Data protection

1. Introduction and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we provide information on the handling of your personal data when using our website. Personal data is any data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is ZeoBent Handels GmbH, Weißen 2, 07407 Uhlstädt-Kirchhasel, Germany, Tel.: +49 (0) 371 820 59 75, E-mail: info@zeolith-bentonit-versand.de. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 The controller has appointed a data protection officer, who can be contacted as follows: Mario Markotic, Weißen 2, 07407 Uhlstädt-Kirchhasel, Germany, Tel.: +49 (0)371 820 59 75, E-mail: info@zeolith-bentonit-versand.de.

1.4 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries sent to us), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the padlock symbol in your browser bar.

2. Definitions used in data protection law

Our privacy policy is based on the terms used by the European legislator in the General Data Protection Regulation (GDPR). Our privacy policy is intended to be understandable for the public, our customers and business partners alike. To ensure this, we first explain some of the terms used.

Personal data Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject A data subject is any identified or identifiable natural person whose personal data has been processed by the controller.

Processing Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Profiling Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Controller The controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

Processor A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient Recipient means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not.

Third party Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and the persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Data collection when visiting our website

3.1 When you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to the server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time of access
Amount of data sent in bytes
Source/referrer from which you came to the page
Browser used
Operating system used
IP address used (possibly in anonymised form)

The processing takes place pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or otherwise used. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.

We erase or block personal data of the data subject as soon as the purpose of storage no longer applies. Erasure may also take place if this has been provided for by European or national legislators in Union regulations, laws or other provisions to which our company is subject. Blocking or erasure of the data also takes place if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion of a contract or fulfilment of a contract.

4. Hosting & content delivery network

4.1 Amazon Web Services

For the hosting of our website and the display of the page content, we additionally use the system of the following provider: AWS EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg.

Data may also be transferred to: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA.

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework on the basis of an adequacy decision of the European Commission, which ensures compliance with the European level of data protection.

4.2 Shopify

For the hosting of our website and the display of the page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify").

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.

For data transfers to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

4.3 Cloudflare

We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

This service enables us to deliver large media files such as graphics, page content or scripts faster via a network of regionally distributed servers. The processing is carried out in the interest of improving the stability and functionality of our website pursuant to Art. 6(1)(f) GDPR. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

5. Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files stored on your device. Some of these cookies are deleted automatically after closing the browser (so-called "session cookies"), while others remain on your device for a longer period and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings in your web browser.

If personal data is also processed by individual cookies used by us, the processing takes place pursuant to Art. 6(1)(b) GDPR either for the performance of the contract, pursuant to Art. 6(1)(a) GDPR in the case of consent, or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective website experience.

You can configure your browser so that you are informed about the setting of cookies and can decide on their acceptance individually or exclude the acceptance of cookies for specific cases or generally.

Please note that if cookies are not accepted, the functionality of our website may be limited.

6. Contacting us

6.1 Contact by contact form or e-mail

When contacting us (e.g. by contact form or e-mail), personal data is processed exclusively for the purpose of handling and answering your enquiry and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in answering your enquiry pursuant to Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that no statutory retention obligations prevent deletion.

The processing of personal data from the input mask serves solely to process your enquiry. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

If you have requested product information or an offer, we reserve the right to store the data for two years in order to measure the economic efficiency of our sales and marketing. Otherwise, we delete the data as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the contact form input mask and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted at the latest after seven days.

You may withdraw your consent to the processing of personal data at any time. If you contact us by e-mail, you may object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

6.2 Trusted Shops

For review reminders, we use the services of the following provider: Trusted Shops AG, Subbelrather Str. 15c, 50823 Cologne, Germany.

We transfer your e-mail address and, if applicable, further customer data to the provider exclusively on the basis of your express consent pursuant to Art. 6(1)(a) GDPR so that the provider can contact you with a review reminder by e-mail.

You can revoke your consent at any time with effect for the future vis-à-vis us or the provider.

We are jointly responsible with the provider for the processing described above pursuant to Art. 26 GDPR. The agreement on joint controllership can be viewed here: https://help.etrusted.com/hc/en/articles/4402587369105-Agreement-on-joint-controllership-under-GDPR

7. Data processing when opening a customer account

Pursuant to Art. 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary when you provide it to us when opening a customer account. Which data is required to open an account can be found in the input mask of the corresponding form on our website.

You can delete your customer account at any time by sending a message to the above address of the controller. After deletion of your customer account, your data will be deleted provided that all contracts concluded through it have been fully processed, no statutory retention periods prevent deletion and we no longer have a legitimate interest in further storage.

