We appreciate your interest in our products and want to assure you that the protection of your personal data is of utmost importance to us.
The use of our website is generally possible without providing personal data. Only when using certain services, such as ordering products or using contact forms, will we ask you to provide your data.
The processing of your personal data (e.g., name, address, email address, telephone number) is carried out exclusively in accordance with applicable data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
With this privacy policy, we aim to provide you with transparent information about the nature, scope, and purpose of the personal data we collect, use, and process.
Furthermore, we would like to inform you about your rights as a data subject concerning the processing of your personal data.
To protect your data, we have implemented extensive technical and organizational security measures that reflect the current state of the art.
However, we would like to point out that data transmission over the internet (e.g., when communicating via email) may have security vulnerabilities. Therefore, absolute protection of your data against unauthorized access is not possible.
In this privacy policy, you will find detailed information on the following points:
We kindly ask you to carefully read the privacy policy to inform yourself about the processing of your personal data by us.
This privacy policy is based on the definitions used by the European Directive and Regulation legislator when adopting the GDPR (General Data Protection Regulation) (Article 4 GDPR). The aim of this privacy policy is to be easily readable and understandable for everyone. To ensure this, we would like to explain the terms used first. This privacy policy includes, among others, the following terms:
"Personal data": Any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
"Data subject": Any identified or identifiable natural person whose personal data is processed by the controller.
"Processing": Any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
"Restriction of processing": The marking of stored personal data with the aim of limiting their processing in the future.
"Profiling": Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
"Controller": The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Recipient": A natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not.
"Third party": A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
"Consent": The freely given, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
This privacy policy applies to data processing by:
Controller:
FAMAGA Group GmbH & Co. KG
Represented by the managing directors Emil Aghayev, Timur Aghayev
Hinter den Kirschkaten 83
23560 Lübeck
Tel.: +49 (0) 451 98920681
Fax: +49 (0) 451 98920683
Which data is collected and stored. The purpose of their use
Use of our website: Anonymity and data protection
Basic use without disclosure of identity:
You can basically use our website without revealing your identity.
Automatically collected information:
When you access our website, your browser automatically sends information to our server. This information is temporarily stored in a log file. The following data is collected without your intervention:
Purpose of data collection:
The storage of this data is for technical reasons to ensure the stability and security of our website. The data is also evaluated for statistical purposes to analyze and optimize the use of our website.
The legal basis for data processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR). Our legitimate interest arises from the purposes of data collection mentioned above. In no case do we use the collected data to draw conclusions about your person.
Additionally, we use cookies and analytics services when you visit the website. Further information can be found in this privacy policy.
If you have any questions, we invite you to contact us through the form on our website. A valid email address must be provided so that we know who the request is from and can respond. Further details can be provided voluntarily. You can decide for yourself whether to include this data in the contact form.
The processing of data for contacting us is carried out in accordance with Article 6(1)(a) of the GDPR based on your voluntary consent.
The personal data collected by us for using the contact form will be deleted after your request has been processed.
This service offers you the opportunity to order current catalogs or other informational brochures from us, which will be sent to you by post or offered for download. To do this, you need to register and provide personal data. The personal data you provide during registration will be stored by us and used for processing the respective order.
The processing of data for the purpose of contacting us is carried out in accordance with Article 6(1)(a) of the GDPR based on your voluntary consent.
Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact details (e.g., email, phone numbers); Contract data (e.g., subject of the contract, term, customer category); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
Affected individuals: Customers.
Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Marketing.
Legal bases: Contractual performance and pre-contractual inquiries (Art. 6(1)(b) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).
We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as "contractual partners") within the scope of contractual and similar legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractually), e.g., to respond to inquiries.
We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any updating obligations, and remedies for warranty and other performance disruptions. In addition, we process the data to safeguard our rights and for the purposes of the administrative tasks associated with these obligations and company organization. Furthermore, we process the data based on our legitimate interests in proper and efficient business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., for the involvement of telecommunications, transportation, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about further forms of processing, e.g., for marketing purposes, within the scope of this privacy policy.
Which data are required for the aforementioned purposes, we inform the contractual partners before or as part of the data collection process, e.g., in online forms, through special labeling (e.g., colors) or symbols (e.g., asterisks or similar), or personally.
