GDPR

GDPR

General Part
Introduction

The protection of your personal data is important to us. It is an important component of our development and sales activities. With the following Privacy Policy, we would like to inform you about the types of personal data — hereinafter referred to as “data” — that we process, for what purposes, and to what extent.

Controller

Ümit Aktas Gesundheit GmbH
Grafenberger Allee 293
40237 Düsseldorf
Phone: + 49 (211) 9076 19 19
info@drumitaktas.com

Overview of Processing

Below, you will first receive an overview of the types of data processed and the persons affected by the processing.

Types of Data Processed

We divide the processed data into the following types:

  1. Usage Data: This includes, in particular, websites visited and content-related interests.
  2. Metadata: This refers to data generated during the communication process, such as IP addresses, browser identifiers, and device information.
  3. Content Data: This refers to data provided during the use of our services themselves, such as texts, images, and forms.
  4. Contact Data: This includes email addresses, telephone numbers, and postal addresses.
  5. Contract Data: Data required for the conclusion of a contract, such as the subject matter of the contract and the contracting parties.
  6. Master Data: These are the existing core data, such as names and addresses.
  7. Geodata: This includes, for example, one’s own location or the location targeted within a route.
  8. Payment Data: Data relating to payment methods.
  9. Special Categories of Personal Data: Special categories of personal data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, health data, or data concerning a person’s sex life or sexual orientation.

Categories of Data Subjects

We divide the persons affected by data processing into the following categories:

  1. Users: Visitors to our websites and online services.
  2. Applicants: Persons who apply to us.
  3. Prospective Customers: Persons who are interested in our services and contact us in this regard.
  4. Communication Partners: Persons who communicate with us.
  5. Customers: Persons who make use of our services as customers.
  6. Contractual Partners: Persons with whom we maintain contractual relationships without them being customers.

Purposes for Which Processing Is Carried Out

In general, personal data is processed for the following purposes:

  1. Provision of Our Online Offering: We process data in order to be able to provide our online offering in the first place.
  2. Obtaining Feedback: Requesting and evaluating feedback on services and performance.
  3. Interest-Based and Behaviour-Based (Re-)Marketing: Marketing tailored to the interests of users, which in turn are derived from their behaviour.
  4. Conversion Measurement: Measuring the effectiveness of marketing measures.
  5. Security Measures: Measures to protect our technical infrastructure.
  6. Contact Requests and Communication: Processing contact requests, etc.
  7. Direct Marketing: Direct marketing to customers, in particular by means of individual email correspondence.
  8. Provision of Contractual Services: Processing data in the performance and initiation of contracts.
  9. Improvement of the User-Friendliness of Our Online Offering: We process data in order to improve the user-friendliness of our offering. This is achieved in particular through the analysis of visits to our online offering.
  10. Analysis of the Behaviour of Visitors to Our Online Offering: Analysis of the pages accessed, for example by recording click paths and bounce rates.

Overview and Explanation of the Legal Bases

In the following, we inform you about the legal bases under the General Data Protection Regulation (GDPR) on which we process personal data. In addition to the provisions of the GDPR, national regulations of the country of residence or establishment of the respective users may apply.

  1. Legitimate Interests (Art. 6(1) sentence 1 lit. f GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
  2. Performance of a Contract and Pre-Contractual Requests (Art. 6(1) sentence 1 lit. b GDPR): Processing is necessary for the performance of a contract to which the data subject is party or in order to take pre-contractual measures at the request of the data subject.
  3. Legal Obligation (Art. 6(1) sentence 1 lit. c GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
  4. Protection of Vital Interests (Art. 6(1) sentence 1 lit. d GDPR): Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
  5. Application Procedure as a Pre-Contractual or Contractual Relationship (Art. 9(1) sentence 1 lit. b GDPR): Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR — e.g. health data, such as severe disability status, or ethnic origin — are requested from applicants as part of the application procedure so that the controller or the data subject may exercise the rights arising from employment law and social security and social protection law and comply with the corresponding obligations, such data is processed pursuant to Art. 9(2) lit. b GDPR; in the case of the protection of vital interests of applicants or other persons, pursuant to Art. 9(2) lit. c GDPR; or for the purposes of preventive or occupational medicine, for the assessment of the employee’s working capacity, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services pursuant to Art. 9(2) lit. h GDPR. In the event that special categories of data are communicated on the basis of voluntary consent, such data is processed on the basis of Art. 9(2) lit. a GDPR.
  6. Data Processing for Purposes of the Employment Relationship (§ 26 BDSG): Within the employment relationship, we process special categories and other types of personal data on the basis of the statutory provision for the purposes of establishing, performing, and terminating the employment relationship.
  7. Consent, Where Requested (Art. 6(1) sentence 1 lit. a GDPR): The data subject has given consent to the processing of his or her personal data for one specific purpose or for several specific purposes.
  8. Processing for the Performance of a Task Carried Out in the Public Interest (Art. 6(1) lit. e GDPR): Insofar as processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  9. Storage of Information in the End User’s Terminal Equipment with the End User’s Consent (§ 25(1) sentence 1 TDDDG): We use storage areas of our users’ terminal equipment for certain functions with their express and informed consent.
  10. Storage of Information in the End User’s Terminal Equipment Due to Necessity (§ 25(2) No. 2 TDDDG): Insofar as we have not asked you for permission when visiting our website or using individual functions, we use the storage of your terminal device for the technical presentation and delivery of our telemedia service where this is strictly technically necessary.

Security Measures

In accordance with the statutory requirements, taking into account the state of the art, the implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, Art. 32 GDPR.

The security measures we have implemented include, in particular, the following.

  • Secure Sockets Layer | Transport Layer Security (SSL): We use SSL / TLS for the encrypted transmission of data between our visitors’ terminal devices and our server. In this way, the risk of unauthorised access to the transmitted data is significantly reduced.

Transfer and Disclosure of Personal Data to Third Parties

In the course of our processing of personal data, data may be transferred to, or disclosed to, other bodies, companies, legally independent organisational units, or persons. The recipients of such data may include, in particular:

  • IT Service Providers: This includes service providers for the provision of hosting, email services, and server technology.
  • Payment Service Providers: Service providers that cooperate with us in order to process payments.
  • Shipping Service Providers: Service providers that perform logistical tasks for us. This includes, in particular, parcel delivery service providers.
  • Authorities: Government bodies with which we exchange data for the fulfilment of orders or for legal reasons.

In such a case, we ensure the protection of personal data by concluding contracts or agreements with the respective third parties that serve to provide adequate protection of the data. We select third parties to whom we disclose data carefully and conscientiously.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms shall apply in the relationship between the users and those providers.

Data Processing in Third Countries

Insofar as we process data in a third country, i.e. a country outside the European Union or the European Economic Area, or processing is carried out by third parties outside this area, such processing is carried out only in accordance with the applicable statutory provisions.

