Data protection
Introduction
With the following data protection declaration, we would like to clarify which types of your personal data (hereinafter also briefly referred to as "data") we process for what purposes and to what extent as part of the provision of our application.
The terms used are not gender -specific.
Status: April 01, 2023
Responsible
People authorized to represent: Heike Stark
E-mail address: Info@heida-fashion.de
Telephone: +49 1522 333 3398
Imprint: www.heida-fashion.de/impressum
Contact data protection officer: Heike Stark, Heida Fashion, Stark e.K. Egmontstr. 26, 65812 Bad Soden
Overview of the processing
The following overview summarizes the types of the processed data and the purposes of their processing and refers to the people concerned.
Types of processed data
- Event data (Facebook) ("event data" are data that can be transmitted to Facebook via Facebook pixels (via apps or on other ways) and refer to people or their actions; to the Data is used Do not contain the actual content (such as comments written), no login information and no contact information (no names, email addresses and telephone numbers). educated target groups with the deletion of our Facebook account).
- Inventory data (e.g. names, addresses).
- Content data (e.g. input in online form).
- Contact details (e.g. email, telephone numbers).
- Meta/communication data (e.g. device information, IP addresses).
- Usage data (e.g. websites visited, interest in content, access times).
- Location data (information on the geographical position of a device or one person).
- Contract data (e.g. contractual object, duration, customer category).
- Payment data (e.g. bank details, invoices, payment history).
Categories of people affected
- Business and contractual partners.
- Interested persons.
- Communication partner.
- Customers.
- Users (e.g. website visitors, users of online services).
Purpose of processing
- Affiliate tracking.
- Registration procedure.
- Provision of our online offer and user -friendliness.
- Conversion measurement (measurement of the effectiveness of marketing measures).
- Office and organizational procedures.
- Direct marketing (e.g. by email or postal).
- Feedback (e.g. collecting feedback via online form).
- Interest -based and behavioral marketing.
- Contact inquiries and communication.
- Profiling (creating user profiles).
- Remarketing.
- Measuring range (e.g. access statistics, detection of recurring visitors).
- Safety measures.
- Tracking (e.g. interest/behavior-related profiling, use of cookies).
- Provision of contractual services and customer service.
- Administration and answering inquiries.
Relevant legal bases
In the following we share the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data. Please note that in addition to the regulations of the GDPR, the national data protection requirements in your or our residential and seating country can apply. If, in individual cases, more specific legal bases is also decisive, we will inform you of them in the data protection declaration.
- Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) - The person concerned has given their consent to the processing of the personal data relating to them for a specific purpose or several specific purposes.
- Contract fulfillment and pre -contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR) - The processing is necessary for the fulfillment of a contract whose contracting party is the data subject, or for the implementation of pre -contractual measures, the person concerned at the request of the data subject.
- Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR) - The processing is necessary to fulfill a legal obligation that the person responsible is subject to.
- Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) - The processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and fundamental freedoms of the data subject, who require the protection of personal data.
Safety measures
In accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probability of occurrence and the extent of the threats of the rights and freedoms of natural persons suitable technical and organizational measures to ensure a level of protection that is appropriate to the risk.
The measures include in particular the securing of confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, entering, passing on, securing availability and separation. We have also set up procedures that ensure a perception of affected rights, deleting data and reactions to the risk of the data. We also take into account the protection of personal data in the development or selection of hardware, software as well as procedures in accordance with the principle of data protection, through technology design and through data protection -friendly default settings.
Transmission and revelation of personal data
As part of our processing of personal data, the data occurs to other places, companies, legally independent organizational units or people or that they are disclosed to them. The recipients of this data can include, for example, payment institutions as part of payment processes, service providers or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and in particular conclude corresponding contracts or agreements that serve to protect your data with the receivers of your data.
Data processing in third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of using third parties or the disclosure or transmission of data to other persons, positions or companies takes place, this is only done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transmission, we only have the data processed in third countries with a recognized data protection level, contractual obligation through so-called standard protection clauses of the EU Commission, if the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).
Use of cookies
Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie primarily serves to save the information about a user during or after visiting an online offer. The stored information can include, for example, the language settings on a website, login status, a shopping cart or the place where a video was watched. The concept of cookies also includes other technologies that fulfill the same functions as cookies (e.g. if the user is stored by pseudonym online drawings, also referred to as "user IDS")
The following cookie types and functions are differentiated:
- Temporary cookies (also: session or session cookies):Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
- Permanent cookies:Permanent cookies remain saved even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly if the user visits a website again. Likewise, the interests of users who are used for range measurement or marketing purposes can be stored in such a cookie.
- First party cookies:First party cookies are set by ourselves.
- Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
- Necessary (also: essential or absolutely necessary) cookies: On the one hand, cookies may be absolutely necessary for the operation of a website (e.g. to save logins or other user inputs or for reasons of security).
- Statistics, marketing and personalization cookies: Furthermore, cookies are usually also used as part of the range measurement and when the interests of a user or his behavior (e.g. considering certain content, use of functions, etc.) are stored on individual websites in a user profile. Such profiles serve to display content, for example, that correspond to their potential interests. This procedure is also referred to as "tracking", i.e. tracking the potential interests of the users. If we use cookies or "tracking" technologies, we will inform you separately in our data protection declaration or in the context of obtaining consent.
Notes on legal bases: On which legal basis we process your personal data with the help of cookies depends on whether we ask you for consent. If this applies and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g. on a business operation of our online offer and its improvement) or if the use of cookies is required to meet our contractual obligations.
Storage duration: If we do not provide you with any explicit information about the memory duration of permanent cookies (e.g. in the context of a so-called cookie opt-ins), please assume that the memory duration can be up to two years.
General information on the revocation and contradiction (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option of revoking consent or contradicting the processing of your data by cookie technologies (summarized as "opt-out"). You can first explain your contradiction using the settings of your browser, e.g. by deactivating the use of cookies (whereby this can also restrict the functionality of our online offer). A contradiction to the use of cookies for the purposes of online marketing can also use a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ be explained. In addition, you can receive further information information on the information on the service providers and cookies used.