8. Use of customer data for direct marketing

8.1 Signing up for our e-mail newsletter

If you sign up for our e-mail newsletter, we will send you regular information about our offers. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and is used to address you personally. For newsletter distribution, we use the double opt-in procedure to ensure that you only receive newsletters once you have expressly confirmed your consent to receive the newsletter by clicking a verification link sent to the e-mail address provided.

By activating the confirmation link, you give us your consent to use your personal data pursuant to Art. 6(1)(a) GDPR. We store the IP address entered by your Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you sign up for the newsletter is used strictly for the intended purpose.

You may unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller named above. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list without delay, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this policy.

8.2 Klaviyo - e-mail newsletter

The dispatch of our e-mail newsletters and other advertising e-mail communication is handled by the following provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA.

On the basis of our legitimate interest in effective and user-friendly e-mail marketing, we transfer the data provided during registration pursuant to Art. 6(1)(f) GDPR to this provider so that it can carry out the newsletter delivery on our behalf.

Subject to your express consent pursuant to Art. 6(1)(a) GDPR, the provider also carries out statistical success analysis of e-mail campaigns using web beacons or tracking pixels in the sent e-mails, which can measure open rates and specific interactions with the contents of the newsletter. End device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated, but not combined with other data sets.

You can revoke your consent to e-mail tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.

8.3 Amazon SES - e-mail delivery

Our e-mail newsletters are also sent via the following provider: AWS EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg.

On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we transfer the data provided during newsletter registration pursuant to Art. 6(1)(f) GDPR to this provider so that it can deliver the newsletter on our behalf.

Subject to your express consent pursuant to Art. 6(1)(a) GDPR, the provider also carries out statistical success analysis of newsletter campaigns using web beacons or tracking pixels in the sent e-mails, which can measure open rates and specific interactions with the contents of the newsletter. End device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated, but not combined with other data sets.

You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.

Data may also be transferred to: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA.

8.4 SMS marketing

On our website, you have the option to sign up for SMS notifications about current offers, promotions and information about orders placed. The mandatory information for SMS notifications is your mobile number. The provision of further data is voluntary and is used to address you personally. SMS messages are sent using the double opt-in procedure to ensure that advertising SMS messages are only sent to you once you have expressly confirmed your consent to receive SMS messages by clicking a verification link sent to the mobile number provided. By activating the confirmation link, you give us your consent to use your personal data pursuant to Art. 6(1)(a) GDPR. When signing up for SMS notifications, the date and time of registration are also stored in order to be able to trace any possible misuse of your mobile number at a later date. The data collected during registration is used exclusively for advertising by SMS.

You may unsubscribe from SMS notifications at any time by sending a corresponding message to the controller named above and thereby withdraw your consent with effect for the future. After unsubscribing, your mobile number will be deleted from the distribution list without delay, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this policy.

8.5 SMS delivery via Klaviyo

Our SMS notifications are sent via the following provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA.

On the basis of our legitimate interest in an effective, secure and user-friendly marketing system, we transfer the data provided by you when signing up for SMS notifications pursuant to Art. 6(1)(f) GDPR to this provider so that it can send SMS notifications on our behalf. We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.

8.6 RCS marketing

On our website, you have the option to sign up to receive RCS (Rich Communication Services) messages. RCS is an enhanced messaging service delivered directly to your mobile device — similar to SMS, but capable of including multimedia content such as images, videos, buttons and interactive elements. We use this channel to inform you about current offers, promotions and information about orders placed.

The mandatory information for receiving RCS messages is your mobile number. The provision of further data is voluntary and is used to address you personally. RCS messages are sent using the double opt-in procedure to ensure that advertising RCS messages are only sent to you once you have expressly confirmed your consent.

By confirming your consent, you give us your permission to use your personal data pursuant to Art. 6(1)(a) GDPR. When signing up, the date and time of registration are also stored in order to be able to trace any possible misuse of your mobile number at a later date. The data collected during registration is used exclusively for advertising communication via RCS messages.

You may unsubscribe from RCS messages at any time by sending a corresponding message to the controller named above and thereby withdraw your consent with effect for the future. After unsubscribing, your mobile number will be deleted from the distribution list without delay, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this policy.

8.7 RCS delivery via Klaviyo

Our RCS messages are sent via the following provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA.

On the basis of our legitimate interest in an effective, secure and user-friendly marketing system, we transfer the data provided by you when signing up for RCS messages pursuant to Art. 6(1)(f) GDPR to this provider so that it can send RCS messages on our behalf. In addition to the mobile number, information about interactions with sent RCS messages (e.g. whether a message was opened or a button was clicked) may be collected and evaluated to measure the effectiveness of our campaigns. This is only done on the basis of your express consent pursuant to Art. 6(1)(a) GDPR.