Subject to the express consent of the data subjects or transfers required by law, we process data, or have data processed, only in third countries that provide an adequate level of protection. This includes, in particular, countries in which processing is carried out on the basis of special safeguards, such as contractual obligations through the so-called Standard Contractual Clauses of the European Commission, the existence of certifications, or binding internal data protection rules (Art. 44 to 49 GDPR)..

General Notice on the Deletion of Data

The data processed by us will be deleted in accordance with the statutory requirements as soon as the consent to its processing has been withdrawn or other permissions — for example legitimate interests, legal obligations, etc. — no longer apply.

If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means that the data will be blocked and will not be processed for other purposes.

This applies, for example, to data that must be retained for reasons under commercial or tax law, or whose storage is necessary for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person.

 

Further information on the deletion of personal data may be provided, where applicable, under the individual sections of this Privacy Policy.

Special Part

Use of Cookies

A “cookie” is a small text file that is stored on the visitor’s computer at the request of our systems and where permitted by the settings of the visitor’s browser. It has a key and a value and serves to identify the terminal device beyond a request-response cycle, thereby maintaining the session.

The key and value of the cookie are processed by the system that sets the cookie with each request.

Below you will find a list of the cookies we use and the corresponding information.

Technically Necessary Cookies

 

We transmit the request to set the following cookies to the system of our visitors already upon the first access to a page:

Name | Domain

User | Party

Explanation | Details

Retention Period

shopify_recently_viewed | .drumitaktas.com

None

89d, 23h

_shopify_essential | drumitaktas.com

None

364d, 23h

cart_currency | drumitaktas.com

Shopify International Limited

Technically necessary Shopify shop cookie for displaying the shopping cart.

13d, 23h

_tracking_consent | .drumitaktas.com

The controller specified herein

Cookie for our GDPR consent management tool. Documents whether the user has given consent.

364d, 23h

epb_previous_pathname | drumitaktas.com

None

End of Session

keep_alive | drumitaktas.com

The controller specified herein

Technically necessary Shopify shop cookie.

13d, 23h

localization | drumitaktas.com

The controller specified herein

Technically necessary Shopify shop cookie.

364d, 23h

cookieconsent_preferences_disabled | drumitaktas.com

None

364d, 23h

cookieconsent_status | drumitaktas.com

None

364d, 23h

aisearch-user-id | drumitaktas.com

None

364d, 23h

shopify_pay_redirect | drumitaktas.com

Shopify International Limited

Technically necessary Shopify shop cookie.

0d, 0h

If you do not agree to the setting of the cookies mentioned above, you can configure your browser to reject their installation. Under certain circumstances, this may result in our online offering no longer functioning properly.

Types of Data Processed: Usage data, meta and communication data

Data Subjects: Users of our website.

Legal Basis: The use of these cookies is strictly necessary for the operation of the website and is based on our legitimate interest in the effective delivery of our online offering, Art. 6(1) sentence 1 lit. f GDPR and § 25(2) No. 2 TDDDG.

Optional Cookies

We only set the following cookies after the user has given us their consent to do so. The legal basis for the processing is the consent of the users, Art. 6(1) sentence 1 lit. a GDPR.

Name | Domain

User | Party

Explanation | Details

Retention Period

_shopify_y | .drumitaktas.com

Shopify International Limited

Technically necessary Shopify shop cookie.

End of Session

_fbp | .drumitaktas.com

Meta Platforms Ireland Limited

This cookie is used by Facebook to track users across multiple websites.

Information on Function:

Social Media: In order to communicate effectively with our existing and potential customers as well as other interested persons, and to provide them with an accessible point of contact and information, we maintain presences on certain social media platforms.

Elements may be displayed on our website which, when clicked, direct users to the respective social media presence, such as icon links, etc.

Legal Bases:
Legitimate interests, Art. 6(1) sentence 1 lit. f GDPR.

90d, 0h

_ga_T3HJRBTN40 | .drumitaktas.com

None

399d, 23h

_ga | .drumitaktas.com

The controller specified herein

This cookie is used by Google Analytics for the long-term recognition of a visitor on the website.

 

Information on Function:

Web Analytics: In order to further improve our website, understand the interests and expectations of our users, identify issues in the click paths on our website, and evaluate the performance of individual pages as well as our website as a whole, we use web analytics services.

For this purpose, data relating to the user’s terminal device, the pages accessed, the time of access and duration of stay on the respective pages, the users’ origin/referrer, and, where possible, their geographical location are collected and processed.

Where we achieve this exclusively by evaluating HTTP requests — see above — the processing is carried out on the basis of our legitimate interest. Where we use additional services, this is done only with your consent.

Legal Bases:
Legitimate interests, Art. 6(1) sentence 1 lit. f GDPR
Consent, where requested, Art. 6(1) sentence 1 lit. a GDPR

729d, 23h

_ga_7L82X1QTN1 | .drumitaktas.com

None

399d, 23h

po_visitor | drumitaktas.com

None

364d, 23h

_gcl_au | .drumitaktas.com

Google LLC

This cookie is used by Google AdSense for targeting purposes.

Marketing: We process personal data for online marketing purposes. This includes, in particular, the display of advertising content that corresponds to the potential interests of the user.

For this purpose, we use the advertising network “Google Ads”. For this purpose, so-called user profiles are created and assigned to the user’s terminal device by means of a cookie — see above.

These cookies may later be read and analysed on websites that use the same marketing provider.

For the purpose of profile creation, the data may include, in particular, websites visited, content viewed, and online networks used. It is also possible, however, to record communication partners and — where enabled by the user — the user’s location.

The user’s IP addresses are also stored, whereby so-called IP masking is applied.

Legal Bases:
Consent, where requested, Art. 6(1) sentence 1 lit. a GDPR.

90d, 0h

_shopify_s | drumitaktas.com

Shopify International Limited

Technically necessary Shopify shop cookie.

End of Session

_landing_page | .drumitaktas.com

Shopify International Limited

Technically necessary Shopify shop cookie.

End of Session

_orig_referrer | .drumitaktas.com

Shopify International Limited

Technically necessary Shopify shop cookie.

End of Session

Types of Data Processed: Usage data, meta and communication data

Data Subjects: Users of our website.

Legal Basis: Consent of the users, Art. 6(1) sentence 1 lit. a GDPR.

Objection / Withdrawal: You may withdraw your consent for the future by using the consent tool on this website.

 

Storage Areas of the Terminal Device Used

We use storage areas of the end user’s terminal device that are made available to us by the browser, such as sessionStorage and localStorage.