Processing of cookie data based on consent: We use a procedure for cookie acceptance management, in the context of which users' consent to the use of cookies, or the processing and providers mentioned in the context of the cookie acceptance management procedure, as well as managed and managed by the users can be revoked. The declaration of consent is stored in order not to repeat their query again to have to be repeated and to be able to prove the consent in accordance with the legal obligation. The storage can be made server and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) in order to be able to assign the consent to a user or the device. Subject to individual information on the providers of cookie management services, the following indications apply: The duration of the storage of consent can be up to two years. A pseudonymous user identifier is formed and with the time of consent, information on the reach of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and used end device.
- Processed data species: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
- Affected people: Users (e.g. website visitors, users of online services).
- Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Commercial and business services
We process data from our contract and business partners, e.g. customers and interested parties (summary as a "contractual partner") in the context of contractual and comparable legal relationships as well as associated measures and in the context of communication with the contractual partners (or pre-contractual), e.g. answer.
We process this data to fulfill our contractual obligations, to ensure our rights and for the purposes of the administrative tasks associated with this information and the entrepreneurial organization. As part of the applicable law, we only pass on the data of the contractual partners to third parties, as is necessary for the aforementioned purposes or to fulfill statutory obligations or with the consent of the data subjects (e.g. to involved telecommunications, transport and other auxiliary services as well as Subcontractor, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners are informed about further forms of processing, e.g. for marketing purposes, as part of this data protection declaration.
We share which data is required for the aforementioned purposes in front of or as part of the data collection, e.g. in online forms, through special labeling (e.g. colors) or symbols (e.g. asterisks or similar), or personally.
We delete the data after the expiry of statutory warranty and comparable obligations, i.e. in principle after 4 years, unless the data is stored in a customer account, e.g. as long as they have to be kept for legal reasons for archiving (e.g. for Tax purposes usually 10 years). Data that was disclosed to us as part of an order by the contractual partner, in accordance with the requirements of the order, in principle after the order ended.
Insofar as we use third -party or platforms to provide our services, the terms and conditions and data protection instructions of the respective third -party providers or platforms apply in the ratio between the users and the providers.
Customer account: Contractual partners can create an account within our online offer (e.g. customer or user account, or "customer account" for short). If the registration of a customer account is required, contractual partners are pointed out to this as well as the information required for registration. The customer accounts are not public and cannot be indexed by search engines. As part of the registration as well as subsequent registrations and uses of the customer account, we store the IP addresses of the customers along with the access times in order to prove the registration and prevent any abuse of the customer account.
If customers have terminated their customer account, the data relating to the customer account will be deleted, subject to the storage of which is required for legal reasons. It is the responsibility of the customer to secure their data if the customer account has been terminated.
Shop and e-commerce: We process the data of our customers in order to enable you to select, acquire, or to order the selected products, and to pay services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular post, freight forwarding and shipping companies, to carry out the delivery or execution towards our customers. We take advantage of the services of banks and payment service providers to handle the payment processes. The required information is identified as those as such in the context of the order or comparable acquisition process and include the information required for delivery, or provisions and billing information as well as contact information in order to be able to consult any.
- Processed data species: Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact details (e.g. email, telephone numbers), contract data (e.g. contractual object, duration, customer category), usage data (e.g. website visited, interest in content, access times) , Meta/communication data (e.g. device information, IP addresses).
- Affected people: Interested parties, business and contractual partners, customers.
- Purpose of processing: Provision of contractual services and customer service, contact inquiries and communication, office and organizational procedures, administration and answering inquiries, security measures.
- Legal bases: Contract fulfillment and pre -contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR), legitimate interests (Art. 6 Para. 1 S . 1 lit. f. GDPR).
Use of online marketplaces for e-commerce
We offer our services on online platforms operated by other service providers. In this context, the data protection instructions of the respective platforms apply in addition to our data protection instructions. This applies in particular with regard to the processes for extensive measurement and interest -related marketing used on the platforms.
- Processed data species: Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact details (e.g. email, telephone numbers), contract data (e.g. contractual object, duration, customer category), usage data (e.g. website visited, interest in content, access times) , Meta/communication data (e.g. device information, IP addresses).
- Affected people:
- Purpose of processing: Provision of contractual services and customer service.
- Legal bases: Contract fulfillment and pre -contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Payment service provider
As part of contract and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use further payment service providers in addition to banks and credit institutions (summary "payment service provider").
The data processed by the payment service providers include inventory data, such as the name and address, bank details, such as account numbers or credit card numbers, passwords, tan and test sums as well as the contract, sum and receiver-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored in them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information. Under certain circumstances, the data on the part of the payment service providers to business ideas
transmitted. This transmission aims for identity and credit check. To do this, we refer to the terms and conditions and the data protection instructions of the payment service providers.
The terms and conditions and data protection information from the respective payment service providers apply to the payment transactions, which can be called up within the respective websites or transaction applications. We refer to this also for further information and assertion of cancellation, information and other affected rights.
- Processed data species: Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. contractual object, duration, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information , IP addresses).
- Affected people: Customers, interested parties.
- Purpose of processing: Provision of contractual services and customer service, contact inquiries and communication, affiliate tracking.
- Legal bases: Contract fulfillment and pre -contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Used services and service providers:
- Klarna / Sofortüberweisung: Payment services; Service provider: Klarna Bank (publ), Sveafen 46, 111 34 Stockholm, Sweden; Website: https://www.klarna.com/de; Data protection: https://www.klarna.com/de/datenschutz.
- Mastercard: Payment services; Service provider: Mastercard Europe SA, CHAUSSEEE DE TERVUREN 198A, B-1410 Waterloo, Belgium; Website: https://www.mastercard.de/de-de.html; Data protection: https://www.mastercard.de/de-de/datenschutz.html.
- PayPal: Payment services and solutions (e.g. PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et cie, s.c.a., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: https://www.paypal.com/de; Data protection: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Provision of the online offer and web hosting
In order to be able to provide our online offer safely and efficiently, we take advantage of the services from one or more web hosting providers, from whose servers (or you managed servers) the online offer can be called up. For these purposes, we can use infrastructure and platform services, computing capacity, storage space and database services as well as safety services and technical maintenance services.
