Data protection declaration

1. an overview of data protection

General information

The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term "personal data" comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.

Data collection on this website

Who is responsible for the data collection on this website?

The data processing on this website is carried out by the website operator. The operator's contact details can be found in the section "Note on the responsible party" in this data protection declaration.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may be data that you enter in a contact form, for example.

Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g. web browser, operating system or time the site was accessed). This information is recorded automatically when you access this website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipients and purpose of your stored personal data at any time and free of charge. You also have the right to request the correction or deletion of this data. If you have given your consent to the data processing, you can revoke this consent at any time for the future. In addition, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to appeal to the relevant supervisory authority.

Please feel free to contact us at any time regarding this or any other questions on the subject of data protection.

Analysis tools and third-party tools

When you visit this website, your surfing behaviour may be statistically evaluated. This is done primarily with so-called analysis programmes.

Detailed information about these analysis programmes can be found in the following data protection declaration.

2. Hosting and content delivery networks (CDN)

External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the host's servers. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated by a website.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR). If consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) point a GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Our hosting company will only process your data to the extent necessary to fulfil its performance obligations and will follow our instructions with regard to this data.

We use the following hosting company:

intedia GmbH
August-Bebel-Straße 133a
D-33602 Bielefeld

Contract data processing

We have concluded an order processing contract with the above-named provider. This is a contract required under data protection law that ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Cloudflare

We use the "Cloudflare" service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter "Cloudflare").

Cloudflare provides a globally distributed content delivery network with DNS. This technically routes the transfer of information between your browser and our website over Cloudflare's network. This enables Cloudflare to analyse the data traffic between your browser and our website and to serve as a filter between our servers and potentially malicious data traffic from the internet. In doing so, Cloudflare may also use cookies or other technologies to recognise internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our web services in the most error-free and secure manner possible (Art. 6 para. 1 lit. f DSGVO).

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.

Further information on security and data protection at Cloudflare can be found here: https://www .cloudflare.com/ privacypolicy/.

3. General information and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data are data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the internet (e.g. when communicating by email) can have security gaps. It is not possible to provide complete protection of data against access by third parties.

Information about the responsible party

The data processing controller on this website is:

Beschichtpunkt GmbH
Hall 10
Graf-von-Soden-Straße
88090 Immenstaad

Phone: +49 7545 9339945
Email: info@beschicht.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage period

Unless a more specific storage period has been specified in this data protection declaration, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, provided that we have no other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

General information on the legal basis for data processing on this website

If you have consented to the data processing, we process your personal data on the basis of Art. 6 (1) point a GDPR or Art. 9 (2) point a GDPR, insofar as special categories of data are processed pursuant to Art. 9 (1) GDPR. In the event of express consent to the transfer of personal data to third countries, the data processing is also carried out on the basis of Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information in your terminal device (e.g. via device fingerprinting), the data processing is also carried out on the basis of Section 25 (1) TTDSG. You may revoke your consent at any time. If your data is required for the performance of a contract or in order to take steps prior to entering into a contract, we will process your data on the basis of Article 6(1)(b) GDPR. Furthermore, we will process your data if this is necessary in order to fulfil a legal obligation on the basis of Article 6(1)(c) GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 (1) point f GDPR. The following paragraphs of this Data Protection Policy provide information on the relevant legal bases in each individual case.

Data protection officer

We have appointed a data protection officer.

Oliver Witt
Graf-von-Soden-Straße
88090 Immenstaad, Germany

Telephone: +49 7545 9339945
Email: info@beschicht.com

Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the United States or other third countries that do not have adequate data protection. When these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that these countries do not guarantee a level of data protection comparable to that in the EU. For example, US companies are obliged to release personal data to security authorities without you as the data subject being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence over these processing activities.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent that you have already given at any time. The legality of the data processing carried out up to the point of revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 ABS. 1 LIT. E OR F OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA, THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING IS PROVIDED IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN PROVE THAT THERE ARE COMPELLING REASONS FOR PROCESSING WHICH ARE WORTHY OF PROTECTION AND WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 SECT. 1 GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 SECT. 2 GDPR).

Right of appeal to the competent supervisory authority

In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.

Right to data portability

You have the right to demand that we hand over any data we automatically process based on your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.

