Mediaform data protection declaration

This data protection declaration explains to you the nature, scope and purpose of the processing of personal data (hereinafter abbreviated: "data") within our online Mediaform GmbH offering and the web pages, functions and contents associated with the latter, and external online presences, e.g. our social media profile (hereinafter collectively described as "online offering"). With regard to the terminology used, e.g. "processing" or "responsible person", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

You can contact our company data protection officer here:

Mediaform Informationssysteme GmbH
Data protection officer
Borsigstrasse 21
D-21465 Reinbek, Germany
Tel.: +49 40 72 73 60 26
E-mail: datenschutzbeauftragter(at)mediaform.de


Types of data processed

  • Inventory data (e.g. names, addresses).
  • Contact data (e.g. E-mail addresses, telephone numbers).
  • Content data (e.g. text entries, photographs, videos).
  • Usage data (e.g. web pages visited, interest in contents, access times).
  • Metadata/communication data (e.g. device information, IP addresses).

Categories of data subjects

  • Visitors and users of the online offering

(hereinafter we describe the affected persons [data subjects] collectively as "user(s)").

Purpose of the processing

  • Making available the online offering, its functions and contents
  • Answering contact requests and communication with users
  • Safety precautions
  • Reach measurement
  • Implementing advertising measures

Terminology used

In accordance with Article 4 of the General Data Protection Regulation (GDPR), the following terms used are defined as follows:

"Personal data" are all information relating to an identified or identifiable natural person (hereinafter "data subject" [affected person]); a natural person who can be directly or indirectly identified, especially by assignment to an identifier such as a name, to an identity number, to location data, to an online identifier (e.g. a cookie) or to one or more specific features that are the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person, is regarded as identifiable.

"Processing" is any process carried out with or without the aid of automated procedures, or any such series of processes, in connection with personal data. The term is wide-ranging, and includes practically any handling of data.

The natural person or legal entity, authority, establishment or other agency who/that, alone or together with others, makes decisions regarding the purposes and means of processing personal data is described as a "responsible person".

Authoritative legal bases

We communicate to you the legal bases for our data processing in accordance with Article 13 of the GDPR. Insofar as the legal basis is not mentioned in the Data Protection Declaration, the following shall apply: The legal basis for obtaining consents is provided by Article 6, Para. 1, Letter a and Article 7 of the GDPR. The legal basis for processing to fulfil our performances and carry out contractual measures, and to answer enquiries, is Article 6, Para. 1, Letter b of the GDPR. The legal basis for processing to fulfil our legal obligations is Article 6, Para. 1, Letter c of the GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6, Para. 1, Letter f of the GDPR. In the event that the vital interests of the person affected (data subject) or of another natural person necessitate processing personal data, Article 6, Para. 1, Letter d of the GDPR shall serve as the legal basis

Collaboration with contract processors and with third parties

Insofar as we disclose your data to other persons and companies (contract processors or third parties) or communicate it to them or grant them access to the data in some other way in the context of our processing of your data, this shall take place exclusively based on the following factual circumstances:

legal permission (e.g. if/when communication of the data to third parties is necessary pursuant to Article 6, Para. 1, Letter b of the GDPR for contract fulfilment, such as to payment service providers,

  • you have given your consent,
  • a legal obligation makes provision for it, or
  • based on our legitimate interests (e.g. when using authorised representatives, webmasters etc.).

Insofar as we appoint third parties to process data based on a so-called "job processing contract", this shall take place based on Article 28 of the GDPR.

Transfers to third countries

Insofar as we process data in a third country (i.e. outside of the European Union (EU) or outside of the European Economic Area (EEA), or this occurs in the context of the utilisation of a third party's services or the disclosure and/or communication of data to a third party, this shall take place exclusively when it occurs:

  • to fulfil our (pre)contractual obligations,
  • based on your consent
  • based on a legal obligation, or
  • based on our legitimate interests.

Subject to legal/statutory or contractual permissions, we allow your data to be processed in a third country only when the special conditions pursuant to Articles 44 ff. of the GDPR are present. I.e. processing takes place, for example, based on special guarantees, such as the officially recognised ascertainment of a level of data protection corresponding to that in the EU (e.g. through the "Privacy Shield" for the USA), or observing officially recognised special contractual obligations (so-called "Standard Contractual Clauses").

Rights of affected persons (data subjects)

In accordance with Article 15 of the GDPR, you have the right to demand confirmation as to whether respective data are being processed, and to receive information about these data. You also have the right to demand further information and copies of the data.