We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.

8.8 Cart reminder by e-mail

If you abandon your purchase before completing the order, you have the option of receiving a one-time reminder by e-mail about the contents of your virtual shopping cart. The only mandatory information for sending this reminder is your e-mail address. The provision of further data is voluntary and may be used to address you personally. For e-mail delivery, we use the double opt-in procedure to ensure that you only receive a notification once you have expressly confirmed your consent by clicking a verification link sent to the e-mail address provided.

By activating the confirmation link, you give us your consent to use your personal data pursuant to Art. 6(1)(a) GDPR for sending a cart reminder. We store the IP address entered by your Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when you sign up for our e-mail notification service is used strictly for the intended purpose.

You may unsubscribe from cart reminders at any time by sending a corresponding message to the controller named above. After unsubscribing, your e-mail address will be deleted from our dedicated distribution list without delay, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this policy.

8.7 Product availability notification by e-mail

For temporarily unavailable items, you may sign up to receive e-mail notifications when the item becomes available. We send you a one-time e-mail notification about the availability of the item you selected. The only mandatory information for sending this notification is your e-mail address. The provision of further data is voluntary and may be used to address you personally. For e-mail delivery, we use the double opt-in procedure to ensure that you only receive a notification once you have expressly confirmed your consent by clicking a verification link sent to the e-mail address provided.

By activating the confirmation link, you give us your consent to use your personal data pursuant to Art. 6(1)(a) GDPR. We store the IP address entered by your Internet Service Provider (ISP), as well as the date and time of registration, in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected during registration is used strictly for the intended purpose.

You may unsubscribe from availability notifications at any time by sending a corresponding message to the controller named above. After unsubscribing, your e-mail address will be deleted from our dedicated distribution list without delay.

8.8 Advertising by post

On the basis of our legitimate interest in personalised direct advertising, we reserve the right to store your first and last name, your postal address and - where we have received these additional details from you in the course of the contractual relationship - your title, academic degree, year of birth and your professional, industry or business designation pursuant to Art. 6(1)(f) GDPR and use them to send you interesting offers and information about our products by post. You can object to the storage and use of your data for this purpose at any time by contacting us.

9. Data processing for order handling

9.1 General order handling

To the extent necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution pursuant to Art. 6(1)(b) GDPR.

If, on the basis of an appropriate contract, we owe updates for goods with digital elements or for digital products, we process the contact data provided by you when placing the order (name, address, e-mail address) in order to inform you personally through a suitable communication channel (e.g. by post or by e-mail) about upcoming updates within the legally prescribed period, in the context of our statutory information obligations pursuant to Art. 6(1)(c) GDPR.

In order to process your order, we also work with the following service provider(s), who support us wholly or in part in the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.

9.2 Odoo

For order processing, financial accounting as well as for marketing purposes and customer relationship management (CRM), we use the provider Odoo S.A., Chaussée de Namur 40, 1367 Grand-Rosière, Belgium. Name, address and, where applicable, further personal data are passed on to Odoo S.A. pursuant to Art. 6(1)(b) GDPR. This transfer takes place exclusively for the purpose of processing the online order, marketing measures, product recommendations and maintaining our customer relationships, and only to the extent necessary for these purposes.

Odoo S.A. is also used for the processing of incoming and outgoing invoices and, where applicable, our company's bank transactions in order to enable efficient invoice processing, transaction matching and financial accounting. If personal data is processed in the course of these processes, this is done on the basis of Art. 6(1)(f) GDPR, in accordance with our legitimate interest in the efficient organisation and documentation of our business processes.

We have concluded a data processing agreement with Odoo S.A. which ensures the protection of your personal data.

Please note that you have the right to object at any time, on grounds relating to your particular situation, to this processing of your personal data based on Art. 6(1)(f) GDPR.

The data will only be stored for as long as is necessary for the performance of the contract, compliance with statutory retention obligations and the implementation of our marketing and CRM measures.

9.3 Credit check

If we make advance payments, e.g. for purchase on account, we obtain identity and credit information from specialised service providers (credit agencies). For this purpose, we transfer the personal data required for a credit check to the following companies:

SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, Germany
Universum Business GmbH, Hanauer Landstraße 164, 60314 Frankfurt am Main, Germany
arvato infoscore GmbH, Rheinstraße 99, 76532 Baden-Baden, Germany

This serves to safeguard our legitimate interests, which outweigh our interests in the context of a balancing of interests pursuant to Art. 6(1)(f) GDPR, in assessing the creditworthiness and willingness to pay of our prospective customers before conclusion of the contract and thus avoiding purchase price defaults.

