Privacy policy

Scope

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person's name, email address and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy covers:

all online presences (websites, online shops) that we operate
social media sites and email communication
mobile apps for smartphones and other devices

In short, the privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal basis of the General Data Protection Regulation, which enable us to process personal data. With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online at EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your data entered in a contact form.
Contract (Article 6(1)(b) GDPR): We process your data in order to fulfil a contract or pre-contractual obligations with you. For example, if we conclude a purchase contract with you, we need personal information in advance.
Legal obligation (Article 6(1)(c) GDPR): We process your data if we are subject to a legal obligation. For example, we are legally obliged to retain invoices for accounting purposes. These usually contain personal data.
Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and economically. This processing is therefore a legitimate interest.

Other conditions, such as the performance of tasks carried out in the public interest and the exercise of official authority, as well as the protection of vital interests, do not generally apply to us. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate place.

In addition to the EU Regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
In Germany, the Federal Data Protection Act (BDSG) applies.

If other regional or national laws apply, we will inform you about this in the following sections.

Contact details of the controller

If you have any questions about data protection or the processing of personal data, you will find the contact details of the responsible person or department below: plantoCAPS pharm GmbH Moosbrunnweg 1 8042 Graz

Email: info@plantocaps-pharm.com Legal notice: www.plantocaps-pharm.com/en/policies/legal-notice

Storage period

It is our general policy to store personal data only for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we inform you of the following rights to which you are entitled in order to ensure fair and transparent data processing:

According to Article 15 GDPR, you have the right to know whether we process your data. If this is the case, you have the right to receive a copy of the data and to obtain the following information:
- the purpose for which we are processing the data;
- the categories, i.e. the types of data that are processed;
- who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
- how long the data will be stored;
- the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
- that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
- the origin of the data if we have not collected it from you;
- whether profiling is carried out, i.e. whether data is automatically evaluated to create a personal profile of you.
According to Article 16 of the GDPR, you have the right to rectification of the data, which means that we must correct any data if you find errors.
According to Article 17 of the GDPR, you have the right to erasure ("right to be forgotten"), which specifically means that you may request the erasure of your data.
According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
According to Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
According to Article 21 GDPR, you have a right to object, which, once enforced, will result in a change in the processing.
- If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
- If data is used for direct marketing purposes, you can object to this type of data processing at any time. We will then no longer be permitted to use your data for direct marketing purposes.
- If data is used for profiling, you can object to this type of data processing at any time. We will then no longer be allowed to use your data for profiling.
According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g. profiling).
According to Article 77 of the GDPR, you have the right to lodge a complaint. This means that you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: you have rights – do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Head: Dr Matthias Schmidl Address: Barichgasse 40-42, 1030 Vienna Telephone number: +43 1 52 152-0 Email address: dsb@dsb.gv.at Website: https://www.dsb.gv.at/

Data transfer to third countries

We only transfer or process data to countries outside the scope of the GDPR (third countries) if you consent to this processing or if there is other legal permission to do so. This applies in particular if the processing is required by law or necessary for the fulfilment of a contractual relationship and, in any case, only to the extent that this is generally permitted. In most cases, your consent is the most important reason for us to process data in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, an adequate level of protection for data transfers to the USA currently only exists if a US company that processes personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. For more information, please visit: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. In addition, collected data may be linked to data from other services of the same provider, provided you have a corresponding user account. Where possible, we try to use server locations within the EU, if this is offered. We will provide you with more detailed information about data transfers to third countries, where applicable, in the relevant sections of this privacy policy.

Security of data processing

We have implemented both technical and organisational measures to protect personal data. Where possible, we encrypt or pseudonymise personal data. In this way, we make it as difficult as possible for third parties to derive personal information from our data.

Article 25 of the GDPR refers to this as "data protection through technology design and data protection-friendly default settings" and means that security must always be considered and appropriate measures taken for both software (e.g. forms) and hardware (e.g. access to the server room). In the following, we will discuss specific measures where necessary.

TLS encryption with https

TLS, encryption and https sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the Internet. This means that the entire transmission of all data from your browser to our web server is secure – no one can "eavesdrop".

This means we have introduced an additional layer of security and comply with data protection through technology design (Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data. You can recognise the use of this data transmission security by the small padlock symbol in the top left-hand corner of your browser, to the left of the internet address (e.g. examplepage.co.uk), and the use of the https scheme (instead of http) as part of our internet address. If you would like to know more about encryption, we recommend searching Google for "Hypertext Transfer Protocol Secure wiki" to find useful links to further information.

Communication

When you contact us and communicate with us by telephone, email or online form, personal data may be processed.

The data will be processed for the purpose of handling and processing your enquiry and the associated business transaction. The data will be stored for as long as necessary or as required by law.

Data subjects

All persons who contact us via the communication channels provided by us are affected by the aforementioned processes.

Telephone

When you call us, the call data is stored in pseudonymised form on the respective end device and by the telecommunications provider used. In addition, data such as your name and telephone number may be sent by email and stored for the purpose of responding to your enquiry. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.

Email

When you communicate with us by email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data may be stored on the email server. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.

Online forms

If you communicate with us using an online form, data will be stored on our web server and, if necessary, forwarded to one of our email addresses. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.

Legal basis

The processing of data is based on the following legal bases:

Art. 6 (1) (a) GDPR (consent): You give us your consent to store your data and use it for purposes related to the business transaction.
Art. 6 (1) (b) GDPR (contract): There is a need to fulfil a contract with you or a processor, such as a telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
Art. 6(1)(f) GDPR (legitimate interests): We want to handle customer enquiries and business communications in a professional manner. This requires certain technical facilities, such as email programmes, Exchange servers and mobile phone operators, in order to communicate efficiently.

Data processing agreement (DPA)

In this section, we would like to explain what a data processing agreement is and why it is necessary. Because the term "data processing agreement" is quite a tongue twister, we will often use the acronym DPA in this text. Like most companies, we do not work alone, but also use the services of other companies or individuals. By involving various companies or service providers, we may pass on personal data for processing. These partners then act as processors with whom we conclude a contract, known as a data processing agreement (DPA). The most important thing for you to know is that the processing of your personal data is carried out exclusively in accordance with our instructions and must be regulated by the DPA.

Who are processors?

As a company and website owner, we are responsible for all data that we process from you. In addition to the controllers, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. More precisely, and according to the GDPR definition, any natural or legal person, public authority, agency or other body that processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

For a better understanding of the terminology, here is an overview of the three roles in the GDPR:

Data subject (you as a customer or prospective customer) → Controller (us as a company and client) → Processor (service providers such as web hosts, cloud providers or fulfilment centres)

Cookies

What are cookies?

Our website uses HTTP cookies to store user-specific data. Below, we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: cookies are really useful little helpers. Almost all websites use cookies. More specifically, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, which is essentially the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser transmits the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programmes and do not contain viruses, Trojans or other "malware". Cookies cannot access information on your PC.

Cookie data may look like this, for example:

Name: _ga Value: GA1.2.1326744211.152122586564-9 Purpose: Distinguishing website visitors Expiry date: after 2 years

A browser should be able to support these minimum sizes:

At least 4096 bytes per cookie
At least 50 cookies per domain
At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies:

Essential cookies These cookies are necessary to ensure the basic functions of the website. For example, these cookies are needed when a user adds a product to their shopping basket, then continues to browse other pages and only proceeds to checkout later. These cookies ensure that the shopping basket is not deleted, even if the user closes their browser window.

Functional cookies These cookies collect information about user behaviour and whether the user receives any error messages. These cookies are also used to measure the loading time and behaviour of the website in different browsers.

Targeted cookies These cookies ensure better user-friendliness. For example, they store entered locations, font sizes or form data.

Advertising cookies These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.

Usually, when you visit a website for the first time, you are asked which of these cookie types you would like to allow. And, of course, this decision is also stored in a cookie.

If you would like to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. You can find more details below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalise about what data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy.