In accordance with Article 16 of the GDPR, you have the right to demand the completion of data pertaining to you, or the correction of incorrect data pertaining to you.

In accordance with Article 17 of the GDPR, you have the right to demand the immediate deletion of pertinent data, or alternatively in accordance with Article 18 of the GDPR, to require restriction of the processing of the data.

In accordance with Article 20 of the GDPR, you have the right to demand that you receive the data pertaining to you that you supplied to us, and to require its transmission to other responsible persons.

Moreover, in accordance with Article 77 of the GDPR, you have the right to file a complaint with the relevant supervisory authority.

Right of revocation

In accordance with Article 7, Para. 3 of the GDPR, you have the right to revoke consents that were granted, with effect for the future.

In accordance with Article 21 of the GDPR, you can at any time object to the future processing of data pertaining to you. In particular, the objection can take place against processing for direct advertising purposes.

Cookies and the right to object in relation to direct advertising

"Cookies" are small data files saved on users' computers. Various information can be stored inside cookies. A cookie's primary purpose is to store information about a user (e.g. the device on which the cookie is saved) during or even after his/her visit within an online offering. Temporary cookies, aka "session cookies“ or "transient cookies", are cookies that are deleted after a user leaves an online offering and his/her browser closes. For example, the content of a shopping cart in an online shop or a login status can be stored in a cookie of this kind. "Permanent" or "persistent" cookies are cookies that remain saved even after the browser has closed. For example, the login status can be stored if/when the user visits it several days later. The user's interests that are employed for range measurement or for marketing purposes can also be stored in this kind of cookie. "Third party cookies“ are cookies offered by providers other than the "responsible person" who operates the online offering (otherwise, when they are only the latter's cookies, they are called "first party cookies").

We may use temporary and permanent cookies, and we provide clarification of this in the context of our Data Protection Declaration.

If you as the user do not want cookies to be saved on your computer, please deactivate the corresponding option in your browser's system settings. Saved cookies can be deleted in the browser's system settings. Excluding cookies may lead to limitations in the functioning of this online offering.

A general objection to the use of cookies employed for online marketing purposes can be declared in the case of a variety of services, mainly in the case of tracking, via the US-American web page http://www.aboutads.info/choices/ or the EU web page https://www.youronlinechoices.com/. Moreover, the saving of cookies can be achieved by switching them off in the browser's settings. Please note that possibly the functions of this online offering may then not all be usable.

Deleting data

The data we process are deleted or their processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this Data Protection Declaration, data we store is deleted as soon as it is no longer needed for its intended purpose, provided there are no legal/statutory retention requirements opposing this deletion. Insofar as data is not deleted because it is required for other, legally/statutorily permissible purposes, its processing is restricted. I.e. the data is blocked and is not processed for other purposes. This applies, for example, to data that must be preserved for commercial or tax legislation reasons.

In particular, according to statutory/legal requirements in Germany, preservation is for six years pursuant to Section 257, Para. 1 of the HGB (German Code of Commercial Law) (trading/account books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers etc.) and for ten years pursuant to Section 147, Para. 1 of the AO (Abgabenordnung; the German Tax Code (account books, records, management reports, accounting vouchers, commercial and business correspondence, documents relevant for taxation etc.).

In particular, according to statutory/legal requirements in Austria, preservation is for seven years pursuant to Section 132, Para. 1 of the BAO (Bundesabgabenordnung; Austrian Federal Tax Code) (accounting records, documentary proofs/invoices, accounts, documentary evidence, business paperwork, statements of income and expenditure etc.), for 22 years in connection with plots of land, and for ten years for documents connected with services provided electronically, telecommunications, broadcast radio and TV services provided to non-entrepreneurs in EU member states and for services used from the Mini-One-Stop-Shop (MOSS).

Processing for business purposes

We also process

  • Contract data (e.g. object of the contract, term of contract, customer category).
  • Payment data (e.g. bank reference, payment history)

of our customers, interested parties and business partners for purposes of providing contractual performances, service and customer care, marketing, advertising and market research.

Hosting

The purpose of the hosting services we use is to provide the following performances: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use in order to operate this online offering.

In so doing, we and/or our hosting provider(s) process inventory data, contact data, content data, contract data, use data and the metadata and communications data of customers, interested parties and visitors to this online offering as a basis for our legitimate interests in an efficient, safe, secure provision of this online offering pursuant to Article 6, Para. 1, Letter f of the GDPR in conjunction with Article 28 of the GDPR (conclusion/completion of an order-processing contract).

