direct communication and the data processing required for this, using the messenger selected in each case. To use this service, an existing messaging account with the respective provider is required.

The controller of the messenger is:

I am aware that the respective provider receives personal data (in particular metadata of the communication) which may also be processed on servers in countries outside the EU (e.g. USA) where an adequate level of data protection cannot be guaranteed. WhatsApp Inc. and Facebook Inc. are, however, certified under the Privacy Shield agreement and thus offer a guarantee to comply with European data protection law. Further information can be found in the respective privacy policies above. The sender has neither precise knowledge of nor influence over the data processing by the respective provider.

You can revoke your consent to this data processing at any time by sending “STOP” in the respective messenger.

To have all data stored about you by our service provider removed, send a message with the text “ALLE DATEN LOESCHEN” via your messenger.

To provide this service, the technical service provider MessengerPeople GmbH, Herzog-Heinrich-Str. 9, 80336 Munich, is used as a processor for the sender.

§ 6 Analytics tools and advertising

Google Analytics

This website uses functions of the web analytics service Google Analytics. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses “cookies”. These are text files stored on your computer that enable an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

The storage of Google Analytics cookies is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

Google Enhanced Conversions & Customer Match

We use Google Ads Customer Match lists as part of our online advertising strategy. Use of these lists is based solely on your consent in accordance with the provisions of the GDPR (Art. 6(1)(a)). Encrypted user data such as names, email addresses, addresses and customer-specific identifiers are transmitted to Google. Google matches this data with information it holds about its users to create audiences for ad campaigns. After creation, the encrypted data are automatically deleted and cannot be used to derive new addresses.

Google Ireland Limited acts as a processor and receives the data. We have concluded a data processing agreement with Google. Please note that Google LLC based in the USA and possibly US authorities may have access to data stored by Google.

You can object to this use by preventing the installation of cookies in your browser or by adjusting your personalized advertising settings in your Google account. This can be done via the functions under “Data & privacy” in “Manage your Google Account” after logging in to Google.

Browser plugin

You can prevent the storage of cookies by adjusting your browser software settings; however, please note that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing these data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objecting to data collection

You can prevent the collection of your data by Google Analytics by clicking the following link. An opt-out cookie will be set to prevent the collection of your data on future visits to this website: Disable Google Analytics.

More information on the handling of user data by Google Analytics can be found in Google’s Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=de.

Matomo (formerly Piwik)

This website uses the open-source web analytics service Matomo. Matomo uses “cookies”. These are text files stored on your computer that enable an analysis of your use of the website. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before storage.

Matomo cookies remain on your device until you delete them.

The storage of Matomo cookies is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior to optimize both its website and its advertising.

The information generated by the cookie about the use of this website will not be passed on to third parties. You can prevent the storage of cookies by adjusting your browser software settings; however, please note that in this case you may not be able to use all functions of this website to their full extent.

If you do not agree to the storage and use of your data, you can deactivate storage and use here. In this case, an opt-out cookie will be stored in your browser which prevents Matomo from storing usage data. If you delete your cookies, this will also delete the Matomo opt-out cookie. The opt-out must be reactivated when you visit our site again.

Google Analytics Remarketing

Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google Ads and Google DoubleClick. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google Ads and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have given the corresponding consent, Google links your web and app browser history to your Google account for this purpose. In this way, personalized advertising messages can be displayed on any device on which you are logged in with your Google account.

To support this function, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target groups for cross-device advertising.

You can permanently opt out of cross-device remarketing/targeting by deactivating personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/.

The aggregation of collected data in your Google account is based solely on your consent, which you can give to or withdraw from Google (Art. 6(1)(a) GDPR). For data collection processes not merged in your Google account (e.g. because you do not have a Google account or have objected to the merge) data collection is based on Art. 6(1)(f) GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymized analysis of website visitors for advertising purposes.

Further information and the privacy policy can be found in Google’s Privacy Policy: https://www.google.com/policies/technologies/ads/.

Facebook Pixel

Our website uses Facebook’s visitor action pixel for conversion measurement, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).

This makes it possible to track the behavior of page visitors after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and to optimize future advertising measures.

The collected data are anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of users. However, the data are stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with Facebook’s Data Usage Policy. This enables Facebook to place advertisements on Facebook pages and outside of Facebook. We as site operators cannot influence this use of data.

