This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the associated websites, functions and contents as well as external online presences, such as e. g. our social media profile ( hereinafter jointly referred to as the "online offer"). With regard to the terms used, such as "Processing" or "controller" we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Name/Company: espero e.K.
Street No.: Winchesterstr. 2
Address, Country: 35394 Giessen, Germany
Commercial register/No. : District Court Giessen, HRA 5038
Owner: Tim Weinel
Phone number: +49 157 86338624
Types of data processed:
- Inventory data
- Contact data
- Content data
- Contract data
- Payment data
- Usage data
- Meta-/Communication data
Processing of special categories of data (Art. 9 para. 1 GDPR) :
No special categories of data are processed.
Categories of data subjects:
- Customers, prospective customers, visitors and users of the online offer, business partners.
- Visitors and users of the online offer.
In the following, we also refer to the persons concerned as "users".
Purpose of processing:
- Provision of the online offer, its contents and shop functions.
- Provision of contractual services, service and customer care.
- Responding to contact requests and communicating with users
- Marketing, advertising and market research.
- Security measures.
1. Terms used
1. 1. ” Personal data” means all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is considered to be a natural person who directly or indirectly, in particular by assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (e. g. B. Cookie) or to one or more special features which are the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
1. 2. “Processing” means any operation carried out with or without the help of automated procedures or any series of such operations in connection with personal data. The term extends far and encompasses practically every handling of data.
1. 3. “Responsible person” means the natural or legal person, authority, body or other body, who alone or jointly with others decides on the purposes and means of processing personal data.
2. Major legal bases
In accordance with Art. 13 GDPR we inform you of the legal bases of our data processing. Unless the legal basis is stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the implementation of contractual measures as well as the response to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for the processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for the processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis.
4. Security measures
4. 1. We shall meet in accordance with the provisions of Art. 32 FADP, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organisational measures to ensure a level of protection appropriate to the risk; the measures include in particular safeguarding the confidentiality, integrity and availability of data by controlling the physical access to the data as well as the access, input, disclosure, safeguarding of availability and its separation. Furthermore, we have established procedures to ensure that data subjects' rights are exercised, data is deleted and we respond to any threats to the data. 294 / 1024 In addition, we take into account the protection of personal data already during the development, or Selection of hardware, software and procedures, according to the principle of data protection by technical design and by data protection-friendly presettings (Art. 25 GDPR).
4. 2. Security measures include in particular the encrypted transfer of data between your browser and our server.
5. Disclosure and transmission of data
5. 1. If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, they transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (cf. e. if a transfer of the data to third parties, such as payment service providers, according to Art. 6 para. 1 lit. b GDPR is necessary for the performance of the contract, if you have consented, a legal obligation provides for this or on the basis of our legitimate interests (cf. e. in the use of agents, hosting providers, tax, economic and legal advisors, customer care, accounting, billing and similar services, which allow us to fulfil our contractual obligations, administrative tasks and obligations efficiently and effectively.
5. 2. If we use third parties with the processing of data on the basis of a so-called " Contract processing contract”, this is done on the basis of Art. 28 GDPR.
6. Transfers to third countries
If we collect data in a third country (i. e. process outside the European Union (EU) or the European Economic Area (EEA)) or do so in the context of the use of third-party services or disclosure; or Transmission of data to third parties takes place only if it is done for the fulfilment of our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the special conditions of Art. 44 et seq. GDPR. I. e. the processing takes place e. g. B. on the basis of specific safeguards, such as the official recognition of a level of data protection equivalent to that of the EU (e. g. e. g. for the USA through the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").
7. Rights of data subjects
7. 1. You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and copy of the data in accordance with Art. 15 GDPR.
7. 2. You have accordingly. Art. 16 GDPR the right to request the completion of the data concerning you or the correction of inaccurate data concerning you.
7. 3. They have, in accordance with the provisions of Art. 17 GDPR the right to demand that the data in question be deleted immediately, or alternatively, in accordance with Art. 18 GDPR to require a restriction of the processing of the data.
7. 4. You have the right to demand that the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request their transmission to other controllers.
7. 5. You also have the right to claim damages in accordance with Art. Section 77 of the DSGVO grants the right to lodge a complaint with the competent supervisory authority.
8. Right of withdrawal
You have the right to give your consent according to the law. Art. 7 para. 3 GDPR with effect for the future.
9. Right of objection
You may decide on the future processing of the data concerning you in accordance with Art. 21 DSGVO at any time contradict. The objection may be made in particular against processing for direct marketing purposes.