Storage period of cookies

[rcb-consent type="change" tag="a" text="Change privacy settings"]

[rcb-consent type="history" tag="a" text="History of privacy settings"]

[rcb-consent type="revoke" tag="a" text="Revoke consent" successmessage="You have successfully revoked your consent for services using cookies and processing personal data. The page will now reload!"]

The storage period depends on the respective cookie and is specified in more detail below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have control over the storage period. You can manually delete all cookies at any time via your browser (see also "Right to object" below). Furthermore, cookies based on consent will be deleted at the latest after you revoke your consent, whereby the legality of the storage remains unaffected until then.

Right to object – how can I delete cookies?

You decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you do not want cookies at all, you can set your browser to always inform you when a cookie is about to be set. This allows you to decide whether or not to allow each individual cookie. The procedure varies depending on the browser. The best way to find the instructions is to search Google using the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.

Legal basis

The so-called "cookie guidelines" have been in place since 2009. These stipulate that the storage of cookies requires your consent (Article 6(1)(a) GDPR). However, there are still very different responses to these guidelines within EU countries. In Austria, however, this directive was implemented in Section 96(3) of the Telecommunications Act (TKG). In Germany, the cookie guidelines were not implemented as national law. Instead, this directive was largely implemented in Section 15(3) of the Telemedia Act (TMG).

For cookies that are absolutely necessary, even if no consent has been given, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often absolutely necessary for this.

If cookies that are not absolutely necessary are used, this is only done with your consent. The legal basis for this is Article 6(1)(a) GDPR.

The following sections provide more detailed information about the use of cookies, provided that the software used employs cookies.

Customer data

What is customer data?

In order to offer our services and contractual benefits, we also process data from our customers and business partners. This data always includes personal data. Customer data refers to all information that is processed on the basis of a contractual or pre-contractual collaboration in order to provide the services offered. Customer data is therefore all information that we collect and process about our customers.

Why do we process customer data?

There are many reasons why we collect and process customer data. The most important reason is that we simply need various data to provide our services. Sometimes your email address is sufficient, but if you purchase a product or service, we also need data such as your name, address, bank details or contract details. We also use the data for marketing and sales optimisation so that we can improve our overall service to our customers. Another important point is our customer service, which is always very important to us. We want you to be able to contact us at any time with questions about our offers, and for this we need at least your email address.

What data is processed?

At this point, we can only provide a general overview of the data that is stored. This always depends on the services you purchase from us. In some cases, you only provide us with your email address so that we can contact you or answer your questions, for example. In other cases, you purchase a product or service from us, and for this we need significantly more information, such as your contact details, payment details and contract details.

Here is a list of possible data that we receive from you and process:

Name
Contact address
Email address
Telephone number
Date of birth
Payment details (invoices, bank details, payment history, etc.)
Contract details (term, content)
Usage data (websites visited, access data, etc.)
Metadata (IP address, device information)

How long is the data stored?

As soon as we no longer need the customer data to fulfil our contractual obligations and our purposes, and the data is also not required for possible warranty and liability obligations, we delete the corresponding customer data. This is the case, for example, when a business contract ends. After that, the limitation period is usually 3 years, although longer periods are possible in individual cases. We also comply with the statutory retention obligations. Your customer data will certainly not be passed on to third parties unless you have given your explicit consent.

Legal basis

The legal basis for the processing of your data is Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (b) GDPR (contract or pre-contractual measures), Art. 6 (1) (f) GDPR (legitimate interests) and, in special cases (e.g. medical services), Art. 9 (2) (a) GDPR (processing of special categories).

In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9(2)(c) GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, care or treatment in the health or social sector, or for the administration of systems and services in the health or social sector, the processing of personal data is carried out in accordance with Art. 9(2)(h) GDPR. If you voluntarily provide special categories of data, processing is carried out on the basis of Art. 9(2)(a) GDPR.

Registration

When you register with us, personal data may be processed if you enter personal data or if data such as your IP address is collected during processing. You can read more about what we mean by the rather cumbersome term "personal data" below.

Please only enter data that we require for registration and for which you have the consent of a third party if you are registering on behalf of a third party. If possible, use a secure password that you do not use anywhere else and an email address that you check regularly.

Below, we provide information about the exact nature of data processing, because we want you to feel comfortable with us!

What is registration?

When you register, we collect certain data from you and enable you to easily log in online later and use your account with us. Having an account with us has the advantage that you do not have to re-enter everything each time. This saves time and effort and ultimately prevents errors in the provision of our services.

Why do we process personal data?

In short, we process personal data to enable the creation and use of an account with us. If we did not do this, you would have to enter all your data each time, wait for our approval and then enter everything again. We and many, many customers would not find this very convenient. How would you feel about it?

What data is processed?

All data that you provided during registration, enter when logging in, or enter when managing your data in your account.

When you register, we process the following types of data:

First name
Surname
Email
Company name
Street + house number
Town
Postcode
Country

When you register, we process the data you enter during registration, such as your user name and password, and data collected in the background, such as device information and IP addresses.

When you use your account, we process data that you enter during account use and that is created in the course of using our services.

Storage period

We store the data entered at least for as long as the account linked to the data exists and is used by us, as long as contractual obligations between us exist and, if the contract ends, until the respective claims arising from it have become time-barred. In addition, we store your data for as long as and to the extent that we are subject to legal obligations to store it. After that, we retain accounting documents relating to the contract (invoices, contract documents, account statements, etc.) and other relevant business documents for the legally prescribed period (usually several years).

Right to object

Have you registered, entered data and would like to revoke the processing? No problem. As you can read above, the rights under the General Data Protection Regulation also apply during and after registration, login or account creation with us. Contact the data protection officer listed above to exercise your rights. If you already have an account with us, you can easily view and manage your data and texts in your account.

Legal basis

By completing the registration process, you are approaching us on a pre-contractual basis to conclude a user agreement for our platform (even if this does not automatically result in a payment obligation). You invest time in entering data and registering, and we offer you our services after you log in to our system and view your customer account. We also fulfil our contractual obligations. Finally, we must keep registered users informed of important changes by email. This means that Art. 6(1)(b) GDPR (implementation of pre-contractual measures, performance of a contract) applies.

Where applicable, we also obtain your consent, e.g. if you voluntarily provide more than the absolutely necessary data or if we are allowed to send you advertising. Art. 6 (1) (a) GDPR (consent) therefore applies.

We also have a legitimate interest in knowing who we are dealing with in order to contact them in certain cases. In addition, we need to know who is using our services and whether they are being used in accordance with our terms of use, so Art. 6 (1) (f) GDPR (legitimate interests) applies.

Note: users must tick the following sections (as required):

Registration with real name

As we need to know who we are dealing with in our business operations, registration is only possible with your real name (real name) and not with pseudonyms.

Registration with pseudonyms

Pseudonyms may be used for registration, which means that you do not have to register with us using your real name. This ensures that your name cannot be processed by us.

Storage of IP address

During registration, login and account use, we store the IP address in the background for security reasons in order to be able to determine lawful use.

Public profile

User profiles are publicly visible, i.e. parts of the profile can be viewed on the internet without entering a username and password.

Two-factor authentication (2FA)

Two-factor authentication (2FA) provides additional security when logging in, as it prevents you from logging in without your smartphone, for example. This technical measure to secure your account protects you from data loss or unauthorised access even if your username and password are known. You can find out which 2FA is used during registration, login and in the account itself.

Web hosting introduction

What is web hosting?

When you visit websites today, certain information – including personal data – is automatically created and stored, as is the case on this website. This data should be processed as sparingly as possible and only for justified reasons. By website, we mean all web pages on a domain, i.e. everything from the home page to the very last subpage (like this one). By domain, we mean, for example, example.co.uk or sampleexample.com.

If you want to view a website on a computer, tablet or smartphone, you use a programme called a web browser. You are probably familiar with some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. We refer to them simply as browsers or web browsers.

To display the website, the browser must connect to another computer where the website's code is stored: the web server. Operating a web server is a complicated and time-consuming task, which is why it is usually handled by professional providers. These providers offer web hosting and thus ensure reliable and error-free storage of website data. That's a lot of technical terms, but please stay with us, it gets even better!