For more information on protecting your privacy, please see Facebook’s privacy notices: https://www.facebook.com/about/privacy/.

You can also deactivate the “Custom Audiences” remarketing feature in the Ads Settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

Pinterest Tag

On the basis of Art. 6(1)(f) GDPR we use a Pinterest Tag on our website; this is an individual code snippet from Pinterest Inc., 635 High Street, Palo Alto, CA, USA (“Pinterest”). The purpose is needs-based use of our Pinterest campaigns and their optimization as well as evaluation of their conversion. In this way we continuously improve the quality of information for our users and ensure that the Pinterest ads we initiate are shown only to Pinterest users who have shown interest in our offer. We want to ensure that our Pinterest ads match the user’s potential interest. By optimizing, we can track the actions of Pinterest users after they have seen or clicked one of our Pinterest ads. This allows us to measure campaign conversions for statistical, market-related, and billing purposes. The following information is processed when using the Pinterest Tag:

  • Device information
  • Operating system used
  • IP address of the device used
  • Time of access to our offer
  • Type and content of the campaign
  • Reaction to the respective campaign

The data collected in this way are anonymous for us; we cannot draw conclusions about the user’s identity. This processing for advertising purposes is to be regarded as our legitimate interest under Recital 47 of the GDPR. The data are stored in accordance with statutory retention periods and then automatically deleted.

If you log into your Pinterest account after visiting our website or visit our website while logged in, Pinterest may store and process these data. Pinterest may be able to link this data with your Pinterest account and also use it for its own advertising purposes. Further information can be found in Pinterest’s privacy policy: https://policy.pinterest.com/de/privacy-policy. You can object to this specific data processing at any time by either deactivating the corresponding settings under “Personalization” in your Pinterest account https://help.pinterest.com/de/articles/edit-your-settings#Web or by activating your browser’s Do Not Track setting.

Hotjar

This website uses Hotjar. Provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (Website: https://www.hotjar.com). Hotjar is a tool for analyzing user behavior on our website. With Hotjar we can, among other things, record your mouse and scroll movements and clicks. Hotjar can also determine how long your mouse pointer remained on a particular spot. From this information Hotjar creates so-called heatmaps that show which website areas are preferred by visitors. We can also determine how long you stayed on a page and when you left it. We can also determine at which point you aborted your entries in a contact form (so-called conversion funnels). In addition, direct feedback from website visitors can be obtained with Hotjar. This function serves to improve the website operator’s web offers. Hotjar uses cookies. Cookies are small text files stored on your computer and saved by your browser. They help make our offer more user-friendly, effective, and secure. With these cookies it can be determined in particular whether our website was visited with a specific device or whether Hotjar functions were deactivated for the browser in question. Hotjar cookies remain on your device until you delete them. Hotjar stores this information in a pseudonymized user profile on our behalf. Hotjar is contractually obliged not to sell any of the data collected on our behalf.

You can configure your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, as well as to enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. The use of Hotjar and the storage of Hotjar cookies are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

Deactivating Hotjar

If you would like to deactivate the collection of data by Hotjar, click the following link and follow the instructions there: https://www.hotjar.com/opt-out Please note that deactivation of Hotjar must be carried out separately for each browser and device. For more information about Hotjar and the data collected, please refer to Hotjar’s Privacy Policy at: https://www.hotjar.com/privacy
Data processing agreement
We have concluded a data processing agreement with Hotjar in order to implement strict European data protection regulations.

§ 7 Newsletter

Newsletter data

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6(1)(a) GDPR). You can revoke the consent given for the storage of the data, the email address, and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The lawfulness of data processing operations already carried out remains unaffected by the revocation.

The data you provide to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you cancel the newsletter. Data stored by us for other purposes (e.g. email addresses for the members’ area) remain unaffected.

We use Emarsys to send our newsletter. The data stored when registering for the newsletter are transmitted to and stored by Emarsys. The data entered during newsletter registration are not transmitted to other third parties.

The data you provide to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe and then deleted from our servers and from Emarsys’ servers. Data stored by us for other purposes (e.g. email addresses for the members’ area) remain unaffected.