Information, deletion and correction

Within the scope of the applicable legal provisions, you have the right to receive information free of charge at any time about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct or delete this data. You can contact us at any time with questions about this and other issues related to personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time regarding this. The right to restriction of processing applies in the following cases:

• If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. You have the right to request that the processing of your personal data be restricted for the duration of the verification.
• If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of deletion.
• If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deleted.
• If you have objected to processing pursuant to Article 21(1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Encrypted payment transactions on this website

If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the browser's address line changes from "http://" to "https://" and by the lock symbol in your browser line.

If the communication with us is encrypted, the payment data you transmit to us cannot be read by third parties.

4. data collection on this website

Cookies

Our website uses so-called "cookies". Cookies are small text files and do not cause any damage to your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your device when you visit our site (third-party cookies). These enable us or you to use certain services provided by the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.

Cookies that are required for the performance of the electronic communications transaction, to provide certain functions you want to use (e.g. the shopping cart function) or to optimise the website (e.g. cookies that provide measurable insights into the web audience) (necessary cookies) shall be stored on the basis of Art. 6 Sect. 1 lit. f GDPR, unless a different legal basis is cited. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG); consent may be revoked at any time.

You can adjust your browser settings so that you are informed when cookies are set and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them, and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

If cookies are used by third-party companies or for analysis purposes, we will inform you of this separately in the context of this data protection declaration and, if necessary, request your consent.

Consent with ConsentManager

Our website uses the consent technology of ConsentManager to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document this consent in a data protection compliant manner. The provider of this technology is Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: https://www.consentmanager.de (hereinafter referred to as "ConsentManager").

When you visit our website, a connection is established with ConsentManager's servers to obtain your consent and other declarations regarding the use of cookies. ConsentManager then stores a cookie in your browser to be able to allocate the consent you have given or any revocations of the same. The data collected in this way is stored until you ask us to delete it, delete the Consent Manager provider cookie itself or the purpose for storing the data no longer applies. Mandatory statutory retention requirements remain unaffected.

ConsentManager is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 Para. 1 lit. c DSGVO.

Contract data processing

We have concluded a contract for order processing (AVV) with the above-named provider. This is a contract prescribed by data protection law that ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

• Browser type and browser version
• operating system used
• referrer URL
• host name of the accessing computer
• Time of server request
• IP address

These data are not combined with data from other sources.

This data is recorded on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error free depiction and the optimization of the operator's website.

Contact form

If you send us enquiries using the contact form, your details from the enquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 Sect. 1 lit. b GDPR if your inquiry is related to the fulfilment of a contract or is required for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), provided that this has been requested; the consent can be revoked at any time.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Enquiries by email, telephone or fax

If you contact us by email, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not share this information without your consent.

This data is processed on the basis of Art. 6 Sect. 1 lit. b GDPR if your inquiry is related to the fulfilment of a contract or is required for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), provided that this has been requested; the consent can be revoked at any time.

We will continue to store the data you send to us via contact requests until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have finished processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Use of chatbots

We use chatbots to communicate with you. Chatbots are able to respond to your questions and other input without human assistance. To do this, the chatbots analyse not only your input but also other data in order to provide appropriate answers (e.g. names, email addresses and other contact data, customer numbers and other identifiers, orders and chat histories). Furthermore, your IP address, log files, location information and other metadata may be collected via the chatbot. These data are stored on the chatbot provider's servers.

User profiles can be created based on the data collected. In addition, the data can be used to display interest-based advertising, provided that the other legal requirements (in particular consent) are met. To do this, the chatbots can be linked to analysis and advertising tools.

The data collected can also be used to improve our chatbots and their response behaviour (machine learning).

The data you enter during communication will remain with us or the chatbot operator until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

The legal basis for the use of chatbots is Art. 6 Sect. 1 lit. b GDPR, insofar as the chatbot is used to initiate or fulfil a contract. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) point a GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. In all other cases, the use is based on our legitimate interest in the most effective customer communication possible (Art. 6 para. 1 lit. f GDPR).

Hubspot CRM

We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter referred to as Hubspot CRM).

Hubspot CRM enables us, among other things, to manage existing and potential customers as well as customer contacts. With the help of Hubspot CRM, we are able to capture, sort and analyse customer interactions across various channels, including email, social media and telephone. The personal data collected in this way can be evaluated and used for communication with potential customers or for marketing measures (e.g. newsletter mailings). Hubspot CRM also enables us to record and analyse the user behaviour of our contacts on our website.