Collecting access data and log files

Mediaform GmbH and/or our hosting provider, based on our legitimate interests within the meaning of Article 6, Para. 1, Letter f of the GDPR, collects data about each access to the server on which this service is located (so-called server log files). The access data comprises the name of the web site/page accessed, the file, date and time of day of the access, volume of data transferred, a report of a successful access, the browser type and its version, the user's operating system, the referrer URL (the page previously visited), the IP address and the requesting provider.

For security reasons (e.g. to disclose abuse or fraudulent activities), log file information is stored for a maximum period of seven days, then deleted. Data whose further preservation is necessary for the purpose of evidence is excluded from deletion until final clarification of the respective incident.

Order processing in the online shop, and the customer's account

We process our customers' data in the context of order procedures in our online shop to enable them to choose and order selected products and services, and to allow their payment and delivery or implementation.

The processed data include inventory data, communication data, contract data and payment data, and the persons affected (data subjects) are our customers, interested parties and other business partners. Processing takes place in order to supply contractual performances in the context of operating an online shop, billing, delivery and customer services. In this connection, we use session cookies to save shopping cart contents, and permanent cookies to store the login status.

Processing takes place based on Article 6, Para. 1, Letter b (carrying out ordering procedures) and c (legally necessary archiving) of the GDPR. In this respect, the information identified as required is necessary to substantiate and fulfil the contract. We disclose the data to third parties only in the context of delivery or payment, or within the framework of statutory/legal permissions and obligations vis-a-vis legal advisers and authorities. Data is processed in third countries only if this is necessary for contract fulfilment (e.g. at the customer's request in relation to delivery or payment).

Optionally, users can create a user account in which in particular they can see their orders. The necessary required information is notified to users in the context of registration. Users' accounts are not public, and cannot be indexed by search engines. When users have terminated their user account, their data is deleted with regard to the user account, subject to its preservation being necessary on grounds of commercial or tax law in accordance with Article 6, Para. 1, Letter c of the GDPR. Information in the customer's account remains until it is deleted, with subsequent archiving in the case of a legal obligation. Users are responsible for securing their data in the event of termination before the end of the contract.

In the framework of registration and renewed log-ins, and when our online services are used, we store the IP address and the date/time of the respective user activity. Storage takes place based on our legitimate interests, and those of users, in protecting against misuse and other unauthorised utilisation. As a basic principle, this data is not passed on to third parties unless it is necessary in pursuit of our claims or there is a legal/statutory obligation in accordance with Article 6, Para. 1, Letter c of the GDPR.

Business analyses and market research

We analyse data available to us about business transactions, contracts, enquiries etc. in order to operate our business in an economically efficient way and to enable us to recognise market trends and customers' and users' wishes. In this respect, we process inventory data, communication data, contract data, payment data, usage data and metadata on the basis of Article 6, Para. 1, Letter f of the GDPR, whereby the affected persons (data subjects) include customers, interested parties, business partners, visitors and users of our online offering.

The analyses take place for purposes of business assessments, marketing and market research. In this respect, we can take into account the profiles of registered users with information, e.g. about their purchase transactions. The analyses help us to increase user friendliness and to optimise our offering and business economic efficiency. The analyses are solely for our own use, and are not disclosed externally, unless it involves anonymous analyses with pooled values.

Insofar as these analyses or profiles are personalised, they are deleted or anonymised when the customer terminates, otherwise after two years from conclusion of contract. Moreover, overall business economic analyses and general trend determinations are created anonymously as far as possible.

Providing contractual services

We process inventory data (e.g. users' names, addresses and contact data), contract data (e.g. services that are utilised, contact persons' names, payment information) to fulfil our contractual obligations and service performances pursuant to Article 6, Para. 1, Letter b of the GDPR. The entries identified as obligatory in online forms are required for conclusion of the contract.

In the framework of making use of our online services, we store the IP address and date/time of the respective user's action. Storage takes place based on our legitimate interests, and also those of the user, in protecting against misuse and other unauthorised use. As a fundamental principle, this data is not passed on to third parties except as required to pursue our entitlements, or there is a legal/statutory obligation to do so pursuant to Article 6, Para. 1, Letter c of the GDPR.

We process usage data (e.g. the web pages of our online offering that are visited, and interest shown in our products) and content data (e.g. entries into the contact form or user profile) in a user profile for advertising purposes, to display to the user, for example, product information based on the services they previously utilised.

Data deletion takes place after the expiry of the legal/statutory warranty obligations and comparable obligations, and the necessity to preserve data is re-examined very three years; in the case of statutory/legal archiving obligations, deletion takes place after the latter have expired. Information in any customer account remains until the latter is terminated.

