Privacy policy
1) Introduction and contact details of the person responsible
1.1 We are pleased that you are visiting our website and thank you for your interest.
In the following, we will inform you about how we handle your personal data when you
use our website. Personal data is all data with which you can be personally identified.
1.2 The controller in charge of data processing on this website, within the meaning of
the General Data Protection Regulation (GDPR), is MYMITO GmbH, Ronsdorfer Str. 74,
40233 Düsseldorf, Deutschland, Tel.: +49 (0)211 9991450, Fax: +49 (0)211 99914510,
E-Mail: contact@cubit-shop.com. The controller of personal data is the natural or legal
person who alone or jointly with others determines the purposes and means of the
processing of personal data.
2) Data collection when visiting our website
2.1 If you use our website for information purposes only, i.e. if you do not register or
otherwise provide us with information, we only collect the data that your browser
transmits to the site server (so-called "server log files"). When you access our
website, we collect the following data, which is technically necessary for us to display
the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymised form)
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our
legitimate interest in improving the stability and functionality of our website. The data is
not passed on or used in any other way. However, we reserve the right to subsequently
check the server log files if there are concrete indications of unlawful use.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the
transmission of personal data and other confidential content (e.g. orders or enquiries to
the controller). You can recognise an encrypted connection by the character string
"https://" and the lock symbol in your browser line.
3) Hosting & Content Delivery Network
Cloudflare
We use a content delivery network from the following provider: Cloudflare Inc, 101
Townsend St. San Francisco, CA 94107, USA
This service enables us to deliver large media files such as graphics, page content or
scripts more quickly via a network of regionally distributed servers. The processing is
carried out to safeguard our legitimate interest in improving the stability and
functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. We have
concluded an order processing contract with the provider, which ensures the protection
of the data of our website visitors and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider has signed up to the EU-US Data Privacy
Framework, which ensures compliance with the European level of data protection on
the basis of an adequacy decision by the European Commission.
4) Cookies
In order to make visiting our website attractive and to enable the use of certain
functions, we use cookies, i.e. small text files that are stored on your end device. Some
of these cookies are automatically deleted after you close your browser (so-called
"session cookies"), while others remain on your device for longer and enable page
settings to be saved (so-called "persistent cookies"). In the latter case, you can find the
storage period in the cookie settings overview of your web browser.
If personal data is also processed by individual cookies used by us, the processing is
carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the
contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent given or in
accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the
best possible functionality of the website and a customer-friendly and effective design
of the page visit.
You can set your browser so that you are informed about the setting of cookies and can
decide individually about their acceptance or exclude the acceptance of cookies for
certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be
restricted.
Sie können die Einstellungen jederzeit hier ändern.
5) Contact us
5.1 Microsoft Bookings
We use the services of the following provider to provide an online appointment booking
function: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
For the purpose of making appointments, first and last name and email address (and
telephone number if a telephone appointment is requested) are collected in
accordance with Art. 6 para. 1 lit. b GDPR and transmitted to the provider in
accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in
effective customer management and efficient appointment management and stored
there for the purpose of organising appointments.
After the appointment has been held or the agreed appointment period has expired,
your data will be deleted by the provider. We have concluded an order processing
contract with the provider, which ensures the protection of the data of our website visitors
and prohibits unauthorised disclosure to third parties.
For data transfers to the USA, the provider has signed up to the EU-US Data Privacy
Framework, which ensures compliance with the European level of data protection on
the basis of an adequacy decision by the European Commission.
5.2 WhatsApp-Business
We offer visitors to our website the opportunity to contact us via the WhatsApp messaging service provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the so-called ‘business version’ of WhatsApp for this purpose.
If you contact us via WhatsApp on the occasion of a specific transaction (for example, an order placed), we will store and use the mobile phone number you use on WhatsApp and - if provided - your first and last name in accordance with Art. 6 para. 1 lit. b. GDPR to process your enquiry. GDPR to process and respond to your request. On the same legal basis, we may ask you to provide further data (order number, customer number, address or e-mail address) via WhatsApp in order to be able to assign your enquiry to a specific process.
If you use our WhatsApp contact for general enquiries (e.g. about the range of services, availability or our website), we will store and use the mobile phone number you use on WhatsApp and - if provided - your first and last name in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the efficient and timely provision of the requested information.
Your data will only ever be used to respond to your enquiry via WhatsApp. Your data will not be passed on to third parties.
Please note that WhatsApp Business receives access to the address book of the mobile device we use for this purpose and automatically transfers telephone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. To operate our WhatsApp Business account, we use a mobile device whose address book only stores the WhatsApp contact data of those users who have contacted us via WhatsApp.