10. Cookies and right of objection for direct advertising
10. 1. “Cookies” are small files that are stored on users' computers. Different information may be stored within the cookies. A cookie serves primarily to provide information about a user (or the user). the device on which the cookie is stored) during or even after its visit within an online offer. As temporary cookies, or " Session cookies” or “transient cookies” are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, e. g. e. g. the contents of a shopping basket are stored in an online shop or a login status. Cookies are referred to as “permanent” or “persistent” and remain stored even after the browser is closed. In this way, for example, it is possible to e. g. the login status will be saved if users visit it after several days. Similarly, such a cookie may store the interests of users, which are used for range measurement or marketing purposes. “Third-Party-Cookie” are cookies from providers other than the person in charge of the online offer (otherwise, if they are only cookies, they are called “First-Party Cookies”).
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this online offer.
11. Deletion of data
11. 1. The data processed by us will be treated in accordance with Art. 17 and 18 DSGVO deleted or restricted in their processing. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and no legal obligations to retain data conflict with the deletion. Unless the data are deleted because they are required for other and legally permissible purposes, their processing is restricted. That is. . . the data will be blocked and not processed for other purposes That applies, for example. B. for data that must be retained for commercial or tax law reasons.
11. 2. Germany: According to legal requirements, the storage takes place in particular for 6 years according to § 257 para. 1 HGB (trade books, inventories, opening balances, annual accounts, trade letters, accounting documents, etc. ) as well as for 10 years according to § 147 para. 1 AO (books, records, management reports, accounting documents, trade and business letters, tax-relevant documents, etc. )
12. Order processing in the online shop and customer account
12. 1. We process the data of our customers as part of the ordering process in our online shop, in order to enable them to select and order the selected products and services, as well as their payment and delivery, respectively. to be able to be executed.
12. 2. The processed data include inventory data, communication data, contract data, payment data and the data subjects our customers, prospective customers and other business partners. Processing is carried out for the purpose of providing contractual services in the context of the operation of an online shop, billing, delivery and customer services. Here we use session cookies for storing the shopping cart content and permanent cookies for storing the login status.
12. 3. The processing takes place on the basis of Art. 6 para. 1 lit. b (Execution of ordering operations) and c (Archiving required by law) GDPR. The information identified as necessary is required for the justification and performance of the contract. We disclose the data to third parties only in the context of delivery, payment or in the context of legal permissions and obligations to legal advisors and authorities. The data are processed in third countries only if this is necessary for the performance of the contract (cf. e. on customer’s request at delivery or payment).
12. 4. Users can optionally create a user account by viewing their orders in particular. As part of the registration, the necessary mandatory information is communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data regarding the user account will be deleted, subject to their retention for commercial or tax law reasons. Art. 6 para. 1 lit. c GDPR necessary. Information in the customer account remains until its deletion with subsequent archiving in the event of a legal obligation. Users are responsible for safeguarding their data in the event of termination before the end of the contract.
12. 5. Within the scope of registration and renewed logins and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. This data will not be passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with the law. Art. Paragraph 6 1 lit. c DSGVO.
12. 6. The deletion takes place after expiry of legal warranty and comparable obligations, the necessity of the storage of the data is checked every three years; in the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation); Information in the customer account remains until its deletion.
13. Business analytics and market research
13. 1. In order to operate our business economically, to be able to identify market trends, customer and user wishes, we analyse the data we have on business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. GDPR, whereby the data subjects include customers, interested parties, business partners, visitors and users of the online offer. The analyses are carried out for the purpose of economic analysis, marketing and market research. In doing so, we can provide the profiles of registered users with details such as: Take into account, for example, their purchase transactions. The analyses serve us to increase the user-friendliness, the optimization of our offer and the operational efficiency. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with aggregated values.
13. 2. If these analyses or profiles are personal, they will be deleted or anonymized upon termination by the users, otherwise after two years from the conclusion of the contract. In addition, the macroeconomic analyses and general tendency provisions are prepared anonymously if possible.
2. The creditworthiness test of a customer is permissible if there is otherwise a risk of default, i. e. if the goods are delivered without the payment having been received (i. e. when the customer chooses the purchase on account). There is no risk of default, however, if the customer e. g. e. g. chooses the prepayment option or the payment via third-party providers, such as B. Paypal performs.