Administration, financial accounting, office organisation, contact administration

We process data in the context of administrative tasks and the organisation of our operation, financial accounting and fulfilment of statutory obligations, e.g. archiving. The data we process in this respect is the same as the data we process in the framework of providing our contractual performances. The bases of processing are Article 6, Para. 1, Letter c of the GDPR and Article 6, Para. 1, Letter f of the GDPR. The processing affects customers, interested parties, business partners and web site visitors. The purpose of and our interest in the processing lie in administration, financial accounting, office organisation and the archiving of data, i.e. tasks that serve to maintain our business activities, to perform our duties and to provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the statements made in relation to these processing activities.

In so doing, we disclose or transmit data to the financial management department, to advisers, e.g. tax advisers or auditors, and to other charges agencies and payment service providers.

Moreover, based on our business management interests, we store information about suppliers, organisers and other business partners, e.g. for the purpose of subsequent contact-making. Basically, we permanently store this data, the majority of which is business-related.

Registration function

Users have the option to create a user account. The required obligatory information is notified to users in the context of registration. The data entered in the context of registration is utilised for purposes of using the offering. Users can be informed via E-mail about information relevant to offers or registration, e.g. changes in the scope of the offering or technical situations. When users have terminated their user account, their data regarding the user account is deleted, unless its preservation is necessary for commercial or tax law reasons pursuant to Article 6, Para. 1, Letter c of the GDPR. Users are responsible for securing their data if termination takes place before the end of the contract. We are entitled to irretrievably delete all of a user's data stored during the term of the contract.

In the context of making use of our registration and log-in functions and utilising the user's account, we store the IP address and date/time of the respective user's activity. Storage takes place based on our legitimate interests, as well as those of the user, to protect against misuse and other unauthorised usage. Basically, this data is not passed on to third parties, unless it is required to pursue our entitlements or there is a legal/statutory obligation to do so pursuant to Article 6, Para. 1, Letter c of the GDPR. IP addresses are anonymised or deleted after seven days at the latest.

Making contact

When contacting us (e.g. via the contact form or by E-mail, telephone or social media), the user's information is processed to process the contact enquiry and for its handling in accordance with Article 6, Para. 1, Letter b) of the GDPR. The user's information may be stored in a customer relationship management system ("CRM system") or comparable enquiry organisation.

We delete enquiries a soon as they are no longer required. We re-examine the necessity every two years; furthermore, the statutory/legal archiving obligations apply.

Newsletter

By the following notifications, we inform you about the contents of our Newsletter, and the application procedure, dispatch and statistical evaluation process, together with your rights of objection. By subscribing to the Mediaform GmbH Newsletter, you declare your agreement to receive it and to the process described.
Dispatch of the Newsletter and the measurement of success associated with it take place based on the recipient's consent in accordance with Article 6, Para. 1, Letter a and Article 7 of the GDPR in conjunction with Section 7, Para. 2, No. 3 of the UWG (Federal Law against Unfair Competition) and based on the statutory authorisation pursuant to Section 7, Para. 3 of the UWG.
Newsletter content: we dispatch the Newsletter, E-mails and other electronic notifications with advertising information (hereinafter "Newsletter") only with the recipient's consent or statutory permission. Insofar as the Newsletter's contents are described in concrete terms in the context of an application for it, they are definitive for the user's consent. Furthermore, Mediaform GmbH Newsletters contain information about current (discount) campaigns, the range of services, and information about the company.
Double-opt-in and logging: application for our Newsletter takes place using the so-called double-opt-in method. i.e., after your application, you will receive an E-mail with a confirmation link in which you are asked to confirm your application by a mouse-click on the link. This confirmation is necessary to ensure that no third party can apply using your E-mail address. Applications for the Newsletter are logged to enable proof of the application process in accordance with the legal requirements. This includes storing the date/time of the application and of the confirmation, together with storage of the IP address. The changes to your data stored by the delivery service provider are also logged.
Subscription data: to subscribe to the Newsletter, giving your E-mail address is sufficient. Optionally, we ask you for a name, so we can address you personally in the Newsletter.
Logging the application process takes place based on our legitimate interests in accordance with Article 6, Para. 1, Letter f of the GDPR. Our interest is aimed at employing a user-friendly, safe, secure Newsletter system that both serves our own business interests and corresponds to the user's expectations, as well as allowing us to give proof of consents.