The credit information may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of score values takes into account, among other things, but not exclusively, address data. You can object to this processing of your data at any time by contacting the controller responsible for data processing or the aforementioned credit agency. However, we may still be entitled to process your personal data insofar as this is necessary for payment processing in accordance with the contract.

9.4 Disclosure of personal data to shipping service providers

Deutsche Post

We use the following transport service provider: Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany.

We pass on your e-mail address and/or telephone number pursuant to Art. 6(1)(a) GDPR before delivery of the goods for the purpose of arranging a delivery date or delivery notification to the provider, provided that you have given your express consent during the order process. Otherwise, we pass on only the recipient's name and delivery address to the provider for the purpose of delivery pursuant to Art. 6(1)(b) GDPR. You may revoke your consent at any time with effect for the future vis-à-vis the controller named above or the provider.

DHL

We use the following transport service provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany.

DHL Express

We use the following transport service provider: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany.

Austrian Post

We use the following transport service provider: Österreichische Post AG, Haidingergasse 1, 1030 Vienna, Austria.

We pass on your e-mail address and/or telephone number pursuant to Art. 6(1)(a) GDPR before delivery of the goods for the purpose of arranging a delivery date or delivery notification to the provider, provided that you have given your express consent during the order process. Otherwise, we pass on only the recipient's name and delivery address to the provider for the purpose of delivery pursuant to Art. 6(1)(b) GDPR. The transfer takes place only to the extent necessary for the delivery of goods. You may revoke your consent at any time with effect for the future vis-à-vis the controller named above or the provider.

9.5 Use of payment service providers

Apple Pay

If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is processed via the "Apple Pay" function on your device running iOS, watchOS or macOS by debiting a payment card stored in Apple Pay. Apple Pay uses security functions integrated into the hardware and software of your device to protect your transactions. In order to authorise a payment, you must enter a code previously set by you and verify it using the Face ID or Touch ID function of your device.

For the purpose of payment processing, the information you provide during the order process, together with information about your order, is transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay in order to carry out the payment. The encryption ensures that only the website on which the purchase was made can access the payment data. After the payment has been made, Apple sends the device account number and a transaction-specific dynamic security code to the originating website to confirm successful payment.

Where personal data is processed in the transmission described above, it is processed exclusively for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR.

Apple retains anonymised transaction data, including the approximate purchase amount, approximate date and approximate time, as well as whether the transaction was successfully completed. By anonymisation, any personal reference is completely excluded. Apple uses the anonymised data to improve Apple Pay and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase you made via Safari on your Mac, the Mac and the authorisation device communicate via an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you. You can disable the use of Apple Pay on your Mac in the settings of your iPhone. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac".

Further information on data protection with Apple Pay can be found at: https://support.apple.com/en-gb/HT203027

EPS bank transfer

One or more online payment methods of the following provider are available on this website: PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria.

If you choose a payment method of the provider where you pay in advance (e.g. credit card payment), the payment data you provide during the order process (including name, address, bank and card information, currency and transaction number) as well as information about the content of your order will be transmitted to the provider pursuant to Art. 6(1)(b) GDPR. The transfer of your data in this case takes place exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

Google Pay

If you choose the payment method "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment is processed via the Google Pay app on your mobile device by charging a payment card stored in Google Pay or a payment system verified there (e.g. PayPal). For authorisation of a payment over EUR 25, the prior unlocking of your mobile device using the verification method you have set up (such as facial recognition, password, fingerprint or pattern) is required.

For the purpose of payment processing, the information you provide during the order process, together with information about your order, is transmitted to Google. Google then transmits your payment information stored in Google Pay in the form of a transaction number to the originating website. Where personal data is processed in the transmissions described above, it is processed exclusively for the purpose of payment processing pursuant to Art. 6(1)(b) GDPR.

Google Pay terms of use: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en

Further information on data protection with Google Pay can be found at: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en

Klarna

One or more online payment methods of the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.

If you choose a payment method where the provider pays in advance (e.g. invoice purchase, instalment purchase or direct debit), you will also be asked during the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, e-mail address, telephone number, if applicable details of an alternative means of payment).

In order to safeguard our legitimate interest in determining the creditworthiness of our customers, we pass this data on to the provider for the purpose of a credit check pursuant to Art. 6(1)(f) GDPR. The provider checks, on the basis of the personal data you have provided and other data (such as shopping basket, invoice amount, order history, payment experience), whether the payment option you have selected can be granted in view of payment and/or default risks.

