GDPR
General Part
Introduction
The protection of your personal data is important to us. It is an important part of our development and sales activities. With the following privacy policy, we would like to inform you about what types of personal data (hereinafter referred to as ‘data’) we process, for what purposes and to what extent.
Responsible Person
Test
Overview of Processing
Below you will first find an overview of the types of data processed and the data subjects affected by the processing.
Types of processed data
The data we process are classified into the following types:
Usage data: This category primarily encompasses websites visited and users’ content-related interests.
-
Metadata: This refers to data generated in the course of communication processes, such as IP addresses, browser identifiers, and device-specific information.
-
Content data: This term denotes information actively submitted by users while utilizing our services, including texts, images, and completed forms.
Contact data: This includes email addresses, telephone numbers, and postal addresses.
-
Contract data: This refers to data required for the conclusion of a contract, such as the subject matter of the agreement and the parties involved.
Inventory data: These are essential core data, such as names and addresses.
Geolocation data: This encompasses information such as a user’s current location or a targeted location along a specific route.
-
Payment data: This refers to information concerning payment methods and transactions.
Special categories of personal data: These include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; as well as genetic data, biometric data for the unique identification of a natural person, health data, and data concerning a person’s sex life or sexual orientation.
Categories of individuals whose data are processed
We classify the individuals affected by data processing into the following categories:
Users: Individuals who visit our websites and online services.
Applicants: Individuals who apply for a position with us.
Prospective clients: Individuals who express interest in our services and contact us for this purpose.
-
Communication partners: Individuals who engage in communication with us.
Customers: Individuals who make use of our services as clients.
Contractual partners: Individuals with whom we maintain contractual relationships, but who are not customers.
Purposes for which the data are processed
In general, the processing of personal data is carried out for the following purposes:
- Interest-based and behavioral (re-)marketing: Marketing activities tailored to users' interests, which are derived from their behavior.
- Conversion measurement: Assessing the effectiveness of marketing measures.
- Handling contact inquiries and communication: Processing of contact requests and related communications.
- Office organization: Measures for organizing office operations, such as scheduling and task allocation.
- Direct marketing: Direct marketing activities toward customers, especially via personalized email communications.
- Provision of contractual services: Processing of data related to the execution and initiation of contracts.
- Improvement of user-friendliness of our online services: We process data to enhance the usability of our offerings, primarily through analyzing visits to our online services.
- Analysis of visitor behavior on our online services: Analysis of accessed pages, for example, by recording click paths and bounce rates.
Overview and Explanation of the Legal Bases
Below, we inform you about the legal bases under the General Data Protection Regulation (GDPR) on which we process personal data. In addition to the provisions of the GDPR, national regulations of the user’s country of residence or domicile may also apply.
- Legitimate interests (Art. 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data.
- Performance of a contract and pre-contractual measures (Art. 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
- Legal obligation (Art. 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Protection of vital interests (Art. 6(1)(d) GDPR): Processing is necessary to protect the vital interests of the data subject or another natural person.
- Recruitment process as a pre-contractual or contractual relationship (Art. 9(1)(b) GDPR):
If special categories of personal data within the meaning of Art. 9(1) GDPR (e.g., health data such as disability status or ethnic origin) are requested from applicants as part of the recruitment process so that the controller or the data subject can exercise rights and fulfill obligations arising from labor law and social security and social protection law, their processing is carried out in accordance with Art. 9(2)(b) GDPR. In cases of protecting the vital interests of applicants or other persons, processing is based on Art. 9(2)(c) GDPR. For purposes of preventive or occupational medicine, assessing the employee’s work capacity, medical diagnosis, treatment or care in the health or social sector, or management of health or social care systems and services, processing is carried out under Art. 9(2)(h) GDPR. If special categories of data are voluntarily provided based on consent, their processing is based on Art. 9(2)(a) GDPR. - Data processing for purposes related to the employment relationship (§ 26 BDSG):
We process (special) categories of personal data within the employment relationship based on statutory provisions for the purposes of establishing, performing, and terminating the employment relationship. - Consent (if requested) (Art. 6 para. 1 sentence 1 lit. a GDPR): The data subject has given their consent to the processing of their personal data for one or more specific purposes.
- Processing for the performance of a task carried out in the public interest (Art. 6 para. 1 lit. e GDPR): Insofar as processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Storage of information in the end user's terminal equipment with the end user's consent (Section 25 (1) sentence 1 TDDDG): We use storage areas of the terminal equipment of our users for certain functions with their express and informed consent.
Safety measures
In accordance with legal requirements and taking into account the state of the art, implementation costs, as well as the nature, scope, circumstances, and purposes of the processing, and considering the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk (Art. 32 GDPR). Among the security measures we have implemented are the following in particular.
Secure Sockets Layer | Transport Layer Security (SSL): We use SSL/TLS to encrypt data transmitted between our visitors' devices and our servers. This significantly reduces the risk of unauthorized access to the transmitted data.