It should also be noted that the collection of an automatic credit information is an "Automated Decisions in Individual Cases" according to Art. Art. 22 GDPR, i. e. a legal decision without human participation. This is permissible if the customer has consented or if this decision is necessary for the conclusion of the contract. Whether the decision is necessary is not yet conclusively clarified, but is often represented as a given, also by the author of this pattern. However, if you wish to exclude any risk, you should obtain consent.
Consent is required even if the credit information is already used in order to decide whether the option “on account” should be displayed. Because it could have been that the customer would have decided in any case for the prepayment or Paypal and the credit check would not have been necessary.
Such consent could, for example, be B. are as follows:
14. Credit rating information
14. 1. As long as we are in advance (cf. For the protection of legitimate interests, we reserve the right to obtain an identity and credit report for the purpose of assessing credit risk on the basis of mathematical-statistical procedures from specialised service companies (business agencies).
14. 2. In the context of credit reporting, we transmit the following personal data of the customer (name, postal address, information on the nature of the contract, bank details) to a financial intermediary
14. 3. We process the information received from the financial intermediaries on the statistical probability of a default in the context of an appropriate discretionary decision on the establishment, implementation and termination of the contractual relationship. In the event of a negative result of the credit check, we reserve the right to refuse payment on account or any other advance payment.
14. 4. The decision as to whether we are in advance is made in accordance with Art. 22 GDPR alone on the basis of an automated decision in individual cases made by our software on the basis of the information provided by the Wirtschaftsauskunftei.
14. 5 If we obtain explicit consent from you, the legal basis for the credit information and the transmission of the customer's data to the credit bureaus is the consent acc. Art. 6 para. 1 lit. a, 7 GDPR. If no consent is obtained, our legitimate interests in the default security of your payment claim are the legal basis according to Art. Art. 6 para. 1 lit. f. GDPR.
15. Contact and customer service
15. 1. When contacting us (via contact form or e-mail), the user’s details are used to process the contact request and process it in accordance with the terms of the contract. Art. 6 para. 1 lit. b) GDPR processed.
15. 2. User information can be stored in our Customer Relationship Management System (CRM System) or similar query organization.
15. 3. We delete the requests if they are no longer required. We check the necessity every two years; we store requests from customers who have a customer account permanently and refer to the details of the customer account for deletion. In addition, the statutory archiving obligations apply.
16. Collection of access data and log files
16. 1. We raise on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the retrieved website, file, date and time of the retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
16. 2. Logfile information is used for security reasons (e. g. (e. g. to investigate abuses or fraud) for a maximum period of seven days and then deleted. Data whose further storage is required for evidentiary purposes are exempt from deletion until the final clarification of the respective incident.
17. Online presence on social media
17. 1. We maintain on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR Online presence within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.
17.3 We use Google Analytics in order to display the advertisements placed within the advertising services of Google and its partners only to those users who have also shown an interest in our online offer or who exhibit certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) which we transmit to Google (so-called "remarketing" or "Google Analytics Audiences"). With the help of remarketing audiences, we also want to ensure that our advertisements correspond to the potential interest of the users and do not appear annoying.
18. Google Analytics
18.2 Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
18.3 Google will use this information on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the use of the Internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.
18. 4. We only use Google Analytics with IP anonymization enabled. This means that the user’s IP address is shortened by Google within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
18. 5. The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; in addition, users can prevent the collection of the data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
18. 6. Further information on Google’s use of data, settings and opposition options can be found on the Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when you use websites or apps of our partners”) https://policies.google.com/technologies/ads (“Data use for advertising purposes”) https://adssettings.google.com/authenticated (“Manage information that Google uses to show you advertisements”).
19. 1. We use on the basis of our legitimate interests (i. e. Interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) the marketing and remarketing services (abbreviated “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94 043, USA, (“Google”).
19.2. Google ist unter dem Privacy-Shield-Abkommen zertifiziert und bietet hierdurch eine Garantie, das europäische Datenschutzrecht einzuhalten (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
19.3 Google's marketing services allow us to display ads for and on our website in a more targeted manner so that we only show users ads that potentially match their interests. For example, if a user is shown ads for products that he or she has been interested in on other websites, this is called "remarketing". For these purposes, when you access our and other websites on which Google marketing services are active, Google will execute code directly by Google and (re)marketing tags (invisible graphics or code, also known as "web beacons") will be embedded in the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (instead of cookies, comparable technologies can also be used). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, what content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and is only in exceptional cases transferred in full to a Google server in the USA and shortened there. The IP address is not merged with user data within other Google offers. Google may also combine the above-mentioned information with information from other sources. If the user subsequently visits other websites, the ads tailored to his interests can be displayed.