None

Data Processing (intern)

CartBot

Information and Description

The service belongs to the Shopify app CartBot: Auto add to cart by Bundler.app, provided via cart-bot.net. The app automates the adding of products — e.g. free items, cross-sells, promotional products — to the shopping cart based on predefined rules, e.g. when product A is purchased, product B is automatically added

  • Data Processed: Usage data, metadata, content data
  • Data Subjects: Users, prospective customers, customers
  • Legal Basis for Processing: Legitimate interests, consent where requested

 

 

 

Legitimate Interests:

  • Optimisation of the User Interface: Our legitimate interest in optimising our user interface and thereby effectively designing our services.
  • Customer Communication and Support: Our legitimate interest in direct and simple communication with our existing and potential customers, possibly also in an environment already used by them, as well as our legitimate interest in being able to provide customer-oriented support in this context.

Consentmo

Information and Description

Information and Description

Consentmo is a Google-certified CMP, compatible with IAB TCF 2.2, Google Consent Mode V2, Microsoft Consent Mode, and integrated into Shopify’s Privacy API. It enables automated cookie scanning, consent logging, DSAR handling, and regional banner control.

According to the Shopify App Store and Consentmo’s own documentation, Consentmo is a viable solution for companies for implementing cookies in compliance with data protection requirements — provided that it is correctly configured, the banner display and consent log are active, and data protection is documented in the Privacy Policy.

Data Processed: Usage data, metadata

Data Subjects: Users, prospective customers, communication partners, customers

Legal Basis for Processing: Legitimate interests, consent where requested

Legitimate Interests:

  • Enabling the Operation of a Website: Processing is carried out on the basis of our legitimate interest in being able to operate a website in the first place.
  •  Low-Maintenance Operation: Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.
  • Logging: Our legitimate interest in logging the user’s consent for verification purposes.
  • Customer Communication and Support: Our legitimate interest in direct and simple communication with our existing and potential customers, possibly also in an environment already used by them, as well as our legitimate interest in being able to provide customer-oriented support in this context.

Hextom Eventpromotionbar

Data Processing Agreement

Information and Description

This app enables merchants to display targeted banners, timers, and promotional bars on their shop website for example, notices about promotions, countdown timers, or shipping notifications which can be displayed in a targeted manner, e.g. geographically, page-specific, or time-based

Data Processed: Usage data, metadata, content data, geodata.

Data Subjects: Users, prospective customers, communication partners, customers.

Legal Basis for Processing: Legitimate interests, consent where requested.

Legitimate Interests:

  • Optimisation of the User Interface: Our legitimate interest in optimising our user interface and thereby ensuring the effective design of our services.;
  • Performance Measurement: Our legitimate interest in measuring the performance of our website and individual pages.

Judge.me

Data Processing Agreement

Information and Description

This API call is used to collect and transmit aggregate events (“bulk events”) from the review system, for example when review widgets are loaded or interacted with on the shop website. Typically, Judge.me uses this to record interactions such as views of reviews, clicks on review widgets, or aggregate events used for functional analysis or optimisation.

Judge.me widgets use track_bulk_events to transmit information about how users interact with review displays, e.g. how many reviews were displayed, loaded, or clicked on. This enables Judge.me to identify the use of the widgets and, where applicable, to apply performance or recommendation logic.

Data Processed: Usage data, metadata, content data, geodata

Data Subjects: Users, prospective customers, communication partners, customers

Legal Basis for Processing: Legitimate interests, consent where requested

 

Legitimate Interests:

  • Optimisation of the User Interface: Our legitimate interest in optimising our user interface and thereby effectively designing our services.
  • Performance Measurement: Our legitimate interest in measuring the performance of our website and individual pages.
  • Customer Communication and Support: Our legitimate interest in direct and simple communication with our existing and potential customers, possibly also in an environment already used by them, as well as our legitimate interest in being able to provide customer-oriented support in this context.

PushOwl

Data Processing Agreement

Information and Description

PushOwl is a Shopify-compatible service that sends web push notifications to users, for example, to remind them of abandoned shopping carts or to inform them about new offers. The URL documents a server call used to record the event that a notification opt-in prompt was displayed to a user (event=optin_viewed). This type of tracking is essential for the proper functioning of the opt-in/opt-out logic for push notifications.

Data Processed:
• Device/browser identifier, e.g. via the Push API
• Timestamp and type of event
• Where applicable, IP address and location for the targeted delivery of notifications
• Shopify shop subdomain

Data Processed: Usage data, metadata, content data

Data Subjects: Users, prospective customers, communication partners, customers, contractual partners

Legal Basis for Processing: Consent (where obtained)

Contact Form

Information and Description

We provide you with the option of contacting us via a contact form.

Data Processed: Metadata, content data, contact data

Data Subjects: Users, applicants, prospective customers, communication partners, customers, contractual partners

Legal Basis for Processing: Legitimate interests, performance of a contract and pre-contractual requests, application procedure as a pre-contractual or contractual relationship, consent (where obtained)

Legitimate Interests:

  • Customer Communication and Support: Our legitimate interest in direct and straightforward communication with our existing and potential customers, possibly also in an environment already used by them, as well as our legitimate interest in being able to provide customer-oriented support in this context.

Newsletter

Information and Description

We offer you the opportunity to subscribe to a free newsletter on our website. Once you provide us with an email address, you will receive a verification email from us. You will only be added to our newsletter mailing list once you have verified your email address by clicking on the link contained in that email (double opt-in).

You may withdraw your consent at any time by clicking on the unsubscribe link in the footer of our newsletter. Furthermore, you may also withdraw your consent by sending an email to the address provided by us.

Function

Newsletter

We offer you the opportunity to subscribe to our free newsletter on our website. Once you provide us with an email address, you will receive a verification email from us. You will only be subscribed to our newsletter after verifying your email address by clicking on the link contained in that email (double opt-in).

You may withdraw your consent at any time by clicking on the unsubscribe link in the footer of our newsletter. In addition, you may withdraw your consent by sending an email to the address provided by us.

Data Processed: Contact Data

Data Subjects: Users, prospective customers, communication partners, customers

Legal Basis for Processing: Consent (where obtained)

Comment Function (Basic)

Information and Description

We use a comment function integrated into our website system.

Function

Comment Function (Basic)

We provide our users with the opportunity to comment on certain content. For this purpose, we store the submitted comment with your consent.

Insofar as we also store the IP address and email address of the person submitting the comment, this is carried out on the basis of our legitimate interest in maintaining our website, protecting it against spam, and, where necessary, enforcing our rights.

Data Processed: Usage data, metadata, content data, contact data

Data Subjects: User

Legal Basis for Processing: Legitimate Interests, Consent (where obtained)

Legitimate Interests:

  • Enabling the Operation of a Website: Processing is carried out on the basis of our legitimate interest in being able to operate a website in the first place.
  • Security: Our legitimate interest in protecting our offerings against unauthorised and harmful access.
  • Logging: Our legitimate interest in logging the consent granted by the user for verification purposes.

Payment Methods

Information and Description

Payment Service Providers
For the processing of payments in connection with your order, we use external payment service providers. Depending on the payment method selected, personal data is transmitted to the respective payment service provider. This includes, in particular, payment information, e.g. credit card number, name, address, email address, IP address, and transaction-related data, e.g. order total, date, and time.