One of the data processed as part of the provision of the hostin range can include all the users of our online offer that occur in the context of use and communication. This regularly includes the IP address that is necessary to
to be able to deliver the content of online offers to browsers, and all entries made within our online offer or websites.
Collection of access data and log files: We (or our web hosting provider) collect data for every access to the server (so -called server log files). For the server log files, the address and name of the accessed websites and files, date and time of access, transferred amounts of data, report on successful access, browser type and version, the operating system of the user, referrer URL (previously attended page) and as a rule IP- Addresses and the inquiring provider belong.
The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the server (especially in the case of abusive attacks, so-called DDOS attacks) and on the other hand to ensure the utilization of the server and their stability.
- Processed data species: Content data (e.g. input in online form), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
- Affected people: Users (e.g. website visitors, users of online services).
- Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Registration, registration and user account
Users can create a user account. As part of the registration, the necessary mandatory information will be communicated to the users and processed for the purpose of providing the user account based on contractual fulfillment. The processed data include in particular the login information (name, password and an email address). The data entered as part of the registration are used for the purposes of using the user account and its purpose.
Users can be informed by emails about processes that are relevant for their user account, such as technical changes. If users have terminated their user account, their data will be deleted with regard to the user account, subject to statutory retention obligation. It is the responsibility of the users to secure their data before the contract has been terminated. We are entitled to irretrievably deleted all data stored during the duration of the contract.
As part of the use of our registration and registration functions as well as the use of the user account, we store the IP address and the time of the respective user act. The storage takes place on the basis of our legitimate interests as well as that of the users in protection against misuse and other unauthorized use. This data is not passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation.
Two-factor authentication: The two-factor authentication offers an additional security level for your user account and ensures that only you can access your account, even if someone else knows your password.
For this purpose, you must carry out another authentication measure in addition to your password (e.g. enter a code sent to a mobile device). We will inform you about the procedure we use.
- Processed data species: Inventory data (e.g. names, addresses), contact details (e.g. email, telephone numbers), content data (e.g. inputs in online forms), meta/communication data (e.g. device information, IP addresses).
- Affected people: Users (e.g. website visitors, users of online services).
- Purpose of processing: Provision of contractual services and customer service, security measures, administration and answering inquiries.
- Legal bases: Consent (Art. 6 Para. 1 S. 1 Lit. a. GDPR), fulfillment of the contract and pre -contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Single-sign-on registration
The "single-sign-on" or "single-sign-on registration or" authentication "is called processes that allow users to use a user account with a provider of single-sign-on procedure (e.g. a social network), also in our online offer. .
The authentication takes place directly with the respective single sign-on provider. As part of such an authentication, we receive a user ID with the information that the user is logged in at this user ID at the respective single-sign on provider and an ID that is not usable for other purposes (so-called "user “). -Sign-on providers have been released. Sign-on procedure entered password with the single-sign-on provider is neither visible for us nor is it saved by us.
The users are asked to note that their information stored with us can automatically be compared with their user account with the single-sign-on provider, but this is not always possible or actually. For example, if the email addresses of the users change, you must change them manually in your user account.
If agreed with the users, we can use the single sign-on registration as part of the or before the fulfillment of the contract, insofar as the users have been asked to do so, and otherwise set them on the basis of the beneficiary
Interests on our part and the interests of users in an effective and safe registration system.
If users decide to no longer use the linking of their user account with the single-sign-on provider for the single-sign-on procedure, you must cancel this connection within your user account with the single-sign-on provider. If users want to delete their data from us, you must cancel your registration from us.
Facebook single-sign-on: We are together with Facebook Ireland Ltd. For the survey or preservation in the context of a transmission (but not the further processing) of "event data", which facebook is raised using the Facebook-Single-Sign-on-on-registration processes that are carried out on our online offer or as part of a The transmission for the following purposes, jointly responsible: a) Display of content advertising formations that correspond to the alleged interests of the users; b) Delivery of commercial and transaction-related messages (e.g. addressing users via Facebook Messenger); c) Improvement of the ad delivery and personalization of functions and content (e.g. improvement in recognition which contents or advertising formations presumably correspond to the interests of the users). We have concluded a special agreement with Facebook ("Addition for those responsible", https://www.facebook.com/legal/controller_addendum), in which it is particularly regulated which security measures facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in the Facebook agreed to fulfill the rights of affected (i.e. users can, for example, to send information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analyzes and reports (which are aggregated, i.e. no information on individual users and are anonymous for us), this processing is not carried out within the framework of the common responsibility, but on the basis of an order processing contract ("data processing conditions" , https://www.facebook.com/legal/terms/dataprocessing), the "data security conditions" (https://www.facebook.com/legal/terms/data_security_terms) as well as with regard to the processing in the USA based on standard contract clauses ("Facebook-EU data transmission additive, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.
Instagram single-sign-on: We are together with Facebook Ireland Ltd. For the survey or preservation in the context of a transmission (but not the further processing) of "event data", which facebook is collected using the Instagram single-sign-on reporting processes that are carried out on our online offer or as part of a The transmission for the following purposes, jointly responsible: a) Display of content advertising formations that correspond to the alleged interests of the users; b) Delivery of commercial and transaction-related messages (e.g. addressing users via Facebook Messenger); c) Improvement of the ad delivery and personalization of functions and content (e.g. improvement in recognition which contents or advertising formations presumably correspond to the interests of the users). We have concluded a special agreement with Facebook ("Addition for those responsible", https://www.facebook.com/legal/controller_addendum), in which it is particularly regulated which security measures facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and agreed to meet the rights of concerns in the Facebook (i.e. users can, for example, to send information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analyzes and reports (which are aggregated, i.e. no information on individual users and are anonymous for us), this processing is not carried out within the framework of the joint responsibility, but on the basis of an order processing contract ("data processing conditions" , https://www.facebook.com/legal/terms/dataprocessing), the "data security conditions" (https://www.facebook.com/legal/terms/data_security_terms) as well as with regard to the processing in the USA based on standard contract clauses ("Facebook-EU data transmission additive, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.