This ensures that every person whose WhatsApp contact data is stored in our address book has already consented to the transmission of their WhatsApp telephone number from the address books of their chat contacts in accordance with Art. 6 para. 1 lit. a GDPR when using the app on their device for the first time by accepting the WhatsApp terms of use. The transmission of data of such users who do not use WhatsApp and/or have not contacted us via WhatsApp is excluded in this respect.
The purpose and scope of the data collection and the further processing and use of the data by WhatsApp, as well as your rights in this regard and setting options for protecting your privacy, can be found in WhatsApp's privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
As part of the above-mentioned processing, data may be transferred to Meta Platforms Inc. servers in the USA.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
5.3 When you contact us (e.g. via contact form or e-mail), personal data is processed
exclusively for the purpose of processing and responding to your enquiry and only to
the extent necessary for this purpose.
The legal basis for the processing of this data is our legitimate interest in responding to
your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at a
contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your
data will be deleted if it can be inferred from the circumstances that the matter in
question has been conclusively clarified and provided that there are no statutory
retention obligations to the contrary.
5.4 Userlike Website Chat
Mymito GmbH uses chat software from the company Userlike UG (limited liability company), Probsteigasse 44-46, 50670 Cologne, Germany. You can use the chat like a contact form to chat with our employees almost in real time. The following personal data is collected when the chat is started:
- Date and time of the call,
- IP address,
- URL of the previously visited website.
- And if specified: First name, surname and email address.
Depending on the course of the conversation with our employees, further personal data may be collected in the chat and entered by you. The nature of this data depends largely on your enquiry or the problem you describe to us. The purpose of processing all this data is to provide you with a quick and efficient means of contact and thus improve our customer service.
By accessing the cubit-shop.com website, the chat widget is loaded in the form of a JavaScript file from AWS Cloudfront. The chat widget technically represents the source code that is executed on your computer and enables the chat.
In addition, Mymito GmbH stores the chat history for a period of 12 months. The purpose of this is to save you from having to provide extensive explanations about the history of your enquiry and for the continuous quality control of our chat service. Processing is therefore permitted in accordance with Art. 6 para. 1 letter f GDPR. If you do not wish this, please let us know. We will then delete saved chats immediately.
The storage of chat data also serves the purpose of ensuring the security of our information technology systems. This is also our legitimate interest, which is why processing is permitted in accordance with Art. 6 para. 1 letter f GDPR.
Further information can be found in the privacy policy of Userlike UG(limited liability company).
6) Data processing when opening a customer account
In accordance with Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected
and processed to the extent necessary if you provide it to us when opening a customer
account. The data required to open an account can be found in the input mask of the
corresponding form on our website.
Deletion of your customer account is possible at any time and can be done by sending a
message to the above-mentioned address of the controller. After deletion of your
customer account, your data will be deleted, provided that all contracts concluded
through it have been fully processed, there are no legal retention periods to the
contrary and we have no legitimate interest in further storage.
7) Use of customer data for direct marketing
7.1 Subscribe to our e-mail newsletter
If you subscribe to our e-mail newsletter, we will send you regular information about our
offers. The only mandatory information for sending the newsletter is your e-mail
address. The provision of further data is voluntary and is used to address you
personally. We use the so-called double opt-in procedure for sending the newsletter,
which ensures that you only receive newsletters if you have expressly confirmed your
consent to receive the newsletter by clicking on a verification link sent to the email
address provided.
By activating the confirmation link, you give us your consent to use your personal data
in accordance with Art. 6 para. 1 lit. a GDPR. We store your IP address entered by the
Internet service provider (ISP) as well as the date and time of registration in order to be
able to trace any possible misuse of your e-mail address at a later date. The data we
collect when you register for the newsletter is used strictly for the intended purpose.
You can unsubscribe from the newsletter at any time via the link provided in the
newsletter or by sending a corresponding message to the controller named at the
beginning. Once you have cancelled your subscription, your e-mail address will be
deleted from our newsletter mailing list immediately, unless you have expressly
consented to further use of your data or we reserve the right to use data beyond this,
which is permitted by law and about which we inform you in this declaration.
7.2 Sending the e-mail newsletter to existing customers
If you have provided us with your e-mail address when purchasing goods or services,
we reserve the right to regularly send you offers for similar goods or services to those
already purchased from our range by e-mail. In accordance with Section 7 (3) UWG, we
do not need to obtain separate consent from you for this. In this respect, data
processing is carried out solely on the basis of our legitimate interest in personalised
direct advertising in accordance with Art. 6 para. 1 lit. f GDPR. If you have initially
objected to the use of your email address for this purpose, we will not send you any
emails.