You can unsubscribe from the newsletter at any time. Click the unsubscribe link in the last newsletter, visit our unsubscribe page, or send your unsubscribe request by email to datenschutz@43einhalb.com.

Email advertising under § 7(3) UWG

Within the scope of the legal permission under § 7(3) UWG (German Act Against Unfair Competition), we are entitled to use the email address you provided when purchasing a paid service for direct advertising for our own similar products or services. If you no longer wish to receive advertising for similar products or services, you may object to the corresponding use of your email address at any time, at no cost other than the transmission costs according to basic rates. To do so, you can unsubscribe from product recommendations by clicking the unsubscribe link contained in each mailing or by emailing datenschutz@43einhalb.com.

Emarsys

Emarsys eMarketing Systems AG (Stralauer Platz 34, 10243 Berlin; www.emarsys.com/de) is also used for the technical handling of newsletter dispatch and is an Austrian company with an office in Berlin that provides the software and infrastructure for sending consent-based electronic messages. Emarsys is aware of its responsibility toward recipients of such messages and has a zero-tolerance spam policy. Where you have consented as follows, 43einhalb uses the preferences collected via the pseudonymous user profile for the content and design of the newsletter and, for the purpose of personalized newsletter dispatch, combines your email address with the user profile.

Emarsys also offers various analytics on how the newsletters sent are opened and used, e.g. how many users an email was sent to, whether emails were rejected, and whether users unsubscribed after receiving an email. However, these analyses are only group-related and are not used by us for individual evaluation.

After registration, Emarsys will send you an email to confirm your registration (“double opt-in”). If you no longer wish to receive our newsletter, you can unsubscribe at any time by clicking the unsubscribe link contained in each mailing.

Further information on data protection at Emarsys can be found here: https://www.emarsys.com/en/privacy-policy/.

§ 8 Plugins and tools

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose, the browser you use must connect to Google’s servers. In this way, Google becomes aware that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offerings. This constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR.

If your browser does not support web fonts, a standard font from your computer will be used.

Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s Privacy Policy: https://www.google.com/policies/privacy/.

§ 9 Payment providers

PayPal

We also offer payment via PayPal on our website. Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”).

If you choose payment via PayPal, the payment data you enter will be transmitted to PayPal.

Your data is transmitted to PayPal on the basis of Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations carried out in the past.

Sofortüberweisung (Klarna “Sofort”)

We also offer payment via “Sofortüberweisung”. Provider is Sofort GmbH, Theresienhöhe 12, 80339 Munich (“Sofort GmbH”).

Using the “Sofortüberweisung” process, we receive a payment confirmation from Sofort GmbH in real time and can begin fulfilling our obligations immediately.

If you have chosen the “Sofortüberweisung” payment method, you transmit your PIN and a valid TAN to Sofort GmbH, which can then log in to your online banking account. Sofort GmbH automatically checks your account balance after logging in and carries out the transfer to us using the TAN you have provided. It then immediately sends us a transaction confirmation. After logging in, your transactions, the credit line of the overdraft facility, and the existence of other accounts and their balances are also checked automatically.

In addition to the PIN and TAN, the payment data you enter and data about your person are transmitted to Sofort GmbH. The personal data are first and last name, address, telephone number(s), email address, IP address and, if applicable, other data required for payment processing. Transmission of this data is necessary to unequivocally establish your identity and to prevent fraud attempts.

Your data is transmitted to Sofort GmbH on the basis of Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing to fulfill a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations carried out in the past.

Details on payment with Sofortüberweisung can be found at: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

If you choose credit card payment via the payment service provider Concardis, payment processing is carried out by Concardis GmbH, Helfmann-Park 7, D-65760 Eschborn, to whom we pass on the information provided during the order process along with information about your order. Your data is forwarded solely for the purpose of payment processing with Concardis. In this context, in addition to the purchase amount and date, card data are also transmitted to the aforementioned company. All payment data as well as data on any chargebacks are stored only as long as they are needed for payment processing (including handling possible chargebacks and debt collection) and for fraud prevention. As a rule, the data are deleted at the latest 13 months after collection. Further storage may take place insofar as and as long as necessary to comply with statutory retention obligations or to pursue a specific case of abuse. Legal basis for data processing is Art. 6(1)(f) GDPR. You may request information and, if necessary, correction or deletion as well as restriction of processing of your data and/or object to processing. For questions regarding data processing by Concardis or to exercise the above rights, contact the Data Protection Officer at the address provided or via Datenschutzbeauftragter@concardis.com. You also have the right to lodge a complaint with a supervisory authority. Please note that the provision of payment data is neither legally nor contractually required. If you do not wish to provide your payment data, you can use another payment method.