The legal basis for processing this data is Art. 6(1) lit. b GDPR, as the processing is necessary for carrying out the payment and thus for the performance of the contract. In exceptional cases where no direct contractual relationship exists, we base the processing on Art. 6(1) lit. f GDPR. Our legitimate interest lies in the secure and efficient processing of payments.

Depending on the option selected during the ordering process, the following payment service providers may be recipients of your data:

Visa Europe Services Inc., London, United Kingdom – https://www.visa.de/datenschutz
Mastercard Europe SA, Waterloo, Belgium – https://www.mastercard.de/de-de/datenschutz.html
Maestro (via Mastercard Europe SA) – https://www.mastercard.de/de-de/datenschutz.html
American Express Europe S.A., Frankfurt am Main, Germany – https://www.americanexpress.com/de/legal/datenschutz-center.html
UnionPay International Co., Ltd., Beijing, China – https://www.unionpayintl.com
Klarna Bank AB (publ), Stockholm, Sweden – https://www.klarna.com/de/datenschutz/
PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg – https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Shop Pay / Shopify Payments (Shopify International Ltd.), Dublin, Ireland – https://www.shopify.com/legal/privacy
Apple Pay (Apple Distribution International Ltd.), Cork, Ireland – https://www.apple.com/legal/privacy/de/
Google Pay (Google Ireland Limited), Dublin, Ireland – https://policies.google.com/privacy?hl=de

Data is transmitted exclusively for the purpose of payment processing and only to the extent necessary to carry out the payment transaction.

Further information on data processing can be found in the privacy notices of the respective payment service providers.

Data Processed: Payment Data

Data Subjects: Customers, contractual partners

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Enabling the Operation of a Website: Processing is carried out on the basis of our legitimate interest in being able to operate a website in the first place.
  • Payment Options: Our legitimate interest in being able to offer our customers familiar and secure payment options so that they can complete their purchase securely.

Data Processing by External Service Providers and Processors

Ai-Search

AI-Search

Information and Description

We use an intelligent product search function to enable our users to navigate our product range conveniently and efficiently. The service provides dynamic search suggestions and results based on the user’s input.

Data Processed: Usage data, metadata, geodata

Data Subjects: Users, prospective customers, customers

Legal Basis for Processing: Consent (where obtained)

Legitimate Interests:

  • Optimisation of the User Interface: Our legitimate interest in optimising our user interface and thereby effectively designing our services.
  • Performance Measurement: Our legitimate interest in measuring the performance of our website and individual pages.
  • Customer Communication and Support: Our legitimate interest in direct and straightforward communication with our existing and potential customers, possibly also in an environment already used by them, as well as our legitimate interest in being able to provide customer-oriented support in this context.

Provider Information

Ai-Search; AI-Search Esentepe Talatpasa Caddesi No:5 34394 Sisli Istanbul, None

This provider may process data outside the territorial scope of the European Union.

Bundler.App

Provider Information

Bundler.App; Bundler.app – Product Bundles & CartBot Podutiška cesta 94, Ljubljana, 1000, Slowenien support@bundler.app bundler.app / Shopify App Store, https://bundler.app/legal/privacy-policy

Cloudflare Inc.

CLOUDFLARENET

Information and Description

The Cloudflare network is a complex global IT infrastructure network. As a rule, requests are forwarded to our servers via the servers of this network, although certain requests may also be processed directly by Cloudflare (caching).

Function

Content Delivery Network, Optimised Delivery of Images and Files (CDN)

We use external service providers to optimise the delivery and integration of files in terms of performance and compatibility. Where applicable, these providers store files required by us on servers in various geographical regions in order to reduce retrieval times.

In this context, corresponding request data is generated by the respective providers.

Data Processed: Usage data, metadata

Data Subjects: User

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Low-Maintenance Operation: Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.
  • High Availability: Our legitimate interest in using a highly available service.

Server and Network Infrastructure

We use the services of a specialised and reputable company to operate and maintain our server and network infrastructure (data centres).

Data Processed: Usage data, metadata, content data, contact data, contract data

Data Subjects: User

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Low-Maintenance Operation: Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.
  • High Availability: Our legitimate interest in using a highly available service.

Provider Information

Cloudflare Inc.; Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 USA Attention: Data Protection Officer privacyquestions@cloudflare.com, https://www.cloudflare.com/privacypolicy/

This provider may process data outside the territorial scope of the European Union.

 

Consentmo Technologies Sl.

Provider Information

Consentmo Technologies Sl.; Consentmo Ltd. (Trade name: Consentmo, früher iSenseLabs) Adresse: Prof. Georgi Bradistilov Str. No. 4, 4th Floor, entr.A, 1700 Sofia, Bulgarien (Registergericht: Sofia, UIC112660079), https://www.consentmo.com/privacy-policy-terms-of-service/en

Google LLC

Google Statics

Function

Content Delivery Network, Optimised Delivery of Images and Files (CDN)

We use external service providers to optimise the delivery and integration of files in terms of performance and compatibility. Where applicable, these providers store files required by us on servers in various geographical regions in order to reduce retrieval times.

In this context, corresponding request data is generated by the respective providers.

Data Processed: Usage data, metadata

Data Subjects: User

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Low-Maintenance Operation: Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.
  • High Availability: Our legitimate interest in using a highly available service.

Affected Domains: yt3.ggpht.com (including subdomains), ajax.googleapis.com, lh5.googleusercontent.com (including subdomains), www.gstatic.com

Google Play

Information and Description

User authentication in the Google Play Store.

Data Processed: Usage data, metadata, payment data

Data Subjects: Users, prospective customers, customers

Legal Basis for Processing: Legitimate Interests, Performance of a Contract and Pre-Contractual Requests

Legitimate Interests:

  • Payment Options: Our legitimate interest in being able to offer our customers familiar and secure payment options so that they can complete their purchases securely.

Google Tag Manager

Upon Consent

Function

Embedding Tools

We use external services to simplify the integration and management of additional solutions on our website.

Such services are used either on the basis of our legitimate interest in the secure and straightforward integration of external resources or with the consent of our users.

Data Processed: Usage data, metadata

Data Subjects: User

Legal Basis for Processing: Legitimate Interests, Consent (where obtained)

Legitimate Interests:

  • Low-Maintenance Operation: Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.
  • Development Outsourcing: Our legitimate interest in not having to develop all services ourselves and instead relying on highly complex services operated by third parties.
  • High Availability: Our legitimate interest in using a highly available service.

Affected Domains: www.googletagmanager.com (including subdomains)

Google Fonts

Function

Fonts

We use externally integrated fonts to ensure the fast and secure delivery of modern fonts.

Data Processed: Usage data, metadata

Data Subjects: User

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Low-Maintenance Operation: Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.