19. 4. The data of the users are processed pseudonymously within the scope of Google marketing services. I. e. Google stores and processes e. g. For example, not the name or e-mail address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. I. e. from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about the users is transmitted to Google and stored on Google's servers in the USA.
19. 5. Among other things, the Google marketing services we use include: the online advertising program "Google AdWords. " In the case of Google AdWords, each AdWords customer receives a different "conversion cookie. " Cookies can therefore not be tracked via the websites of AdWords customers. The information collected with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
19. 8. We can also use the "Google Optimizer" service. Google Optimizer allows us to understand how various changes to a website (e. g. , the use of a web browser) affect the website in the context of so-called "A/B testing". B. Changes to the input fields, the design, etc. ) For these test purposes, cookies are stored on the users' devices. Only pseudonymous user data is processed.
19. 9. In addition, we may use the “Google Tag Manager” to integrate and manage Google’s analysis and marketing services into our website.
19. 11. If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.
Furthermore, when using the Facebook pixel, we use the additional function "extended comparison" (in which data such as telephone numbers, e-mail addresses or Facebook IDs of the users are transmitted to Facebook (encrypted) for the formation of target groups ("Custom Audiences" or "Look Alike Audiences"). Further information on "extended comparison": https://www.facebook.com/business/help/611774685654668).
We also use the “Custom Audiences from File” process of the social network Facebook, Inc. In this case, the e-mail addresses of the newsletter recipients are uploaded to Facebook. The upload process takes place encrypted. The upload is only used to identify recipients of our Facebook ads. We want to ensure that the ads are only displayed to users who are interested in our information and services.
To prevent the collection of your data using the Facebook pixel on our website, please click the following link: Facebook Pixel Opt-Out Note: When you click on the link, an opt-out cookie is stored on your device. If you delete the cookies in this browser, you must click the link again. Furthermore, the opt-out applies only within the browser you use and only within our web domain on which the link was clicked.
20. Facebook, Custom Audiences and Facebook Marketing Services
20. 1. Within our online offer, due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes, the so-called " Facebook-Pixel” of the social network Facebook, which is owned by Facebook Inc. , 1 Hacker Way, Menlo Park, CA 94 025, USA, or if you are resident in the EU, Facebook Ireland Ltd. , 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is operated (“Facebook”).
20.2. Facebook ist unter dem Privacy-Shield-Abkommen zertifiziert und bietet hierdurch eine Garantie, das europäische Datenschutzrecht einzuhalten (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
20.3 With the help of the Facebook pixel, Facebook is on the one hand able to determine the visitors of our online offer as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use the Facebook Pixel in order to display the Facebook Ads placed by us only to those Facebook users who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "custom audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook Ads correspond to the potential interest of users and do not appear to be annoying. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook Ads for statistical and market research purposes by seeing whether users are redirected to our website after clicking on a Facebook Ad (so-called "conversion").
20.4. Die Verarbeitung der Daten durch Facebook erfolgt im Rahmen von Facebooks Datenverwendungsrichtlinie. Dementsprechend generelle Hinweise zur Darstellung von Facebook-Ads, in der Datenverwendungsrichtlinie von Facebook: https://www.facebook.com/policy.php. Spezielle Informationen und Details zum Facebook-Pixel und seiner Funktionsweise erhalten Sie im Hilfebereich von Facebook: https://www.facebook.com/business/help/651294705016616.
20.5. Sie können der Erfassung durch den Facebook-Pixel und Verwendung Ihrer Daten zur Darstellung von Facebook-Ads widersprechen. Um einzustellen, welche Arten von Werbeanzeigen Ihnen innerhalb von Facebook angezeigt werden, können Sie die von Facebook eingerichtete Seite aufrufen und dort die Hinweise zu den Einstellungen nutzungsbasierter Werbung befolgen: https://www.facebook.com/settings?tab=ads. Die Einstellungen erfolgen plattformunabhängig, d.h. sie werden für alle Geräte, wie Desktopcomputer oder mobile Geräte übernommen.
20.6. Sie können dem Einsatz von Cookies, die der Reichweitenmessung und Werbezwecken dienen, ferner über die Deaktivierungsseite der Netzwerkwerbeinitiative (http://optout.networkadvertising.org/) und zusätzlich die US-amerikanische Webseite (http://www.aboutads.info/choices) oder die europäische Webseite (http://www.youronlinechoices.com/uk/your-ad-choices/) widersprechen.