To decide on the application assessment, identity and credit information from the following credit agencies may also be included in addition to provider-internal criteria pursuant to Art. 6(1)(f) GDPR: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en_gb/credit_rating_agencies

The credit report may contain probability values (so-called score values). You can object to this processing of your data at any time by sending a message to us or to the provider.

Mollie

One or more online payment methods of the following provider are available on this website: Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands.

PayPal

One or more online payment methods of the following provider are available on this website: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you choose a payment method of the provider where you pay in advance, the payment data you provide during the order process (including name, address, bank and card information, currency and transaction number) as well as information about the content of your order will be transmitted to the provider pursuant to Art. 6(1)(b) GDPR. The transfer of your data in this case takes place exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you choose a payment method where we pay in advance, you will also be asked during the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, e-mail address, telephone number, if applicable details of an alternative means of payment).

In such cases, in order to safeguard our legitimate interest in determining your creditworthiness, we pass this data on to the provider for the purpose of a credit check pursuant to Art. 6(1)(f) GDPR. The provider checks, on the basis of the personal data you have provided and other data (such as shopping basket, invoice amount, order history, payment experience), whether the payment option you have selected can be granted in view of payment and/or default risks.

The credit report may contain probability values (so-called score values). You can object to this processing of your data at any time by sending a message to us or to the provider.

Shopify Payments

One or more online payment methods of the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland.

Sofortüberweisung

One or more online payment methods of the following provider are available on this website: Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden.

9.6 Additional credit check

If we make advance payments (e.g. delivery on account), we reserve the right to carry out a credit check on the basis of mathematical-statistical procedures in order to safeguard our legitimate interest in determining the creditworthiness of our customers. We transfer the personal data required for a credit check to the following service providers pursuant to Art. 6(1)(f) GDPR:

SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, Germany
Universum Business GmbH, Hanauer Landstraße 164, 60314 Frankfurt am Main, Germany

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. We use the result of the credit check with regard to the statistical probability of payment default for the purpose of deciding whether to establish, implement or terminate a contractual relationship. You can object to this processing of your data at any time by sending a message to the controller responsible for data processing or to the aforementioned credit agency.

9.7 Debt collection agency

We reserve the right to transfer your data to the debt collection agency INKASSO24 AG, Markt 4, 09111 Chemnitz, Germany, if our payment claim is not settled despite prior reminder. In this case, the claim will be collected directly by the debt collection agency.

The transfer of your data serves the performance of the contract pursuant to Art. 6(1)(b) GDPR as well as the safeguarding of our legitimate interests, which outweigh our interests in the context of a balancing of interests, in the effective assertion and enforcement of our payment claim pursuant to Art. 6(1)(f) GDPR.

9.8 Electronic cancellation option for long-term consumer contracts

Consumers who have concluded contracts on this website involving chargeable continuing obligations (e.g. subscription contracts) have the option of cancelling them via an electronic button in accordance with the applicable cancellation periods. Clicking the button takes the consumer to a confirmation page on which more detailed information about the cancellation can be entered, the consumer can be clearly identified and the cancellation can then be declared electronically.

The collection of personal data and its transmission to us takes place pursuant to Art. 6(1)(b) GDPR and only to the extent necessary for the proper processing of the cancellation. Further legal basis for processing is Art. 6(1)(c) GDPR.

9.9 Electronic withdrawal function for distance contracts

Consumers who conclude contracts on this website for which a statutory right of withdrawal exists have the option of declaring the withdrawal via an electronic withdrawal function in accordance with the applicable withdrawal provisions. When using the withdrawal function, in addition to information identifying the contract to be withdrawn, further personal information such as the first and last name and the consumer's e-mail address must be provided or confirmed.

The collection of this information and its transmission to us takes place pursuant to Art. 6(1)(b) GDPR and only to the extent necessary for the proper processing of the withdrawal. Further legal basis for processing is Art. 6(1)(c) GDPR. We are legally obliged to provide an electronic withdrawal function for chargeable consumer distance contracts.

10. Online marketing

10.1 Meta Pixel

Within our online offering, we use the "Meta Pixel" service of the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta").

If a user clicks on an advert placed by us on Facebook and/or Instagram, the URL of our linked page is extended by a parameter with the help of "Meta Pixel". This URL parameter is then entered into the user's browser by means of a cookie set by our linked page itself after redirection.

This enables Meta to determine the visitors of our online offering as a target group for the display of advertisements ("ads"). Accordingly, we use the service to display the Facebook and/or Instagram ads we place only to users who have shown an interest in our online offering or who have certain characteristics which we transmit to Meta (so-called "Custom Audiences").