- Processed data species: Inventory data (e.g. names, addresses), contact details (e.g. email, telephone numbers), event data (Facebook) ("event data" are data that e.g. via Facebook pixels (via apps or on other ways) can be transmitted to Facebook and relate to people or their actions; Data is processed for the formation of target groups for content and advertising information (Custom Audiences); and telephone numbers).
- Affected people: Users (e.g. website visitors, users of online services).
- Purpose of processing: Provision of contractual services and customer service, registration procedure.
- Legal bases: Consent (Art. 6 Para. 1 S. 1 Lit. a. GDPR), fulfillment of the contract and pre -contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Used services and service providers:
- Facebook single-sign-on: Authentication service; Service provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Data protection: https://www.facebook.com/about/privacy; Opportunity possibility (opt-out): https://www.facebook.com/settings?tab=ads.
- Google Single-Sign-on: Authentication service; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://www.google.de; Data protection: https://policies.google.com/privacy; Opportunity option (opt-out): Settings for the presentation of advertisements: https://adssettings.google.com/authenticated.
- Instagram single sign-on: Authentication service; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Data protection: https://instagram.com/about/legal/privacy.
contact
When contacting us (e.g. via contact form, email, phone or via social media), the information from the requesting persons is processed, insofar as this is necessary to answer the contact inquiries and any requested measures.
The answer to the contact inquiries within the framework of contractual or pre -contractual relationships is to fulfill our contractual obligations or to answer (before) contractual inquiries and, moreover, on the basis of the legitimate interests to answer the inquiries.
- Processed data species: Inventory data (e.g. names, addresses), contact details (e.g. email, telephone numbers), content data (e.g. inputs in online form), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP -Adens).
- Affected people:
- Purpose of processing: Contact inquiries and communication.
- Legal bases: Contract fulfillment and pre -contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Communication via Messenger
We use Messenger's purposes and therefore ask you to observe the following information on the functionality of the messenger, for encryption, to use the metadata of communication and your opposition options.
You can also contact us in alternatives, e.g. via phone or email. Please use the contact options given to you or the contact options given within our online offer.
In the event of an end-to-end encryption of content (i.e. the content of your message and attachment), we would like to point out that the communication content (i.e. the content of the message and attached images) is encrypted from the end. This means that the content of the messages is not visible, not even by the Messenger providers themselves. You should always use a current version of the messenger with activated encryption so that the encryption of the message content is ensured.
However, we also point out our communication partners that the providers of Messenger cannot see the content, but can find out that and when communication partners communicate with us and technical information onThe device used by the communication partner and, depending on the settings of your device, location information (so -called metadata) are processed.
Notes on legal bases: If we ask communication partners for permission before communication with you via Messenger, the legal basis of our processing of your data is your consent. Incidentally, if we do not ask for consent and contact us, for example, we use Messenger in relation to our contractual partners and as part of the contract initiation as a contractual measure and in the case of other interested parties and communication partners based on our legitimate interests in quick and efficient communication and fulfillment of the needs of our communication partner in communication via Messenger. We would also like to point out that we do not send the contact details to us to the Messenger for the first time without their consent.
Revocation, contradiction and deletion: You can revoke consent at any time and contradict communication with us at any time via Messenger. In the event of communication via messenger, we delete the messages in accordance with our general deletion guidelines (i.e., for example, as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise, as soon as we can assume that we have answered any information from the communication partner, If there is no reduction in a previous conversation and there is no legal retention obligations to delete them.
Reservation of reference to other communication channels: Finally, we would like to point out that we reserve the right to answer inquiries about Messenger for reasons of your security. This is the case if, for example, the contracting interna require special secrecy or an answer about messengers does not meet the formal requirements. In such cases, we refer you to adequate communication channels.
- Processed data species: Contact details (e.g. email, telephone numbers), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), content data (e.g. input in online forms).
- Affected people:
- Purpose of processing: Contact inquiries and communication, direct marketing (e.g. by email or postal).
- Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Used services and service providers:
Facebook messenger: Facebook messenger with end-to-end encryption (the end-to-end encryption of the Facebook messenger requires activation if it should not be activated by default); Service provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Data protection:
- https://www.facebook.com/about/privacy; Opportunity possibility (opt-out): https://www.facebook.com/settings?tab=ads.
Newsletter and electronic notifications
We only send newsletters, e-mails and other electronic notifications (hereinafter "newsletter") only with the consent of the recipient or a legal permit. If its content is specifically described as part of a registration for the newsletter, you are decisive for the consent of the users. In addition, our newsletter contains information about our services and us.
In order to register for our newsletters, it is generally sufficient if you enter your email address. However, we can ask you to provide a name, for the purpose of personal addressing in the newsletter, or further information, provided that these are required for the purposes of the newsletter.
Double opt-in procedure: Registration for our newsletter is generally in a so-called double opt-in procedure. This means that you will receive an email after registration in which you will be asked to confirm your registration. This confirmation is necessary so that nobody can register with foreign email addresses. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and the confirmation period as well as the IP address. The changes from the data stored by the shipping service provider are also logged.
Deletion and restriction of processing: We can save the email addresses carried out for up to three years based on our legitimate interests before we delete them in order to be able to prove a former consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual application for deletion is possible at any time, provided that the former existence of consent is also confirmed. In the event of obligations for the permanent attention of contradictions, we reserve the storage of the email address for this purpose in a block list (so-called "block list").
The login procedure is logged on the basis of our legitimate interests for the purposes of proof of its proper process. Insofar as we commission a service provider to send emails, this is done on the basis of our legitimate interests on an efficient and secure shipping system.
Notes on legal bases: The newsletter is sent on the basis of the recipient's consent or, if consent is not necessary, based on our legitimate interests in direct marketing, if and insofar as this is permitted, e.g. in the event of inventory acquisition. Insofar as we commission a service provider to send emails, this is based on our legitimate interests. The registration procedure is recorded on the basis of our legitimate interests to prove that it was carried out in accordance with the law.
Content: Information about us, our services, promotions and offers.
- Processed data species: Inventory data (e.g. names, addresses), contact details (e.g. email, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times).
- Affected people:
- Purpose of processing: Direct marketing (e.g. by email or postal).
- Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
- Opportunity possibility (opt-out): You can cancel the reception of our newsletter at any time, i.e. revoke your consent, or contradict the further reception. You can find a link to cancel the newsletter either at the end of each newsletter or otherwise use one of the contact options given above, for temporary e-mail.
Advertising communication via email, post, fax or telephone
We process personal data for the purposes of advertising communication, which can be via various channels, such as email, telephone, post or fax, according to the legal requirements.
The recipients have the right to revoke consent at any time or to object to advertising communication at any time.
After revocation or object, we can save the data required for the evidence of the consent for up to three years based on our legitimate interests before we delete it. The processing of this data is limited to the purpose of a possible defense against claims. An individual application for deletion is possible at any time, provided that the former existence of consent is also confirmed.
- Processed data species: Inventory data (e.g. names, addresses), contact details (e.g. email, telephone numbers).
- Affected people:
- Purpose of processing: Direct marketing (e.g. by email or postal).
- Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Web analysis, monitoring and optimization
The web analysis (also referred to as "range measurement") serves to evaluate the flows of visitors of our online offer and can behave, interests or demographic information on visitors, such as age or gender, as pseudonymous values. With the help of the range analysis, we can see, for example, at what time our
Online offers or its functions or content are used most frequently or invite you to reuse. We can also understand which areas of optimization require.
In addition to the web analysis, we can also use test procedures, e.g. to test and optimize different versions of our online offer or its components.
For these purposes, so -called user profiles can be created and stored in a file (so -called "cookie") or similar procedures are used with the same purpose. For example, contents, visited websites and elements used there and technical information, such as the browser used there, can include the computer system used there, for example. If users have consented to the collection of their location data, they can also be processed depending on the provider.
The IP addresses of the users are also saved. However, we use an IP masking process (i.e., pseudonymization by reducing the IP address) to protect users. In general, the clinic data from users (such as e-mail addresses or names) in the context of web analysis, A/B testings and optimization are saved, but pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored for purposes of the respective procedures in their profiles.
Notes on legal bases: If we ask the users for their consent in the use of the third -party providers, the legal basis of processing data is the consent. Otherwise, the data of the users are processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient -friendly services). In this context, we would also like to point out the information on the use of cookies in this data protection declaration.
- Processed data species: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
- Affected people: Users (e.g. website visitors, users of online services).
- Purpose of processing: Extensive measurement (e.g. access statistics, recognition of recurring visitors), tracking (e.g. interest/behavior-related profiling, use of cookies), conversion measurement (measuring the effectiveness of marketing measures), profiling (creating user profiles), interest-based and behavior-related marketing.
- Safety measures: IP masking (pseudonymization of the IP address).
- Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Used services and service providers:
- Google Analytics: Measuring range and web analysis; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Data protection: https://policies.google.com/privacy.
- Google Optimize: Use of Google Analytics data for the purposes of improving areas of our online offer and an improved orientation of our marketing measures in the potential interests of users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://optimize.google.com; Data protection: https://policies.google.com/privacy; Opportunity possibility (opt-out): Opt-Out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated.
- Google Tag Manager: Google Tag Manager is a solution with which we can manage so-called website tags via a surface and thus integrate other services into our online offer (reference is made to further information in this data protection declaration). With the Tag Manager himself (which implemented the tags) are therefore z. B. no profiles of the users yet created or cookies saved. Google only learns the user's IP address, which is necessary to carry out the Google Tag Manager. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Data protection: https://policies.google.com/privacy.
Online marketing
We process personal data for the purposes of online marketing, including the marketing of advertising space or representation of advertising and other content (summary as "content") based on potential interests of the users and the measurement of their effectiveness.
For these purposes, so -called user profiles are created and stored in a file (so -called "cookie") or similar procedures are used, by means of which the information about the user is stored for the presentation of the aforementioned content. For this information, contained content, visited websites, used online networks, but also communication partners and technical information, such as the browser used, can include the computer system used and information about usage times. If users have consented to the collection of their location data, they can also be processed.
The IP addresses of the users are also saved. However, we use available IP masking methods (i.e., pseudonymization by reducing the IP address) to protect users. In general, no clard data from users (such as e-mail addresses or names) are stored as part of the online marketing process, but pseudonyms. This means that we and the providers of the online marketing procedures do not know the identity of the users, but only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or using similar methods. These cookies can later generally also use the same online marketing procedure on other websites, read out and for the purpose of presenting the presentation of
Contents analyzed as well as with further data supplemented and stored on the server of the online marketing process provider.
In exceptional cases, clard data can be assigned to the profiles. This is the case if the users are, for example, members of a social network whose online marketing procedures we use and the network connects the profiles of the users with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g. through consent as part of the registration.
In principle, we only get access to the summarized information about the success of our advertisements. However, in the context of so -called conversion measurements, we can check which of our online marketing methods have led to a so -called conversion, i.e. for example, for a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures.
Unless otherwise stated, we ask you to assume that cookies used are saved for a period of two years.
Notes on legal bases: If we ask the users for their consent in the use of the third -party providers, the legal basis of processing data is the consent. Otherwise, the data of the users are processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient -friendly services). In this context, we would also like to point out the information on the use of cookies in this data protection declaration.
- Processed data species: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
- Affected people: Users (e.g. website visitors, users of online services).
- Purpose of processing: Tracking (e.g. interest/behavior-related profiling, use of cookies), remarketing, conversion measurement (measurement of effectiveness of marketing measures), interest-based and behavioral marketing, profiling (creating user profiles).
- Safety measures: IP masking (pseudonymization of the IP address).
- Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
- Opportunity possibility (opt-out): We refer to the data protection instructions of the respective providers and the opposition options given to the providers (so-called "opt-out"). If no explicit opt-out option has been given, there is the possibility that you will switch off cookies in the settings of your browser. This means that functions of our online offer can be restricted. We therefore also recommend the following opt-out options, which are in summary aimed at the respective areas: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) across the territory: https://optout.aboutads.info.
Evaluation platforms
We take part in evaluation procedures to evaluate, optimize and advertise our services. If users evaluate us via the assessment platforms or procedures involved or otherwise give us feedback, the general terms and conditions of business or terms of use and data protection information from the providers also apply. As a rule, the assessment also requires registration with the respective providers.