21. Communication by post, e-mail, fax or phone
21. 1 For business and marketing purposes, we use remote means of communication, such as B. Mail, telephone or e-mail. We process inventory data, address and contact data as well as contract data of customers, participants, interested parties and communication partners.
21. 2 Processing takes place on the basis of Art. 6 para. 1 lit. a, Art. 7 GDPR, Art. 6 para. 1 lit. f GDPR in conjunction with legal requirements for advertising communications. The contact takes place only with the consent of the contact partners or within the scope of the legal permissions and the processed data will be deleted as soon as they are not necessary and otherwise with objection/withdrawal or removal of the authorisation bases or legal archiving obligations.
Our newsletter contains information about our products, offers, promotions and our company. Information on data protection, revocation, logging as well as the measurement of success included in the consent can be found in our data protection declaration
Versanddienstleister: Der Versand der Newsletter erfolgt mittels „MailPoet Plugin“, nachfolgend bezeichnet als „Versanddienstleister“. Die Datenschutzbestimmungen des Versanddienstleisters können Sie hier einsehen: https://automattic.com/privacy/.
22. 1. With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures as well as your rights to object. By subscribing to our newsletter, you agree to the receipt and the procedures described.
22. 2. Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter “newsletters”) only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described in the context of a subscription to the newsletter, they are decisive for the consent of the users. In addition, our newsletters contain information about our products, offers, promotions and our company.
22. 3. Double opt-in and logging: The registration for our newsletter takes place in a so-called "double opt-in. " Double opt-in procedure. I. e. After registering, you will receive an e-mail in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with third-party e-mail addresses. The subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. Changes to your data stored by the shipping service provider will also be logged.
22.4. Versanddienstleister: Der Versand der Newsletter erfolgt mittels „MailPoet Plugin“, einem Dienst, mit dem u.a. der Versand von Newslettern organisiert und analysiert werden kann. Anbieter ist die Wysija SARL, 6 rue Dieudé, 13006, Marseille, Frankreich. Die Datenschutzbestimmungen des Versanddienstleisters können Sie hier einsehen: https://automattic.com/privacy/. Ausführliche Informationen zu den Funktionen von MailPoet entnehmen Sie folgendem Link: https://account.mailpoet.com/ and https://www.mailpoet.com/mailpoet-features/.
22. 5. To the extent that we use a shipping service provider, the shipping service provider may, according to its own information, use this data in a pseudonymous form, i. e. without assignment to a user, to optimize or improve their own services, e. g. For example, use for technical optimisation of the sending and presentation of the newsletters or for statistical purposes in order to determine which countries the recipients come from. However, the shipping service provider does not use the data of our newsletter recipients to write them themselves or to pass them on to third parties.
22. 6. Registration data: To subscribe to the newsletter, it is sufficient to provide your e-mail address and a name for the individual address.
22.7 Success measurement - The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file which is retrieved from our server when the newsletter is opened, or from the server of a mailing service provider if we use one. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined by means of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
22. 8. Germany: The dispatch of the newsletter and the measurement of success are based on the consent of the recipients according to. Art. 6 para. 1 lit. a, Art. 7 GDPR i. V. m § 7 para. 2 No. 3 UWG, or on the basis of the legal permission according to § 7 para. 3 UWG.
22. 9. The registration process is logged on the basis of our legitimate interests according to the German law. Art. 6 para. 1 lit. f GDPR and serves as proof of consent to receive the newsletter.
22.10. Newsletter recipients can cancel the receipt of our newsletter at any time, i.e. revoke their consent. A link to cancel the newsletter can be found at the end of each newsletter. At the same time, their consent to the performance measurement expires. A separate revocation of the performance measurement is unfortunately not possible, in which case the entire newsletter subscription must be cancelled. When you unsubscribe from the newsletter, your personal data will be deleted, unless their storage is legally required or justified, in which case their processing will be limited to these exceptional purposes only. In particular, we may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we delete them for the purposes of sending the newsletter, in order to be able to prove that we have previously given our consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time.
23. Integration of third-party services and content
23.1 Within our online offer, we shall, on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO), we use content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of these contents are aware of the IP address of the users, as without the IP address they would not be able to send the contents to their browsers. The IP address is therefore necessary for the display of this content. We make every effort to use only such content whose respective providers use the IP address only to deliver the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information on the browser and operating system, referring web pages, visiting time and other details on the use of our online offer, as well as being able to be linked to such information from other sources.