Termination/revocation: you can terminate receipt of the Mediaform Newsletter at any time, i.e. you can revoke your consents. You will find a link to terminate the Newsletter at the end of each Newsletter. We are allowed to save deregistered E-mail addresses for up to three years based on our legitimate interests before we delete them for Newsletter dispatch purposes, in order to prove consent that was previously given. Processing this data is restricted to the purpose of a possible defence against claims. An individual application for deletion is possible at any time, provided the previous existence of a consent is confirmed at the same time.

Newsletter - delivery service provider(s)

The Newsletter is sent using the delivery service provider CleverReach GmbH & Co. KG, Mühlenstrasse 43, 26180 Rastede, Germany. You can view the delivery service provider's data protection provisions here: https://www.cleverreach.com/de/datenschutz/. The delivery service provider is used based on our legitimate interests in accordance with Article 6, Para. 1, Letter f of the GDPR and an order processing contract in accordance with Article 28, Para. 3, Sentence 1 of the GDPR.

The delivery service provider can use the recipient's data in pseudonymised form, i.e. without assignment to a user, to optimise or improve its own services, i.e. to technically optimise dispatch and the presentation of the Newsletter, or for statistical purposes. However, the delivery service provider does not use our Newsletter recipients' data to write to the latter itself, or to forward the data to third parties.

Newsletter - success measurement

Newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved by our server when the Newsletter is opened, and/or by the delivery service provider's server insofar as we use a delivery service provider. First of all, in the course of this retrieval, technical information is collected, e.g. information about your browser and your system, together with your IP address and the date/time of the retrieval.

This information is used for technical improvement of the service with the aid of the technical data or target group and their reading behaviour based on the latter's retrieval locations (determinable by using the IP address) or access times. The statistical data collection also includes determining whether:

  • Newsletters are opened,
  • when they are opened, and
  • which links are clicked on.

For technical reasons, this information may be assigned to individual Newsletter recipients. However, it is not our aim – nor (insofar as one is used) that of the delivery service provider – to observe individual users. On the contrary, the purpose of the analyses is to recognise our readers' reading habits and to match our contents to them, or to deliver different contents corresponding to our users' interests.

Google Universal Analytics

Based on our legitimate interests (i.e. interests in the analysis, optimisation and economically efficient operation of our online offering within the meaning of Article 6, Para. 1, Letter f of the GDPR) we use Google Analytics, a web analysis service of Google LLC ("Google"). Google uses cookies. As a rule, information generated by the cookie about the user's use of the online offering is transmitted to a Google server in the USA, where it is stored.

Google is certified under the Privacy Shield Agreement, through which it offers a guarantee that European data protection law will be complied with (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information under contract to us to analyse the use of our online offering by users, to compile reports about activities within this online offering, and to provide us with further services related to the use of this online offering and the use of the Internet. In the course of this, pseudonymised users' usage profiles may be prepared from the processed data.

We use the "Universal Analytics" embodiment of Google Analytics. "Universal Analytics" describes a Google Analytics method in which user analysis is based on a pseudonymised user ID, thus generating a pseudonymised profile of the user with information about the use of various devices (so-called "Cross-Device Tracking").

We use Google Analytics only with IP anonymising activated. This means the user's IP address is truncated by Google within member states of the European Union or in other contracting states of the European Economic Area Agreement. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

The IP address communicated from the user's browser is not combined with other Google data. Users can prevent cookies being stored by a corresponding setting of their browser software; moreover, users can prevent recording by Google of the data generated via the cookie and relating to their use of the online offering, and the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout.

Google-Re/Marketing-Services

Based on our legitimate interests (i.e. interests in the analysis, optimisation and economically efficient operation of our online offering within the meaning of Article 6, Para. 1, Letter f of the GDPR), we use the Marketing and Remarketing Services (abbreviated "Google Marketing Services") of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").

Google is certified under the Privacy Shield Agreement, through which it offers a guarantee that European data protection law will be complied with (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google Marketing Services allows us to display advertisements for and on our web site in a more targeted way, so as to present to users only those advertisements that potentially correspond to their interests. For example, if advertisements are displayed to a user for products in which he/she has shown interest on other web pages, this is called "Remarketing". For these purposes, when accessing our web pages and other web pages on which Google Marketing Services are active, a Google code is executed directly by Google, and so-called (Re)marketing tags (invisible graphics or code, also called "Web Beacons") are incorporated into the web page. With their aid, an individually customised cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). These cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which web pages the user has visited, in which contents he/she is interested, and the offers on which he/she has clicked, in addition to further technical information about the browser and operating system, referring web pages, visit date/time and other information about the use of the online offering. The user's IP address is also recorded, whereby in the context of Google Analytics we give notice that the IP address is truncated within European Union member states or in other contracting states of the European Economic Area Agreement, and only in exceptional cases will it be transmitted in its entirety to a Google server in the USA and truncated there. The IP address is not combined with the user's data within other Google offerings. Google can also combine the aforesaid information with such information from other sources. If the user subsequently visits other web pages, advertisements matched to him/her and corresponding to his/her interests can be displayed to him/her.