When the browser on your computer (desktop, laptop, tablet or smartphone) establishes a connection and during the transfer of data to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must also store data for a period of time to ensure proper operation.

Why do we process personal data?

The purposes of data processing are:

Professional hosting of the website and securing its operation
Maintaining operational and IT security
Anonymous evaluation of access behaviour to improve our offering and, if necessary, for criminal prosecution or the pursuit of claims

What data is processed?

Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as

the complete Internet address (URL) of the website accessed
browser and browser version (e.g. Chrome 87)
the operating system used (e.g. Windows 10)
the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/)
the host name and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
date and time
in files known as web server log files

How long is data stored?

As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass on this data, but cannot rule out the possibility that it may be accessed by authorities in the event of illegal behaviour.

In short: your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not pass on your data without your consent!

Legal basis

The lawfulness of the processing of personal data in the context of web hosting is based on Art. 6(1)(f) GDPR (protection of legitimate interests), as the use of professional hosting by a provider is necessary in order to present the company on the internet in a secure and user-friendly manner and to be able to pursue any attacks and claims arising from this.

As a rule, there is a contract between us and the hosting provider for order processing in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

ALL-INKL privacy policy

We use ALL-INKL, a web hosting provider, for our website. The service provider is the German company ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany.

You can find out more about the data processed through the use of ALL-INKL in the privacy policy at https://all-inkl.com/datenschutzinformationen/.

Website construction kit systems Introduction

What are website construction kit systems?

We use a website builder system for our website. Website builder systems are special forms of content management systems (CMS). With a website builder system, website operators can create a website very easily and without any programming knowledge. In many cases, web hosts also offer website builders. When using a website builder, your personal data may also be collected, stored and processed. In this privacy policy, we provide general information about data processing by website builders. For more detailed information, please refer to the provider's privacy policy.

Why do we use website modular systems for our website?

The biggest advantage of a modular system is its ease of use. We want to offer you a clear, simple and well-organised website that we can easily operate and maintain ourselves – without external support. Modular systems now offer many helpful functions that we can use even without programming knowledge. This allows us to design our website according to our wishes and offer you an informative and enjoyable experience on our website.

What data is stored by a modular system?

Exactly what data is stored depends, of course, on the website modular system used. Each provider processes and collects different data from website visitors. However, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider and the date of your website visit is usually collected. Tracking data (e.g. browser activity, clickstream activities, session heat maps, etc.) may also be processed. In addition, personal data may also be collected and stored. This usually includes contact details such as your email address, telephone number (if you have provided it), IP address and geographical location data. You can find out exactly what data is stored in the provider's privacy policy.

How long and where is the data stored?

We will inform you about the duration of data processing below in connection with the website construction system used, provided we have further information on this. You can find detailed information on this in the provider's privacy policy. In general, we only process personal data for as long as is absolutely necessary to provide our services and products. It is possible that the provider may store data about you according to its own criteria, over which we have no influence.

Right to object

You always have the right to access, correct and delete your personal data. If you have any questions, you can also contact the responsible person for the website construction kit system used at any time. You can find the contact details either in our privacy policy or on the website of the respective provider.

You can delete, deactivate or manage cookies used by providers for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that not all functions may then work as usual.

Legal basis

We have a legitimate interest in using a website construction kit system to optimise our online service and to present it to you in an efficient and user-friendly manner. The corresponding legal basis for this is Art. 6 (1) lit. f GDPR (legitimate interests). However, we only use the construction kit if you have given your consent.

Insofar as the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent. This applies in particular to tracking activities. The legal basis for this is Art. 6 (1) (a) GDPR.

This privacy policy provides you with the most important general information about data processing. If you would like more detailed information on this subject, you will find further information – if available – in the following section or in the provider's privacy policy.

Web analytics Introduction

What is web analytics?

We use software on our website to evaluate the behaviour of website visitors, known as web analytics or web analysis for short. This involves collecting data that is stored, managed and processed by the respective analytics tool provider (also known as a tracking tool). The data is used to create analyses of user behaviour on our website and made available to us as the website operator. In addition, most tools offer various testing options. This allows us to test which offers or content are most popular with our visitors. To do this, we show you two different offers for a limited period of time. After the test (known as an A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as for other analytics procedures, user profiles can also be created and the data stored in cookies.

Why do we use web analytics?

We have a clear goal in mind with our website: we want to provide the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting products and services on the one hand, and ensure that you feel completely at home on our website on the other. With the help of web analytics tools, we can take a closer look at the behaviour of our website visitors and then improve our website for you and us accordingly. For example, we can see the average age of our visitors, where they come from, when our website is most visited, and which content or products are particularly popular. All this information helps us to optimise the website and thus tailor it to your needs, interests and wishes.

What data is processed?

The exact data stored depends, of course, on the analysis tools used. However, as a rule, the following information is stored: which content you view on our website, which buttons or links you click on, when you visit a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website, and which computer system you use. If you have agreed to the collection of location data, this data may also be processed by the web analysis tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored in pseudonymised form (i.e. in an unrecognisable and abbreviated form). For the purposes of testing, web analysis and web optimisation, no direct data such as your name, age, address or email address is stored. All such data, if collected, is stored in pseudonymised form. This means that you cannot be identified as an individual.

How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website, while others can store data for several years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is required by law, for example in the case of accounting, this storage period may also be exceeded.

Right to object

Legal basis

The use of web analytics requires your consent, which we have obtained with our cookie pop-up. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our offering both technically and economically. With the help of web analytics, we can detect errors on the website, identify attacks and improve economic efficiency. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). However, we only use the tools if you have given your consent.

As web analytics tools use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Information on specific web analytics tools, if available, can be found in the following sections.

Facebook Conversions API Privacy Policy

We use Facebook Conversions API, a server-side event tracking tool, on our website. The service provider is the American company Meta Platforms Inc. Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region.

The Facebook Conversions API is a tool or function that can measure the performance of our advertising campaigns in real time. The API is an interface that connects our website to Facebook and thereby measures certain actions on our website. A conversion occurs when you, as a visitor to a website, perform a desired action. This could be, for example, clicking on a button or filling out a registration form. This conversion tracking method is an alternative to Facebook Pixel and aims to optimise conversion tracking through precision and reliability. The API sends data directly from our server to Facebook on the server side. Personal data may also be processed in the process. In this privacy policy, we go into more detail about data processing by us and Facebook.

Why do we use the Facebook Conversions API on our website?

We use the Facebook Conversions API to improve the quality of our website, our offerings and our advertising campaigns. Our goal is to provide you with the best possible service. We want you to feel comfortable on our website and get exactly what you expect. To do this, we naturally need to tailor our offerings as closely as possible to your wishes and requirements. The Facebook Conversions API allows us to do this very effectively and to customise content and offers. This flexibility helps us to take different needs into account and, at the same time, improve our website. The data also helps us to make our advertising measures more cost-effective and personalised. After all, we only want to show our offers to people who are actually interested in them.

What data is stored by the Facebook Conversions API?

With the help of the Facebook Conversions API, we can collect various data about events on our website and deliver it to Facebook. The exact data that is stored and processed depends on our individual settings and the specific events and parameters. As a rule, event data, user data, device data and the time at which an event (e.g. button click) took place are stored and sent to Facebook. Event data includes actions such as logins, product purchases, page views or button clicks that can be performed on our website. User data may also include personal data such as IP address, name, address or email address. Device data refers to your device type, operating system, browser and screen resolution.

How long and where is the data stored?

Facebook generally stores data until it is no longer needed for its own services and Facebook products. Facebook has servers located around the world where data is stored. However, customer data is deleted within 48 hours after it has been matched with its own user data.

How can I delete my data or prevent it from being stored?

You have the right and the option to access your personal data at any time and to object to its use and processing. You can also lodge a complaint with a government supervisory authority at any time. You can prevent data storage by not consenting to data processing via the Consent Management Tool. Facebook Conversions API works on the server side, so deleting data is different from client-side methods. Nevertheless, you can check the privacy and security settings in your browser and, if possible, block tracking resources (pixels, cookies, scripts).