You are entitled to object to the use of your e-mail address for the aforementioned
advertising purpose at any time with effect for the future by sending a message to the
controller named at the beginning. You will only incur transmission costs for this in
accordance with the basic tariffs. Upon receipt of your objection, the use of your e-mail
address for advertising purposes will be discontinued immediately.
8) Data processing for order processing
8.1 Insofar as necessary for contract processing for delivery and payment purposes,
the personal data collected by us will be passed on to the commissioned transport
company and the commissioned credit institution in accordance with Art. 6 para. 1
lit. b GDPR.
If we owe you updates for goods with digital elements or for digital products on the basis
of a corresponding contract, we process the contact data (name, address, e-mail address)
provided by you when ordering in order to inform you personally by suitable means of
communication (e.g. by post or e-mail) about upcoming updates within the legally
prescribed period within the scope of our statutory information obligations pursuant to
Art. 6 para. 1 lit. c GDPR. Your contact details will be used strictly for the purpose of
notifying you of updates owed by us and will only be processed by us for this purpose to
the extent that this is necessary for the respective information.
To process your order, we also work together with the following service provider(s), who
support us in whole or in part in the fulfilment of concluded contracts. Certain personal
data is transmitted to these service providers in accordance with the following
information.
8.2 Transfer of personal data to shipping service providers
- DACHSER SE
We use the following provider as our transport service provider: DACHSER SE,
Logistics Centre Munich, European Logistics, Zamilastraße 11,81677 Munich,
Germany
We will pass on your e-mail address and/or telephone number to the provider in
accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose
of coordinating a delivery date or for delivery notification, provided that you have given
your express consent to this during the ordering process. Otherwise, we will only pass
on the name of the recipient and the delivery address to the provider for the purpose of
delivery in accordance with Art. 6 para. 1 lit. b GDPR. The information will only be
passed on if this is necessary for the delivery of goods. In this case, prior coordination of
the delivery date with the provider or notification of delivery is not possible.
Consent can be withdrawn at any time with effect for the future from the controller
named above or from the provider.
- German Post
We use the following provider as our transport service provider: Deutsche Post AG,
Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany
We will pass on your e-mail address and/or telephone number to the provider in
accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose
of coordinating a delivery date or for delivery notification, provided that you have given
your express consent to this during the ordering process. Otherwise, we will only pass
on the name of the recipient and the delivery address to the provider for the purpose of
delivery in accordance with Art. 6 para. 1 lit. b GDPR. The information will only be
passed on if this is necessary for the delivery of goods. In this case, prior coordination of
the delivery date with the provider or notification of delivery is not possible.
Consent can be withdrawn at any time with effect for the future from the controller
named above or from the provider.
- DHL
We use the following provider as our transport service provider: DHL Paket GmbH,
Sträßchensweg 10, 53113 Bonn, Germany
We will pass on your e-mail address and/or telephone number to the provider in
accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose
of coordinating a delivery date or for delivery notification, provided that you have given
your express consent to this during the ordering process. Otherwise, we will only pass
on the name of the recipient and the delivery address to the provider for the purpose of
delivery in accordance with Art. 6 para. 1 lit. b GDPR. The information will only be
passed on if this is necessary for the delivery of goods. In this case, prior agreement of
the delivery date with the supplier or the delivery notification is not possible.
Consent can be withdrawn at any time with effect for the future from the controller
named above or from the provider.
8.3 Use of payment service providers (payment services)
- Paypal
One or more online payment methods of the following provider are available on this
website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449
Luxembourg
If you select a payment method of the provider for which you make advance payment,
the payment data you provide during the ordering process (including name, address,
bank and payment card information, currency and transaction number) as well as
information about the content of your order will be passed on to the provider in
accordance with Art. 6 para. 1 lit. b GDPR. In this case, your data will only be passed on
for the purpose of payment processing with the provider and only to the extent that it is
necessary for this purpose.
If you select a payment method for which we make advance payments, you will also be
asked to provide certain personal data (first and last name, street, house number,
postcode, city, date of birth, e-mail address, telephone number, and, if applicable, data
on an alternative means of payment) during the order process.
In order to safeguard our legitimate interest in determining your solvency in such cases,
we will forward this data to the provider for the purpose of a credit check in accordance
with Art. 6 para. 1 lit. f GDPR. Based on the personal data provided by you and other
data (such as shopping basket, invoice amount, order history, payment experience), the
provider checks whether the payment option you have selected can be granted with
regard to payment and/or bad debt risks.