On the other hand, "Meta Pixel" can be used to track whether users were redirected to our website after clicking on an advertisement and which actions they perform there (so-called "conversion tracking").

All of the above processing takes place only if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the "cookie consent tool" provided on the website.

We have concluded a data processing agreement with the provider. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework on the basis of an adequacy decision of the European Commission, which ensures compliance with the European level of data protection.

10.2 Google AdSense

This website uses Google AdSense, a web advertising service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google AdSense uses cookies as well as so-called "web beacons" (small invisible graphics), through which simple actions such as visitor traffic on the website can be recorded and evaluated. The information generated by the cookie and/or web beacon (including your IP address) is generally transmitted to a Google server and stored there.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/en/privacy/ and https://www.google.com/policies/privacy/

11. Web analytics services

11.1 Google (Universal) Analytics

This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website. By default, cookies are set when the website is visited. The information collected includes your IP address, which is shortened by Google by the last digits so that direct personal reference is excluded. The data collected in connection with Google (Universal) Analytics is stored for two months and then deleted.

All of the processing described above takes place only if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service via the "cookie consent tool" provided on the website.

We have concluded a data processing agreement with Google. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework on the basis of an adequacy decision of the European Commission.

Further legal information about Google (Universal) Analytics can be found at https://business.safety.google/intl/en/privacy/ and https://policies.google.com/privacy?hl=en&gl=en.

Demographic characteristics: Google (Universal) Analytics uses the special function "demographic characteristics" and can create statistics that provide information about the age, gender and interests of website visitors. The collected data cannot be assigned to any specific person and is deleted after two months.

Google Signals: As an extension of Google (Universal) Analytics, Google Signals may be used on this website to create cross-device reports if you have enabled personalised ads and linked your devices to your Google account. Further information: https://support.google.com/analytics/answer/7532985?hl=en

User IDs: As an extension of Google (Universal) Analytics, the "User IDs" function may be used on this website in order to analyse activities across devices if you have created an account on this website and log in with that account on different devices.

11.2 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Cookies are set when you visit the website and collect certain information, including your IP address, which is shortened by Google by the last digits. The data collected in connection with the use of Google Analytics 4 is stored for two months and then deleted.

Further information can be found at https://business.safety.google/intl/en/privacy/ and https://policies.google.com/privacy?hl=en&gl=en.

Demographic characteristics, Google Signals and User IDs are used analogously to Google (Universal) Analytics (see 11.1).

11.3 Google Tag Manager

This website uses the "Google Tag Manager" provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager itself does not store any information on users' devices or read any information from them. However, when a page is accessed, your IP address is transmitted to Google by the Google Tag Manager.

This processing takes place only if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service via the "cookie consent tool".

Further information can be found at https://business.safety.google/intl/en/privacy/ and https://policies.google.com/privacy?hl=en&gl=en.

11.4 Own affiliate programme

In connection with the product presentations on our website, we operate our own affiliate programme, in the context of which we provide interested third-party website operators with partner links for placement on their websites that lead to our offers. Cookies are used for the affiliate programme, which are generally set on the partner page after clicking on a corresponding partner link and for which we are therefore not responsible under data protection law. This information is required to process payments between us and the affiliate partners. If the information also contains personal data, the processing described takes place on the basis of our legitimate financial interest in the processing of commission payments pursuant to Art. 6(1)(f) GDPR.

11.5 Microsoft Clarity

This website uses the web analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Using cookies and/or comparable technologies, the service collects and stores pseudonymised visitor data, including information about the device used such as IP address and browser information, in order to evaluate them for statistical analyses of user behaviour on our website and to create pseudonymised usage profiles. Among other things, this makes it possible to analyse movement patterns (so-called heatmaps), which show the duration of page visits and interactions with page content. The pseudonymisation generally excludes direct personal reference.

All of the processing described above takes place only if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the "cookie consent tool" provided on the website.

11.6 Hotjar

This website uses the web analytics service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta.

Using cookies and/or comparable technologies, the service collects and stores pseudonymised visitor data, including information about the device used such as IP address and browser information. Among other things, this makes it possible to analyse movement patterns (so-called heatmaps), which show the duration of page visits and interactions with page content. A combination with other data collected in another way relating to you does not take place.

All of the processing described above takes place only if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the "cookie consent tool" provided on the website.

We have concluded a data processing agreement with the provider.

