m

Hirtenstraße 19, 10178 Berlin, Germany

+49 30 24041420

ouroffice@oberon.com

Search
mobile logo

Data protection

 

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

The use of our website is generally possible without providing personal data. Insofar as personal data (e.g., name, address, or email addresses) is collected on our site, this is always done on a voluntary basis, where possible. This data will not be passed on to third parties without your explicit consent.

Please note that data transmission over the internet (e.g., when communicating via email) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Their contact details can be found in the section "Information on the responsible body" in this privacy policy.

How do we collect your data?

Your data is collected, firstly, because you provide it to us. This could include, for example, data that you enter into a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you access this website.

What do we use your data for?

Some data is collected to ensure the website functions correctly. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other inquiries.

What rights do you have regarding your data?

You have the right to obtain information free of charge at any time regarding the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

Hosting

We host the content of our website with DomainFactory GmbH, c/o WeWork, Neuturmstraße 5, 80331 Munich (hereinafter referred to as DomainFactory). When you visit our website, DomainFactory collects various log files, including your IP address.

For details, please refer to DomainFactory's privacy policy: https://www.df.eu/de/datenschutz/.

The use of DomainFactory is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., for device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

Order processing

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a legally required contract under data protection law, which ensures that the service provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Note regarding the responsible body

Die verantwortliche Stelle für die Datenverarbeitung auf dieser Website ist:

Sala Lieber, Kanalstrasse 25, 41460 Neuss
Telefon: +49 160 95262158
E-Mail: salalieber@googlemail.com

The responsible entity is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage duration

Unless a more specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you submit a legitimate request for erasure or withdraw your consent to data processing, your data will be deleted, provided we have no other legally permissible grounds for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the data will be deleted once these grounds cease to apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Article 6(1)(a) GDPR or Article 9(2)(a) GDPR if special categories of data pursuant to Article 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing also takes place on the basis of Article 49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g., via device fingerprinting), data processing additionally takes place on the basis of Section 25(1) of the German Telemedia Act (TMG). You can withdraw your consent at any time. If your data is required for the performance of a contract or for taking steps prior to entering into a contract, we process your data on the basis of Article 6(1)(b) GDPR. Furthermore, we process your data if it is necessary for compliance with a legal obligation, on the basis of Article 6(1)(c) GDPR. Data processing may also be based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Information on the applicable legal bases in each individual case is provided in the following paragraphs of this privacy policy.

Note regarding data transfers to third countries that do not offer adequate data protection and transfers to US companies that are not DPF-certified.

We use, among other things, tools from companies based in third countries with inadequate data protection laws, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to and processed in these countries. Please note that a level of data protection comparable to that of the EU cannot be guaranteed in third countries with inadequate data protection laws.

Please note that the USA, as a safe third country, generally offers a level of data protection comparable to that of the EU. Data transfers to the USA are therefore permitted if the recipient is certified under the EU-US Data Privacy Framework (DPF) or has appropriate additional safeguards in place. Information on transfers to third countries, including data recipients, can be found in this privacy policy.

Recipients of personal data

As part of our business activities, we collaborate with various external parties. This sometimes requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Article 6(1)(f) GDPR, or if another legal basis permits the data transfer. When using data processors, we only transfer our customers' personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Revocation of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time. The legality of data processing carried out before the revocation remains unaffected by the revocation.

Right to object to data processing in special cases and to direct marketing (Art. 21 GDPR)

If data processing is based on Article 6(1)(e) or (f) of the GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you; this also applies to profiling based on these provisions. The specific legal basis for each processing operation can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims (objection pursuant to Article 21(1) GDPR). If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection pursuant to Article 21(2) GDPR).

 

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement. This right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to receive the data that we process automatically based on your consent or in fulfillment of a contract, either for yourself or for a third party, in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if technically feasible.

Information, correction and deletion

Under applicable law, you have the right to request information, free of charge, about your stored personal data, its origin and recipients, and the purpose of the data processing, as well as the right to rectification or erasure of this data. You can contact us at any time with regard to this and any other questions concerning personal data.

 

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do so. The right to restrict processing exists in the following cases:

– If you dispute the accuracy of your personal data stored with us, we generally need time to verify this. For the duration of the verification process, you have the right to request the restriction of the processing of your personal data.