The credit report may contain probability values (so-called score values). If score values
are included in the result of the credit report, they are based on a scientifically
recognised mathematical-statistical procedure. The calculation of the score values
includes, but is not limited to, address data.
You can object to this processing of your data at any time by sending a message to us or
to the provider. However, the provider may still be authorised to process your personal
data if this is necessary to process payments in accordance with the contract.
- Unzer
One or more online payment methods of the following provider are available on this
website: Payolution GmbH Columbusplatz 7-8, Stiege 1 / 5th floor, 1100
Vienna, Austria
If you select a payment method of the provider for which you make an advance
payment (such as credit card payment), the payment data you provide during the
ordering process (including name, address, bank and payment card information,
currency and transaction number) as well as information about the content of your
order will be passed on to the provider in accordance with Art. 6 para. 1 lit. b GDPR. In
this case, your data will only be passed on for the purpose of payment processing with
the provider and only to the extent that it is necessary for this purpose.
If you select a payment method for which the provider makes an advance payment
(such as invoice or instalment purchase or direct debit), you will also be asked to
provide certain personal data (first and last name, street, house number, postcode,
city, date of birth, e-mail address, telephone number, possibly data on an alternative
means of payment) during the order process.
In order to safeguard our legitimate interest in determining the solvency of our
customers, this data is forwarded by us to the provider for the purpose of a credit check
in accordance with Art. 6 para. 1 lit. f GDPR. On the basis of the personal data provided
by you and other data (such as shopping basket, invoice amount, order history, payment
experience), the provider checks whether the payment option you have selected can be
granted with regard to payment and/or bad debt risks.
In addition to internal provider criteria pursuant to Art. 6 para. 1 lit. f GDPR, identity
and creditworthiness information from the following credit agencies may also be
included in the decision as part of the application review:
- SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
- CRIF GmbH, Diefenbachgasse 35, 11 50 Vienna, Austria
- CRIF AG, Hagenholzstrasse 81, 8050 Zurich, Switzerland
- CRIF GmbH, Leopoldstraße 244, 80807 Munich, Germany
- SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
- KSV1870 Information GmbH, Wagenseilgasse 7, 1100 Vienna, Austria
- Creditreform Boniversum GmbH, Hellersbergstr. 11, 41460 Neuss, Germany
- infoscore Consumer Data GmbH, Rheinstrasse 99, 76532 Baden-Baden, Germany
- ProfileAddress Direktmarketing GmbH, Altmannsdorfer Strasse 311, 1230
Vienna, Austria
- Emailage LTD, 1 Fore Street Ave, London, EC2Y 5EJ, United Kingdom
- ThreatMetrix, The Base 3/F, Tower C, Evert van de Beekstraat 1, 1118 CL Schiphol,
Netherlands
- payolution GmbH, Columbuscenter, Columbusplatz 7-8, 1100 Vienna, Austria
- Universum Business GmbH, Hanauer Landstr. 164, 60314 Frankfurt am Main,
Germany
The credit report may contain probability values (so-called score values).
Where score values are included in the result of the credit report, they are based on a
scientifically recognised mathematical-statistical procedure. The calculation of the score
values includes, but is not limited to, address data.
You can object to this processing of your data at any time by sending a message to us or
to the provider. However, the provider may still be authorised to process your personal
data if this is necessary to process payments in accordance with the contract.
9) Web analysis services
9.1 Google Analytics 4
This website uses Google Analytics 4, a web analysis service of Google Ireland Limited,
Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables your
use of our website to be analysed.
By default, Google Analytics sets 4 cookies when you visit the website, which are
stored as small text modules on your end device and collect certain information. The
scope of this information also includes your IP address, which, however, is shortened
by Google by the last digits in order to exclude a direct personal reference.
The information is transferred to Google servers and processed there. Transmission to
Google LLC, based in the USA, is also possible.
Google uses the information collected on our behalf to analyse your use of the website,
to compile reports on website activity for us and to provide other services relating to
website activity and internet usage. The abbreviated IP address transmitted by your
browser as part of Google Analytics will not be merged with other Google data. The
data collected as part of the use of Google Analytics 4 is stored for a period of two
months and then deleted.
All processing described above, in particular the setting of cookies on the terminal
device used, will only take place if you have given us your express consent to do so
in accordance with Art. 6 para. 1 lit. a GDPR.
Without your consent, Google Analytics 4 will not be used during your visit to our
website. You can revoke your consent at any time with effect for the future. To
exercise your right of cancellation, please deactivate this service using the "cookie
consent tool" provided on the website.