We delete the data after the expiry of statutory warranty and similar obligations, i.e., generally after a period of 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal reasons of archiving. The statutory retention period is ten years for tax-relevant documents as well as for commercial books, inventories, opening balances, annual financial statements, the management reports required for understanding these documents, and other organizational documents and booking vouchers, and six years for received commercial and business letters and copies of sent commercial and business letters. The period begins with the expiration of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statement, or the management report was prepared, the commercial or business letter was received or sent, or the booking voucher was created, and the recording or other documents were created.
To the extent that we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms apply in the relationship between users and providers.
Processed data types: Master data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact details (e.g., email, phone numbers); Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
Affected individuals: Customers; Prospects. Business and contractual partners.
Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Contact inquiries and communication; Office and organizational procedures; Administration and response to inquiries; Conversion measurement (measurement of the effectiveness of marketing measures). Profiles with user-related information (creation of user profiles).
Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Further information on processing processes, procedures, and services:
Economic analyses and market research: For business reasons and to identify market trends, desires of contractual partners, and users, we analyze the data available to us on business transactions, contracts, inquiries, etc., where the group of affected individuals may include contractual partners, prospects, customers, visitors, and users of our online offering. The analyses are carried out for the purpose of business evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). In doing so, we may consider the profiles of registered users, including their information on services used, if available. The analyses serve solely us and are not disclosed externally unless they are anonymous analyses with aggregated, i.e., anonymized values. Furthermore, we respect the privacy of users and process the data for analytical purposes as pseudonymously and, if feasible, anonymously (e.g., as aggregated data); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Online shop, order forms, e-commerce, and delivery: We process the data of our customers to enable them to select, purchase, or order the chosen products, goods, and related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, especially postal, freight, and shipping companies, to carry out delivery or execution to our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The required information is marked as such within the framework of the ordering or similar acquisition process and includes the information necessary for delivery, provision, and billing, as well as contact information to be able to make any inquiries if necessary; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
Use of online platforms for offering and sales purposes: We offer our services on online platforms operated by other service providers. In this context, the data protection notices of the respective platforms apply in addition to our data protection notices. This applies in particular with regard to the execution of the payment process and the procedures for reach measurement and interest-based marketing used on the platforms.
Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Contract data (e.g., contract object, term, customer category); Usage data (e.g., visited websites, interest in content, access times). Meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status). Data subjects: Customers. Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Marketing. Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Further information on processing processes, procedures, and services:
eBay: Online marketplace for e-commerce; Service provider: eBay Marketplaces GmbH, Helvetiastrasse 15/17, 3005 Bern, Switzerland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.ebay.com/; Privacy policy: https://www.ebay.com/help/policies/member-behavior-policies/user-privacy-notice?id=4260. Basis of third-country transfers: Adequacy decision (Switzerland).
Shopify: Platform for offering and conducting e-commerce services. The services and processes carried out in connection with them include, in particular, online shops, websites, their offers and contents, community elements, purchase and payment processes, customer communication, as well as analysis and marketing; Service provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.shopify.com/. Privacy policy: https://www.shopify.com/legal/privacy.
In the context of contractual and other legal relationships, based on legal obligations or otherwise on the basis of our legitimate interests, we offer affected individuals efficient and secure payment options and use additional service providers alongside banks and credit institutions (collectively "payment service providers").
The data processed by the payment service providers include inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract-related, sum-related, and recipient-related information. The information is necessary to carry out the transactions. However, the data entered is processed and stored only by the payment service providers. In other words, we do not receive any account or credit card-related information, but only information confirming or denying the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. This transmission is for the purpose of identity and creditworthiness checks. We refer you to the terms and conditions and privacy policies of the payment service providers.
The terms and conditions and privacy policies of the respective payment service providers apply to payment transactions, which are available within the respective websites or transaction applications. We also refer to these for further information and the exercise of withdrawal, information, and other data subject rights.
Processed data types: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta-, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
Affected individuals: Customers, interested parties.
Purposes of processing: Provision of contractual services and fulfillment of contractual obligations.
Legal bases: Contractual fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).