Disclosure and Transfer of Personal Data to Third Parties
In the course of processing personal data, it may occur that data are transferred to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. The recipients of such data may include, in particular, service providers, contractual partners, public authorities, and other third parties involved in the execution of contractual or legal obligations.:
- IT service providers: This category includes providers responsible for hosting, email services, and server technology.
- Payment service providers: Providers cooperating with us to process payments.
- Shipping service providers: Providers who perform logistical tasks on our behalf, particularly parcel delivery services.
- Authorities: Government agencies with whom we exchange data for the fulfillment of contractual obligations or due to legal requirements.
In such cases, we ensure the protection of personal data by concluding contracts or agreements with the respective third parties that serve to guarantee an appropriate level of data protection. We select third parties to whom we disclose data with due care and diligence. Where we engage third-party providers or platforms to deliver our services, the terms and privacy policies of the respective third parties or platforms apply in the relationship between the users and these providers.
Data Processing in Third Countries
Where we process data in a third country, i.e., a country outside the European Union or the European Economic Area, or where processing is carried out by third parties outside this area, such processing is conducted solely in accordance with applicable legal requirements. Subject to the explicit consent of the data subjects or legally mandated transfers, we process or have data processed only in third countries that ensure an adequate level of data protection. These include, in particular, countries recognized on the basis of special safeguards, such as contractual obligations through so-called standard contractual clauses adopted by the European Commission, the existence of certifications, or binding corporate rules (Arts. 44 to 49 GDPR).
General Notice on Data Deletion
The data we process are deleted in accordance with legal requirements as soon as consent to their processing has been withdrawn or other legal bases (e.g., legitimate interests, legal obligations) no longer apply. If the data are not deleted because they are required for other legally permissible purposes, their processing is restricted to these purposes only. In other words, the data are blocked and not processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons, or whose storage is necessary for asserting, exercising, or defending legal claims, or for the protection of the rights of another natural or legal person.
Further information on the deletion of personal data may be provided under the respective sections of this privacy policy.
Special Section
Use of Cookies
A "cookie" is a small text file that is stored on the visitor’s computer at the request of our systems and subject to the browser settings allowing it. It contains a key and a value and serves to identify the end device beyond a single request-response cycle (session persistence). The key and value of the cookie are processed by the issuing system with every request. Below you will find a list of the cookies we use and the corresponding information.
Essential Cookies
The request to set the following cookies is sent to the visitors’ system already upon their initial visit to a page.
|
Name | Domain |
Controller | Party |
Explanation | Specifics |
Storage duration |
|
cart_currency | drumitaktas.com |
Shopify International Limited |
Technically necessary Shopify store cookie for displaying the shopping cart. |
13d, 23h |
|
shopify_recently_viewed | .drumitaktas.com |
None |
89d, 23h |
|
|
po_visitor | drumitaktas.com |
None |
364d, 23h |
|
|
_tracking_consent | .drumitaktas.com |
The local controller |
Cookie for our GDPR consent management tool. Records whether the user has given consent. |
364d, 23h |
|
_shopify_s | .drumitaktas.com |
Shopify International Limited |
Technically necessary Shopify store cookie. |
End of Session |
|
_shopify_y | .drumitaktas.com |
Shopify International Limited |
Technically necessary Shopify store cookie. |
End of Session |
|
epb_previous_pathname | drumitaktas.com |
None |
End of Session |
|
|
keep_alive | drumitaktas.com |
The local controller |
Technically necessary Shopify store cookie. |
13d, 23h |
|
_shopify_sa_p | .drumitaktas.com |
Shopify International Limited |
Technically necessary Shopify store cookie. |
0d, 0h |
|
_shopify_sa_t | .drumitaktas.com |
Shopify International Limited |
Technically necessary Shopify store cookie. |
0d, 0h |
|
localization | drumitaktas.com |
The local controller |
Technically necessary Shopify store cookie. |
364d, 23h |
|
secure_customer_sig | drumitaktas.com |
The local controller |
Technically necessary Shopify store cookie. |
364d, 23h |
|
cookieconsent_preferences_disabled | ilacsiz yasam-germany.myshopify.com |
- |
None |
364d, 23h |
|
cookieconsent_status | drumitaktas.com |
None |
364d, 23h |
|
|
_landing_page | .drumitaktas.com |
Shopify International Limited |
Technically necessary Shopify store cookie. |
End of Session |
|
_orig_referrer | .drumitaktas.com |
Shopify International Limited |
Technically necessary Shopify store cookie. |
End of Session |
|
aisearch-user-id | ilacsiz-yasam- |
None |
364d, 23h |
germany.myshopify.com
Name | Domain Controller | Party Explanation | Specifics Storage
duration
|
shopify_pay_redirect | drumitaktas.com |
Shopify International Limited |
Technically necessary Shopify store cookie. |
0d, 0h |
If you do not consent to the placement of the cookies mentioned above, you can configure your browser to reject their installation. However, this may result in our website no longer functioning properly.