– If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.

– If we no longer need your personal data, but you require it for the establishment, exercise or defense of legal claims, you have the right to request restriction of processing of your personal data instead of erasure.

– If you have objected to processing pursuant to Article 21(1) GDPR, a balancing of interests between your interests and ours must be carried out. Until it is determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from being stored – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

SSL or TLS encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the lock symbol in your browser's address bar.

When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.

Objection to advertising emails

The use of contact details published as part of the legal notice for sending unsolicited advertising and informational materials is hereby prohibited. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.

 

Data collection on this website

 

Cookies

Our website uses so-called "cookies." Cookies are small data packets and do not harm your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after you leave our website. Persistent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).

Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies can be used to analyze user behavior or for advertising purposes.

Cookies that are necessary for carrying out electronic communication, for providing certain functions you have requested (e.g., for the shopping cart function), or for optimizing the website (e.g., cookies for measuring website traffic) (necessary cookies) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically flawless and optimized provision of its services. If consent to the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Article 6(1)(a) GDPR and Section 25(1) TDDDG); this consent can be revoked at any time.

You can configure your browser to notify you when cookies are set and to allow cookies only in individual cases, to accept cookies in certain cases or to generally reject them, and to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

You can find information about which cookies and services are used on this website in this privacy policy.

Inquiries via email, telephone or fax

When you contact us by email, telephone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We will not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for taking steps prior to entering into a contract. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if such consent has been obtained; you may withdraw your consent at any time.

The data you send us via contact requests will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular, statutory retention periods – remain unaffected.

 

Social Media

 

Facebook

This website integrates elements of the social network Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

An overview of Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook then receives the information that you have visited this website with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. Please note that as the provider of this website, we have no knowledge of the content of the transmitted data or its use by Facebook. You can find further information in Facebook's privacy policy at:

https://de-de.facebook.com/privacy/explanation.
The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and §

Section 25 Paragraph 1 TDDDG. Consent can be revoked at any time.

To the extent that personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The subsequent processing by Facebook is not part of this joint responsibility. Our joint obligations are set out in a joint processing agreement. You can find the text of the agreement here:

https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of its products. You can assert your data subject rights (e.g., requests for access) regarding data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obligated to forward them to Facebook.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 und

https://www.facebook.com/policy.php.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

 

Instagram

This website integrates features of the Instagram service. These features are offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram then receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that as the provider of this website, we have no knowledge of the content of the transmitted data or its use by Instagram.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This consent can be revoked at any time.

To the extent that personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram after the transfer is not part of the joint responsibility. Our joint obligations are set out in a joint controllership agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of its Facebook and Instagram products. Data subject rights

You can assert your rights (e.g., requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert your data subject rights with us, we are obligated to forward them to Facebook.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ und https://de-de.facebook.com/help/566994660333381.

Further information can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy/.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

 

Tumblr

This website uses buttons and other elements of the Tumblr service. The provider is Tumblr, Inc., 35 East 21st St, 10th Floor, New York, NY 10010, USA.

When the social media element is active, a direct connection is established between your device and the Tumblr server. Tumblr then receives information about your visit to this website.

The Tumblr buttons allow you to share a post or page on Tumblr or follow the provider on Tumblr. When you visit one of our websites with a Tumblr button, your browser establishes a direct connection to Tumblr's servers. We have no control over the scope of data that Tumblr collects and transmits using this plugin. Currently, the user's IP address and the URL of the respective website are transmitted.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This consent can be revoked at any time.

Further information can be found in Tumblr's privacy policy at: https://www.tumblr.com/privacy/de.

 

Pinterest

This website uses elements of the social network Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

When you visit a page containing such an element, your browser establishes a direct connection to Pinterest's servers. This social media element transmits log data to Pinterest's server in the USA. This log data may include your IP address, the address of the websites you visit that also contain Pinterest features, your browser type and settings, the date and time of your request, your use of Pinterest, and cookies.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This consent can be revoked at any time.

For more information about the purpose, scope and further processing and use of data by Pinterest, as well as your related rights and options for protecting your privacy, please see Pinterest's privacy policy:
https://policy.pinterest.com/de/privacy-policy.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4203.