11.7 Tracify

This website uses the web analytics service "Tracify" provided by Tracify GmbH, Agnes-Pockels-Bogen 1, 80992 Munich, Germany. Tracify collects and evaluates certain user data from website visitors in anonymised form. Tracify operates without the use of cookies and never sets cookies on your device. The information processed at no time has a personal reference and does not allow any conclusions to be drawn about you.

All of the processing described above takes place only if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the "cookie consent tool" provided on the website.

11.8 GetKlar

This website uses the web analytics service "GetKlar" provided by Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany. GetKlar enables us to statistically evaluate the behaviour of our website visitors, analyse conversion funnels and continuously improve the user experience on our website. Pseudonymised visitor data is collected and evaluated, including information about the device used, browser information and interactions with page content. Direct personal reference is generally excluded by pseudonymisation.

All of the processing described above takes place only if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the "cookie consent tool" provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

12. Retargeting / remarketing and conversion tracking

12.1 Google Ads Remarketing

This website uses retargeting technology provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. For this purpose, Google sets a cookie in the browser of your device, which automatically enables interest-based advertising using a pseudonymous cookie ID.

All of the processing described above takes place only if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. Without this consent, retargeting technology will not be used during your visit. You can withdraw your consent at any time with effect for the future by deactivating this service in the "cookie consent tool".

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework on the basis of an adequacy decision of the European Commission.

Details about the processing initiated by Google can be found here: https://policies.google.com/technologies/partner-sites

Further information on Google's privacy policy: https://business.safety.google/intl/en/privacy/ and https://www.google.com/policies/privacy/

12.2 Google Ads Conversion Tracking

This website uses the online advertising programme "Google Ads" and, as part of Google Ads, conversion tracking by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). The conversion tracking cookie is set when a user clicks on a Google ad. These cookies generally expire after 30 days and are not used for personal identification.

You can also permanently object to Google Ads conversion tracking cookies by downloading and installing the browser plug-in available from Google at: https://www.google.com/settings/ads/plugin?hl=en

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework on the basis of an adequacy decision of the European Commission.

Google's privacy policy is available here: https://business.safety.google/intl/en/privacy/ and https://www.google.com/policies/privacy/

13. Site functionality

13.1 YouTube

This website uses plugins for displaying and playing videos from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data may also be transferred to Google LLC, USA.

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the provider's servers. Certain information, including your IP address, is transmitted to the provider.

All of the aforementioned processing takes place only if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service via the "cookie consent tool".

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework on the basis of an adequacy decision of the European Commission.

13.2 Vimeo

This website uses plugins for displaying and playing videos provided by Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, NY 10001, USA.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework on the basis of an adequacy decision of the European Commission.

13.3 Trusted Shops Trustbadge

To display external customer reviews and/or an externally awarded quality seal, graphic elements of the following provider are embedded on our website: Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, Germany.

When you access a page of our website that contains such graphic elements, your browser establishes a direct connection to the provider's servers in order to load the elements properly. Certain browser information, including your IP address, is transmitted to the provider. If personal data is processed in this context, this takes place pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in the optimal marketing of our offer and the attractive design of our website.

In the case of an online order with us, further processing may take place. Subject to your express consent pursuant to Art. 6(1)(a) GDPR, after completion of an order, your order information (order total, order number, and, if applicable, purchased product) as well as your e-mail address are transmitted in encrypted form to the provider in order to verify whether a registration for the provider's services (in particular "buyer protection") already exists and, if necessary, to enable a new registration.

If an existing registration is found or if a new registration is made with the provider for its services (in particular buyer protection), your order information (order total, order number, purchased product) as well as your e-mail address are transferred to the provider on the basis of the contractual agreement with the provider pursuant to Art. 6(1)(b) GDPR and processed further by the provider in order to provide the services (in particular buyer protection).

13.4 Google Maps

This website uses an online map service provided by Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Maps is a web service for displaying interactive maps in order to visually present geographical information. By using this service, our location is displayed and any directions are made easier.

As soon as the subpages containing the Google Maps map are accessed, information about your use of our website (such as your IP address) is transmitted to Google's servers and stored there; this may also involve transmission to Google LLC servers in the USA. This takes place regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data is directly assigned to your account. If you do not want the assignment with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates it.

The collection, storage and evaluation take place pursuant to Art. 6(1)(f) GDPR on the basis of Google's legitimate interest in displaying personalised advertising, market research and/or the demand-oriented design of Google's websites. You have a right to object to the creation of these user profiles, although you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google in the context of Google Maps, you can also disable the web service of Google Maps completely by turning off JavaScript in your browser. Google Maps and thus also the map display on this website can then no longer be used.