Types of data processed: Usage data, metadata, and communication data
Data subjects: Users of our website
Legal basis: The use of these cookies is strictly necessary for the operation of the website and is based on our legitimate interest in the efficient delivery of our online services, pursuant to Art. 6(1)(f) GDPR and § 25(2)(2) TTDSG.
Storage areas used on the end device
We use storage areas of the end user's device that are made available to us by the browser (sessionStorage, localStorage).
None
Data processing (Internally)
Comment Function (Basic)
Information and Description
We use a commenting function integrated into our website system.
Function
Comment function (Basic)
We provide our users with the opportunity to comment on specific content. The submitted comment is stored on the basis of the user's consent.
Where we additionally store the commenter’s IP address and email address, this is done on the basis of our legitimate interest in maintaining our website, preventing spam, and, where necessary, enforcing our legal rights.
Processed data: Usage data, metadata, content data, contact data
Data subjects: User
Legal basis for processing: Legitimate interests, consent ( if requested)
Legitimate interests:
Newsletter
Information and description
We offer you the opportunity to subscribe to our free newsletter on our website. Once you provide us with your email address, you will receive a verification email from us. You will only be added to our newsletter list after you verify your subscription by clicking the link included in that email (double opt-in).
You may withdraw your consent at any time by clicking the unsubscribe link included in the footer of our newsletter. Additionally, you can contact us via the email address provided on our website to revoke your consent.
Function
Newsletter
We offer you the opportunity to subscribe to our free newsletter on our website. Once you provide us with your email address, you will receive a verification email from us. You will only be added to our newsletter list after you verify your subscription by clicking the link included in that email (double opt-in).
You may withdraw your consent at any time by clicking the unsubscribe link included in the footer of our newsletter. Additionally, you can contact us via the email address provided on our website to revoke your consent.
Processed data: Contact details
Affected persons: Users, interested parties, communication partners, customers
Legal basis for processing: Consent (if requested)
Data processing by external service providers and processors
Cloudflare Inc.
CLOUDFLARENET
Information and description
The Cloudflare network is a globally distributed and complex IT infrastructure system.
As a rule, requests are routed through the servers of this network to our own servers. In some cases, certain requests may be handled directly by Cloudflare (caching).
Function
Content Delivery Network, Optimized image and file distribution (CDN)
We use external service providers to optimize the delivery and integration of files for improved performance and compatibility. These providers may store the necessary files on servers located in various geographic regions to reduce loading times. In doing so, relevant request data may be transmitted to and processed by these third-party providers.
This data processing is carried out based on our legitimate interests in ensuring efficient website performance and user experience.
Processed data: Usage data, metadata
Data subjects: Users
Legal basis for processing: Legitimate interests
Legitimate interests:
Maintenance free: Our legitimate interest in the use of low-maintenance or maintenance-free technology. This also guarantees a consistently high level of security for the services;
High availability: Our legitimate interest in the use of a highly available service.
Server and Network Infrastructure
We use the services of a specialized and reputable company to operate and maintain our server and network infrastructure (data centers).
Processed Data: Usage data, metadata, content data, contact data, contract data
Data Subjects: Users
Legal Basis for Processing: Legitimate interests
Legitimate Interests:
Provider Information
Cloudflare Inc.; Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 USA Attention: Data Protection Officer privacyquestions@cloudflare.com, https://www.cloudflare.com/privacypolicy/
This provider may process data outside the jurisdiction of the European Union.
Google LLC
YouTube
Function
Video platform
We use external providers to display videos on our website. These are generally embedded into our site using an iframe. When our page is loaded, the browser calls the external site that hosts the video.
We use these external providers based on our legitimate interest in the simple integration of multimedia content into our services.
Processed Data: Usage data, metadata
Data Subjects: Users
Legal Basis for Processing: Legitimate interests
Legitimate Interests:
- Low Maintenance Requirement: Our legitimate interest in using technology that requires little or no maintenance on our part. This also ensures a consistently high level of service security.
- Outsourced Development: Our legitimate interest in not having to develop all services ourselves and instead relying on highly complex services operated by third parties.
- High Availability: Our legitimate interest in using a highly available service..
Affected Domains: jnn-pa.googleapis.com, googlevideo.com (including subdomains), www.youtube.com (including subdomains), www.youtube-nocookie.com, s.ytimg.com, i.ytimg.com (including subdomains)
Google Marketing Platform
Function
Marketing
We process personal data for the purposes of online marketing. This primarily includes the display of advertising content that corresponds to the potential interests of the user.
For this purpose, we use the advertising network "Google Ads." User profiles are created and assigned to the user's device via a cookie (see above).
These cookies can later be read and analyzed on websites that use the same marketing provider.
For the purpose of profiling, data such as visited websites, viewed content, and online networks used may be included. It is also possible to collect information about communication partners and — if the user allows it — the user's location.