User data is processed pseudonymously in the framework of Google Marketing Services. I.e., for example Google does not store and process user names or E-mail addresses, but instead it processes the relevant cookie-related data within pseudonymous user profiles. I.e., from Google's viewpoint, advertisements are not managed and displayed for a specifically identified person, but instead for cookie owners irrespective of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymising. Information about the user collected by Google Marketing Services is transmitted to Google and stored on Googles servers in the USA.

The Google Marketing Services we use include, among others, the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "Conversion-Cookie". Thus cookies cannot be tracked/traced beyond the web sites of AdWords customers. The information collected by means of the cookie is used to prepare conversion statistics for AdWords customers who have opted for Conversion Tracking. AdWords customers discover the total number of users who clicked on their advertisement and were redirected to a page equipped with a conversion-tracking tag. However, they do not obtain any information with which users are personally identifiable.

Based on Google Marketing Services' "AdSense", we can incorporate third party advertisements. AdSense uses cookies with which Google and its partner web sites are enabled to insert advertisements based on users' visits to this web site and/or other Internet web sites.

Furthermore, we can use "Google Tag Manager" to incorporate Google analysis and marketing services into our web site and manage them.

You can find more information about Google's use of data for marketing purposes on the overview page: https://www.google.com/policies/technologies/ads, and Google's data protection declaration is accessible at https://www.google.com/policies/privacy.

If you want to object to the interest-related advertising by Google Marketing Services, you can use the setting and opt-out facilities provided by Google: http://www.google.com/ads/preferences.

Microsoft Bing ads

Our web site uses Microsoft Bing Ads, an analysis tool of Microsoft Corporation, One Microsoft Way, Redmond, USA 98052-6399, USA. Like Google Analytics, Microsoft Bing Ads works by setting cookies that we can use to follow your visit to our web site and for advertising purposes (Remarketing).

By using Remarketing, we can arrange for our customers to receive interest-based advertising, by using so-called 'Universal Event Tracking', UET, to recognise a visit by end users and the latter's activity on our web site after a click on one of our advertisements, and by storing this in remarketing lists. The creation of these remarketing lists takes place in compliance with legal/statutory regulations. In particular, no sensitive data is stored, and no other additional person-related data is linked to our remarketing lists or made available to Microsoft.

If you are in a remarketing list, our interest-appropriate advertising may be offered to you when you next search via Bing or Yahoo. However, you can deactivate this behaviour-based targeting by changing your browser settings so cookies are no longer saved. In addition, you can deactivate Microsoft's tracking activity through the following link: choice.microsoft.com/de-DE/opt-out

You can view more detailed information about the use of cookies in relation to Microsoft Bing Ads on the Bing-Ads web site via the link https://help.ads.microsoft.com/#apex/3/de/53056/2 and on the Microsoft web site under the following link: privacy.microsoft.com/de-de/privacystatement.

Alternatively, you can use your right to deactivate behaviour-based tracking with the aid of the pages of the consumers' deactivation page of the Network Advertising Initiative (NAI) or the deactivating page of the Digital Advertising Alliance (DAA). The web site www.youronlinechoices.com/de/ also offers you more information on this topic.

Facebook Pixel, Custom Audiences and Facebook Conversion

Within our online offering and based on our legitimate interest in the analysis, optimisation and economically efficient operation of our online offering, and for these purposes, we use the so-called "Facebook Pixel" of the Facebook social network operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

Facebook is certified under the Privacy Shield Agreement, through which it offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

Firstly, use of the Facebook Pixel enables visitors to our online offering to be identified as a target group for the display of advertisements (known as "Facebook Ads"). Accordingly, we use the Facebook Pixel to present the Facebook Ads that we insert to only those Facebook users who have also shown an interest in our online offering, or who display particular characteristic features (e.g. an interest in specific topics or products that can be determined based on the web pages that were visited ), and which we communicate to Facebook (known as "Custom Audiences"). With the aid of the Facebook Pixel, we also want to ensure that our Facebook Ads correspond to users' potential interests, and do not constitute a nuisance. Secondly, moreover, by using the Facebook Pixel, we can trace the effectiveness of Facebook advertisements for statistical and market research purposes, by seeing whether users are redirected to our web site after clicking on a Facebook advertisement (so-called "Conversion").