 

Plugins and Tools

 

WooCommerce

This website integrates the open-source shop system WooCommerce. WooCommerce is an e-commerce plugin for WordPress that enables the creation and management of online shops, including features such as product presentation, shopping cart, order processing, and payment integration.

YouTube

This website embeds videos from YouTube. The website is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites that includes embedded YouTube videos, a connection is established to YouTube's servers. This informs the YouTube server which of our pages you have visited.

Furthermore, YouTube may store various cookies on your device or use similar technologies for recognition (e.g., device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to compile video statistics, improve user-friendliness, and prevent fraud. The collected data is also processed within the Google advertising network.

If you are logged into your YouTube account, you are allowing YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in our legitimate interest in presenting our online content in an appealing way. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telemedia Act (TMG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDG. Consent can be withdrawn at any time.

Further information on how user data is handled can be found in YouTube's privacy policy at:
https://policies.google.com/privacy?hl=de.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Fonts

This website uses Google Fonts, provided by Google, for consistent font display. When you visit a page, your browser loads the necessary fonts into its browser cache to display text and fonts correctly.

For this purpose, the browser you are using must connect to Google's servers. This allows Google to know that this website was accessed via your IP address. The use of Google Fonts is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on their website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

If your browser does not support Google Fonts, a standard font from your computer will be used.

Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics (mit Anonymisierungsfunktion)

The data controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics involves the collection, gathering, and analysis of data about the behavior of website visitors. A web analytics service records, among other things, data about which website a data subject came from (known as the referrer), which subpages of the website were accessed, and how often and for how long a subpage was viewed. Web analytics is primarily used to optimize a website and to perform cost-benefit analyses of online advertising.
The operator of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
The data controller uses the extension “_gat._anonymizeIp” for web analytics via Google Analytics. This extension shortens and anonymizes the IP address of the data subject's internet connection when our website is accessed from a member state of the European Union or from another contracting state of the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze visitor traffic on our website. Google uses the collected data and information, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our website, and to provide other services related to the use of our website.
Google Analytics places a cookie on the data subject's information technology system. Cookies were explained above. By placing this cookie, Google is enabled to analyze the use of our website. Each time a user accesses one of the individual pages of this website, which is operated by the data controller and on which a Google Analytics component has been integrated, the respective Google Analytics component automatically prompts the web browser on the data subject's information technology system to transmit data to Google for the purpose of online analysis. As part of this technical process, Google receives personal data, such as the data subject's IP address, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission payments.
The cookie stores personal information, such as the access time, the location from which access originated, and the frequency of visits to our website by the data subject. With each visit to our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States. This personal data is stored by Google in the United States. Google may share this personal data, collected via this technical process, with third parties.
The data subject can prevent the setting of cookies by our website at any time, as described above, by adjusting the settings of their internet browser accordingly, and thus permanently object to the setting of cookies. Such a browser setting would also prevent Google from setting a cookie on the data subject's information technology system. Furthermore, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the option to object to and prevent the collection and processing of data generated by Google Analytics relating to their use of this website. To do so, the data subject must download and install a browser add-on from the following link: https://tools.google.com/dlpage/gaoptout. This browser add-on uses JavaScript to inform Google Analytics that no data or information about website visits may be transmitted to Google Analytics. Google interprets the installation of this browser add-on as an objection. If the data subject's computer system is subsequently deleted, formatted, or reinstalled, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their sphere of influence, it can be reinstalled or reactivated.
Further information and Google's applicable privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link: https://www.google.com/intl/de_de/analytics/.

 

Google Maps

This website uses the Google Maps service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This service allows us to embed maps on our website.

To use the functions of Google Maps, it is necessary to store your IP address. This information is generally transmitted to and stored on a Google server in the USA. The provider of this website has no influence on this data transfer. When Google Maps is activated, Google may use Google Fonts for the purpose of consistent font display. When you access Google Maps, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.

The use of Google Maps is in our legitimate interest in presenting our online services in an appealing manner and ensuring that the locations we specify on the website are easy to find. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telemedia Act (TMG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDG. Consent can be withdrawn at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ und https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on how user data is handled, please see Google's privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

 

Wordfence

We have integrated Wordfence into this website. The provider is Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter referred to as "Wordfence").