The user's IP addresses are also stored, with IP masking applied.
Processed Data: Usage data, metadata, geolocation data
Data Subjects: Users
Legal Basis for Processing: Consent (where obtained)
Affected Domains: www.google.com.ua, doubleclick.net (including subdomains), www.google.de
Google Play
Information and Description
User authentication in the Google Play Store
Processed Data: Usage data, metadata, payment data
Data Subjects: Users, prospects, customers
Legal Basis for Processing: Legitimate interests, performance of a contract, and pre-contractual inquiries
Legitimate Interests:
Payment Options: Our legitimate interest in offering our customers trusted and secure payment options so that they can complete their purchase safely.
Google Maps
Information and Description
Google Maps is a map service that provides interactive maps of a large part of the Earth.
Function
Maps
We use map services to easily display locations to our users within a dynamic, interactive, and visually appealing map.
Processed Data: Usage data, metadata, geolocation data
Data Subjects: Users
Legal Basis for Processing: Legitimate interests
Legitimate Interests:
- Low Maintenance Requirement: Our legitimate interest in using technology that requires little or no maintenance on our part. This also ensures a consistently high level of service security.
- License Management: Our legitimate interest in using a service that handles the management of any necessary licenses upstream.
- Outsourced Development: Our legitimate interest in not having to develop all services ourselves and instead relying on highly complex services operated by third parties.
- High Availability: Our legitimate interest in using a highly available service..
Affected Domains: maps.google.com, maps.google.de, maps.googleapis.com, khms1.googleapis.com, maps.gstatic.com
Google Statics
Function
Content Delivery Network, Optimized Image and File Delivery (CDN)
We use external service providers to optimize the delivery and integration of files in terms of performance and compatibility. These providers may store the required files on servers in various geographic regions to reduce loading times.
In this process, the respective providers receive corresponding request data.
Processed Data: Usage data, metadata
Data Subjects: Users
Legal Basis for Processing: Legitimate interests
Legitimate Interests:
- Low Maintenance Requirement: Our legitimate interest in using technology that requires little or no maintenance on our part. This also ensures a consistently high level of service security.
- High Availability: Our legitimate interest in using a highly available service.
Affected Domains: yt3.ggpht.com (including subdomains), ajax.googleapis.com, lh5.googleusercontent.com (including subdomains), www.gstatic.com
Google Fonts
Function
Fonts
We use externally embedded fonts to ensure fast, secure delivery of modern fonts.
Processed Data: Usage data, metadata
Data Subjects: Users
Legal Basis for Processing: Legitimate interests
Legitimate Interest:
Low Maintenance Requirement: Our legitimate interest in using technology that requires little or no maintenance on our part. This also ensures a consistently high level of service security
Affected Domains: fonts.googleapis.com, fonts.gstatic.com
Google Maps
Information and Description
Google Maps is a map service that provides interactive maps of a large part of the Earth.
Function
Maps
We use map services to easily display locations to our users within a dynamic, interactive, and visually appealing map.
Processed Data: Usage data, metadata, geolocation data
Data Subjects: Users
Legal Basis for Processing: Legitimate interests
Legitimate Interests:
- Low Maintenance Requirement: Our legitimate interest in using technology that requires little or no maintenance on our part. This also ensures a consistently high level of service security.
- License Management: Our legitimate interest in using a service that handles the management of any necessary licenses upstream.
- Outsourced Development: Our legitimate interest in not having to develop all services ourselves and instead relying on highly complex services operated by third parties.
- High Availability: Our legitimate interest in using a highly available service.
Affected Domains: maps.google.com, maps.google.de, maps.googleapis.com, khms1.googleapis.com, maps.gstatic.com
Provider Information
Google LLC; Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Subsidiaries in the European Union:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, https://policies.google.com/privacy
This provider may process data outside the scope of the European Union. Between the aforementioned controller and the operator, so-called SCCs (Standard Contractual Clauses) are in place
ISRG (Internet Security Research Group)
Let´'s Encrypt
Information and Description
Let's Encrypt provides SSL certificates as a free certification authority. The validity of such a certificate is limited in time and must be renewed before it expires. Such a certificate can also be revoked and "invalidated.".
"r3.o.lencr.org" is one of the security servers of the Let's Encrypt organization, through which data about revoked certificates is published.
We use certificate verification for your security. Your browser checks whether our certificate is still valid at the time the connection is established.
Function
Frontend Security Technology
We use specific security techniques to protect our website (especially forms) and other parts of our infrastructure from unauthorized access, spam, and automated access.
Processed Data: Usage data, metadata
Data Subjects: Users
Legal Basis for Processing: Legitimate interests
Legitimate Interests:
- Low Maintenance Requirement: Our legitimate interest in using technology that requires little or no maintenance on our part. This also ensures a consistently high level of service security.
- Outsourced Development: Our legitimate interest in not having to develop all services ourselves and instead relying on highly complex services operated by third parties.