We have concluded an order processing contract with Google, which ensures the
protection of the data of our website visitors and prohibits unauthorised disclosure to
third parties.
Further legal information on Google Analytics 4 can be found at
https://policies.google.com/privacy?hl=de&gl=de and at
https://policies.google.com/technologies/partner-sites
Demographic characteristics
Google Analytics 4 uses the special function "demographic characteristics" and can use
it to create statistics that make statements about the age, gender and interests of site
visitors. This is done by analysing advertising and information from third-party
providers. This allows target groups to be identified for marketing activities. However,
the data collected cannot be assigned to a specific person and is deleted after being
stored for a period of two months.
Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to
generate cross-device reports. If you have activated personalised ads and have linked
your devices to your Google account, Google can analyse your usage behaviour across
devices and create database models, including for cross-device conversions, subject to
your consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a
GDPR. We do not receive any personal data from Google, only statistics. If you wish to
stop the cross-device analysis, you can deactivate the "Personalised advertising"
function in the settings of your Google account. To do this, follow the instructions on
this page: https://support.google.com/ads/answer/2662922?hl=de You can find more
information about Google Signals at the following link:
https://support.google.com/analytics/answer/7532985?hl=de
UserIDs
As an extension to Google Analytics 4, the "UserIDs" function can be used on this
website. If you have consented to the use of Google Analytics 4 in accordance with Art.
6 para. 1 lit. a GDPR, have set up an account on this website and log in with this
account on different devices, your activities, including conversions, can be analysed
across devices.
For data transfers to the USA, the provider has signed up to the EU-US Data Privacy
Framework, which ensures compliance with the European level of data protection on
the basis of an adequacy decision by the European Commission.
9.2 Matomo
This website uses a web analysis service from the following provider: InnoCraft Ltd, 150
Willis St, 6011 Wellington, New Zealand, ("Matomo")
To protect site visitors, Matomo uses a so-called "config_id" to enable various analyses
of site usage within a short time window of up to 24 hours. The site's "config_id" is a
randomly set, time-limited hash of a limited number of the visitor's settings and
attributes. The config_id or the config hash is a character string that is calculated for a
visitor based on their operating system, browser, browser plug-ins, IP address and browser
language.
Matomo does not use device fingerprinting and uses an anonymised IP address of the site
visitor to create the "config_id". If the information processed in this way includes personal
user data, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the
basis of our legitimate interest in the statistical analysis of user behaviour for optimisation
and marketing purposes. To object to the future processing of your visitor data, we provide
you with a separate objection option on our website. If data collected using Matomo technology
(including your pseudonymised IP address) is transferred to Matomo servers in New Zealand and
processed for usage analysis purposes, we hereby inform you that the European Commission has
issued a so-called adequacy decision for New Zealand, which certifies compliance with European data
protection standards for international data transfers.
If data is also transferred to the provider's server and the web analysis service is not installed
locally on our server, we have concluded an order processing agreement with
the provider that ensures the protection of our website visitors' data and prohibits
unauthorised disclosure to third parties.
10) Retargeting/remarketing and conversion tracking
10.1 Facebook pixel for the creation of custom audiences
Within our online offering, we use the "Facebook Pixel" service of the following provider:
Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Facebook")
If a user clicks on an advert placed by us on Facebook, a parameter is added to the URL
of our linked page with the help of "Facebook Pixel".
This URL parameter is then entered in the user's browser after forwarding by a cookie
that our linked page sets itself.
On the one hand, this enables Facebook to determine the visitors to our online offering as
a target group for the display of adverts (so-called "Facebook ads").
Accordingly, we use the service to display the Facebook ads placed by us only to those
Facebook users who have also shown an interest in our online offering or who have
certain characteristics (e.g. interests in certain topics or products determined on the
basis of the websites visited), which we transmit to Facebook (so-called "Custom
Audiences"). On the other hand, "Facebook Pixel" can be used to track whether users have been
redirected to our website after clicking on a Facebook advert and which actions they
take there (so-called "conversion tracking"). The data collected is anonymous for us, so it does not
allow us to draw any conclusions about the identity of the user. However, the data is stored and
processed by Facebook so that a connection to the respective user profile is possible and Facebook
can use the data for its own advertising purposes.
All processing described above, in particular the setting of cookies for reading
information on the terminal device used, will only be carried out if you have given us
your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. You can
revoke your consent at any time with effect for the future by deactivating this service in
the "cookie consent tool" provided on the website.
We have concluded an order processing contract with the provider, which ensures the
protection of our website visitors' data and prevents unauthorised access.