KLARNA

In order to offer you Klarna’s payment options, we will transmit personal data, such as contact details and order data, to Klarna. This enables Klarna to assess whether you can use the payment options offered by Klarna and to tailor the payment options to your needs. General information about Klarna can be found here. Your personal data will be treated by Klarna in accordance with applicable data protection regulations and in accordance with Klarna’s Privacy Policy.

Credit check by Billpay

If you choose one of the payment options of our partner Billpay GmbH (www.billpay.de/endkunden), you will be asked during the order process to consent to the transmission to Billpay of the data required for payment processing and an identity and credit check. If you give your consent, your data (first and last name, street, house number, postcode, city, date of birth, telephone number and, in the case of purchase by direct debit, the specified account details) as well as data relating to your order will be transmitted to Billpay. For the purpose of its own identity and credit check, Billpay or partner companies commissioned by Billpay transmit data to credit agencies and receive information from them as well as, if applicable, creditworthiness information based on mathematical-statistical procedures, in the calculation of which address data are included, among other things.

Detailed information and the credit agencies used can be found in Billpay GmbH’s Privacy Policy (www.billpay.de/allgemein/datenschutz). Billpay may also use third-party tools to detect and prevent fraud. Data obtained with these tools may be stored in encrypted form by third parties so that they can be read only by Billpay. These data will be used only if you select a payment method from our cooperation partner Billpay; otherwise, the data automatically expire after 30 minutes.

§ 10 Our social media presences

Data processing by social networks

We maintain publicly accessible profiles in social networks. The specific social networks we use are listed below.

Social networks such as Facebook, Google+, etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data processing operations relevant to data protection. In detail:

If you are logged in to your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Your personal data may also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, data collection takes place, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. This way, interest-based advertising can be shown to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot trace all processing on the social media portals. Depending on the provider, additional processing may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policies of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the broadest possible presence on the internet. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases which the operators of the social networks must specify (e.g. consent under Art. 6(1)(a) GDPR).

Controller and assertion of rights

If you visit one of our social media presences (e.g. Facebook), we and the operator of the social media platform are jointly responsible for the data processing triggered by this visit. You can assert your rights (access, rectification, deletion, restriction of processing, data portability and complaint) in principle both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite joint controllership with the social media portal operators, we do not have full influence on the data processing of the social media portals. Our options are largely determined by the company policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storage no longer applies, you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.

We have no influence on the storage duration of your data that are stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy; see below).

Individual social networks

Facebook

We have a profile on Facebook. Provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU–US Privacy Shield.

We have concluded a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings in your user account yourself. To do this, click the following link and log in: https://www.facebook.com/settings?tab=ads.

Details can be found in Facebook’s Privacy Policy: https://www.facebook.com/about/privacy/.

Twitter

We use the short message service Twitter.

§ 11 Advertising partners

Voucher offers from Sovendus GmbH

For the selection of a voucher offer that is currently of interest to you, we transmit in pseudonymized and encrypted form the hash value of your email address and your IP address to Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe (Sovendus) (Art. 6(1)(f) GDPR). The pseudonymized hash value of the email address is used to take into account any objection to advertising from Sovendus (Art. 21(3), Art. 6(1)(c) GDPR). Sovendus uses the IP address exclusively for data security purposes and usually anonymizes it after seven days (Art. 6(1)(f) GDPR). In addition, for billing purposes we transmit in pseudonymized form the order number, order value with currency, session ID, coupon code, and timestamp to Sovendus (Art. 6(1)(f) GDPR). If you are interested in a voucher offer from Sovendus, no objection to advertising is present for your email address, and you click on the voucher banner that is displayed only in this case, we will transmit your salutation, name, postcode, country, and your email address in encrypted form to Sovendus to prepare the voucher (Art. 6(1)(b), (f) GDPR). For more information on the processing of your data by Sovendus, please refer to the online privacy information at www.sovendus.de/datenschutz.