- Security: Our legitimate interest in protecting our offerings from unauthorized and harmful access.
Affected Domains: r3.o.lencr.org, r10.o.lencr.org, r11.o.lencr.org
Provider Information
ISRG (Internet Security Research Group); 548 Market St PMB 77519 San Francisco CA 94104-5401 USA, https://letsencrypt.org/privacy/
This provider may process data outside the jurisdiction of the European Union.
Let's Encrypt is a free, automated, and open certification authority, among other things for SSL certificates, which enhance website security through encryption. An SSL certificate is used to securely transmit website data when accessed by a browser. SSL stands for "Secure Sockets Layer," which means there is a protocol between the web server and the client (user) that encrypts the data
PayPal (Europe) S.à r.l. et Cie, S.C.A.
PayPal
Function
Payment Services
We use external providers to offer our customers secure, simple, and trusted payment options. In the event of a payment, these providers receive order data such as name, address, ordered goods, and amount. The service providers may also conduct credit checks based on scientifically developed scoring values.
We also integrate plugins from these providers into our website, so that access data is transmitted to these providers even without using the payment service.
Processed Data: Usage data, metadata, contact data, contract data, payment data
Data Subjects: Users, customers
Legal Basis for Processing: Legitimate interests, performance of a contract and pre-contractual inquiries, consent (where obtained)
Legitimate Interests:
- Security: Our legitimate interest in protecting our offerings from unauthorized and harmful access.
- Payment Options: Our legitimate interest in offering our customers trusted and secure payment options so that they can complete their purchase safely.
Affected Domains: www.paypal.com, www.paypalobjects.com
Provider Information
PayPal (Europe) S.à r.l. et Cie, S.C.A.; PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg Luxembourg, https://paypal.com/de/privacy/
Shopify International Limited
Shopify - Shop Integration
Information and Description
Services provided by Shopify that enable our webshop to be displayed and conveniently used by you.
Processed Data: Usage data, metadata, geolocation data
Data Subjects: Users, prospects, communication partners, customers, contractual partners
Legal Basis for Processing: Legitimate interests, performance of a contract, and pre-contractual inquiries
Legitimate Interests:
- Optimization of User Interface: Our legitimate interest in optimizing our user interface and thus the effective design of our services.
- Customer Communication and Support: Our legitimate interest in direct, simple communication with our (potential) customers; possibly also in an environment they already use, as well as our legitimate interest in providing customer-oriented support at this point.
- Enabling the Operation of a Website: Processing is based on our legitimate interest in being able to operate a website at all.
- Payment Options: Our legitimate interest in offering our customers trusted and secure payment options so they can complete their purchase safely.
- Maintenance: Our legitimate interest in the effective maintenance of our services, detecting errors, and efficiently identifying them.
- High Availability: Our legitimate interest in using a highly available service.
Shopify - CDN
Information and Description
Shopify hosts customer content in its own Content Delivery Network. As a customer, we have no influence over the data processing operations at Shopify.
Processed Data: Metadata, geolocation data
Data Subjects: Users
Legal Basis for Processing: Legitimate interests
Legitimate Interests:
- Low Maintenance Requirement: Our legitimate interest in using technology that requires little or no maintenance on our part. This also ensures a consistently high level of service security.
- High Availability: Our legitimate interest in using a highly available service.
Provider Information
Shopify International Limited; Victoria Buildings, 2. Etage 1-2 Haddington Road Dublin 4, D04 XN32, Irland, https://www.shopify.com/de/legal/datenschutz
Prospect One sp. z o.o. sp.k.
JSDELIVR
Information and Description
JSDELIVR is a content delivery network used for the global distribution of open-source JavaScript files.
Function
Content Delivery Network, Optimized Image and File Delivery (CDN)
We use external service providers to optimize the delivery and integration of files regarding performance and compatibility. These providers may store the files we need on servers in various geographical regions to reduce retrieval times.
During this process, the respective providers collect corresponding request data.
Processed Data: Usage data, metadata
Data Subjects: Users
Legal Basis for Processing: Legitimate interests
Legitimate Interests:
- Low Maintenance: Our legitimate interest in using technology that requires little to no maintenance. This also ensures a consistently high level of security for the services.
- High Availability: Our legitimate interest in using a highly available service.
Affected Domains: cdn.jsdelivr.net (including subdomains)
Provider Information
Prospect One sp. z o.o. sp.k.; Prospect One SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ Królewska 65A/1, 30-081 Kraków, Poland
https://prospectone.io/contact
External Platforms
Social Medias
To communicate effectively with our (potential) customers and other interested parties and to offer them a convenient point of contact and information, we maintain presences on several social media platforms.
Please note that when using social media, data may be processed outside the European Union, which may pose risks for users regarding the enforcement of their rights.
Social media platforms regularly analyze user behavior for marketing purposes. In doing so, they create extensive profiles on users’ interests and usage behavior in order to display personalized advertising. Through the use of cookies and integration on third-party websites, information may also be collected that goes beyond the direct use of the social network itself.