Where legally required, we have obtained your consent for the processing described above pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework on the basis of an adequacy decision of the European Commission.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/en/privacy/

13.5 Google reCAPTCHA

On this website we use the CAPTCHA service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The service checks whether an entry is made by a natural person or abusively by machine and automated processing, and blocks spam, DDoS attacks and similar automated malicious access. To ensure that an action is performed by a human and not by an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system type, as well as the date and duration of the visit, and transmits this to the provider's servers for evaluation. Cookies may be used, i.e. small text files stored in the browser of the device.

If the processing described above is based on cookies, these are only set if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service in the "cookie consent tool".

If the above processing is carried out without the use of cookies, the legal basis is our legitimate interest in establishing individual responsibility on the internet and preventing misuse and spam pursuant to Art. 6(1)(f) GDPR.

We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework on the basis of an adequacy decision of the European Commission.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/en/privacy/

13.6 Google Web Fonts

This site uses so-called web fonts from the following provider to display fonts uniformly: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. When a page is accessed, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly and establishes a direct connection to the provider's servers. Certain browser information, including your IP address, is transmitted to the provider.

Data may also be transferred to Google LLC, USA.

The processing of personal data in the course of establishing contact with the font provider is only carried out if you have given us your express consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by deactivating this service via the "cookie consent tool".

If your browser does not support web fonts, a standard font from your computer will be used.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework on the basis of an adequacy decision of the European Commission.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/en/privacy/

13.7 Geolocation

This website uses geolocation technologies to provide location-based services. This may involve determining your IP address or GPS-based location data, provided this is enabled on your device.

The processing takes place on the basis of Art. 6(1)(f) GDPR (legitimate interest) to optimise our offer or on the basis of your consent pursuant to Art. 6(1)(a) GDPR, if active consent is required.

You can disable the geolocation function in the settings of your browser or device. Further information on the processing of location data can be found in our privacy policy.

14. Tools and miscellaneous

Cookie consent tool (Pandectes GDPR)

This website uses the cookie consent tool "Pandectes GDPR" to obtain effective user consent for cookies and cookie-based applications requiring consent. The tool is displayed to users upon page access in the form of an interactive user interface, where consent for certain cookies and/or cookie-based applications can be granted by ticking checkboxes. By using the tool, all cookies/services requiring consent are only loaded if the respective user has granted the corresponding consent by ticking the relevant box.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this takes place pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies.

The additional legal basis for processing is Art. 6(1)(c) GDPR. As controller, we are legally obliged to make the use of technically non-essential cookies dependent on the respective user's consent.

Further information on the cookie consent tool can be found directly in the corresponding user interface on our website.

15. Data subject rights

15.1

Applicable data protection law grants you the following rights vis-à-vis the controller with regard to the processing of your personal data:

Right of access pursuant to Art. 15 GDPR
Right to rectification pursuant to Art. 16 GDPR
Right to erasure pursuant to Art. 17 GDPR
Right to restriction of processing pursuant to Art. 18 GDPR
Right to notification pursuant to Art. 19 GDPR
Right to data portability pursuant to Art. 20 GDPR
Right to withdraw consent given pursuant to Art. 7(3) GDPR
Right to lodge a complaint pursuant to Art. 77 GDPR

15.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE PERSONAL DATA CONCERNED. FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

16. Duration of storage of personal data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and - where applicable - additionally by the respective statutory retention period (e.g. commercial and tax retention periods).

Where personal data is processed on the basis of express consent pursuant to Art. 6(1)(a) GDPR, the data concerned will be stored until you withdraw your consent.

If there are statutory retention periods for data processed in the context of contractual or quasi-contractual obligations on the basis of Art. 6(1)(b) GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the performance or initiation of a contract and/or we no longer have a legitimate interest in further storage.

Where personal data is processed on the basis of Art. 6(1)(f) GDPR, such data will be stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes on the basis of Art. 6(1)(f) GDPR, such data will be stored until you exercise your right to object pursuant to Art. 21(2) GDPR.

Unless otherwise stated in the other information in this policy on specific processing situations, stored personal data will otherwise be erased when it is no longer necessary for the purposes for which it was collected or otherwise processed.

17. Security of your personal data

The protection of your personal data is important to us. However, please note that no transmission method over the Internet or electronic storage method is completely secure. Therefore, we cannot guarantee the absolute security of your personal data.

During your visit to the website, we use the common SSL/TLS procedure (Secure Socket Layer / Transport Layer Security) in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. You can recognise an encrypted transmission of an individual page of our website by the closed display of the key or padlock symbol in the status bar of your browser.

In addition, we use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. We continuously adapt our security measures to technological progress.

Status: June 2026