Disclosure to third parties is prohibited.
The information generated by Facebook is usually transmitted to a Facebook server and
stored there; in this context, it may also be transmitted to Meta Platforms Inc. servers in
the USA.
For data transfers to the USA, the provider has signed up to the EU-US Data Privacy
Framework, which ensures compliance with the European level of data protection on
the basis of an adequacy decision by the European Commission.
10.2 Google Ads Remarketing
This website uses retargeting technology from the following provider: Google Ireland
Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
For this purpose, Google sets a cookie in the browser of your end device, which
automatically enables interest-based advertising by means of a pseudonymous cookie
ID and on the basis of the pages you visit. Any further data processing will only take
place if you have consented to Google linking your internet and app browsing history to
your Google account and using information from your Google account to personalise
ads that you view on the web. In this case, if you are logged in to Google while visiting
our website, Google will use your data together with Google Analytics data to create
and define target group lists for cross-device remarketing. For this purpose, Google
temporarily links your personal data with Google Analytics data to create target groups.
As part of the use of Google Ads Remarketing, personal data may also be transmitted to
the servers of Google LLC. in the USA.
All processing described above, in particular the setting of cookies for reading
information on the terminal device used, will only be carried out if you have given us
your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. Without this
consent, retargeting technology will not be used during your visit to our website.
You can revoke your consent at any time with effect for the future. To exercise your
revocation, please deactivate this service in the "cookie consent tool" provided on the
website.
For data transfers to the USA, the provider has signed up to the EU-US Data Privacy
Framework, which ensures compliance with the European level of data protection on
the basis of an adequacy decision by the European Commission.
10.3 Google Ads conversion tracking
This website uses the online advertising programme "Google Ads" and, in the context of
Google Ads uses the conversion tracking of Google Ireland Limited, Gordon House, 4
Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use Google Ads to draw attention
to our attractive offers with the help of advertising material (so-called Google Adwords)
on external websites.
We can determine how successful the individual advertising measures are in relation to the
advertising campaign data. Our aim is to show younadverts that are of interest to you, to
make our website more interesting for you and to achieve a fair calculation of the advertising
costs incurred.
The cookie for conversion tracking is set when a user clicks on an Ads advert placed by
Google. Cookies are small text files that are stored on your end device. These cookies
generally lose their validity after 30 days and are not used for personal identification. If
the user visits certain pages of this website and the cookie has not yet expired, Google
and we can recognise that the user has clicked on the ad and has been redirected to
this page. Each Google Ads customer receives a different cookie. Cookies can therefore
not be tracked via the websites of Google Ads customers. The information collected
using the conversion cookie is used to generate conversion statistics for Google Ads
customers who have opted for conversion tracking. Customers are told the total
number of users who clicked on their advert and were redirected to a page with a
conversion tracking tag. However, they do not receive any information with which users
can be personally identified. When using Google Ads, personal data may also be
transmitted to the servers of Google LLC. in the USA.
Details on the processing triggered by Google Ads Conversion Tracking and how Google
handles data from websites can be found here:
https://policies.google.com/technologies/partner-sites
All processing described above, in particular the setting of cookies for reading
information on the terminal device used, will only be carried out if you have given us
your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. You can
revoke your consent at any time with effect for the future by deactivating this service in
the "cookie consent tool" provided on the website.
You can also permanently object to the setting of cookies by Google Ads
Conversion Tracking by downloading and installing the Google browser plug-in
available at the following link: https://www.google.com/settings/ads/plugin?hl=de
Please note that certain functions of this website may not be available or may only be
available to a limited extent if you have deactivated the use of cookies.
Google's privacy policy can be viewed here: https://www.google.de/policies/privacy/
For data transfers to the USA, the provider has signed up to the EU-US Data Privacy
Framework, which ensures compliance with the European level of data protection on
the basis of an adequacy decision by the European Commission.
10.4 Pinterest tag conversion tracking
This website uses the conversion tracking technology of the following provider: Pinterest
Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland
If you have reached our website from an advert on the provider's domain, cookies
and/or comparable technologies (tracking pixels, web beacons, pings or HTTP
requests) can be used to track the success of the advert.
For this purpose, tracking technology is used to read certain end device and browser
information, including your IP address if applicable, in order to record and analyse
predefined user actions (e.g. completed transactions, leads, search queries on the
website, views of product pages). This enables us to compile statistics on user behaviour
on our website after forwarding an advertisement, which we use to optimise our offer.
All processing described above, in particular the setting of cookies for reading
information on the terminal device used, will only be carried out if you have given us
your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. You can
revoke your consent at any time with effect for the future by deactivating this service in
the "cookie consent tool" provided on the website.