In particular, information about the device used, the internet connection (IP address), and possibly the user’s location may be collected.
Please note that only the providers of these networks have access to the data collected about users; therefore, requests for information are most effectively directed to them.
Details and further data protection information about the social networks we use can be found below.
X (former Twitter)
We operate an account on the social network X. On our website, we only link to X; no data processing occurs when visiting our site.
Please note that you use the X short message service and its functions at your own responsibility. This particularly applies to the use of interactive features (such as sharing or liking content).
Information about what data is processed by Twitter (X) and for what purposes can be found in X’s privacy policy:
https://x.com/de/privacy
The information collected by this provider's cookies is usually transmitted to and stored on a server in the United States. In the case of data transfers to the USA, such transfers are based on the presence of standard contractual clauses.
We have no influence over the type and scope of data processed by X, the way it is processed and used, or the disclosure of such data to third parties. Likewise, we have no effective means of control in this regard.
By using X, your personal data is collected, transferred, stored, disclosed, and used by X, and transferred to, stored, and used in the United States, Ireland, and any other country where X operates, regardless of your place of residence.
X processes both the data you voluntarily provide — such as your name and username, email address, telephone number, or contacts from your address book if you upload or synchronize it — and analyzes the content you share to determine your interests. X stores and processes private messages (direct messages) and may determine your location using GPS data, wireless network information, or your IP address to serve you advertisements or other content.
In addition, X collects and analyzes further log data about your visits.
Further information about data collection, data processing, and options to limit such processing can be found via the following resources:
https://help.x.com/de/safety-and-security/x-privacy-settings
https://help.X.com/de/forms/fragments/privacy-helpful-articles
https://support.X.com/articles/20172711
https://X.com/settings/your_twitter_data
https://X.com/personalization
We do not collect any data ourselves about your X account or visits to our X profile. However, the data you enter on X — in particular your username and the content published under your account — may be processed by us to the extent that we retweet your tweets, reply to them, or compose our own tweets that reference your account.
The data you have freely published and shared on X is thus included in our online presence and made accessible to our followers.
Provider Information
Twitter International Unlimited Company, Twitter International Unlimited Company One Cumberland Place Fenian Street Dublin 2 D02 AX07 Ireland, https://X.com/de/privacy
Information about Cookies: https://help.X.com/de/rules-and-policies/X-cookies
Privacy Settings: https://help.X.com/de/safety-and-security/privacy-controls-for-tailored-ads
Usage
We use this platform to fulfill the following functions.
Social Medias
To communicate effectively with our (potential) customers and other interested parties and to offer them a convenient point of contact and information, we maintain presences on several social media platforms.
Our website may display elements (such as icon links) that, when clicked, direct users to the respective social media presence.
Processed Data: Usage data, metadata, content data, contact data, account data, geolocation data
Data Subjects: Users, communication partners
Legal Basis for Processing: Legitimate interests
Legitimate interests:
- Customer Communication and Support: Our legitimate interest in direct and simple communication with our (potential) customers—possibly also within an environment they already use—as well as our legitimate interest in providing customer-oriented support at this point..
We operate a presence on the social network Facebook. On our website, we only provide a link to this presence. Data processing by Facebook only occurs when you click the link.
Please note that you use this Facebook page and its functions at your own responsibility. This applies in particular to the use of interactive features (e.g., commenting, sharing, rating). Alternatively, you can also access the information offered on this page on our own website.
When you visit our Facebook page, Facebook collects your IP address and other information stored as cookies on your device. This information is used to provide us, as the operator of the Facebook page, with statistical information about the use of the Facebook page.
More detailed information is available from Facebook at:
http://de-de.facebook.com/help/pages/insights
The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. Which information Facebook receives and how it is used is described by Facebook in general terms in its data use policy. There you will also find information on how to contact Facebook and how to manage advertising settings.
The data use policy is available at:
http://de-de.facebook.com/about/privacy
The full Facebook data policy can be found here:
https://de-de.facebook.com/full_data_use_policy
The data collected about you is processed by Facebook Ltd. and may be transferred to countries outside the European Union.
When you visit one of our social media profiles (e.g., Facebook), this triggers the processing of your personal data.
In this case, we are jointly responsible with the operator of the respective social network for the data processing activities under Art. 26 GDPR, provided that we actually make joint decisions with the social network operator about the data processing and influence the processing.
Where possible, we have concluded agreements on joint responsibility with the social network operators pursuant to Art. 26 GDPR, in particular the so-called “Page Controller Addendum” of Facebook Ireland Ltd.
You can generally assert your rights (right to information under Art. 15 GDPR, right to rectification under Art. 16 GDPR, right to erasure under Art. 17 GDPR, right to restriction of processing under Art. 18 GDPR, right to data portability under Art. 20 GDPR, and right to complain under Art. 77 GDPR) both with us and with the operator of the respective social network (e.g., Facebook).