In order to ensure that the evaluating people have actually used our services, we transmit the necessary data with regard to the customer and the service used to the respective evaluation platform (including name, email address and Order number or article number). This data is used solely to verify the authenticity of the user.
Evaluation: We bind so-called "evaluation widgets" into our online offer. A widget is a functional and content element integrated into our online offer that shows variable information. It can e.g. in the form of a seal or comparable element, partly also called "Badge" , the corresponding content of the widget is presented within our online offer, but at this moment it is always shown. To do this, a data connection from the website called up within our online offer must be built up to the server of the widget provider and the widget provider receives certain technical data (access data, including IP address) that is necessary so that the content of the widget on the browser the user can be delivered.
Furthermore, the widget provider receives information that users have visited our online offer. This information can be stored in a cookie and used by the Widgets provider to recognize which online offers that participate in the evaluation procedure have been visited by the user. The information can be stored in a user profile and used for advertising or market research purposes.
- Processed data species: Contract data (e.g. contractual object, duration, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
- Affected people: Customers, users (e.g. website visitors, users of online services).
- Purpose of processing: Feedback (e.g. collecting feedback via online form), range measurement (e.g. access statistics, detection of recurring visitors), conversion measurement (measuring the effectiveness of marketing measures), interest-based and behavioral marketing, profiling (creating user profiles).
- Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Presence in social networks (social media)
We maintain online presences within social networks and process users' data to communicate with the users active there or to offer information about us.
We would like to point out that data from the user outside the space of the European Union can be processed. This can result in risks for users, because this could make it difficult to enforce the rights of the users.
Furthermore, the data of the users within social networks are usually processed for market research and advertising purposes. For example, use profiles can be created based on the usage behavior and the resulting interests of the users. The usage profiles can in turn be used, e.g. to switch advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are generally saved on the users' computers, in which the user and interests of the users are stored. Furthermore, data can also be saved in the user profiles regardless of the devices used by the users (especially if users are members of the respective platforms and are logged in with them).
For a detailed presentation of the respective processing forms and the opposition options (opt-out), we refer to the data protection declarations and information from the operators of the respective networks.
In the event of information inquiries and the assertion of affected rights rights, we would like to point out that these can be made most effectively with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information. If you still need help, you can contact us.
Facebook: We are together with Facebook Ireland Ltd. responsible for the survey (but not the further processing) of data from the visitors of our Facebook page (so-called "fan page"). This data includes information on the types of content that users look at or with whom they interact, or the actions they have carried out (see under "Under" yourself and others made and provided and provided things "in the Facebook data directive: https://www.facebook.com/policy), as well as information about the devices used by the users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under "Device Information" in the Facebook data directive declaration: https://www.facebook.com/policy). As in the Facebook data directive under "How do we use this information?" Explains, collects and uses. And interact with the content associated with them. We have concluded a special agreement with Facebook ("Information on page insights", https://www.facebook.com/legal/terms/page_controller_addendum), in which it is particularly regulated which security measures have to consider Facebook and in the Facebook agreed to meet the rights of affected (i.e. users, e.g., can be directed directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information about page insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data).
- Processed data species: Inventory data (e.g. names, addresses), contact details (e.g. email, telephone numbers), content data (e.g. inputs in online form), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP -Adens).
- Affected people: Users (e.g. website visitors, users of online services).
- Purpose of processing: Contact requests and communication, tracking (e.g. interest/behavior-related profiling, use of cookies), remarketing, range measurement (e.g. access statistics, detection recurring visitors).
- Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Used services and service providers:
- Instagram: Social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.instagram.com; Data protection: https://instagram.com/about/legal/privacy.
- Facebook: Social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Data protection: https://www.facebook.com/about/privacy; Opportunity option (opt-out): Settings for advertisements: https://www.facebook.com/settings?tab=ads.
- Pinterest: Social network; Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA,; Website: https://www.pinterest.com; Data protection: https://about.pinterest.com/de/privacy-policy; Opportunity possibility (opt-out): https://about.pinterest.com/de/privacy-policy.
- Snapchat: Social network; Service provider: Snap Inc., 3000 31st Street, Santa Monica, California 90405, USA; Website: https://www.snapchat.com/; Data protection: https://www.snap.com/de-DE/privacy/privacy-policy, Cookie guideline: https://www.snap.com/de-DE/cookie-policy; Standard contract clauses (guarantee data protection level for processing in third countries): https://www.snap.com/en-US/terms/standard-contractual-clauses.
- TIKTOK: Social network / video platform; Service provider: Musical.ly Inc., 10351 Santa Monica BLVD #310, Los Angeles, CA 90025 USA; Website: https://www.tiktok.com; Data protection: https://www.tiktok.com/de/privacy-policy.
- YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Data protection: https://policies.google.com/privacy; Opportunity possibility (opt-out): https://adssettings.google.com/authenticated.
Plugins and embedded functions as well as content
We bind function and content elements in our online offer, which are referred to by the servers of your respective providers (hereinafter referred to as "third-party provider"). For example, these can be graphics, videos or social media buttons and contributions (hereinafter uniformly referred to as "content").
The integration always presupposes that the third-party providers process the IP address of the user of this content, since they could not send the content to their browser without the IP address. The IP address is therefore necessary to present this content or functions. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "Web Beacons") for statistical or marketing purposes. The "Pixel tags" can be evaluated by information on how visitor traffic on the website of this website. The pseudonymous information can also be stored in cookies on the device of the users and, among other things, technical information on the browser and the operating system, referring websites, at the visit time, as well as further information on the use of our online offer as well as such information from other sources.
Notes on legal bases: If we ask the users for their consent in the use of the third -party providers, the legal basis of processing data is the consent. Otherwise, the data of the users are processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient -friendly services). In this context, we would also like to point out the information on the use of cookies in this data protection declaration.