Legal basis

If you have consented to your data being processed and stored by Facebook Conversions API, this consent is the legal basis for data processing (Art. 6(1)(a) GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 (1) (f) GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the Facebook Conversions API if you have given your consent.

Facebook also processes your data in the USA, among other places. Facebook and Meta Platforms are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Facebook uses standard contractual clauses (= Art. 46(2) and (3) GDPR). Standard contractual clauses (SCCs) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Facebook undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing terms, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

You can find out more about the data processed through the use of Facebook Conversions API in the privacy policy at https://www.facebook.com/about/privacy.

Facebook Pixel Privacy Policy

We use Facebook's Facebook Pixel on our website. We have implemented a code on our website for this purpose. The Facebook Pixel is a snippet of JavaScript code that loads a collection of functions that allow Facebook to track your user actions if you have come to our website via Facebook Ads. For example, if you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies enable Facebook to match your user data (customer data such as IP address, user ID) with the data in your Facebook account. Facebook then deletes this data again. The data collected is anonymous and cannot be viewed by us and is only used for advertising purposes. If you are a Facebook user and are logged in, your visit to our website will automatically be assigned to your Facebook user account.

We only want to show our services and products to people who are genuinely interested in them. With the help of Facebook pixels, our advertising measures can be better tailored to your wishes and interests. This means that Facebook users (provided they have allowed personalised advertising) will see relevant advertising. Facebook also uses the collected data for analysis purposes and its own advertisements.

Below, we show you the cookies that were set by integrating Facebook pixels on a test page. Please note that these are only example cookies. Different cookies are set depending on your interaction with our website.

Name: _fbp Value: fb.1.1568287647279.257405483-6122586564-7 Purpose: Facebook uses this cookie to display advertising products. Expiry date: after 3 months

Name: fr Value: 0aPf312HOS5Pboo2r..Bdeiuf…1.0.Bdeiuf. Purpose: This cookie is used to ensure that Facebook pixels function properly. Expiry date: after 3 months

Name: comment_author_50ae8267e2bdf1253ec1a5769f48e062122586564-3 Value: Name of the author Purpose: This cookie stores the text and name of a user who leaves a comment, for example. Expiry date: after 12 months

Name: comment_author_url_50ae8267e2bdf1253ec1a5769f48e062 Value: https%3A%2F%2Fwww.testseite…%2F (author's URL) Purpose: This cookie stores the URL of the website that the user enters in a text field on our website. Expiry date: after 12 months

Name: comment_author_email_50ae8267e2bdf1253ec1a5769f48e062 Value: Author's email address Purpose: This cookie stores the user's email address, provided they have entered it on the website. Expiry date: after 12 months

Note: The above cookies relate to individual user behaviour. Changes to Facebook can never be ruled out, especially when using cookies.

If you are logged in to Facebook, you can change your advertising settings yourself at https://www.facebook.com/adpreferences/advertisers/. If you are not a Facebook user, you can manage your usage-based online advertising at https://www.youronlinechoices.com/de/praferenzmanagement/. There you have the option of deactivating or activating providers.

Facebook also processes your data in the United States, among other places. Facebook and Meta Platforms are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Facebook also uses standard contractual clauses (Art. 46(2) and (3) GDPR). Standard contractual clauses (SCCs) are templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Facebook undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing terms, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

If you would like to learn more about Facebook's data protection, we recommend that you read the company's own data policy at https://www.facebook.com/privacy/policy.

Google Analytics Privacy Policy

What is Google Analytics?

We use the Google Analytics 4 (GA4) analysis tracking tool from the American company Google Inc. on our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. By combining various technologies such as cookies, device IDs and login information, you as a user can be identified across different devices. This allows your actions to be analysed across platforms.

For example, when you click on a link, this event is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us to better tailor our website and services to your needs. Below, we provide more detailed information about the tracking tool and, in particular, what data is processed and how you can prevent this.

Google Analytics is a tracking tool that is used to analyse data traffic on our website. These measurements and analyses are based on a pseudonymous user identification number. This number does not contain any personal data such as your name or address, but is used to assign events to a device. GA4 uses an event-based model that collects detailed information about user interactions such as page views, clicks, scrolling and conversion events. In addition, various machine learning functions have been built into GA4 to better understand user behaviour and certain trends. GA4 relies on modelling with the help of machine learning functions. This means that, based on the data collected, missing data can also be extrapolated in order to optimise the analysis and also to be able to make forecasts.

In order for Google Analytics to function, a tracking code is embedded in the code of our website. When you visit our website, this code records various events that you perform on our website. With GA4's event-based data model, we as website operators can define and track specific events to obtain analyses of user interactions. This means that, in addition to general information such as clicks or page views, specific events that are important to our business can also be tracked. Such specific events can be, for example, the submission of a contact form or the purchase of a product.

As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and we receive reports on your user behaviour. These reports may include the following:

Audience reports: Audience reports help us get to know our users better and understand more precisely who is interested in our services.
Advertising reports: Advertising reports make it easier for us to analyse and improve our online advertising.
Acquisition reports: Acquisition reports give us helpful information on how we can get more people excited about our service.
Behaviour reports: These reports show us how you interact with our website. We can track your path through our site and see which links you click on.
Conversion reports: Conversion is the process by which you perform a desired action as a result of a marketing message. For example, when you go from being a mere website visitor to a buyer or newsletter subscriber. These reports help us learn more about how our marketing efforts are being received by you. This is how we aim to increase our conversion rate.
Real-time reports: Here, we can always see immediately what is happening on our website. For example, we can see how many users are currently reading this text.

In addition to the above analysis reports, Google Analytics 4 also offers the following features, among others:

Event-based data model: This model records very specific events that can take place on our website. For example, playing a video, purchasing a product or subscribing to our newsletter.
Advanced analysis functions: These functions allow us to better understand your behaviour on our website or certain general trends. For example, we can segment user groups, perform comparative analyses of target groups or track your path on our website.
Predictive modelling: Based on the data collected, machine learning can be used to extrapolate missing data that predicts future events and trends. This can help us develop better marketing strategies.
Cross-platform analysis: Data can be collected and analysed from both websites and apps. This allows us to analyse user behaviour across platforms, provided you have consented to data processing, of course.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to offer you the best possible service. The statistics and data from Google Analytics help us to achieve this goal.

The statistically evaluated data gives us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimise our site so that it is easier for interested people to find on Google. On the other hand, the data helps us to better understand you as a visitor. This means we know exactly what we need to improve on our website in order to offer you the best possible service. The data also helps us to tailor our advertising and marketing activities to individual needs and make them more cost-effective. After all, it only makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?

Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This allows Google Analytics to recognise you as a new user and assign you a user ID. The next time you visit our site, you will be recognised as a "returning" user. All collected data is stored together with this user ID. This is the only way to evaluate pseudonymous user profiles.

In order to analyse our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is the default. Depending on the property used, data is stored for different lengths of time.

Through identifiers such as cookies, app instance IDs, user IDs or custom event parameters, your interactions are measured across platforms, provided you have given your consent. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated by Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, approve it. Exceptions may occur if required by law.

According to Google, IP addresses are not logged or stored in Google Analytics 4. However, Google uses IP address data to derive location data and deletes it immediately afterwards. All IP addresses collected from users in the EU are therefore deleted before the data is stored in a data centre or on a server.

Since Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies compared to previous versions (such as Google Universal Analytics). Nevertheless, there are some specific cookies that are used by GA4. These include, for example:

Name: _ga Value: 2.1326744211.152122586564-5 Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It is basically used to distinguish between website visitors. Expiry date: after 2 years

Name: _gid Value: 2.1687193234.152122586564-1 Purpose: This cookie is also used to distinguish between website visitors. Expiry date: after 24 hours

Name: _gat_gtag_UA_ Value: 1 Purpose: Used to reduce the request rate. If Google Analytics is provided via Google Tag Manager, this cookie is named _dc_gtm_. Expiry date: after 1 minute

Note: This list cannot claim to be exhaustive, as Google constantly changes its choice of cookies. GA4 also aims to improve data protection. The tool therefore offers a number of options for controlling data collection. For example, we can specify the storage period ourselves and also control data collection.