Please note that despite the joint responsibility under Art. 26 GDPR, we have no comprehensive influence over the data processing of the individual social networks. The corporate policies of the respective providers have a decisive influence on our options.
In case of asserting data subject rights, we can only forward such requests to the social network operator.
Facebook does not fully and clearly disclose how it uses data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data, and whether data from a visit to the Facebook page is shared with third parties. This information is not known to us.
When accessing a Facebook page, your device’s assigned IP address is transmitted to Facebook. According to Facebook, this IP address is anonymized (for "German" IP addresses) and deleted after 90 days. Facebook also stores information about its users’ devices (for example, in connection with the “login notification” feature); this may enable Facebook to associate IP addresses with individual users.
If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your device. This allows Facebook to possibly track that you have visited this page and how you used it (for example, via a referrer header).
If you want to prevent Facebook from drawing such conclusions or from associating your visit to our Facebook presence with your profile, you can use a private/incognito browser window, as no cookies are set in this mode.
As the provider of this information service, we do not collect or process any data from your use of our service.
You can find this privacy policy in its current version under the “Data Policy” section on our Facebook page.
Provider Information
Meta Platforms Ireland Limited, Meta Platforms Ireland Limited 4 Grand Canal Square Dublin 2 Irland Handelsregisternummer: 462932, http://de-de.facebook.com/about/privacy
Subsidiary of:
Meta Platforms, Inc. One Hacker Way Menlo Park, CA 94025 USA
Usage
We use this platform to fulfill the following functions.
Social Medias
To communicate effectively with our (potential) customers and other interested parties and to offer them a convenient point of contact and information, we maintain presences on several social media platforms.
Our website may display elements (such as icon links) that, when clicked, direct users to the respective social media presence.
Processed Data: Usage data, metadata, content data, contact data, account data, geolocation data
Data Subjects: Users, communication partners
Legal Basis for Processing: Legitimate interests
Legitimate interests:
- Customer Communication and Support: Our legitimate interest in direct and simple communication with our (potential) customers—possibly also within an environment they already use—as well as our legitimate interest in providing customer-oriented support at this point
We operate a presence on the social network LinkedIn, which is primarily used for professional networking. On this website, we only provide a link to this presence. Data processing by LinkedIn only occurs when you click this link.
Please note that you use this LinkedIn page and its functions at your own responsibility. This particularly applies to the use of interactive features (e.g., commenting, sharing, liking). Alternatively, you can also access the information offered on this page via our own website.
When you visit our LinkedIn page, LinkedIn collects your IP address as well as other information stored as cookies on your device. More detailed information is provided by LinkedIn at the following URL:
https://de.linkedin.com/legal/privacy-policy?
Provider Information
LinkedIn Corp., Für die EU: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland Mutterunternehmen: LinkedIn Corp. 605 W Maude Ave, Sunnyvale, CA 94085, USA, https://www.linkedin.com/legal/privacy-policy
usage
We use this platform to fulfill the following functions.
Social Medias
To communicate effectively with our (potential) customers and other interested parties and to offer them a convenient point of contact and information, we maintain presences on several social media platforms.
Our website may display elements (such as icon links) that, when clicked, direct users to the respective social media presence.
Processed Data: Usage data, metadata, content data, contact data, account data, geolocation data
Data Subjects: Users, communication partners
Legal Basis for Processing: Legitimate interests
Legitimate interests:
Customer Communication and Support: Our legitimate interest in direct and simple communication with our (potential) customers—possibly also within an environment they already use—as well as our legitimate interest in providing customer-oriented support at this point.
We operate a page on the social network Instagram.
Please note that you use this Instagram page and its functions at your own responsibility. This particularly applies to the use of interactive features (e.g., commenting or liking).
When you visit our Instagram page, Instagram collects, among other things, your IP address and other information stored as cookies on your device. This information is used to provide us, as the operator of the Instagram page, with statistical information about the use of the Instagram page.
The data collected about you in this context is processed by Instagram Inc. and may be transferred to countries outside the European Union.
Which information Instagram receives and how it is used is generally described by Instagram in its privacy policy. There you will also find information about how to contact Instagram and further options to manage settings regarding targeted advertising.
https://help.instagram.com/519522125107875
How Instagram uses data from visits to Instagram pages for its own purposes, to what extent activities on the Instagram page are assigned to individual users, how long Instagram stores this data, and whether data from a visit to the Instagram page is shared with third parties is not fully and clearly disclosed by Instagram and is not known to us.
When accessing an Instagram page, the IP address assigned to your device is transmitted to Instagram. According to Instagram, this IP address is anonymized (for “German” IP addresses) after processing and deleted after 90 days.
Instagram also stores information about its users’ devices (for example, within the “login notification” feature); this may allow Instagram to associate IP addresses with individual users.
If you are currently logged into Instagram as a user, a cookie containing your Instagram ID is stored on your device. This allows Instagram to track that you visited this page and how you used it. This applies to all Instagram pages.