Facebook processes data in the framework of Facebook's Data Use Guideline. Accordingly, general information about the presentation of Facebook Ads is contained in Facebook's Data Use Guideline: https://www.facebook.com/policy.php. You can obtain specific information and details about the Facebook Pixel and the way it functions in Facebook's Help Area: https://www.facebook.com/business/help/651294705016616.

You can object to recording by the Facebook Pixel and the use of your data to present Facebook Ads. To set the kinds of advertising that are displayed to you within Facebook, you can access the page set up by Facebook, where you can follow the instructions to set use-based advertising: www.facebook.com/settings. Settings take place independently of the platform, i.e. they are accepted for all devices, such as desktop PCs or mobile devices.

Use of Facebook Social Plugins

Based on our legitimate interests (i.e. interests in the analysis, optimisation and economically efficient operation of our online offering within the meaning of Article 6, Para. 1, Letter f of the GDPR), we use Social Plugins ("Plugins") of the facebook.com social network, which are operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). These Plugins can constitute interaction elements or contents (e.g. videos, graphics or text contributions), and are recognisable by one of the Facebook logos (a white "f" on a blue tile, the terms "Like", "I like it" or a "Thumbs up" gesture), or are identified by the affix "Facebook Social Plugin". The list and the appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Agreement, through which it offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When a user accesses a function of this online offering containing such a plugin, his device builds a direct connection to Facebook's servers. Facebook transfers the content of the Plugin directly to the user's device, and the latter incorporates it into the online offering. Users' usage profiles can thereby be created from the processed data. Therefore, we have no influence over the extent of the data that Facebook collects by using this Plugin, and therefore informs users according to our state of knowledge.

By inserting Plugins, Facebook obtains the information that a user accessed the corresponding page of the online offering. If the user is logged on to Facebook, Facebook can assign the visit to his/her Facebook account. If users interact with the Plugins, e.g. by operating the Like button or entering a comment, the corresponding information is transferred from your device directly to Facebook, where it is stored. If a user is not a member of Facebook, it is still possible for Facebook to find out his/her IP address and store it. According to Facebook, only an anonymised IP address is stored in Germany.

Users can find out about the purpose and extent of data collection and the further processing and use of data by Facebook, and the rights and settings options to protect the user's private sphere relating to this, from Facebook's Data Protection Notice: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about him/her via this online offering and to connect it to his/her member data stored in Facebook, he/she must log out of Facebook and delete his/her cookies before using our online offering. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: www.facebook.com/settings or via the US-American page www.aboutads.info/choices/ or the EU page www.youronlinechoices.com. The settings take place in a platform-independent way, i.e. they are accepted for all devices, e.g. desktop PCs or mobile devices.

Online presences in social media

We maintain online presences within social networks and platforms to communicate with customers, interested parties and users that are active there, and to allow us to inform them there about our services. When accessing the respective networks and platforms, the Terms & Conditions of Business and the data processing guidelines of their respective operators are applicable.

Unless stated otherwise in our Data Protection Declaration, we process users' data insofar as they communicate with us within social networks and platforms, e.g. write contributions on our online presences or send us messages.

Youtube

We include videos of the “YouTube” platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data Protection Declaration: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated.

Google ReCaptcha

We incorporate a function to recognise Bots, e.g. in the case of entries in online forms ("ReCaptcha") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data Protection Declaration: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated.

Use of SurveyMonkey to carry out surveys/questionnaires

We also carry out user surveys through our online offering. For this, we use the SurveyMonkey survey tool (SurveyMonkey Europe UC, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland).
Participation in surveys is always voluntary, but if you do take part in a survey, the following personal data about you will be recorded:

IP address, log files

Obviously, we must also record your IP address via SurveyMonkey, since otherwise the respective survey questionnaire located on the SurveyMonkey servers cannot be displayed to you. Data processing in this respect takes place based on Article 6 I b) of the GDPR.

In addition to the IP address, the other usual logfile data are processed; these include your operating system version, the device type and information about the system and performance, and about the browser type. If you want to take part in our surveys via a mobile device, we also process the device's UUID (Universally Unique Identifier); this involves a unique ID automatically generated in connection with use of the SurveyMonkey questionnaire.

These log file data are processed for security reasons, e.g. to detect and block Brute-Force attacks, or to detect and block misuse activities. This processing takes place based on Article 6 I f), since ensuring a functioning IT security system is also in our legitimate interest when carrying out surveys.