Wordfence protects our website from unwanted access or malicious cyberattacks. For this purpose, our website maintains a persistent connection to Wordfence's servers so that Wordfence can compare its databases with the access data on our website and block any unauthorized access.

The use of Wordfence is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its website from cyberattacks as effectively as possible. If consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here:
https://www.wordfence.com/help/general-data-protection-regulation/.

 

Klarna als Zahlungsart

The data controller has integrated components from Klarna on this website. Klarna is an online payment service provider that enables purchases on account or flexible installment payments. Klarna also offers additional services, such as buyer protection and identity and credit checks.
The operating company of Klarna is Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.
If the data subject selects either "purchase on account" or "installment purchase" as the payment option during the ordering process in our online shop, their data will be automatically transmitted to Klarna. By selecting one of these payment options, the data subject consents to this transfer of personal data, which is necessary for processing the invoice or installment purchase or for identity and credit checks.
The personal data transmitted to Klarna typically includes first name, last name, address, date of birth, gender, email address, IP address, telephone number, mobile phone number, and other data necessary for processing an invoice or installment purchase. Personal data related to the specific order is also necessary for processing the purchase agreement. This may include the mutual exchange of payment information such as bank details, card number, expiry date and CVC code, quantity of items, item number, data on goods and services, prices and taxes, information on previous purchasing behavior, or other information about the financial situation of the data subject.
The data transfer is primarily for identity verification, payment processing, and fraud prevention. The data controller will transfer personal data to Klarna, particularly when there is a legitimate interest in doing so. The personal data exchanged between Klarna and the data controller will be transmitted by Klarna to credit reference agencies. This transmission is for the purpose of identity and creditworthiness verification.
Klarna also shares personal data with affiliated companies (Klarna Group) and service providers or subcontractors, insofar as this is necessary to fulfill contractual obligations or to process the data on behalf of Klarna.
To decide whether to establish, execute, or terminate a contractual relationship, Klarna collects and uses data and information about the individual's past payment behavior, as well as probability scores for their future behavior. The scoring is calculated using scientifically recognized mathematical and statistical methods.
The data subject has the right to withdraw their consent to the processing of their personal data by Klarna at any time. Such withdrawal does not affect personal data that must be processed, used, or transmitted for the (contractual) processing of payments.
Klarna's applicable data protection regulations can be accessed at https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf.

PayPal als Zahlungsart

The data controller has integrated components from PayPal on this website. PayPal is an online payment service provider. Payments are processed via PayPal accounts, which are virtual private or business accounts. PayPal also allows users to make virtual payments via credit card if they do not have a PayPal account. A PayPal account is managed via an email address, so there is no traditional account number. PayPal enables users to send and receive online payments. PayPal also acts as an escrow service and offers buyer protection.
PayPal's European operating company is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.
If the data subject selects "PayPal" as the payment method during the ordering process in our online shop, their data will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data necessary for payment processing.
The personal data transmitted to PayPal typically includes first name, last name, address, email address, IP address, telephone number, mobile phone number, and other data necessary for payment processing. Personal data related to the specific order is also necessary for processing the purchase agreement.
The personal data transmitted to PayPal typically includes first name, last name, address, email address, IP address, telephone number, mobile phone number, and other data necessary for payment processing. Personal data related to the specific order is also necessary for processing the purchase agreement.
PayPal may share personal data with affiliated companies and service providers or subcontractors to the extent necessary to fulfill contractual obligations or to process the data on its behalf.
The data subject has the right to withdraw their consent to the processing of their personal data by PayPal at any time. Such withdrawal does not affect personal data that must be processed, used, or transmitted for the (contractual) processing of payments.
Die geltenden Datenschutzbestimmungen von PayPal können unter https://www.paypal.com/de/webapps/mpp/ua/privacy-full abgerufen werden.

Apple Pay as a payment method

If you choose the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is handled via the "Apple Pay" function on your iOS, watchOS, or macOS device by charging a payment card stored with "Apple Pay." Apple Pay uses security features integrated into your device's hardware and software to protect your transactions. Authorizing a payment requires entering a code you previously set and verifying your identity using your device's "Face ID" or "Touch ID" function.

For payment processing purposes, the information you provide during the ordering process, along with details of your order, will be transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting it to the payment service provider of the payment card stored in Apple Pay. This encryption ensures that only the website where the purchase was made can access the payment information. After the payment has been processed, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the successful payment.

If personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Apple retains anonymized transaction data, including the approximate purchase amount, date, and time, as well as whether the transaction was successful. Anonymization completely eliminates any possibility of identifying individuals. Apple uses this anonymized data to improve Apple Pay and other Apple products and services.

When you use Apple Pay on your iPhone or Apple Watch to complete a purchase you made through Safari on your Mac, your Mac and the authorizing device communicate via an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone's settings. Go to "Wallet & Apple Pay" and turn off "Allow Payments on Mac."

Further information on data protection with Apple Pay can be found at the following web address: https://support.apple.com/de-de/HT203027

 

Google Pay als Zahlungsart

If you choose the payment method "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment processing is handled via the "Google Pay" application on your mobile device, which must be running at least Android 4.4 ("KitKat") and have NFC capability. The payment will be processed by charging a payment card stored in Google Pay or a payment system verified there (e.g., PayPal). To authorize a payment via Google Pay exceeding €25, you must first unlock your mobile device using the configured verification method (such as facial recognition, password, fingerprint, or pattern).

For payment processing purposes, the information you provide during the ordering process, along with information about your order, will be shared with Google. Google will then transmit your payment information stored in Google Pay to the originating website in the form of a unique transaction number, which is used to verify the payment. This transaction number contains no information about the actual payment details of your payment method stored in Google Pay, but is created and transmitted as a unique numerical token. In all transactions via Google Pay, Google acts solely as an intermediary for processing the payment. The transaction is executed exclusively between the user and the originating website by debiting the payment method stored in Google Pay.

If personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Google reserves the right to collect, store, and analyze certain transaction-specific information for each transaction made through Google Pay. This includes the date, time, and amount of the transaction; the merchant's location and description; a description of the purchased goods or services provided by the merchant; photos you attached to the transaction; the name and email address of the seller and buyer or sender and recipient; the payment method used; your description of the reason for the transaction; and, if applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Art. 6 para. 1 lit. f GDPR on the basis of the legitimate interest in proper accounting, verification of transaction data and the optimization and maintenance of the Google Pay service.

Google also reserves the right to combine the processed transaction data with other information collected and stored by Google when you use other Google services.

The Google Pay terms of service can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on data protection at Google Pay can be found at the following web address:

https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

 

Credit card as a payment method via Stripe

 

If you pay by credit card, payment processing is handled by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we transfer the information you provided during the ordering process, along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number) in accordance with Article 6 Paragraph 1 Letter b GDPR. Your data is transferred exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information on Stripe's data protection policy can be found at the following URL: https://stripe.com/de/privacy#translation.

 

Online-Marketing

 

Use of Google Ads conversion tracking

This website uses the online advertising program “Google Ads” and, within the framework of Google Ads, the conversion tracking service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use Google Ads to draw attention to our attractive offers on external websites using advertising materials (so-called Google AdWords). Based on the data from the advertising campaigns, we can determine the success of individual advertising measures. Our aim is to show you advertising that is relevant to you, to make our website more interesting for you, and to ensure a fair calculation of the advertising costs incurred.

Diese Website nutzt das Online-Werbeprogramm “Google Ads” und im Rahmen von Google Ads das Conversion-Tracking der Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland („Google“). Wir nutzen das Angebot von Google Ads, um mit Hilfe von Werbemitteln (sogenannten Google Adwords) auf externen Webseiten auf unsere attraktiven Angebote aufmerksam zu machen. Wir können in Bezug zu den Daten der Werbekampagnen ermitteln, wie erfolgreich die einzelnen Werbemaßnahmen sind. Wir verfolgen damit das Anliegen, Ihnen Werbung anzuzeigen, die für Sie von Interesse ist, unsere Website für Sie interessanter zu gestalten und eine faire Berechnung der anfallenden Werbekosten zu erreichen.

You can find further information about Google's privacy policy at the following web address: https://www.google.de/policies/privacy/

You can permanently opt out of Google Ads conversion tracking by downloading and installing the browser plug-in available from Google at the following link:

https://www.google.com/settings/ads/plugin?hl=de

Please note that certain features of this website may not be available or may be limited if you have disabled the use of cookies.