Facebook plugins and content: We are together with Facebook Ireland Ltd. For the survey or preservation in the context of a transmission (but not the further processing) of "event data", which Facebook is raised or in As part of a transmission for the following purposes, the following is responsible: a) Display of content as well as advertising formations that correspond to the alleged interests of the users; b) Delivery of commercial and transaction-related messages (e.g. addressing users via Facebook Messenger); c) Improvement of the ad delivery and personalization of functions and content (e.g. improvement in recognition which contents or advertising formations presumably correspond to the interests of the users). We have concluded a special agreement with Facebook ("Addition for those responsible", https://www.facebook.com/legal/controller_addendum), in which it is particularly regulated which security measures facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and agreed to meet the rights of concerns in the Facebook (i.e. users can, for example, to send information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analyzes and reports (which are aggregated, i.e. no information on individual users and are anonymous for us), this processing is not carried out within the framework of the joint responsibility, but on the basis of an order processing contract ("data processing conditions" , https://www.facebook.com/legal/terms/dataprocessing), the "data security conditions" (https://www.facebook.com/legal/terms/data_security_terms) as well as with regard to the processing in the USA based on standard contract clauses ("Facebook-EU data transmission additive, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.
Instagram plugins and content: We are together with Facebook Ireland Ltd. For the collection or the preservation in the context of a transmission (but not the further processing) of "event data", which Facebook is raised or in As part of a transmission for the following purposes, the following is responsible: a) Display of content as well as advertising formations that correspond to the alleged interests of the users; b) Delivery of commercial and transaction-related messages (e.g. addressing users via Facebook Messenger); c) Improvement of the ad delivery and personalization of functions and content (e.g. improvement in recognition which contents or advertising formations presumably correspond to the interests of the users). We have concluded a special agreement with Facebook ("Addition for those responsible", https://www.facebook.com/legal/controller_addendum), in which it is particularly regulated which security measures facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and agreed to meet the rights of concerns in the Facebook (i.e. users can, for example, to send information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analyzes and reports (which are aggregated, i.e. no information on individual users and are anonymous for us), this processing is not carried out within the framework of the joint responsibility, but on the basis of an order processing contract ("data processing conditions" , https://www.facebook.com/legal/terms/dataprocessing), the "data security conditions" (https://www.facebook.com/legal/terms/data_security_terms) as well as with regard to the processing in the USA based on standard contract clauses ("Facebook-EU data transmission additive, https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.
- Processed data species: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), event data (Facebook) ("event data" are data that e.g. via Facebook -Pixel (via apps or on other ways) can be transmitted to Facebook and relate to people or their actions; Purchase of products, etc.; (So no names, e-mail addresses and telephone numbers). ), Contact details (e.g. Email, telephone numbers), content data (e.g. input in online form), inventory data (e.g. names, addresses).
- Affected people: Users (e.g. website visitors, users of online services), communication partner.
- Purpose of processing: Provision of our online offer and user friendliness, provision of contractual services and customer service, contact requests and communication, direct marketing (e.g. by email or postal), tracking (e.g. interest/behavioral profiling, use of cookies), interest-based and behavioral marketing, profiling (creation of User profiles), security measures, administration and answering inquiries.
- Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR), consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and pre -contractual inquiries (Art. 6 Para. 1 S. 1 lit. b.
Used services and service providers:
- Facebook plugins and content: Facebook social plugins and content - e.g. content such as images, videos or texts and buttons can be used to share with which users can share content of this online offer within Facebook. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Data protection: https://www.facebook.com/about/privacy; Opportunity option (opt-out): Settings for advertisements: https://www.facebook.com/settings?tab=ads.
- Google Maps: We bind the cards of the “Google Maps” service from the provider Google. The processed data can include, in particular, IP addresses and location data of the users, but they are not levied without their consent (usually carried out in the context of the settings of their mobile devices); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/maps-platform; Data protection: https://policies.google.com/privacy; Opportunity possibility (opt-out): Opt-Out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated.
- Instagram plugins and content: Instagram plugins and content - this can include content such as images, videos or texts and buttons with which users can share content of this online offer within Instagram. Service provider: https://www.instagram.com, Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Data protection: https://instagram.com/about/legal/privacy.
- Pinterest plugins and content: Pinterest plugins and content - this can include content such as images, videos or texts and buttons with which users can share content of this online offer within Pinterest. Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA,; Website: https://www.pinterest.com; Data protection: https://about.pinterest.com/de/privacy-policy.
- TIKTOK plugins and content: Tikok plugins and content -this can include content such as images, videos or texts and buttons. Service provider: Musical.ly Inc., 10351 Santa Monica BLVD #310, Los Angeles, CA 90025 USA; Website: https://www.tiktok.com; Data protection: https://www.tiktok.com/de/privacy-policy.
- YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Data protection: https://policies.google.com/privacy; Opportunity possibility (opt-out): Opt-Out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://adssettings.google.com/authenticated.
Planning, organization and aid tools
We use services, platforms and software from other providers (hereinafter referred to as "third -party providers") for the purposes of the organization, administration, planning and provision of our services. When selecting third -party providers and their services, we observe the legal requirements.
In this context, personal data can be processed and stored on the third -party servers. Various data can be affected by this, which we process according to this data protection declaration. This data can in particular belong to the master data and contact details of the users, data on processes, contracts, other processes and their content.
If users are referred to the third-party providers or their software or platforms as part of communication, business or other relationships with us, third-party providers can process usage data and metadata for security purposes, service optimization or for marketing purposes. We therefore ask you to observe the data protection instructions of the respective third -party providers.
Notes on legal bases: If we ask the users for their consent in the use of the third -party providers, the legal basis of processing data is the consent. Furthermore, their use can be part of our (before) contractual services, provided that the use of third -party providers has been agreed in this context. Otherwise, the data of the users are processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient -friendly services). In this context, we would also like to point out the information on the use of cookies in this data protection declaration.
- Processed data species: Inventory data (e.g. names, addresses), contact details (e.g. email, telephone numbers), content data (e.g. inputs in online form), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP -Adens).
- Affected people: Communication partner, user (e.g. website visitors, users of online services).
- Legal bases: Consent (Art. 6 Para. 1 S. 1 Lit. a. GDPR), fulfillment of the contract and pre -contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Deletion of data
The data we process will be deleted in accordance with the legal requirements as soon as the consent permitted for processing or other permits are canceled (e.g. if the purpose of processing this data is omitted or it is not necessary for the purpose).