Here is an overview of the most important types of data collected by Google Analytics:

Heat maps: Google creates so-called heat maps. Heat maps show you exactly which areas you click on. This gives us information about where you are "travelling" on our site.

Session duration: Google defines session duration as the time you spend on our site without leaving it. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate: A bounce occurs when you view only one page on our website and then leave our website.

Account creation: When you create an account or place an order on our website, Google Analytics collects this data.

Location: IP addresses are not logged or stored in Google Analytics. However, shortly before the IP address is deleted, derivations are used for location data.

Technical information: Technical information includes your browser type, your internet service provider and your screen resolution.

Source of origin: Google Analytics and we are of course also interested in which website or advertisement brought you to our site.

Other data includes contact details, any reviews, media playback (e.g. if you play a video via our site), sharing content via social media or adding it to your favourites. This list is not exhaustive and is only intended to provide a general overview of data storage by Google Analytics.

How long and where is the data stored?

Google has servers located around the world. You can find out exactly where Google's data centres are located here: https://www.google.com/about/datacenters/locations/?hl=de

Your data is distributed across various physical data carriers. This has the advantage that the data can be retrieved more quickly and is better protected against manipulation. Every Google data centre has appropriate emergency programmes for your data. If, for example, Google's hardware fails or natural disasters cripple its servers, the risk of service interruption at Google remains low.

The retention period for data depends on the properties used. The storage period is always determined separately for each individual property. Google Analytics offers us four options for controlling the storage period:

2 months: this is the shortest storage period.
14 months: by default, data is stored for 14 months in GA4.
26 months: the data can also be stored for 26 months.
Data is only deleted when we delete it manually

There is also the option of only deleting data if you do not visit our website again within the period we have selected. In this case, the storage period is reset each time you visit our website again within the specified period.

Once the specified period has expired, the data will be deleted once a month. This retention period applies to your data linked to cookies, user recognition and advertising IDs (e.g. cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a combination of individual data into a larger unit.

How can I delete my data or prevent data storage?

Under European Union data protection law, you have the right to obtain information about your data, to update it, to delete it or to restrict its use. You can prevent Google Analytics 4 from using your data by using the browser add-on to deactivate Google Analytics JavaScript (analytics.js, gtag.js). You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only deactivates data collection by Google Analytics.

If you want to disable, delete or manage cookies in general, you will find the relevant links to the respective instructions for the most popular browsers in the "Cookies" section.

Legal basis

The use of Google Analytics requires your consent, which we have obtained with our cookie pop-up. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our offering both technically and economically. With the help of Google Analytics, we can detect website errors, identify attacks and improve economic efficiency. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). However, we only use Google Analytics if you have given your consent.

Google also processes your data in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Google also uses standard contractual clauses (= Art. 46(2) and (3) GDPR). Standard contractual clauses (SCCs) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

We hope we have been able to provide you with the most important information about data processing by Google Analytics. If you would like to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

If you would like to learn more about data processing, please refer to Google's privacy policy at https://policies.google.com/privacy?hl=de.

Google Analytics reports on demographic characteristics and interests

We have enabled advertising reporting features in Google Analytics. The demographic and interest reports contain information about age, gender and interests. This allows us to get a better picture of our users without being able to associate this data with individual persons. You can find out more about the advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can opt out of the use of your Google Account activity and information by selecting the checkbox under "Advertising settings" at https://adssettings.google.com/authenticated.

Google Analytics e-commerce measurement

We also use the e-commerce measurement feature of the Google Analytics web analysis tool for our website. This allows us to analyse very precisely how you and all our other customers interact with our website. E-commerce measurement is primarily concerned with purchasing behaviour. Based on the data obtained, we can adapt and optimise our service to your wishes and expectations. We can also use our online advertising measures in a more targeted manner so that our advertising is only seen by people who are interested in our products or services. E-commerce measurement records, for example, which orders were placed, how long it took you to purchase the product, the average order value, and the shipping costs. All this data can be recorded and stored under a specific ID.

Google Tag Manager Privacy Policy

What is Google Tag Manager?

We use Google Tag Manager from Google Inc. for our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. This Tag Manager is one of many helpful marketing products from Google. Google Tag Manager allows us to centrally integrate and manage code snippets from various tracking tools that we use on our website.

In this privacy policy, we want to explain in more detail what Google Tag Manager does, why we use it and how data is processed.

Google Tag Manager is an organisational tool that allows us to integrate and manage website tags centrally via a user interface. Tags are small sections of code that record (track) your activities on our website, for example. To do this, JavaScript code sections are inserted into the source code of our website. The tags often come from Google's own products, such as Google Ads or Google Analytics, but tags from other companies can also be integrated and managed via the manager. These tags perform various tasks. They can collect browser data, feed data into marketing tools, integrate buttons, set cookies and also track users across multiple websites.

Why do we use Google Tag Manager for our website?

As the saying goes, organisation is half the battle! And that also applies to maintaining our website, of course. In order to make our website as good as possible for you and everyone who is interested in our products and services, we need various tracking tools such as Google Analytics. The data collected by these tools shows us what interests you most, where we can improve our services, and which people we should show our offers to. And for this tracking to work, we need to embed the appropriate JavaScript codes into our website. In principle, we could embed each code section of the individual tracking tools separately into our source code. However, this takes a relatively long time and it is easy to lose track of things. That's why we use Google Tag Manager. We can easily integrate the necessary scripts and manage them from one place. Google Tag Manager also offers an easy-to-use interface and does not require any programming knowledge. This allows us to keep our tag jungle organised.

What data is stored by Google Tag Manager?

Tag Manager itself is a domain that does not set cookies or store data. It acts merely as an "administrator" of the implemented tags. The data is collected by the individual tags of the various web analytics tools. The data is essentially passed through Google Tag Manager to the individual tracking tools and is not stored.

However, the situation is quite different with the integrated tags of the various web analysis tools, such as Google Analytics. Depending on the analysis tool, various data about your web behaviour is usually collected, stored and processed with the help of cookies. For more information, please read our data protection texts on the individual analysis and tracking tools that we use on our website.

In the Tag Manager account settings, we have allowed Google to receive anonymised data from us. However, this only concerns the use of our Tag Manager and not your data, which is stored via the code sections. We allow Google and others to receive selected data in anonymised form. We therefore consent to the anonymous transfer of our website data. Despite extensive research, we have been unable to ascertain exactly which summarised and anonymous data is forwarded. In any case, Google deletes all information that could identify our website. Google combines the data with hundreds of other anonymous website data and creates user trends as part of benchmarking measures. Benchmarking involves comparing your own results with those of your competitors. Processes can be optimised on the basis of the information collected.

How long and where is the data stored?

When Google stores data, it is stored on its own Google servers. The servers are located all over the world. Most of them are in America. You can find out exactly where the Google servers are located at https://www.google.com/about/datacenters/locations/?hl=de.

You can find out how long the individual tracking tools store your data in our individual privacy policy texts for each tool.

How can I delete my data or prevent data storage?

Google Tag Manager itself does not set any cookies, but manages tags from various tracking websites. In our privacy policy texts for the individual tracking tools, you will find detailed information on how you can delete or manage your data.

Please note that when using this tool, your data may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data may therefore not simply be transferred to, stored and processed in insecure third countries unless there are appropriate safeguards (such as EU standard contractual clauses) between us and the non-European service provider.

Legal basis

The use of Google Tag Manager requires your consent, which we have obtained with our cookie pop-up. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our offering both technically and economically. With the help of Google Tag Manager, we can improve our economic efficiency. The legal basis for this is Art. 6 (1) lit. f GDPR (legitimate interests). However, we only use Google Tag Manager if you have given your consent.

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

If you would like to learn more about Google Tag Manager, we recommend reading the FAQs at https://support.google.com/tagmanager/?hl=de#topic=3441530.

You can read about what data Google generally collects and what they use this data for at https://policies.google.com/privacy?hl=de.