Affected Domains: fonts.googleapis.com, fonts.gstatic.com

Google Marketing Platform

Function

Marketing

We process personal data for online marketing purposes. This includes, in particular, the display of advertising content that corresponds to the potential interests of the user.

For this purpose, we use the advertising network “Google Ads”. In this context, so-called user profiles are created and assigned to the user’s terminal device by means of a cookie (see above).

These cookies may subsequently be read and analysed on websites that use the same marketing provider.

For the purpose of creating user profiles, the data processed may include, in particular, websites visited, content viewed, and online networks used. It is also possible to collect information on communication partners and, where enabled by the user, the user’s location.

The user’s IP addresses are also stored, with so-called IP masking being applied.

Data Processed: Usage data, metadata, geodata

Data Subjects: User

Legal Basis for Processing: Consent (where obtained)

Affected Domains: www.google.com.ua, doubleclick.net (including subdomains), www.google.de

Google Maps

Information and Description

Google Maps is a mapping service that provides interactive maps covering large parts of the world.

Function

Maps

We use mapping services to provide our users with an easy way to view locations on a dynamic, interactive and visually appealing map.

Data Processed: Usage data, metadata, geodata

Data Subjects: User

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Low-Maintenance Operation: Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.
  • Licence Management: Our legitimate interest in using a service that manages any necessary licences in advance.
  • Development Outsourcing: Our legitimate interest in not having to develop all services ourselves and instead relying on highly complex services operated by third parties.
  • High Availability: Our legitimate interest in using a highly available service.

Affected Domains: maps.google.com, maps.google.de, maps.googleapis.com, khms1.googleapis.com, maps.gstatic.com

YouTube

Function

Video Platform

We use external providers to display videos on our website. As a rule, these videos are embedded into our website by means of a so-called iframe. When our own website is loaded, the browser accesses the external website containing the video.

We use these external providers on the basis of our legitimate interest in the simple integration of multimedia content into our online offering.

Data Processed: Usage data, metadata

Data Subjects: User

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Low-Maintenance Operation: Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.
  • Development Outsourcing: Our legitimate interest in not having to develop all services ourselves and instead relying on highly complex services operated by third parties.
  • High Availability: Our legitimate interest in using a highly available service.

Affected Domains: jnn-pa.googleapis.com, googlevideo.com (including subdomains), www.youtube.com (including subdomains), www.youtube-nocookie.com, s.ytimg.com, i.ytimg.com (including subdomains)

Google Analytics

Upon Consent

Function

Web Analytics

In order to further improve our website, understand the interests and expectations of our users, identify issues in the click paths on our website, and evaluate the performance of individual pages as well as our website as a whole, we use web analytics services.

For this purpose, data relating to the user’s terminal device, the pages accessed, the time of access and duration of stay on the respective pages, the users’ origin/referrer and, where possible, their geographical location are collected and processed.

Where we achieve this exclusively by evaluating HTTP requests (see above), the processing is carried out on the basis of our legitimate interest. Where we use additional services, this is done only with your consent.

Data Processed: Usage data, metadata

Data Subjects: User

Legal Basis for Processing: Legitimate Interests, Consent (where obtained)

Legitimate Interests:

  • Optimisation of the User Interface: Our legitimate interest in optimising our user interface and thereby effectively designing our services.
  • Performance Measurement: Our legitimate interest in measuring the performance of our website and individual pages.

Affected Domains: analytics.google.com, region1.analytics.google.com, www.google-analytics.com (including subdomains)

Google Merchant Center Analytics

Information and Description

Google Merchant Center Analytics is the analytics section of Google Merchant Center. It provides detailed metrics and actionable insights into the performance of your products on Google Shopping, in search results, on Maps, or on YouTube. Users receive information, for example, on click numbers, conversion rates, popular products, trends, and competitive comparisons

Data Processed: Usage data, metadata, contact data, geodata

Data Subjects: Users, prospective customers, communication partners, customers

Legal Basis for Processing: Legitimate Interests, Consent (where obtained)

Legitimate Interests:

  • Optimisation of the User Interface: Our legitimate interest in optimising our user interface and thereby effectively designing our services.
  • Performance Measurement: Our legitimate interest in measuring the performance of our website and individual pages.

Provider Information

Google LLC; Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; subsidiary in the European Union: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy

This provider may process data outside the territorial scope of the European Union.

So-called SCCs (Standard Contractual Clauses) are in place between the controller named above and the provider

 

Hextom Inc.

Provider Information

Hextom Inc.; Hextom Inc. 702-5255 Yonge St. North York ON, M2N 6P4 support@hextom.com, https://hextom.com/privacy-policy/

This provider may process data outside the territorial scope of the European Union.

Judge.me Ltd.

Provider Information

Judge.me Ltd.; c/o Buckworths, 2nd Floor, 1–3 Worship Street, London EC2A 2AB, United Kingdom
Support email: support@judge.me

EU representative for GDPR matters: Buckworths (Ireland) Limited, Workhub, 77 Lower Camden Street, Dublin SO2 XE80, Ireland
Representative: Gloria Conselmo
Email: office@buckworths.com
https://judge.me/privacy

Meta Platforms Ireland Limited

Facebook (Plugins und Widgets)

Upon Consent

Information and Description

We use widgets (buttons, frames, images) provided by Facebook in order to connect our website specifically with our Facebook presence.

Function

Social Media

In order to communicate effectively with our existing and potential customers as well as other interested persons, and to provide them with an accessible point of contact and information, we maintain presences on certain social media platforms.

Elements may be displayed on our website which, when clicked, direct users to the respective social media presence, such as icon links, etc.

Data Processed: Usage data, metadata, content data, contact data, master data, geodata

Data Subjects: Users, communication partners

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Customer Communication and Support: Our legitimate interest in direct and straightforward communication with our existing and potential customers, possibly also in an environment already used by them, as well as our legitimate interest in being able to provide customer-oriented support in this context.

Affected Domains: www.facebook.com, connect.facebook.net, facebook.com

Provider Information

Meta Platforms Ireland Limited; Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Company registration number: 462932
http://de-de.facebook.com/about/privacy

PayPal (Europe) S.à r.l. et Cie, S.C.A.

PayPal

Function

Payment Services

We use external providers in order to offer our customers secure, simple, and familiar payment options.

In the event of a payment, these providers receive order data such as name, address, goods ordered, and amount. Where applicable, the service providers may carry out credit checks based on scientifically developed scoring values.

We also integrate plugins from these service providers into our website, so that access data may be transmitted to these providers even if the payment option is not used.

Data Processed: Usage data, metadata, contact data, contract data, payment data

Data Subjects: Users, customers

Legal Basis for Processing: Legitimate Interests, Performance of a contract and pre-contractual requests, Consent (where obtained)

Legitimate Interests:

  • Security: Our legitimate interest in protecting our offerings against unauthorised and harmful access.
  • Payment Options: Our legitimate interest in being able to offer our customers familiar and secure payment options so that they can complete their purchases securely.