Where legally required, we have obtained your consent for the processing of your data as described above, in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, deactivate this service in the "Cookie Consent Tool" provided on the website or, alternatively, follow the instructions for objecting as described above.

 

Meta-, Custom Audiences and Meta-Marketing Services

We use the Meta-Pixel service on our websites, a service for enabling personalized advertising provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: "Meta"). Meta acts as a third party in this service relationship.

Scope of processing

If you have consented to the use of Meta-Pixel and Custom Audiences, a connection to Meta's servers will be established when you visit our website to load the script required for the Meta-Pixel. This process transmits your IP address, the address of the visited page, and information about your browser and operating system. At the time of Meta-Pixel initialization, cookies containing unique identifiers are stored, allowing your browser to be recognized. This cookie is only valid for our website and cannot be used to track your activity on third-party websites. Subsequently, each time you access a page on our website that uses Meta-Pixel, the following data will be transmitted to and stored on a Meta server in the USA:

– Address of the page from which you accessed a page on our website
– Address of the page accessed
– Date and time of the call
– Browser and operating system
– IP-Adresse
– the pixel ID assigned to our website by Meta
– Identifier from meta-cookie
– “Button-Click-Data” (information about buttons that the user has clicked and the page to which the user was redirected)

The pixel we use is not used in the "extended user matching" variant, meaning that we do not transfer any further personal data to Meta.

If you have a Meta user account and a Meta cookie with a user ID is stored in your browser, Meta can associate the data we transmit to you with your Meta user account and thus with you personally. Regardless of whether you have a user account, Meta creates interest profiles based on the collected data, which serve as the basis for creating target groups ("Custom Audiences"). Meta can add you to such a target group and display personalized advertisements when you visit pages belonging to Meta. For us, the visitor and target group data is only available in the form of anonymized statistics.

Further information can be found on Meta's website:

Regarding Meta's data policy: https://www.facebook.com/privacy/explanation

Regarding the data collected with the meta-pixel: https://developers.facebook.com/docs/Meta-Pixel/implementation/gdpr

Data storage and access in the browser

The following cookies can be stored and read in the browser for Meta-Pixel and Custom Audiences. Please refer to the [link to relevant documentation] for further information. Meta's information on cookies used[TK4] .

Bezeichnung Funktionsdauer Zugriffsmöglichkeit auf Seiten Dritter Domain Typ
_fbp 3 Monate ja First-Party Cookie

 

Legal basis for processing

The legal basis for the processing is Article 6(1)(a) GDPR.

Purpose of processing

We use the Meta Pixel to target our ads to specific audiences on Meta's website. By assigning users to relevant target groups, Meta allows us to use our advertising effectively. Using the Meta Pixel ensures that our ads on Meta's website align with a user's potential interests and are not perceived as intrusive.

Data transfer to third countries

If Meta also processes your data in third countries, according to Meta, this is done either on the basis of adequacy decisions of the EU Commission within the meaning of Art. 45 para. 1 GDPR or on the basis of Standardvertragsklauseln mit der Empfänger*in, die diese dazu verpflichten, das europäische Datenschutzrecht auch im Drittland zu gewährleisten und damit eine geeignete Garantie für den Schutz personenbezogener Daten iSd Art. 46 Abs. 2 lit. c DS-GVO bieten.

Storage duration

Individuals added to a custom audience will be removed from the audience after 180 days, unless they have rejoined it through page visits in the meantime. We do not store any personal data. The storage of personal data is otherwise governed by Meta's privacy policy.

Opportunity to object and have the matter rectified

You can view the status of your consent via our consent manager CookieYes in the bottom left corner of the website and revoke your consent at any time. Revoking your consent does not affect the lawfulness of the processing carried out before the revocation. Your decision regarding the use of the service is stored in the cookie. It only applies to this browser and must be renewed after the stated validity period expires.

Registrierte Nutzer der Plattform Facebook können auf der Seite https://www.facebook.com/settings?tab=ads die Funktion Custom Audiences deaktivieren. Weitere Einstellungsmöglichkeiten für registrierte Benutzer werden unter https://www.facebook.com/help/568137493302217 erläutert.

 

 

This privacy policy was created and expanded using the privacy policy generator from E-Recht24.

https://www.e-recht24.de