Further information on processing procedures, processes, and services:
American Express: Payment services (technical integration of online payment methods); Service provider: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany; Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.americanexpress.com/. Privacy policy: https://www.americanexpress.com/us/company/privacy-center/online-privacy-disclosures/#privacy-notices.
Giropay: Payment services (technical integration of online payment methods); Service provider: giropay GmbH, An der Welle 4, 60322 Frankfurt, Germany; Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.giropay.de. Privacy policy: https://www.giropay.de/rechtliches/datenschutzerklaerung/.
Mastercard: Payment services (technical integration of online payment methods); Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.mastercard.com/europe/en/home.html. Privacy policy: https://www.mastercard.com/global/en/vision/corp-responsibility/commitment-to-privacy/privacy.html.
PayPal: Payment services (technical integration of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://www.paypal.com/. Privacy policy: https://www.paypal.com/us/webapps/mpp/country-worldwide.
Stripe: Payment services (technical integration of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://stripe.com/; Privacy policy: https://stripe.com/privacy. Basis for third-country transfers: Data Privacy Framework (DPF).
Visa: Payment services (technical integration of online payment methods); Service provider: Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, GB; Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Website: https://visa.com; Privacy policy: https://www.visa.com/legal/global-privacy-notice.htm . Basis for third-country transfers: Adequacy decision (GB).
Cookies are small text files or other storage mechanisms that store information on end devices and retrieve information from end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or the functions used in an online offering. Cookies can also be used for various purposes, such as functionality, security, and convenience of online offerings, as well as for analyzing visitor flows.
Information about Consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, unless legally not required. Consent is particularly not necessary if storing and retrieving information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online offering) explicitly requested by them. Essential cookies typically include cookies with functions related to the display and functionality of the online offering, load balancing, security, storing user preferences and choices, or similar purposes related to providing the main and ancillary functions of the online offering requested by users. The revocable consent is clearly communicated to users and includes information about the respective cookie usage.
Information about Data Protection Legal Bases: The data protection legal basis on which we process users' personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the operational functioning of our online offering and improving its usability) or, if carried out in fulfillment of our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. We clarify the purposes for which cookies are processed by us in the course of this privacy policy or as part of our consent and processing processes.
Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:
Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).
Persistent Cookies: Persistent cookies remain stored even after the end device is closed. For example, login status can be saved or preferred content can be displayed directly when the user revisits a website. Likewise, the data collected from users using cookies can be used for measuring reach. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and the storage duration can be up to two years.
General Information on Revocation and Objection (so-called "Opt-Out"): Users can revoke their consent given at any time and object to processing in accordance with legal requirements. For this purpose, users can restrict the use of cookies in their browser settings (although this may also restrict the functionality of our online offering). Objection to the use of cookies for online marketing purposes can also be made via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.
Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Further Notes on Processing Procedures, Methods, and Services:
Processing of Cookie Data Based on Consent: We employ a consent management solution where users' consent to the use of cookies or to the procedures and providers mentioned within the consent management solution is obtained. This procedure facilitates the collection, logging, management, and revocation of consents, particularly regarding the use of cookies and similar technologies used for storing, accessing, and processing information on users' end devices. Within this process, users' consents for the use of cookies and the associated processing of information, including specific processing and providers mentioned in the consent management process, are obtained. Users also have the option to manage and revoke their consents. The consent declarations are stored to avoid repeated requests and to be able to provide evidence of consent in accordance with legal requirements. Storage is done server-side and/or in a cookie (known as an opt-in cookie) or through comparable technologies to associate consent with a specific user or device. If there are no specific details about the providers of consent management services, the following general information applies: The duration of consent storage is up to two years. A pseudonymous user identifier is created, which is stored along with the time of consent, details about the scope of consent (e.g., categories of cookies and/or service providers involved), and information about the browser, system, and device used; Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
Web Analysis, Monitoring, and Optimization:
Web analysis (also referred to as "reach measurement") serves to evaluate the visitor traffic to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. Through reach analysis, we can, for example, determine the times when our online offering or its functions or content are most frequently used or revisited for reuse. Likewise, we can track areas that require optimization.
In addition to web analysis, we may also use test procedures to, for example, test and optimize different versions of our online offering or its components.