Affected Domains: www.paypal.com, www.paypalobjects.com

Provider Information

PayPal (Europe) S.à r.l. et Cie, S.C.A.; PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg Luxembourg, https://paypal.com/de/privacy/

Shopify International Limited

Shopify - Shop Integration

Information and Description

Services provided by Shopify to enable our online shop to be displayed and used conveniently by you.

Data Processed: Usage data, metadata, geodata

Data Subjects: Users, prospective customers, communication partners, customers, contractual partners

Legal Basis for Processing: Legitimate interests, performance of a contract and pre-contractual requests

Legitimate Interests:

  • Optimisation of the User Interface: Our legitimate interest in optimising our user interface and thereby effectively designing our services.
  • Customer Communication and Support: Our legitimate interest in direct and straightforward communication with our existing and potential customers, possibly also in an environment already used by them, as well as our legitimate interest in being able to provide customer-oriented support in this context.
  • Enabling the Operation of a Website: Processing is carried out on the basis of our legitimate interest in being able to operate a website in the first place.
  • Payment Options: Our legitimate interest in being able to offer our customers familiar and secure payment options so that they can complete their purchases securely.
  • Maintenance: Our legitimate interest in the effective maintenance of our services, the detection of errors, and their effective investigation.
  • High Availability: Our legitimate interest in using a highly available service.

 

 

 

Shopify - CDN

Information and Description

Shopify hosts customer content in its own Content Delivery Network. As a customer, we have no influence over the data processing operations carried out by Shopify.

Data Processed: Metadata, geodata

Data Subjects: User

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Low-Maintenance Operation: Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.
  • High Availability: Our legitimate interest in using a highly available service.

Provider Information

Shopify International Limited; Victoria Buildings, 2. Etage 1-2 Haddington Road Dublin 4, D04 XN32, Irland, https://www.shopify.com/de/legal/datenschutz

Prospect One sp. z o.o. sp.k.

JSDELIVR

Information and Description

JSDELIVR is a Content Delivery Network used for the worldwide provision of open-source JavaScript files.

Function

Content Delivery Network, Optimised Delivery of Images and Files (CDN)

We use external service providers to optimise the delivery and integration of files in terms of performance and compatibility. Where applicable, these providers store files required by us on servers in various geographical regions in order to reduce retrieval times.

In this context, corresponding request data is generated by the respective providers.

Data Processed: Usage data, metadata

Data Subjects: User

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Low-Maintenance Operation: Our legitimate interest in using technology that requires little or no maintenance on our part. At the same time, this ensures a consistently high level of security for the services.
  • High Availability: Our legitimate interest in using a highly available service.

Affected Domains: cdn.jsdelivr.net (incl. Subdomains)

Provider Information

Prospect One sp. z o.o. sp.k.; Prospect One SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ Królewska 65A/1 30-081 Kraków, https://prospectone.io/contact

External Platforms

Social Media

In order to communicate effectively with our existing and potential customers as well as other interested persons, and to provide them with an accessible point of contact and information, we maintain presences on certain social media platforms.

We point out that, when using social media, data may be processed outside the European Union, which may entail risks for users with regard to the enforcement of their rights.

Social media platforms regularly analyse the behaviour of their users for marketing purposes. In doing so, they create extensive profiles of their users’ interests and usage behaviour in order to display personalised advertising to them. Through the setting of cookies and integration on third-party websites, information may also be collected that goes beyond the direct use of the social network.

In particular, information about the terminal device used, the internet connection (IP address), and, where applicable, the user’s location may also be collected.

We point out that only the providers of these networks have access to the data collected about the user; accordingly, requests for information are most effectively addressed directly to those providers.

Details and further data protection information regarding the social networks used can be found below.

X (ex Twitter)

We operate an account on the social network X. On our website, we only integrate X in the form of a link. No data processing takes place when our website is accessed.

We point out that you use the X short messaging service offered here and its functions on your own responsibility. This applies in particular to the use of interactive functions, such as sharing or rating.

Information on which data is processed by Twitter and for what purposes it is used can be found in Twitter’s Privacy Policy:
https://x.com/de/privacy

The information collected by this provider’s cookies is generally transmitted to a server in the USA and stored there. In the event of data being transferred to the USA, the data transfer is based on the existence of Standard Contractual Clauses.

We have no influence over the type and scope of the data processed by X, the manner of processing and use, or the transfer of such data to third parties. In this respect, we also have no effective means of control.

By using X, your personal data is collected, transferred, stored, disclosed, and used by X and, regardless of your place of residence, transferred to, stored, and used in the United States, Ireland, and any other country in which X conducts business.

On the one hand, X processes data voluntarily provided by you, such as your name and username, email address, telephone number, or the contacts from your address book if you upload or synchronise it.

On the other hand, X also evaluates the content shared by you to determine which topics you are interested in, stores and processes confidential messages that you send directly to other users, and may determine your location based on GPS data, information about wireless networks, or your IP address in order to provide you with advertising or other content.

In addition, X collects and evaluates further log data about your visits.

Further information on data collection, data processing, and the options for restricting these processes can be found via the following resources:

https://help.x.com/de/safety-and-security/x-privacy-settings
https://help.X.com/de/forms/fragments/privacy-helpful-articles
https://support.X.com/articles/20172711
https://X.com/settings/your_twitter_data
https://X.com/personalization

We ourselves do not collect any data about your X account or visits to our X profile. However, the data you enter on X, in particular your username and the content published under your account, is processed by us insofar as we may repost your tweets, reply to them, or compose tweets ourselves that refer to your account. The data freely published and distributed by you on X is thereby included by us in our offering and made accessible to our followers.

Provider Information

Twitter International Unlimited Company, Twitter International Unlimited Company One Cumberland Place Fenian Street Dublin 2 D02 AX07 Ireland, https://X.com/de/privacy

Cookie information: https://help.X.com/de/rules-and-policies/X-cookies
Privacy settings: https://help.X.com/de/safety-and-security/privacy-controls-for-tailored-ads

Use

We use this platform to perform the following functions.

Social Media

In order to communicate effectively with our existing and potential customers as well as other interested persons, and to provide them with an accessible point of contact and information, we maintain presences on certain social media platforms.

Elements may be displayed on our website which, when clicked, direct users to the respective social media presence, such as icon links, etc.

Data Processed: Usage data, metadata, content data, contact data, master data, geodata

Data Subjects: Users, communication partners

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Customer Communication and Support: Our legitimate interest in direct and straightforward communication with our existing and potential customers, possibly also in an environment already used by them, as well as our legitimate interest in being able to provide customer-oriented support in this context.

Facebook

We operate a presence on the social network Facebook. On our website, we merely provide a link to this presence. Data processing by Facebook only takes place when you click on the link.

We point out that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of interactive functions, such as commenting, sharing, or rating. Alternatively, you may also access the information offered via this page on our website.