Cookies

We also set cookies via SurveyMonkey. However, we only set necessary, functional cookies. For example, to authenticate you as a (not: which) user during the session and to enable multiple participations to be prevented. Or to allow us to store your setting, e.g. the chosen language. We also use cookies for load balancing, i.e. to manage data traffic on the SurveyMonkey servers. This enables faster web page response times to be offered, by distributing the data traffic over various different servers.
As a rule, we do not collect any personal data in connection with this. However, setting necessary, functional cookies takes place based on a legitimate interest within the meaning of Article 6 I f) of the GDPR to maintain the functionality of the offering.
Of course, you can block the installation of cookies. To do this, you must deactivate the storage of cookies (under "Settings" in the web browser). Moreover, you can delete existing cookies.
You can obtain comprehensive information about the cookies used in the context of the SurveyMonkey survey questionnaire tools here: https://help.surveymonkey.com/articles/de/kb/About-the-cookies-we-use.

Data collection through invitation to surveys via E-mails

As a rule, we invite you to our surveys via E-mail. These E-mails carry cookies and Page Tags that enable us to recognise whether you opened the E-mail, and the link on which you clicked. Because these data are connected to your E-mail address, they involve personal data.
In relation to this analysis, you give us your consent to the survey at the latest when you access the survey in the context of our upstream introductory page to the survey. Thus the data processing is based on Article 6 I a) in conjunction with Article 7 of the GDPR.
If you do not give us your consent, then as a general rule you cannot take part in the survey. Furthermore, self-evidently, we delete your tracking data insofar as it now exists.

Anonymity of the surveys, data content

As a rule, surveys are always anonymous. That means we cannot recognise which user gives which answers within the surveys. This content data remains anonymous. None of this changes when you are invited to a survey by E-mail. All that is recorded (see No. 1.3) is that you clicked on a link to a survey. The fact that you filled in the survey or how you filled it in is not traced.
If we ever carry out person-related surveys, we will inform you, separately and expressly before the survey, about all the data processing associated with it.

Order processing, EU Standard Clauses

SurveyMonkey processes, under contract to us, all the personal data that can arise in connection with our surveys. Thus we are the legal entity responsible for the data processing. In this respect, however, transmission of data to the USA is not excluded, but we have concluded a contract processing contract with SurveyMonkey with standard EU contract clauses through which there is a guarantee in accordance with Article 44 and 46, Para. 2 d) and Article 93 Para. 2 of the GDPR that SurveyMonkey will ensure European data protection standards.

You can find more information about SurveyMonkey's data processing here: https://www.surveymonkey.de/mp/legal/privacy-policy/

 

Inclusion of the Trusted Shops trust badge

The Trusted Shops trust badge is included on this web page to advertise the analyses that may possibly be gathered, and to offer Trusted Shops products for purchasers after an order.

The purpose of this is to safeguard our own legitimate interests in optimum marketing, which predominate in the context of a balancing of interests, by enabling safe/secure purchasing in accordance with Article 6, Para. 1, Sentence 1, Letter f of the GDPR. The Trustbadge and the services advertised therewith are offered by Trusted Shops GmbH, Subbelrather Strasse 15C, 50823 Cologne. The Trustbadge is made available in the context of order processing by a CDN service provider (Content Delivery Network). Trusted Shops GmbH also uses service providers in the USA. An appropriate level of data protection is guaranteed. You can find more information about the data protection of Trusted Shops GmbH here: https://www.trustedshops.de/impressum-datenschutz/#datenschutz

When the Trustbadge is retrieved, the web server automatically stores a so-called server log file, which also contains your IP address, the date and time of day of the retrieval, the data volume transferred and the requesting provider (access data) and documents the retrieval. Individual access data are stored in a security data base for the analysis of conspicuous security anomalies. Log files are automatically deleted at the latest 90 days after creation.

Further personal data is transmitted to Trusted Shops GmbH if, after completing an order, you decide to use Trusted Shops products, or have already registered for the use. A contractual agreement between you and Trusted Shops is in force. An automatic collection of personal data from the order data takes place for this purpose. The question of whether you, as the purchaser, are already registered for product use is automatically examined by means of a neutral parameter, the E-mail address hashed by a cryptological one-way function. Before transmission, the E-mail address is converted into a hash value which Trusted Shops cannot decipher. After checking for a match, the parameter is automatically deleted

This is required in order to fulfil our and Trusted Shops' predominant legitimate interest in delivering the purchaser protection and transactional valuation services, linked to the each specific order, in accordance with Article 6, Para. 1, Sentence 1, Letter f of the GDPR. Further details, including in relation to objection, are obtainable from the Trusted Shops Data Protection Declaration linked above and in the Trustbadge.