We have concluded an order processing contract with the provider, which ensures the
protection of the data of our website visitors and prohibits unauthorised disclosure to
third parties.
11) Page functionalities
11.1 Facebook plugins
Our website uses social network plugins from the following provider: Meta Platforms
Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
These plugins enable direct interaction with content on the social network.
In order to increase the protection of your data when you visit our website, the plugins
are initially deactivated and integrated into the page using the so-called "2-click" or
"Shariff" solution. This integration ensures that when a page of our website is called up, the
contains such plugins, no connection is yet established with the provider's servers.
Your browser only establishes a direct connection to the provider's servers when you
activate the plugins and thus give your consent to the transfer of data in accordance with
Art. 6 para. 1 lit. a GDPR. Here, regardless of whether you have logged into an existing
user profile, a certain amount of information about the device you are using (including
your IP address), your browser and your page history is transmitted to the provider and
may be processed there.
If you are logged into an existing user profile on the provider's social network,
information on interactions carried out via the plugins will also be published there and
displayed to your contacts.
You can revoke your consent at any time by deactivating the activated plugin by clicking
on it again. However, the cancellation has no influence on the data that has already been
transferred to the provider.
Data may also be transferred to: Meta Platforms Inc, USA
We have concluded an order processing contract with the provider, which ensures the
protection of the data of our website visitors and prohibits unauthorised disclosure to
third parties.
For data transfers to the USA, the provider has signed up to the EU-US Data Privacy
Framework, which ensures compliance with the European level of data protection on
the basis of an adequacy decision by the European Commission.
11.2 Pinterest plugins
Our website uses plugins from the social network of the following provider Pinterest
Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland
These plugins enable direct interaction with content on the social network.
In order to increase the protection of your data when you visit our website, the plugins
are initially deactivated and integrated into the page using the so-called "2-click" or
"Shariff" solution.
This integration ensures that no connection to the provider's servers is established when
a page of our website containing such plugins is accessed.
Your browser only establishes a direct connection to the provider's servers when you
activate the plugins and thus give your consent to the transfer of data in accordance with
Art. 6 para. 1 lit. a GDPR. Here, regardless of a login to a information about your device
used (including your IP address), your browser and your page history is transmitted to the
provider and may be further processed there.
If you are logged into an existing user profile on the provider's social network,
information on interactions carried out via the plugins will also be published there and
displayed to your contacts.
You can revoke your consent at any time by deactivating the activated plugin by clicking
on it again. However, the cancellation has no influence on the data that has already been
transferred to the provider.
Data may also be transferred to: Pinterest Inc., USA
We have concluded an order processing contract with the provider, which ensures the
protection of the data of our website visitors and prohibits unauthorised disclosure to
third parties.
For the transfer of data to the USA, the provider refers to standard contractual clauses of
the European Commission, which are intended to ensure compliance with the European
level of data protection.
11.3 Vimeo
This website uses plugins to display and play videos from the following provider: Vimeo,
LLC, 555 West 18th Street, New York, New York 10011, USA
When you access a page on our website that contains such a plugin, your browser
establishes a direct connection to the provider's servers in order to load the plugin.
Certain information, including your IP address, is transmitted to the provider.
If playback of embedded videos is started via the plugin, the provider also uses cookies
to collect information about user behaviour, compile playback statistics and prevent
abusive behaviour.
If you are logged into a user account with the provider during your visit to the site, your
data will be assigned directly to your account when you click on a video. If you do not
wish your data to be associated with your account, you must log out before clicking the
play button.
All of the aforementioned processing, in particular the setting of cookies for reading
information on the end device used, will only take place if you have given us your
express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke
your consent at any time with effect for the future by deactivating this service via the
"cookie consent tool" provided on the website.
For the transfer of data to the USA, the provider relies on standard contractual clauses of
the European Commission, which guarantee compliance with the EU General Data
Protection Regulation. European level of data protection.
11.4 EHI seal of approval widget
Graphic elements from the following provider are integrated on our website to display
external customer ratings and/or an externally awarded quality label: EHI Retail
Institute GmbH, Spichernstraße 55, 50672 Cologne, Germany
When you call up a page on our website that contains such graphic elements, your
browser establishes a direct connection to the provider's servers in order to load the
elements properly. In the process, certain browser information, including your IP address,
is transmitted to the provider.
If personal data is also processed in the process, this is done in accordance with Art. 6
para. 1 lit. f GDPR on the basis of our legitimate interest in the optimal marketing of our
offer and the appealing design of our website.