Hubspot CRM is used on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) point a GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

For details, please refer to Hubspot's privacy policy: https://legal.hubspot.com/de/privacy-policy.

Data transfer to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.

Contract data processing

We have concluded an order processing contract with the provider named above. This is a contract that is required under data protection law and ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Registering on this website

You can register on this site in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

We will use the email address provided during registration to inform you about important changes, such as those related to the scope of the offer or those that are technically necessary.

The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for initiating further contracts (Art. 6 para. 1 lit. b DSGVO).

We will continue to store the data collected during registration for as long as you remain registered on this website. The data will then be deleted. This does not affect statutory retention periods.

Comment function on this website

For the comment function on this page, in addition to your comment, information about when the comment was created, your email address and, if you do not post anonymously, the username you have chosen will be stored.

Storage period for comments

The comments and the associated data are stored and remain on this website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. abusive comments).

Legal basis

Comments are stored on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR). You can withdraw your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

5. Social media

Facebook

This website includes elements of the social network Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data will also be transferred to the United States and other third-party countries.

An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook "Like" button while you are logged into your Facebook account, you can link the contents of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the data transmitted or how it is used by Facebook. For more information, please refer to the Facebook privacy policy at: https://de-de.facebook.com/privacy/explanation.

Insofar as consent has been obtained, the use of the above-mentioned service is based on Art. 6 para. 1 lit. a DSGVO and § 25 TTDSG. Consent can be revoked at any time. Insofar as no consent has been obtained, the use of the service is based on our legitimate interest in the widest possible visibility in social media.

Insofar as personal data is collected on our website with the help of the tools described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the data has been forwarded is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the wording of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a manner that is secure under data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

Twitter

This website incorporates functions of the Twitter service. These functions are offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

If the social media element is active, a direct connection will be established between your end device and the Twitter server. Twitter will then receive information about your visit to this website. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. We would like to point out that, as the provider of the pages, we do not receive any knowledge of the content of the transmitted data or its use by Twitter. For more information, please refer to the Twitter privacy policy at: https://twitter.com/de/privacy.

Insofar as consent has been obtained, the use of the above-mentioned service is based on Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. Consent can be revoked at any time. Insofar as no consent has been obtained, the use of the service is based on our legitimate interest in the widest possible visibility in social media.

Data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

You can change your Twitter privacy settings in your account settings at https://twitter.com/account/settings.

Instagram

This website incorporates features of the Instagram service. These features are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If the social media element is active, a direct connection will be established between your end device and the Instagram server. This means that Instagram receives information about your visit to this website.

If you are logged into your Instagram account, you can link the contents of this website to your Instagram profile by clicking the Instagram button. This enables Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how it is used by Instagram.

If consent has been obtained, the use of the above-mentioned service is based on Art. 6 (1) point a GDPR and Art. 25 TTDSG. Consent can be revoked at any time. If consent has not been obtained, the use of the service is based on our legitimate interest in the widest possible visibility in social media.

Insofar as personal data is collected on our website with the help of the tools described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the data has been forwarded is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for implementing the tool on our website in a manner that is secure under data protection law. Facebook is responsible for the data security of Facebook or Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert data subject rights with us, we are obliged to forward these to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

For more information, see the Instagram Privacy Policy: https://instagram.com/about/legal/privacy/.

Tumblr

This website uses buttons and other elements of the Tumblr service. The provider is Tumblr, Inc., 35 East 21st St, 10th Floor, New York, NY 10010, USA.

When the social media element is active, a direct connection is established between your end device and the Tumblr server. Tumblr thereby receives information about your visit to this website.

The Tumblr buttons enable you to share a post or page on Tumblr or follow the provider on Tumblr. When you access one of our websites using the Tumblr button, the browser establishes a direct connection with Tumblr's servers. We have no influence on the amount of data that Tumblr collects and transmits with the help of this plugin. As things stand, the user's IP address and the URL of the respective website are transmitted.

If consent has been obtained, the use of the above service is based on Art. 6 Sect. 1 lit. a GDPR and § 25 TTDSG. Consent may be revoked at any time. If no consent has been obtained, the use of the service is based on our legitimate interest in the widest possible visibility in social media.

Further information can be found in Tumblr's privacy policy at: https://www.tumblr.com/privacy/de.

LinkedIn

This website uses elements of the LinkedIn network. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Every time you access a page of this website that contains LinkedIn elements, a connection to the LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click on the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn will be able to link your visit to this website to your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn.