When you visit our Facebook page, Facebook collects, among other things, your IP address and further information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook page, with statistical information about the use of the Facebook page. Facebook provides further information on this at the following URL:
http://de-de.facebook.com/help/pages/insights

The data collected about you in this context is processed by Facebook Ltd. and may, where applicable, be transferred to countries outside the European Union. Facebook describes in general terms what information it receives and how it is used in its Data Use Policy. There you will also find information on how to contact Facebook and on the settings options for advertisements. The Data Use Policy is available at the following URL:
http://de-de.facebook.com/about/privacy

Facebook’s full Data Policy can be found here:
https://de-de.facebook.com/full_data_use_policy

The data collected about you in this context is processed by Facebook Ltd. and may, where applicable, be transferred to countries outside the European Union.

If you visit one of our presences on social media, such as Facebook, such a visit triggers the processing of your personal data.

In this case, we are jointly responsible with the operator of the respective social network for the data processing operations within the meaning of Art. 26 GDPR, provided that we actually make a joint decision with the operator of the social network regarding the data processing and also have an influence on the data processing.

Where possible, we have concluded joint controllership agreements with the operators of the social networks pursuant to Art. 26 GDPR, in particular Facebook Ireland Ltd.’s so-called “Page Controller Addendum”.

You may generally exercise your rights, namely the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to data portability pursuant to Art. 20 GDPR, and the right to lodge a complaint pursuant to Art. 77 GDPR, both against us and against the operator of the respective social network, such as Facebook.

Please note that, despite our joint responsibility pursuant to Art. 26 GDPR with the operators of social networks, we do not have full influence over the data processing carried out by the individual social networks. The corporate policy of the respective provider has a significant influence on our options.

In the event that data subject rights are exercised, we may only be able to forward such requests to the operator of the social network.

The manner in which Facebook uses the data obtained from visits to Facebook pages for its own purposes, the extent to which activities on the Facebook page are assigned to individual users, how long Facebook stores this data, and whether data from a visit to the Facebook page is disclosed to third parties are not conclusively and clearly stated by Facebook and are not known to us.

When accessing a Facebook page, the IP address assigned to your terminal device is transmitted to Facebook. According to Facebook, this IP address is anonymised in the case of “German” IP addresses and deleted after 90 days. Facebook also stores information about its users’ terminal devices, for example within the scope of the “login notification” function; where applicable, Facebook may therefore be able to assign IP addresses to individual users.

If you, as a user, are currently logged in to Facebook, a cookie containing your Facebook identifier is stored on your terminal device. This may enable Facebook to trace that you have visited this page and how you used it, for example by means of a referrer header.

If you wish to prevent Facebook from drawing such conclusions or from associating your visit to our Facebook presence with your profile, you may, for example, use a private browser window, as no cookies are preset in such a window.

As the provider of the information service, we do not collect or otherwise process any data from your use of our service beyond this. This Privacy Policy can be found in its current version under the “Data Policy” section on our Facebook page.

Provider Information

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Company registration number: 462932
http://de-de.facebook.com/about/privacy

Subsidiary of:

Meta Platforms, Inc.
One Hacker Way
Menlo Park, CA 94025
USA

Use

We use this platform to perform the following functions.

Social Media

In order to communicate effectively with our existing and potential customers as well as other interested persons, and to provide them with an accessible point of contact and information, we maintain presences on certain social media platforms.

Elements may be displayed on our website which, when clicked, direct users to the respective social media presence, such as icon links, etc.

Data Processed: Usage data, metadata, content data, contact data, master data, geodata

Data Subjects: Users, communication partners

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Customer Communication and Support: Our legitimate interest in direct and straightforward communication with our existing and potential customers, possibly also in an environment already used by them, as well as our legitimate interest in being able to provide customer-oriented support in this context.

LinkedIn

We operate a presence on the social network LinkedIn, which is used in particular for professional networking. On this website, we merely provide a link to this presence. Data processing by LinkedIn only takes place when you click on this link.

We point out that you use this LinkedIn page and its functions on your own responsibility. This applies in particular to the use of interactive functions, such as commenting, sharing, or rating. Alternatively, you may also access the information offered via this page on our website.

When you visit our LinkedIn page, LinkedIn collects, among other things, your IP address and further information that is stored on your PC in the form of cookies.

LinkedIn provides further information on this at the following URL:
https://de.linkedin.com/legal/privacy-policy?

Provider Information

LinkedIn Corp.; for the EU: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Parent company: LinkedIn Corp., 605 W Maude Ave, Sunnyvale, CA 94085, USA
https://www.linkedin.com/legal/privacy-policy

Use

We use this platform to perform the following functions.

Social Media

In order to communicate effectively with our existing and potential customers as well as other interested persons, and to provide them with an accessible point of contact and information, we maintain presences on certain social media platforms.

Elements may be displayed on our website which, when clicked, direct users to the respective social media presence, such as icon links, etc.

Data Processed: Usage data, metadata, content data, contact data, master data, geodata

Data Subjects: Users, communication partners

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Customer Communication and Support: Our legitimate interest in direct and straightforward communication with our existing and potential customers, possibly also in an environment already used by them, as well as our legitimate interest in being able to provide customer-oriented support in this context.

Instagram

We operate a page on the social network Instagram.

We point out that you use this Instagram page and its functions on your own responsibility. This applies in particular to the use of interactive functions, such as commenting or rating.

When you visit our Instagram page, Instagram collects, among other things, your IP address and further information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram page, with statistical information about the use of the Instagram page.

The data collected about you in this context is processed by Instagram Inc. and may, where applicable, be transferred to countries outside the European Union.

Instagram describes in general terms what information it receives and how it is used in its Privacy Policy. There you will also find information on how to contact Instagram as well as further options for adjusting settings regarding the display of targeted advertising.

https://help.instagram.com/519522125107875

The manner in which Instagram uses the data obtained from visits to Instagram pages for its own purposes, the extent to which activities on the Instagram page are assigned to individual users, how long Instagram stores this data, and whether data from a visit to the Instagram page is disclosed to third parties are not conclusively and clearly stated by Instagram and are not known to us.

When accessing an Instagram page, the IP address assigned to your terminal device is transmitted to Instagram. According to Instagram, this IP address is anonymised after processing in the case of “German” IP addresses and deleted after 90 days. Instagram also stores information about its users’ terminal devices, for example within the scope of the “login notification” function; where applicable, Instagram may therefore be able to assign IP addresses to individual users.

If you, as a user, are currently logged in to Instagram, a cookie containing your Instagram identifier is stored on your terminal device. This enables Instagram to trace that you have visited this page and how you used it. This also applies to all other Instagram pages.

Instagram may also be able to associate your visit to our website with your profile, for example by reading the so-called “referrer header”.

If you wish to prevent this, you must adjust your browser’s cookie settings or delete the relevant cookies of the provider. Alternatively, you can increase protection against tracking by using a private browser window.