Email marketing Introduction

What is email marketing?

We also use email marketing to keep you up to date. If you have agreed to receive our emails or newsletters, your data will also be processed and stored. Email marketing is a sub-area of online marketing. It involves sending news or general information about a company, products or services by email to a specific group of people who are interested in it.

If you would like to participate in our email marketing (usually via newsletter), you normally only need to register with your email address. To do this, fill out an online form and submit it. However, we may also ask you for your title and name so that we can write to you personally.

Registration for newsletters generally works using the "double opt-in" procedure. After you have registered for our newsletter on our website, you will receive an email asking you to confirm your newsletter registration. This ensures that the email address belongs to you and that no one else has registered with someone else's email address. We or a notification tool we use logs every single registration. This is necessary so that we can verify that the registration process has been carried out in accordance with the law. The time of registration, the time of registration confirmation and your IP address are usually stored. In addition, any changes you make to your stored data are also logged.

Why do we use email marketing?

Of course, we want to stay in touch with you and always present you with the most important news about our company. To do this, we use email marketing – often referred to simply as a "newsletter" – as an essential part of our online marketing. If you agree to this or if it is permitted by law, we will send you newsletters, system emails or other notifications by email. When we use the term "newsletter" in the following text, we mainly mean emails that are sent out regularly. Of course, we do not want to bother you with our newsletters in any way. That is why we always strive to provide only relevant and interesting content. For example, you can learn more about our company, our services or products. As we are constantly improving our offers, our newsletter will also keep you informed about any news or special, lucrative promotions we are currently offering. If we commission a service provider that offers a professional mailing tool for our email marketing, we do so in order to be able to offer you fast and secure newsletters. The purpose of our email marketing is basically to inform you about new offers and also to bring us closer to our business goals.

What data is processed?

When you subscribe to our newsletter via our website, you confirm your membership of an email list by email. In addition to your IP address and email address, your title, name, address and telephone number may also be stored. However, this will only happen if you consent to this data storage. The data marked as such is necessary for you to participate in the service offered. Providing this information is voluntary, but failure to do so will result in you being unable to use the service. In addition, information about your device or your preferred content on our website may also be stored. For more information on data storage when you visit a website, please refer to the section "Automatic data storage". We record your declaration of consent so that we can always prove that it complies with our laws.

Duration of data processing

If you unsubscribe your email address from our email/newsletter distribution list, we may store your address for up to three years on the basis of our legitimate interests so that we can still prove your consent at that time. We may only process this data if we need to defend ourselves against any claims.

However, if you confirm that you have given us your consent to subscribe to the newsletter, you can submit an individual deletion request at any time. If you permanently object to the consent, we reserve the right to store your email address in a block list. As long as you have voluntarily subscribed to our newsletter, we will of course also retain your email address.

Right of objection

You can cancel your newsletter subscription at any time. To do so, you simply need to revoke your consent to subscribe to the newsletter. This usually takes only a few seconds or one or two clicks. In most cases, you will find a link at the end of each email to unsubscribe from the newsletter. If you really cannot find the link in the newsletter, please contact us by email and we will unsubscribe you from the newsletter immediately.

Legal basis

Our newsletter is sent on the basis of your consent (Article 6(1)(a) GDPR). This means that we may only send you a newsletter if you have actively subscribed to it beforehand. We may also send you advertising messages if you have become our customer and have not objected to the use of your email address for direct marketing purposes.

Information on specific email marketing services and how they process personal data can be found in the following sections, if available.

Omnisend Privacy Policy

We use the Omnisend email marketing tool for our website. The service provider is the Lithuanian company UAB Omnisend, Verkių g. 25C-1, LT-08223 Vilnius, Lithuania.

You can find out more about the data processed through the use of Omnisend in the privacy policy at https://www.omnisend.com/privacy/.

Klaviyo Privacy Policy

We use Klaviyo, a service for our email marketing, on our website. The service provider is the American company Klaviyo, 125 Summer St, Boston, MA 02110, USA.

Klaviyo also processes your data in the USA. Klaviyo is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Klaviyo also uses standard contractual clauses (= Art. 46(2) and (3) GDPR). Standard contractual clauses (SCCs) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Klaviyo undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The Data Processing Agreement, which complies with the standard contractual clauses, can be found at https://www.klaviyo.com/legal/dpa.

You can find out more about the data processed through the use of Klaviyo in the Privacy Policy at https://www.klaviyo.com/legal/privacy-policy.

Messenger & Communication Introduction

What are messenger & communication functions?

We offer various options on our website (such as messenger and chat functions, online and contact forms, email, telephone) for communicating with us. Your data will also be processed and stored to the extent necessary to respond to your enquiry and take any subsequent action.

In addition to traditional means of communication such as email, contact forms and telephone, we also use chat and messenger services. The most commonly used messenger service at present is WhatsApp, but there are of course many different providers offering messenger services specifically for websites. If content is end-to-end encrypted, this is indicated in the individual data protection texts or in the data protection declaration of the respective provider. End-to-end encryption simply means that the content of a message is not visible even to the provider. However, information about your device, location settings and other technical data may still be processed and stored.

Why do we use messenger and communication functions?

Communication channels with you are very important to us. After all, we want to talk to you and answer any questions you may have about our service in the best possible way. Effective communication is an important part of our service. With the practical messenger and communication functions, you can choose your preferred method at any time. In exceptional cases, however, we may not be able to answer certain questions via chat or messenger. This is the case, for example, when it comes to internal contractual matters. In such cases, we recommend other means of communication such as email or telephone.

We generally assume that we remain responsible for data protection, even when using the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis of a relevant agreement. The essence of the agreement is reproduced below for the platform concerned.

Please note that when you use our built-in elements, your data may also be processed outside the European Union, as many providers, such as Facebook Messenger or WhatsApp, are American companies. This may make it more difficult for you to assert or enforce your rights with regard to your personal data.

What data is processed?

The exact data that is stored and processed depends on the respective provider of the messenger and communication functions. Basically, this includes data such as your name, address, telephone number, email address and content data, such as all information you enter in a contact form. In most cases, information about your device and IP address is also stored. Data collected via a messenger and communication function is also stored on the providers' servers.

If you want to know exactly what data is stored and processed by the respective providers and how you can object to data processing, you should carefully read the company's privacy policy.

How long is data stored?

How long the data is processed and stored depends primarily on the tools we use. You can find out more about data processing for each tool below. The providers' privacy policies usually specify exactly which data is stored and processed and for how long. As a rule, personal data is only processed for as long as is necessary to provide our services. When data is stored in cookies, the storage period varies greatly. The data may be deleted immediately after leaving a website, but it may also remain stored for several years. Therefore, you should look at each individual cookie in detail if you want to know more about data storage. In most cases, you will also find informative information about the individual cookies in the privacy policies of the individual providers.

Right to object

As cookies may be used for messenger and communication functions, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to your data being processed and stored by integrated messenger and communication functions, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). We process your enquiry and manage your data within the framework of contractual or pre-contractual relationships in order to fulfil our pre-contractual and contractual obligations or to respond to enquiries. The basis for this is Art. 6(1)(b) GDPR. In principle, if consent has been given, your data will also be stored and processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in fast and effective communication with you or other customers and business partners.

Zendesk Privacy Policy

We also use the customer service software Zendesk. The service provider is the American company Zendesk, Inc., 989 Market St, San Francisco, CA 94103, USA.

Zendesk processes your data in the USA, among other places. Zendesk is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Zendesk uses standard contractual clauses (= Art. 46(2) and (3) GDPR). Standard contractual clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Zendesk undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Further information on data processing and standard contractual clauses at Zendesk can be found at https://www.zendesk.de/company/privacy-and-data-protection/.

You can find out more about the data processed through the use of Zendesk in the Privacy Policy at https://www.zendesk.de/company/agreements-and-terms/privacy-notice/.

Social media Introduction

What is social media?