Insofar as consent has been obtained, the use of the above-mentioned service is based on Art. 6 (1) point a GDPR and Art. 25 TTDSG. Consent can be revoked at any time. If consent has not been obtained, the use of the service is based on our legitimate interest in the widest possible visibility in social media.

Data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de

Further information can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

XING

This website uses elements of the XING network. The provider of this service is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Every time you access one of our pages that contains XING elements, a connection to the XING servers is established. To the best of our knowledge, personal data is not stored in the process. In particular, no IP addresses are stored and no user behaviour is evaluated.

If consent has been obtained, the use of the above service is based on Art. 6 (1) point a GDPR and Section 25 TTDSG. Consent can be withdrawn at any time. If consent has not been obtained, the use of the service is based on our legitimate interest in achieving the widest possible visibility in social media.

Further information on data protection and the XING Share button can be found in XING's privacy policy at: https://www.xing.com/app/share?op=data_protection.

Pinterest

On this website, we use elements of the social network Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

When you access a page that contains such an element, your browser establishes a direct connection to the Pinterest servers. This social media element transmits protocol data to the Pinterest server in the USA. This protocol data may include your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of your browser, the date and time of your request, how you use Pinterest and cookies.

If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 (1) point a GDPR and Section 25 TTDSG. Consent may be revoked at any time. If consent has not been obtained, the service is used on the basis of our legitimate interest in the greatest possible visibility in social media.

Further information on the purpose, scope and further processing and use of the data by Pinterest, as well as your rights in this regard and options for protecting your privacy, can be found in Pinterest's data protection information: https://policy.pinterest.com/de/privacy-policy.

6. Analysis tools and advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies or carry out independent analyses. It is used only to manage and display the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

Google Tag Manager is used on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and easy integration and management of various tools on his website. If the appropriate consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. These data are combined in a user ID and assigned to the respective end device of the website visitor.

Furthermore, we can use Google Analytics, among other things, to record your mouse and scroll movements and clicks. Google Analytics also uses various modelling approaches to supplement the collected data sets and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

This service is used on the basis of your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG. This consent may be withdrawn at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

For more information about how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalised advertising with the help of Google Signal. If you have a Google account, Google Signal will link the visitor data to your Google account and use it for personalised advertising messages. The data is also used to create anonymised statistics on the user behaviour of our users.

Contract data processing

We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics E-Commerce Measurement

This website uses the "E-Commerce Measurement" function of Google Analytics. With the help of E-Commerce Measurement, the website operator can analyse the purchasing behaviour of website visitors to improve their online marketing campaigns. Information such as the orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device.

Hotjar

This website uses Hotjar. The provider of this service is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

Hotjar is a tool for analysing your user behaviour on this website. With Hotjar, we can, among other things, record your mouse and scroll movements and clicks. Hotjar can also determine how long you remained with the mouse pointer in a certain place. From this information, Hotjar creates so-called heat maps, which can be used to determine which website areas are preferred by the website visitor.

Furthermore, we can determine how long you have remained on a page and when you left it. We can also determine at which point you cancelled your entries in a contact form (so-called conversion funnels).

In addition, Hotjar can be used to obtain direct feedback from website visitors. This function is used to improve the website operator's web offerings.

Hotjar uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting).

If consent has been obtained, the service is used exclusively on the basis of Art. 6 (1) point a GDPR and Section 25 TTDSG. The consent can be withdrawn at any time. If consent has not been obtained, this service is used on the basis of Art. 6 (1) (f) GDPR; the website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

Deactivating Hotjar

If you wish to disable data collection by Hotjar, please click on the following link and follow the instructions provided there: https://www.hotjar.com/policies/do-not-track /

Please note that Hotjar must be disabled separately for each browser or end device.

For more information about Hotjar and the data collected, please refer to Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy

Data processing

We have concluded a contract data processing agreement (CDPA) with the provider named above. This is a contract that is required under data protection law and ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display ads in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted ads can be displayed based on the user data available on Google (e.g. location data and interests) (target group targeting). As the website operator, we can analyse this data quantitatively, for example by analysing which search terms led to the display of our ads and how many ads led to corresponding clicks.

This service is used on the basis of your consent in accordance with Art. 6 (1) point a GDPR and Section 25 (1) TTDSG. You may revoke your consent at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google AdSense

This website uses Google AdSense, a service for integrating advertisements. The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Adsense, we can display targeted advertisements from third-party companies on our site. The content of the advertisements is based on your interests, which Google determines based on your previous user behaviour. Furthermore, contextual information, such as your location, the content of the website visited or the Google search terms you entered, are also taken into account when selecting the appropriate advertisement.