Unless otherwise indicated below, profiles may be created for these purposes, i.e., data summarized for a usage process, and information may be stored in a browser or on a device and read from it. The collected information includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the operating system, and information about usage times. If users have consented to the collection of their location data to us or to the providers of the services we use, location data may also be processed.
The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect the users. In general, no clear data of users (such as email addresses or names) are stored in the context of web analysis, A/B testing, and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.
Google Analytics: We use Google Analytics to measure and analyze the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It is used to assign analysis information to a device to recognize which content users have accessed within one or multiple usage processes, which search terms they have used, revisited, or interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users referring to our online offering and technical aspects of their devices and browsers.
Pseudonymous profiles of users with information from the usage of various devices are created, with cookies possibly being used. Google Analytics does not log and store individual IP addresses for EU users. However, it provides rough geographical location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is solely used for this derivation of geolocation data before being immediately deleted. They are not logged, not accessible, and not used for further purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/ae/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Privacy Policy: https://policies.google.com/privacy; Data Processing Amendment: https://business.safety.google/adsprocessorterms/; Basis for third-country transfers: Data Privacy Framework (DPF); Opt-out option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (Types of processing and data processed).
Google Tag Manager: Google Tag Manager is a solution that allows us to manage so-called website tags via an interface, thereby integrating other services into our online offering (for further details, please refer to other sections of this privacy policy). With the Tag Manager itself (which implements the tags), no user profiles are created or cookies stored. Google only receives the user's IP address, which is necessary to execute the Google Tag Manager; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Amendment: https://business.safety.google/adsprocessorterms. Basis for third-country transfers: Data Privacy Framework (DPF).
Presence on social networks (Social Media): We maintain online presences within social networks and process data of users within this context to communicate with users active on those platforms or to provide information about us.
We would like to point out that data of users may be processed outside the European Union. This may result in risks for users because, for example, the enforcement of user rights could be more difficult.
Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and resulting interests. These user profiles can then be used to display advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the user behavior and interests are stored. Furthermore, data can also be stored in the user profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and logged into them).
For a detailed presentation of the respective processing methods and options for objection (Opt-Out), please refer to the privacy policies and information provided by the operators of the respective networks.
Also, in the case of requests for information and the assertion of data subject rights, we would like to point out that these are most effectively asserted directly with the providers. Only the providers have access to the users' data and can directly take appropriate measures and provide information. If you still require assistance, you can contact us.
Additional information on processing procedures, methods, and services:
Instagram: Social network; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy. Basis for third-country transfers: Data Privacy Framework (DPF).
Facebook Pages: Profiles within the Facebook social network; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Basis for third-country transfers: Data Privacy Framework (DPF); Further information: We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not further processing) of data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or actions they take (see "Things you and others do and provide" in Facebook's Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in Facebook's Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, known as "Page Insights," to page owners so they can understand how people interact with their pages and associated content. We have entered into a specific agreement with Facebook ("Page Insights Information," https://www.facebook.com/legal/terms/page_controller_addendum), which in particular regulates the security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e., users can, for example, address requests for information or deletion directly to Facebook). The rights of users (especially with regard to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Page Insights Information" (https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint responsibility is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, particularly regarding the transfer of data to the parent company, Meta Platforms, Inc., in the USA.
We integrate functional and content elements into our online offering, which are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This may include, for example, graphics, videos, or maps (hereinafter collectively referred to as "content").
The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the display of this content or functions. We strive to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, among other things, technical information about the browser and operating system, referring websites, visit time, as well as other information about the use of our online offering, as well as being linked to such information from other sources.
Types of processed data: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status). Location data (information about the geographic position of a device or person).
Affected persons: Users (e.g., website visitors, users of online services).
Purposes of processing: Provision of our online offering and user-friendliness; Marketing. Profiles with user-related information (creation of user profiles).
Legal basis: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR). Consent (Art. 6 para. 1 s. 1 lit. a) GDPR).