Instagram may also be able to link your visit to our website to your profile, for example by reading the so-called “referrer header.”
If you want to prevent this, you need to adjust your browser’s cookie settings or delete the provider’s relevant cookies. Alternatively, you can increase tracking protection by using a private/incognito browser window.
As the provider of this information service, we do not collect or process any data from your use of our service.
You can find this privacy policy in its current version under the “Data Policy” section on the respective Instagram page.
Provider Information
Meta Platforms Ireland Limited, Meta Platforms Ireland Limited 4 Grand Canal Square Dublin 2 Irland Handelsregisternummer: 462932, http://de-de.facebook.com/about/privacy
Subsidiary of:
Meta Platforms, Inc. One Hacker Way Menlo Park, CA 94025 USA
Usage
We use this platform to fulfill the following functions.
Social Medias
To communicate effectively with our (potential) customers and other interested parties and to offer them a convenient point of contact and information, we maintain presences on several social media platforms.
Our website may display elements (such as icon links) that, when clicked, direct users to the respective social media presence.
Processed data: Usage data, metadata, content data, contact data, account data, geolocation data
Affected persons: Users, communication partners
Legal basis for processing: Legitimate interests
Legitimate interests:
Customer Communication and Support: Our legitimate interest in direct and simple communication with our (potential) customers—possibly also within an environment they already use—as well as our legitimate interest in providing customer-oriented support at this point.
li> Payment service provider
For processing payments related to your order, we use external payment service providers. Depending on the chosen payment method, personal data is transmitted to the respective payment service provider. This data primarily includes payment information (e.g., credit card number), name, address, email address, IP address, as well as transaction-related data (e.g., order amount, date, time).
The legal basis for processing this data is Article 6(1)(b) GDPR, as the processing is necessary for the performance of the payment and thus for the fulfillment of the contract. In exceptional cases where no direct contractual relationship exists, we rely on Article 6(1)(f) GDPR. Our legitimate interest lies in secure and efficient payment processing.
Depending on the selection made during the ordering process, the following payment service providers may receive your data:
Visa Europe Services Inc., London, Großbritannien https://www.visa.de/datenschutz
Mastercard Europe SA, Waterloo, Belgien https://www.mastercard.de/de-de/datenschutz.html
Maestro (via Mastercard Europe SA)
https://www.mastercard.de/de-de/datenschutz.html
American Express Europe S.A., Frankfurt am Main, Germany https://www.americanexpress.com/de/legal/datenschutz-center.html
Klarna Bank AB (publ), Stockholm, Sweden https://www.klarna.com/de/datenschutz/
PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Shop Pay / Shopify Payments (Shopify International Ltd.), Dublin, Ireland https://www.shopify.com/legal/privacy
Apple Pay (Apple Distribution International Ltd.), Cork, Ireland https://www.apple.com/legal/privacy/de/
Google Pay (Google Ireland Limited), Dublin, Ireland https://policies.google.com/privacy?hl=de
The data transmission takes place solely for the purpose of payment processing and only to the extent necessary to carry out the payment transaction. Further information about data processing can be found in the privacy policies of the respective payment service providers.
Rights of the persons concerned
The persons concerned have rights, which we inform you about as follows:.
Right to object (Art. 21 GDPR): You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data carried out pursuant to Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.
Right of access (Art. 15 GDPR): You have the right to request confirmation as to whether personal data concerning you is being processed, as well as access to this data and further information, and to obtain a copy of the data in accordance with legal requirements.
Right to rectification (Art. 16 GDPR): You have the right, in accordance with legal requirements, to request the completion of your personal data or the correction of inaccurate personal data concerning you.
Right to erasure and restriction of processing (Art. 17, 18 GDPR): You have the right, in accordance with legal requirements, to request the immediate deletion of personal data concerning you, or alternatively, to request a restriction of the processing of your data in accordance with legal provisions.
Right to data portability (Art. 20 GDPR): You have the right, in accordance with legal requirements, to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transfer of these data to another controller.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): Furthermore, in accordance with legal provisions, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.
Right to withdraw consent (Art. 7(3) GDPR): You have the right to withdraw any consent you have given to the controller at any time.
Glossary
Below you will find a list of explanations for the most commonly used terms in this context.
Personal data
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (cf. Art. 4 No. 1 GDPR).
Processing
“Processing” means any operation or set of operations performed on personal data, whether or not by automated means, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination, or otherwise making available, aligning or combining, restricting, erasing, or destroying (cf. Art. 4 No. 2 GDPR).
Controller
The controller is the natural or legal person, authority, institution, or other body which, alone or jointly with others, determines the
purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or
Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law (cf. Art.
4 No. 7 GDPR).
Processor
A processor is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the controller (cf. Art. 4 No. 8 GDPR).
Clicktracking
Clicktracking allows tracking whether and on which button a user has clicked, where this click led the user to, and, if applicable, from which page of the online offering the click originated.