In addition to our website, we are also active on various social media platforms. User data may be processed so that we can specifically target users who are interested in us via social networks. Furthermore, elements of a social media platform may also be embedded directly into our website. This is the case, for example, when you click on a social button on our website and are redirected directly to our social media presence. Social media refers to websites and apps through which registered members can produce content, exchange content openly or within specific groups, and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. Our social media presence allows us to bring our products and services closer to interested parties. The social media elements integrated into our website help you to switch to our social media content quickly and without complications.

The data stored and processed through your use of a social media channel is primarily used for the purpose of performing web analytics. The aim of these analyses is to develop more accurate and personalised marketing and advertising strategies. Depending on your behaviour on a social media platform, the evaluated data can be used to draw appropriate conclusions about your interests and create so-called user profiles. This also enables the platforms to present you with tailor-made advertisements. In most cases, cookies are set in your browser for this purpose, which store data about your usage behaviour.

Please note that when using social media platforms or our built-in elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. This may make it more difficult for you to assert or enforce your rights with regard to your personal data.

What data is processed?

The exact data that is stored and processed depends on the respective provider of the social media platform. However, this usually includes data such as telephone numbers, email addresses, data that you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Especially if you have a profile on the social media channel you are visiting and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the providers' servers. This means that only the providers have access to the data and can provide you with the relevant information or make changes.

If you want to know exactly what data is stored and processed by social media providers and how you can object to data processing, you should carefully read the company's privacy policy. If you have any questions about data storage and data processing or wish to assert your rights, we recommend that you contact the provider directly.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. However, customer data that is matched with your own user data is deleted within two days. In general, we only process personal data for as long as is absolutely necessary to provide our services and products. If required by law, for example in the case of accounting, this storage period may be exceeded.

Right to object

You also have the right and the option to revoke your consent to the use of cookies or third-party providers such as embedded social media elements at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

As social media tools may use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). In principle, if you have given your consent, your data will also be stored and processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our privacy policy on cookies carefully and review the privacy policy or cookie policy of the respective service provider.

Information on specific social media platforms can be found in the following sections, where available.

Blogs and publication media Introduction

What are blogs and publication media?

We use blogs and other means of communication on our website to communicate with you and for you to communicate with us. In doing so, we may also store and process your data. This may be necessary in order to display content appropriately, ensure communication works and increase security. Our data protection text provides general information about which of your data may be processed. Exact details of data processing always depend on the tools and functions used. You can find detailed information about data processing in the data protection notices of the individual providers.

Why do we use blogs and publication media?

Our main concern with our website is to offer you interesting and exciting content, and at the same time, your opinions and content are also important to us. That is why we want to create a good interactive exchange between us and you. We can achieve exactly that with various blogs and publication options. For example, you can write comments on our content, comment on other comments or, in some cases, write your own posts.

What data is processed?

The exact data that is processed always depends on the communication functions we use. Very often, the IP address, user name and published content are stored. This is primarily done to ensure security, prevent spam and take action against illegal content. Cookies may also be used for data storage. These are small text files that are stored in your browser with information. You can find more details about the data collected and stored in our individual sections and in the privacy policy of the respective provider.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. For example, post and comment functions store data until you revoke your consent to data storage. In general, personal data is only stored for as long as is absolutely necessary for the provision of our services.

Right to object

You also have the right and the option to revoke your consent to the use of cookies or third-party communication tools at any time. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

As cookies may also be used in publication media, we recommend that you also read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

We use the means of communication primarily on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) in fast and effective communication with you or other customers, business partners and visitors. Insofar as the use serves the purpose of processing contractual relationships or initiating them, the legal basis is also Art. 6 (1) (b) GDPR.

Certain processing operations, in particular the use of cookies and the use of comment or message functions, require your consent. If and to the extent that you have consented to the processing and storage of your data by integrated publication media, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the communication functions we use set cookies in your browser to store data. We therefore recommend that you read our privacy policy on cookies carefully and review the privacy policy or cookie policy of the respective service provider.

Information on specific tools can be found in the following sections, if available.

Blog posts and comment functions Privacy policy

There are various online communication tools that we can use on our website. For example, we use blog posts and comment functions. This gives you the opportunity to comment on content or write posts. If you use this function, your IP address may be stored for security reasons. This protects us from illegal content such as insults, unauthorised advertising or prohibited political propaganda. In order to identify whether comments are spam, we may also store and process user information on the basis of our legitimate interest. If we launch a survey, we will also store your IP address for the duration of the survey so that we can ensure that all participants only vote once. Cookies may also be used for storage purposes. All data that we store about you (such as content or information about you) will remain stored until you object.

Online marketing Introduction

What is online marketing?

Online marketing refers to all measures carried out online to achieve marketing goals such as increasing brand awareness or closing a deal. Furthermore, our online marketing measures aim to draw people's attention to our website. We therefore use online marketing to show our offering to as many interested people as possible. This usually involves online advertising, content marketing or search engine optimisation. In order to use online marketing efficiently and in a targeted manner, personal data is also stored and processed. On the one hand, the data helps us to show our content only to those people who are actually interested in it and, on the other hand, it enables us to measure the advertising success of our online marketing measures.

Why do we use online marketing tools?

We want to show our website to everyone who is interested in what we have to offer. We are aware that this is not possible without deliberate measures. That is why we do online marketing. There are various tools that make our online marketing work easier and also provide us with suggestions for improvement based on data. This allows us to target our campaigns more precisely to our target group. The purpose of these online marketing tools is ultimately to optimise our offering.

What data is processed?

To ensure that our online marketing works and that the success of the measures can be measured, user profiles are created and data is stored in cookies (small text files), for example. With the help of this data, we can not only place advertisements in the traditional sense, but also display our content directly on our website in the way that you prefer. There are various third-party tools that offer these functions and also collect and store data from you accordingly. The cookies mentioned above store information such as which pages you have visited on our website, how long you have viewed these pages, which links or buttons you have clicked on, and which website you came to us from. Technical information may also be stored. This includes your IP address, which browser you use, which device you use to visit our website, or the time at which you accessed our website and when you left it. If you have consented to us determining your location, we may also store and process this information.

Your IP address is stored in pseudonymised form (i.e. shortened). Unique data that directly identifies you as a person, such as your name, address or email address, is also only stored in pseudonymised form as part of advertising and online marketing processes. This means that we cannot identify you as a person, but only have the pseudonymised, stored information in the user profiles.

Under certain circumstances, cookies may also be used, analysed and utilised for advertising purposes on other websites that work with the same advertising tools. The data may then also be stored on the servers of the advertising tool providers.

In exceptional cases, unique data (names, email addresses, etc.) may also be stored in the user profiles. This storage occurs, for example, if you are a member of a social media channel that we use for our online marketing measures and the network links previously entered data with the user profile.

For all advertising tools we use that store your data on their servers, we only ever receive summarised information and never data that identifies you as an individual. The data only shows how well advertising measures worked. For example, we can see which measures prompted you or other users to visit our website and purchase a service or product there. Based on the analyses, we can improve our advertising offerings in the future and tailor them even more precisely to the needs and wishes of interested parties.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary to provide our services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years. The respective privacy policies of the individual providers usually provide detailed information about the individual cookies used by the provider.

Right to object

As cookies are generally used in online marketing tools, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to the use of third-party providers, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur during collection by online marketing tools.

We also have a legitimate interest in measuring online marketing measures in anonymised form in order to optimise our offerings and measures with the help of the data obtained. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use the tools if you have given your consent.

Information on specific online marketing tools can be found in the following sections, if available.

Google Ads (Google AdWords) conversion tracking privacy policy

What is Google Ads conversion tracking?

We use Google Ads (formerly Google AdWords) as an online marketing measure to advertise our products and services. In this way, we want to make more people aware of the high quality of our offerings on the Internet. As part of our advertising activities through Google Ads, we use conversion tracking from Google Inc. on our website. In Europe, however, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With the help of this free tracking tool, we can better tailor our advertising to your interests and needs. In the following article, we will explain in more detail why we use conversion tracking, what data is stored and how you can prevent this data storage.