Google AdSense uses cookies, web beacons (invisible graphics) and comparable recognition technologies. These can be used to analyse information such as visitor traffic on these pages.

The information collected by Google Adsense about the use of this website (including your IP address) and the delivery of advertising formats is transferred to a Google server in the USA and stored there. This information may be passed on by Google to contractual partners of Google. However, Google will not merge your IP address with other data stored about you.

This service is used on the basis of your consent in accordance with Art. 6 (1) point a GDPR and Section 25 (1) TTDSG. This consent may be withdrawn at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads Remarketing allows us to assign people who interact with our online offering to specific target groups so that we can then show them interest-based advertising in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to the cross-device functions of Google. This way, personalised advertising messages that are based on your previous usage and surfing behaviour on one device (e.g. mobile phone) and tailored to you can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can opt out of personalised advertising by clicking on the following link: https://www.google.com/settings/ads/onweb/.

This service is used on the basis of your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) of the German Teleservices Data Protection Act (TTDSG). This consent can be withdrawn at any time.

Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de.

Target group formation with customer matching

We use Google Ads Remarketing customer matching, among other things, to create target groups. For this, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they will be shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

Google conversion tracking

This website uses Google Conversion Tracking. The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, we and Google can recognise whether the user has performed certain actions. For example, we can evaluate which buttons on our website are clicked how often and which products are viewed or purchased particularly frequently. This information is used to generate conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that would allow us to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

This service is used on the basis of your consent in accordance with Art. 6 Sect. 1 lit. a GDPR and Sect. 25 para. 1 TTDSG. This consent may be revoked at any time.

For more information about Google Conversion Tracking, see the Google Privacy Policy: https://policies.google.com/privacy?hl=de.

Facebook Pixel

This website uses Facebook's visitor activity pixel to measure conversion. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third-party countries.

This allows the behaviour of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising efforts to be optimised.

The data collected is anonymous to us as the operator of this website and we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage guidelines. This enables Facebook to enable the placement of advertisements on and off Facebook. We, as the site operator, have no influence over this use of the data.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the data has been forwarded is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the wording of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a manner that is secure under data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook.

You can find more information about protecting your privacy in Facebook's data policy: https://de-de.facebook.com/about/privacy/.

You can also disable the remarketing Custom Audiences feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook.

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

Facebook Conversion API

We have integrated Facebook Conversion API into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the United States and other third-party countries.

The Facebook Conversion API allows us to capture the interactions of the website visitor with our website and to pass them on to Facebook to improve the advertising performance on Facebook.

In particular, the time of access, the website accessed, your IP address and your user agent, as well as any other specific data (e.g. purchased products, value of the shopping cart and currency) are recorded. A complete overview of the data that can be collected can be found here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

This service is used on the basis of your consent in accordance with Art. 6 (1) point a GDPR and Art. 25 (1) TTDSG. Consent can be revoked at any time.

Insofar as personal data is collected on our website using the tools described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the data has been forwarded is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the wording of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a manner that is secure under data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find more information about protecting your privacy in Facebook's data protection information: https://de-de.facebook.com/about/privacy/.

Data processing

We have concluded a contract data processing agreement (CDPA) with the provider named above. This is a contract that is required under data protection law and ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Facebook Custom Audiences

We use Facebook Custom Audiences. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites and apps, take advantage of our free or paid offers, transmit data to us or interact with our company's Facebook content, we collect your personal data. If you give us permission to use Facebook Custom Audiences, we will transmit this data to Facebook, which will enable Facebook to display suitable advertising to you. Furthermore, your data can be used to define target groups (lookalike audiences).

Facebook processes this data as our processor. Details can be found in the Facebook user agreement: https://www.facebook.com/legal/terms/customaudience.

This service is used on the basis of your consent in accordance with Art. 6 (1) point a GDPR and Art. 25 (1) TTDSG. Consent may be revoked at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing.

Google enhanced Conversion

FAST from SMARKETER

1. General scope and description of data processing

2. scope and description of data processing when using Google Ads / Microsoft Ads

3. legal basis for the processing of personal data

4. Purposes of processing

5. Duration of storage

6. Objection and removal options