If the data is not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons or that their storage is required to assert, exercise or defend legal claims or to protect the rights of a different natural or legal person.
Further information on the deletion of personal data can also be made within the framework of the individual data protection information of this data protection declaration.
Change and update of the data protection declaration
We ask you to regularly inform yourself about the content of our data protection declaration. We adapt the data protection declaration as soon as the changes in the data processing we have necessary make this necessary. We will inform you as soon as the changes are required to take part (e.g. consent) or other individual notification.
If we provide addresses and contact information from companies and organizations in this data protection declaration, please note that the addresses can change over time and ask the information to check before contact.
Rights of the persons concerned
According to the GDPR, they are entitled to various rights as those affected, which arise in particular from Art. 15 to 21 GDPR:
- Right to object: You have the right to object at any time against the processing of the personal data relating to it due to Art. 6 Para. 1 lit. e or f GDPR; This also applies to a profiling based on these provisions. If the personal data relating to you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; This also applies to profiling, insofar as it is connected to such direct advertising.
- Right of withdrawal in the event of consent: You have the right to revoke consent at any time.
- Right of providing information: You have the right to request confirmation of whether the data in question is processed and information about this data as well as further information and copy of the data in accordance with the legal requirements.
- Right to correction: In accordance with the legal requirements, you have the right to request the completion of the data relating to it or to correct the incorrect data relating to it.
- Right to deletion and restriction of processing: In accordance with the legal requirements, you have the right to request that you to be deleted immediately or, as an alternative, to request a restriction of the processing of the data in accordance with the legal requirements.
- Right to data portability: You have the right to maintain data that you have provided to us in accordance with the legal requirements in a structured, common and machine -readable format or to request the transmission to another responsible person.
- Complaint to the supervisory authority: In accordance with the legal requirements, you also have the right to complain to a supervisory authority, in particular in the Member State of your habitual place of residence, your workplace or the location of the alleged violation if you believe that the processing of your personal data relating to it against the GDPR violates.
Definitions
In this section you will receive an overview of the terms used in this data protection declaration. Many of the terms are taken from the law and defined especially in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, should primarily serve to understand. The terms are sorted alphabetically.
- Affiliate tracking: As part of the affiliate tracking, links, with the help of which the linking websites refer users to websites with product or other offers. The operators of the linking websites can receive a commission if users follow these so-called affiliate links and then perceive the offers (e.g. buy goods or use services). For this it is necessary that the providers can track whether users who are interested in certain offers then perceive them at the reason for the affiliate links. It is therefore necessary for the functionality of affiliate links to be supplemented by certain values that become part of the link or otherwise, e.g. in a cookie. The values include the starting website (referrer), the time, an online detection of the operators of the website on which the affiliate link was located, an online detection of the respective offer, an online detection of the user as well how, e.g. advertising material ID, partner ID and categorizations
- IP masking: "IP-Masking" is a method in which the last octet, i.e. the last two numbers of an IP address, is deleted so that the IP address can no longer serve to clearly identify a person. Therefore, the IP is -Masking a means of pseudonymization of processing procedures, especially in online marketing
- Interest -based and behavioral marketing: One speaks of interest and/or behavioral marketing when potential interests of users are predicted as precisely as possible. This is based on information on their preliminary behavior (e.g. visiting certain websites and lingering on these, buying behavior or interaction with other users) that are stored in a so -called profile. Cookies are usually used for these purposes.
- Conversion measurement: The conversion measurement (also referred to as "visiting action evaluation") is a procedure with which the effectiveness of marketing measures can be determined. As a rule, a cookie on the devices of the users within the websites on which the marketing measures are carried out is saved and then called up again on the target website. For example, we can understand whether the ads we have been successful on other websites.
- Personal data: "Personal data" is all information that relates to an identified or identifiable natural person (hereinafter "data subject"); A natural person is regarded as identifiable, which can be identified directly or indirectly, in particular by means of assignment to a identifier such as a name, to an identification number, on site data, for an online detection (e.g. cookie) or for one or more special characteristics, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
- Profiling: "Profiling" is called any type of automated processing of personal data, which consists in the fact that this personal data is used to refer to certain personal aspects that relate to a natural person (depending on the type of profiling, information about age includes this, To analyze, evaluate, evaluate or predict the gender, location data and movement data, interaction with websites and their content, shopping behavior, social interactions with other people) (e.g. the interests of certain content or products, click behavior on a website or location ).
- Measuring range: The range measurement (also referred to as web analytics) serves to evaluate the flows of visitors of an online offer and can include the behavior or interests of visitors to certain information, such as content of websites. With the help of the range analysis, website owners can see, for example, at what time visitors visit their website and what content they are interested in. This means that you can better adapt the content of the website to the needs of your visitors. For the purposes of range analysis, pseudonymous cookies and web beacons are often used to recognize recurring visitors and thus obtain more precise analyzes to use an online offer.
- Remarketing: One speaks of "remarketing" or "retargeting" if, for example, for advertising purposes it is noted for which products a user was interested in a website to remember the user on other websites, e.g. in advertisements.
- Location data: Location data arises when a mobile device (or another device with the technical requirements of a location determination) combines with a radio cell, a WLAN or similar technical central and functions of location determination. Location data serve to specify the geographically determinable position of the earth is the respective device. Location data can e.g. B. can be used to present card functions or other information dependent on one place.
- Tracking: One speaks of "tracking" if the behavior of users can be traced over several online offers. As a rule, with regard to the online offers used, behavioral and interest information in cookies or on servers of the providers of the tracking technologies are saved (so-called profiling) can then be used, for example, to display advertisements to users that are expected to meet their interests.
- Responsible: The natural or legal person, authority, institution or other body, which decides on the purposes and means of processing personal data alone, is referred to as the "person responsible".
- Processing: "Processing" is every process carried out with or without the help of automated procedures or any such series of transaction in connection with personal data. The term extends wide and includes practically every handling of data, be it, evaluating, evaluating, saving, transmitting or deleting.
Created with Free Datenschutz-generator.de by Dr. Thomas Schwenke