23. 2. The following presentation provides an overview of third-party providers and their content, as well as links to their data protection statements, which provide further information on the processing of data and, for example, the processing of personal data. T. already mentioned here, Widerspruchsmöglichkeiten (sog. Opt-Out) included
- If our customers use the payment services of third parties (e. g. If you use PayPal or Instant Transfer, the terms and conditions and the data protection instructions of the respective third-party providers, which are within the respective websites, apply. Transaction applications are available.
- Maps of the service "Google Maps" provided by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
- Videos of the platform “YouTube” of the third-party provider Google Inc. , 1600 Amphitheatre Parkway, Mountain View, CA 94 043, USA. Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
Wir nutzen Hotjar, um die Bedürfnisse unserer Nutzer besser zu verstehen und das Angebot und die Erfahrung auf dieser Webseite zu optimieren. Mithilfe der Technologie von Hotjar bekommen wir nach Einwilligung gem. Art. 6 Abs. 1 lit. a DSGVO ein besseres Verständnis von den Erfahrungen unserer Nutzer (z.B. wieviel Zeit Nutzer auf welchen Seiten verbringen, welche Links sie anklicken, was sie mögen und was nicht etc.) und das hilft uns, unser Angebot am Feedback unserer Nutzer auszurichten. Hotjar arbeitet mit Cookies und anderen Technologien, um Daten über das Verhalten unserer Nutzer und über ihre Endgeräte zu erheben, insbesondere IP Adresse des Geräts (wird während Ihrer Website-Nutzung nur in anonymisierter Form erfasst und gespeichert), Bildschirmgröße, Gerätetyp (Unique Device Identifiers), Informationen über den verwendeten Browser, Standort (nur Land), zum Anzeigen unserer Webseite bevorzugte Sprache. Hotjar speichert diese Informationen in unserem Auftrag in einem pseudonymisierten Nutzerprofil. Hotjar ist es vertraglich verboten, die in unserem Auftrag erhobenen Daten zu verkaufen. Ferner wurde mit Hotjar ein Auftragsdatenverarbeitungsvertrag geschlossen. Nutzer können der Datenerhebung jederzeit widersprechen, indem Sie eine „Do Not Track“-Anforderung an die Server von Hotjar senden (https://www.hotjar.com/de/legal/policies/do-not-track/) oder die Cookie-Einwilligung zurückziehen, indem sie die Cookie-Einstellungen ändern.
Weitere Informationen finden Sie in unter dem Abschnitt ‚about Hotjar‘ auf Hotjars Hilfe-Seite.
Wir haben auf unserer Website Facebook Conversions API des US-amerikanischen Unternehmens Meta Platforms Inc. (für Europa: Meta Platforms Ireland Limited) als serverseitiges Trackingtool eingebunden. Die Facebook Converions API verarbeitet erfasste Daten auch im US-amerikanischen Raum. Gemäß der Auffassung des EUGH besteht derzeit kein angemessenes Schutzniveau in diesem Raum. Einhergehen kann dies mit Risiken im Hinblick auf Sicherheit und Rechtmäßigkeit in der Datenverarbeitung. Der Anbieter nutzt sogenannte Standardvertragsklauseln gem. Art. 46 Absatz 2 und 3 der DSGVO als Grundlage des Datenempfängers bzw. der Datenweitergabe in einen Drittstaat. Damit soll eine Datenverarbeitung gem. der europäischen Datenschutzstandards sichergestellt werden. Dadurch verpflichtet sich der Anbieter bei der Verarbeitung der Daten europäische Datenschutzstandards einzuhalten, selbst wenn er in einem Drittstaat ansässig ist. Den Beschluss und die Standardvertragsklauseln finden Sie unter https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de. Die Datenverarbeitungsbedingungen des Anbieters hingegen finden Sie unter https://www.facebook.com/legal/terms/dataprocessing. Weiter Infos zur Datenverwendung durch die Facebook Conversions API finden Sie zudem unter https://www.facebook.com/about/privacy.
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called " Cookies”, text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services related to website and internet use to the website operator. The IP address transmitted by your browser within the framework of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by setting your browser software accordingly; however, please note that in this case you may not be able to use all the functions of this website to their full extent.
You can also collect the data generated by the cookie and related to your use of the website (inkl. Your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: Browser Add On to deactivate Google Analytics.
Source: Data Protection Configurator of mein-datenschutzbeauftragter.de
At this point you have the option to reopen the cookie settings. If you have previously given your consent to tracking via Google (Statistics) or Facebook (Marketing) by opt-in, you can undo this setting in the cookie box that opens. The cookies are not deleted immediately, but no longer transmit data directly.