11.5 Google reCAPTCHA
On this website we use the CAPTCHA service of the following provider: Google Ireland
Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data may also be transmitted to: Google LLC, USA. The provider uses "Google Fonts",
i.e. fonts downloaded from the Internet by Google, for the visual design of the Captcha
window. No information other than that already transmitted to Google via the
ReCaptcha functionality will be processed.
The service checks whether an input is made by a natural person or abusively by
machine and automated processing, and blocks spam, DDoS attacks and similar
automated malicious access. In order to ensure that an action is carried out by a person
and not by an automated bot, the provider collects the IP address of the end device
used, identification data of the browser and operating system type used as well as the
date and duration of the visit and transmits these to the provider's servers for
evaluation.
The legal basis is our legitimate interest in determining individual responsibility on the
Internet and the prevention of misuse and spam in accordance with Art. 6 para. 1 lit. f
GDPR.
We have concluded an order processing contract with the provider, which ensures the
protection of the data of our website visitors and prohibits unauthorised disclosure to
third parties.
For data transfers to the USA, the provider has signed up to the EU-US Data Privacy
Framework, which is based on the EU-US Data Protection Directive of an adequacy decision by
the European Commission ensures compliance with the European level of data protection.
12) Tools and miscellaneous
12.1 - DATEV
We use the cloud-based accounting software service of the following provider to handle
our accounting: DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg, Germany
The provider processes incoming and outgoing invoices and, where applicable, the bank
transactions of our company in order to automatically record invoices, match them to the
transactions and create the financial accounting from this in a partially automated
process.
If personal data is also processed in this context, the processing is carried out in
accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the
efficient organisation and documentation of our business processes.
12.2 Cookie Consent Tool
This website uses a so-called "cookie consent tool" to obtain effective user consent for
cookies and cookie-based applications that require consent. The "cookie consent tool" is
displayed to users when they access the website in the form of an interactive user
interface on which consent for certain cookies and/or cookie-based applications can be
given by ticking a box. By using the tool, all cookies/services requiring consent are only
loaded if the respective user gives their consent by ticking the appropriate box. This
ensures that such cookies are only set on the user's end device if consent has been
granted.
The tool sets technically necessary cookies to save your cookie preferences. Personal
user data is not processed in this process.
If, in individual cases, personal data (such as the IP address) is processed for the
purpose of storing, assigning or logging cookie settings, this is done in accordance with
Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in legally compliant,
user-specific and user-friendly consent management for cookies and thus in a legally
compliant design of our website.
Another legal basis for the processing is Art. 6 para. 1 lit. c GDPR. As the controller, we
are subject to the legal obligation to make the use of technically unnecessary cookies
dependent on the respective user consent.
Where necessary, we have concluded an order processing contract with the provider,
which ensures the protection of the data of our site visitors and guarantees the security of
the data.
Unauthorised disclosure to third parties is prohibited. Further information about the operator and
the setting options of the cookie consent tool can be found directly in the corresponding user
interface on our website.
13) Rights of the data subject
13.1 The applicable data protection law grants you the following data subject rights
(rights of access and intervention) vis-à-vis the controller with regard to the
processing of your personal data, whereby reference is made to the stated legal basis
for the respective exercise requirements:
- Right to information pursuant to Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure pursuant to Art. 17 GDPR;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to information in accordance with Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw consent granted pursuant to Art. 7 (3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
13.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCING OF INTERESTS ON
THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO
OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON
GROUNDS RELATING TO YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA
CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE
CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH
OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE
PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT
MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF
PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN
EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA
CONCERNED FOR DIRECT MARKETING PURPOSES.
14) Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal basis,
the purpose of processing and - if relevant - additionally by the respective statutory
retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of express consent in accordance with Art. 6
para. 1 lit. a GDPR, the data concerned will be stored until you revoke your consent.
If there are statutory retention periods for data that is processed within the framework
of legal or similar obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be
routinely deleted after the retention periods have expired, provided that it is no longer
required for contract fulfilment or contract initiation and/or we no longer have a
legitimate interest in further storage.
When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data will
be stored until you exercise your right to object in accordance with Art. 21 para. 1
GDPR, unless we can demonstrate compelling legitimate grounds for the processing
which override your interests, rights and freedoms, or the processing serves the
establishment, exercise or defence of legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6
para. 1 lit. f GDPR, this data is stored until you exercise your right to object in
accordance with Art. 21 para. 2 GDPR.
Unless otherwise stated in the other information in this declaration on specific processing
situations, stored personal data is deleted when it is no longer necessary for the purposes
for which it was collected or otherwise processed.