Further Information on Processing Procedures, Procedures, and Services:
Google Fonts (Sourced from Google Server): The sourcing of fonts (and symbols) serves the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to their timeliness and loading times, their uniform presentation, and consideration of possible licensing restrictions. The provider of the fonts is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted, which are necessary for providing the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA - When visiting our online offering, users' browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CCS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent describing the browser and operating system versions of the website visitors, as well as the referring URL (i.e., the webpage where the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent, and referring URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a specific font family is requested. In the Google Fonts Web API, the user agent must adapt the font for the respective browser type generated. The user agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the "Analytics" page of Google Fonts. Finally, the referring URL is logged so that the data can be used for production maintenance and an aggregated report on top integrations based on the number of font requests can be generated. Google states that it does not use any of the information collected by Google Fonts to create profiles of end users or to display targeted ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=en.
Google Maps: We embed the maps of the "Google Maps" service provided by Google. Processed data may include IP addresses and location data of users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Consent (Art. 6 para. 1 s. 1 lit. a) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Basis for third-country transfers: Data Privacy Framework (DPF).
Instagram Plugins and Content: Instagram plugins and content - This may include content such as images, videos, or texts and buttons that allow users to share content of this online offering within Instagram. - We, together with Meta Platforms Ireland Limited, are jointly responsible for the collection or receipt as part of a transfer (but not for further processing) of "Event Data" that Facebook collects or receives through functions of Instagram (e.g., embedding functions for content) executed on our online offering, for the following purposes, jointly responsible: a) Display of content and advertising information that corresponds to the presumed interests of the users; b) Delivery of commercial and transaction-related messages (e.g., addressing users via Facebook Messenger); c) Improving ad delivery and personalizing features and content (e.g., improving recognition of which content or advertising information presumably corresponds to the interests of the users). We have entered into a specific agreement with Facebook ("Supplement for Controllers", https://www.facebook.com/legal/controller_addendum), which regulates in particular the security measures Facebook must comply with (https://www.facebook.com/legal/terms/data_security_terms), and Facebook has agreed to fulfill the rights of data subjects (i.e., users can address requests for information or deletion directly to Facebook). Note: If Facebook provides us with metrics, analyses, and reports (which are aggregated, i.e., do not contain information about individual users and are anonymous to us), this processing does not occur within the scope of joint responsibility but on the basis of a data processing agreement ("Data Processing Terms", https://www.facebook.com/legal/terms/dataprocessing), the "Data Security Terms" (https://www.facebook.com/legal/terms/data_security_terms), and with regard to processing in the USA based on standard contractual clauses ("Facebook EU Data Transfer Addendum", https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular, the right to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR); Website: https://www.instagram.com. Privacy Policy: https://instagram.com/about/legal/privacy/.
According to Article 15 of the GDPR, you have the right to obtain information about your personal data processed by us. In particular, you can request information about the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, the planned storage duration, the existence of the right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the details.
According to Article 16 of the GDPR, you have the right to request the immediate rectification of inaccurate or completion of your personal data stored by us.
According to Article 17 of the GDPR, you have the right to request the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
According to Article 18 of the GDPR, you have the right to request the restriction of processing of your personal data if the accuracy of the data is contested, the processing is unlawful, but you oppose their erasure, and we no longer need the data, but you require them for the establishment, exercise, or defense of legal claims, or you have objected to processing pursuant to Article 21 of the GDPR.
According to Article 20 of the GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transmission of this data to another controller.
According to Article 7(3) of the GDPR, you have the right to withdraw your consent at any time. This withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
According to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your habitual residence or place of work or our company headquarters for this purpose.
If your personal data are processed based on legitimate interests pursuant to Article 6(1)(f) of the GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 of the GDPR, provided that there are reasons arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without specifying any particular situation.
If you wish to exercise your right of revocation or objection, simply send an email to: [email protected].
During your website visit, we use the widely recognized SSL (Secure Socket Layer) protocol in conjunction with the highest level of encryption supported by your browser. Typically, this is 256-bit encryption. If your browser does not support 256-bit encryption, we will alternatively use 128-bit-v3 technology. You can tell whether a particular page of our website is transmitted encrypted by the closed display of the lock or key symbol in the lower status bar of your browser.
In addition, we employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously developed and improved in line with the state of the art.
This privacy policy is currently in effect and will remain valid until March 2024.
Due to the ongoing development of our website and the offerings contained therein, or due to changes in legal or regulatory requirements, it may be necessary to amend this privacy policy.