As the provider of the information service, we do not collect or otherwise process any data from your use of our service beyond this.

This Privacy Policy can be found in its current version under the “Data Policy” section on the respective Instagram page.

Provider Information

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Company registration number: 462932
http://de-de.facebook.com/about/privacy

Subsidiary of:

Meta Platforms, Inc.
One Hacker Way
Menlo Park, CA 94025
USA

Use

We use this platform to perform the following functions.

Social Media

In order to communicate effectively with our existing and potential customers as well as other interested persons, and to provide them with an accessible point of contact and information, we maintain presences on certain social media platforms.

Elements may be displayed on our website which, when clicked, direct users to the respective social media presence, such as icon links, etc.

Data Processed: Usage data, metadata, content data, contact data, master data, geodata

Data Subjects: Users, communication partners

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Customer Communication and Support: Our legitimate interest in direct and straightforward communication with our existing and potential customers, possibly also in an environment already used by them, as well as our legitimate interest in being able to provide customer-oriented support in this context.

Pinterest

We operate a page on the social network Pinterest.

We point out that you use this Pinterest page and its functions on your own responsibility. This applies in particular to the use of interactive functions, such as commenting or rating.

When you visit our Pinterest page, Pinterest collects, among other things, your IP address and further information that is stored on your PC in the form of cookies.

Pinterest describes in general terms what information it receives and how it is used in its Privacy Policy at:
https://policy.pinterest.com/de/privacy-policy

Provider Information

Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland
https://policy.pinterest.com/de/privacy-policy

Use

We use this platform to perform the following functions.

Social Media

In order to communicate effectively with our existing and potential customers as well as other interested persons, and to provide them with an accessible point of contact and information, we maintain presences on certain social media platforms.

Elements may be displayed on our website which, when clicked, direct users to the respective social media presence, such as icon links, etc.

Data Processed: Usage data, metadata, content data, contact data, master data, geodata

Data Subjects: Users, communication partners

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Customer Communication and Support: Our legitimate interest in direct and straightforward communication with our existing and potential customers, possibly also in an environment already used by them, as well as our legitimate interest in being able to provide customer-oriented support in this context.

TikTok

We operate a TikTok channel for the presentation of our services and products.

We point out that you use TikTok and its functions on your own responsibility. This applies in particular to the interactive functions, such as commenting, sharing, or rating. Please therefore carefully consider, in your own interest, which information you wish to disclose and share with other users.

We expressly point out that TikTok stores the data of users of its services, such as personal information, IP addresses, etc., and may also use such data for business purposes.

We have no influence over the collection and further processing of data by TikTok. Furthermore, we are unable to determine the extent to which, where, and for how long the data is stored, to what extent TikTok complies with existing deletion obligations, which analyses and links are made with the data, and to whom the data is disclosed.

Insofar as the data transmitted to us by you via TikTok is also or exclusively processed by TikTok, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, is, in addition to us, the controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR).

The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

You can contact TikTok’s data protection officer via the online contact form provided by TikTok at:
https://www.tiktok.com/legal/report/DPO

As a general rule, we ourselves do not store or process any personal data relating to you.

Further information on data processing and contact options can be found on the following TikTok support pages:
https://support.tiktok.com/de

You can find information about the possibility of viewing your own data on TikTok here, with further references:
https://support.tiktok.com/de/account-and-privacy/account-informationn

Information on the available personalisation and privacy settings can be found here, with further references:
https://support.tiktok.com/de/account-and-privacy/account-privacy-settings

Furthermore, you have the option of requesting information via TikTok’s privacy form or archive requests:
https://www.tiktok.com/legal/report/privacy?lang=de

TikTok provides us with so-called Page Insights (Analytics) for our TikTok page:
https://www.tiktok.com/analytics

These are aggregated data that enable us to gain insight into how people interact with our page. Page Insights may be based on personal data collected in connection with a visit to, or interaction by persons with, our page and its content. This is carried out pursuant to Art. 6(1) lit. e GDPR in conjunction with § 3 BDSG in order to ensure an optimised presentation of our offering and effective communication with interested parties.

You may object to the processing of your data for the aforementioned purposes at any time by changing your advertising settings in your TikTok user account accordingly, by adjusting “personalised advertising” under “Settings and privacy”.

Provider Information

TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
https://www.tiktok.com/legal/page/eea/privacy-policy/de

Use

We use this platform to perform the following functions.

Social Media

In order to communicate effectively with our existing and potential customers as well as other interested persons, and to provide them with an accessible point of contact and information, we maintain presences on certain social media platforms.

Elements may be displayed on our website which, when clicked, direct users to the respective social media presence, such as icon links, etc.

Data Processed: Usage data, metadata, content data, contact data, master data, geodata

Data Subjects: Users, communication partners

Legal Basis for Processing: Legitimate Interests

Legitimate Interests:

  • Customer Communication and Support: Our legitimate interest in direct and straightforward communication with our existing and potential customers, possibly also in an environment already used by them, as well as our legitimate interest in being able to provide customer-oriented support in this context.

Rights of Data Subjects

Data subjects have certain rights, about which we inform you below.

  • Right to Object (Art. 21 GDPR): You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6(1) lit. e or f GDPR; this also applies to profiling based on those provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.
  • Right of Access (Art. 15 GDPR): You have the right to request confirmation as to whether data concerning you is being processed and to obtain access to such data, as well as further information and a copy of the data in accordance with the statutory requirements.
  • Right to Rectification (Art. 16 GDPR): In accordance with the statutory requirements, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to Erasure and Restriction of Processing (Art. 17, 18 GDPR): In accordance with the statutory requirements, you have the right to request that data concerning you be erased without undue delay or, alternatively, to request restriction of the processing of such data in accordance with the statutory requirements.
  • Right to Data Portability (Art. 20 GDPR): You have the right to receive the data concerning you that you have provided to us in a structured, commonly used, and machine-readable format in accordance with the statutory requirements, or to request that such data be transmitted to another controller.
  • Complaint to a Supervisory Authority (Art. 77 GDPR): In accordance with the statutory requirements, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
  • Right to Withdraw Consent (Art. 7(3) GDPR): You have the right to withdraw any consent you have given to the controller at any time.

Glossary

Below you will find a list of explanations of the terms most commonly used in this context.

Personal Data

“Personal data” means any information relating to an identified or identifiable natural person, hereinafter referred to as the “data subject”. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more specific characteristics that are an expression of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (see Art. 4 No. 1 GDPR).

Processing

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction (see Art. 4 No. 2 GDPR).

Controller

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for its nomination may be provided for by Union law or by the law of the Member States (see Art. 4 No. 7 GDPR).

 

Processor

“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller (see Art. 4 No. 8 GDPR).

Click Tracking

“Click tracking” enables tracking of whether and which button a user has clicked, where this click led the user, and, where applicable, from which page of the online offering the click originated.