Google Ads (formerly Google AdWords) is Google Inc.'s in-house online advertising system. We are confident in the quality of our offering and want as many people as possible to get to know our website. Google Ads offers the best platform for this in the online sector. Of course, we also want to gain an accurate overview of the cost-benefit factor of our advertising campaigns. That is why we use the conversion tracking tool from Google Ads.

But what exactly is a conversion? A conversion occurs when you go from being a purely interested website visitor to an active visitor. This happens whenever you click on our ad and then perform another action, such as visiting our website. With Google's conversion tracking tool, we record what happens after a user clicks on our Google Ads advertisement. For example, we can see whether products are purchased, services are used or whether users have signed up for our newsletter.

Why do we use Google Ads conversion tracking on our website?

We use Google Ads to draw attention to our offerings on other websites as well. The aim is to ensure that our advertising campaigns only reach those people who are interested in our offerings. With the conversion tracking tool, we can see which keywords, ads, ad groups and campaigns lead to the desired customer actions. We can see how many customers interact with our ads on a device and then perform a conversion. This data enables us to calculate our cost-benefit factor, measure the success of individual advertising measures and, as a result, optimise our online marketing activities. We can also use the data we collect to make our website more interesting for you and tailor our advertising even more specifically to your needs.

What data is stored in Google Ads conversion tracking?

We have integrated a conversion tracking tag or code snippet into our website in order to better analyse certain user actions. When you click on one of our Google Ads, the "conversion" cookie from a Google domain is stored on your computer (usually in your browser) or mobile device. Cookies are small text files that store information on your computer.

Here is the data from the most important cookies for Google conversion tracking:

Name: Conversion Value: EhMI_aySuoyv4gIVled3Ch0llweVGAEgt-mr6aXd7dYlSAGQ122586564-3 Purpose: This cookie stores every conversion you make on our site after coming to us via a Google Ad. Expiry date: after 3 months

Name: _gac Value: 1.1558695989.EAIaIQobChMIiOmEgYO04gIVj5AYCh2CBAPrEAAYASAAEgIYQfD_BwE Purpose: This is a classic Google Analytics cookie and is used to record various actions on our website. Expiry date: after 3 months

Note: The _gac cookie only appears in connection with Google Analytics. The above list is not exhaustive, as Google also uses other cookies for analytical evaluation.

As soon as you complete an action on our website, Google recognises the cookie and stores your action as a so-called conversion. As long as you are browsing our website and the cookie has not yet expired, we and Google recognise that you have found us via our Google Ads advertisement. The cookie is read and sent back to Google Ads with the conversion data. It is also possible that other cookies are used to measure conversions. Google Ads conversion tracking can be refined and improved using Google Analytics. For ads that Google displays in various locations on the web, cookies named "__gads" or "_gac" may be set under our domain. Since September 2017, various campaign information has been stored by analytics.js using the _gac cookie. The cookie stores this data as soon as you visit one of our pages for which Google Ads automatic tagging has been set up. Unlike cookies set for Google domains, Google can only read these conversion cookies when you are on our website. We do not collect or receive any personal data. We receive a report with statistical evaluations from Google. This tells us, for example, the total number of users who clicked on our ad and we can see which advertising measures were well received.

How long and where is the data stored?

At this point, we would like to point out that we have no influence on how Google uses the collected data. According to Google, the data is encrypted and stored on secure servers. In most cases, conversion cookies expire after 30 days and do not transmit any personal data. Cookies named "Conversion" and "_gac" (which is used in conjunction with Google Analytics) have an expiry date of 3 months.

How can I delete my data or prevent data storage?

You have the option of not participating in Google Ads conversion tracking. If you deactivate the Google conversion tracking cookie via your browser, you will block conversion tracking. In this case, you will not be included in the statistics of the tracking tool. You can change the cookie settings in your browser at any time. This works slightly differently for each browser. Under the "Cookies" section, you will find the relevant links to the respective instructions for the most popular browsers.

If you do not want to accept cookies at all, you can set your browser to always inform you when a cookie is about to be set. This allows you to decide whether to accept or reject each individual cookie. Downloading and installing this browser plug-in from https://support.google.com/ads/answer/7395996 will also disable all advertising cookies. Please note that deactivating these cookies does not prevent advertisements from being displayed, only personalised advertising.

Legal basis

If you have consented to the use of Google Ads Conversion Tracking, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur during collection by Google Ads Conversion Tracking.

We also have a legitimate interest in using Google Ads Conversion Tracking to optimise our online service and marketing measures. The corresponding legal basis for this is Art. 6 (1) lit. f GDPR (legitimate interests). However, we only use Google Ads Conversion Tracking if you have given your consent.

In addition, Google uses so-called standard contractual clauses (= Art. 46. Paras. 2 and 3 GDPR). Standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

If you would like to learn more about data protection at Google, we recommend reading Google's general privacy policy: https://policies.google.com/privacy?hl=de.

Cookie Consent Management Platform Introduction

What is a cookie consent management platform?

We use consent management platform (CMP) software on our website to facilitate the correct and secure handling of scripts and cookies for both us and you. The software automatically creates a cookie pop-up, scans and checks all scripts and cookies, provides you with the cookie consent required by data protection law, and helps us and you keep track of all cookies. Most cookie consent management tools identify and categorise all existing cookies. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or do not allow.

Why do we use a cookie management tool?

Our goal is to offer you the best possible transparency in the area of data protection. We are also legally obliged to do so. We want to inform you as best we can about all tools and cookies that can store and process your data. It is also your right to decide for yourself which cookies you accept and which you do not. In order to grant you this right, we first need to know exactly which cookies have ended up on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with information about them in accordance with the GDPR. You can then accept or reject cookies via the consent system.

What data is processed?

Our cookie management tool allows you to manage each individual cookie yourself and gives you complete control over the storage and processing of your data. Your consent is stored so that we do not have to ask you for it every time you visit our website and so that we can prove your consent if required by law. This is stored either in an opt-in cookie or on a server. The storage period for your cookie consent varies depending on the provider of the cookie management tool. In most cases, this data (such as pseudonymous user ID, time of consent, details of cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary to provide our services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others may remain stored in your browser for several years. The exact duration of data processing depends on the tool used, but in most cases you should expect a storage period of several years. You can usually find detailed information about the duration of data processing in the respective privacy policies of the individual providers.

Right to object

You also have the right and the option to revoke your consent to the use of cookies at any time. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

Information on specific cookie management tools, if available, can be found in the following sections.

Legal basis

If you agree to cookies, your personal data will be processed and stored via these cookies. If we are permitted to use cookies with your consent (Article 6(1)(a) GDPR), this consent also constitutes the legal basis for the use of cookies and the processing of your data. Cookie consent management platform software is used to manage consent to cookies and to enable you to give your consent. The use of this software enables us to operate the website in an efficient and legally compliant manner, which constitutes a legitimate interest (Article 6(1)(f) GDPR).

Google reCAPTCHA Privacy Policy

This website is protected by reCAPTCHA and Google's privacy policy and terms of use apply.

What is reCAPTCHA?

Our primary goal is to secure and protect our website for you and for us in the best possible way. To ensure this, we use Google reCAPTCHA from Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA, we can determine whether you are a real person and not a robot or other spam software. By spam, we mean any unsolicited information that comes to us electronically. With classic CAPTCHAS, you usually had to solve text or image puzzles for verification. With Google's reCAPTCHA, we usually don't have to bother you with such puzzles. In most cases, all you have to do is tick a box to confirm that you are not a bot. With the new Invisible reCAPTCHA version, you don't even have to tick a box. You can find out exactly how this works and, above all, what data is used for this purpose in the course of this privacy policy.

reCAPTCHA is a free captcha service from Google that protects websites from spam software and abuse by non-human visitors. This service is most commonly used when you fill out forms on the internet. A captcha service is a type of automatic Turing test designed to ensure that an action on the internet is performed by a human and not a bot. In the classic Turing test (named after computer scientist Alan Turing), a human determines the difference between a bot and a human. With captchas, this is also done by a computer or software programme. Classic captchas work with small tasks that are easy for humans to solve but present considerable difficulties for machines. With reCAPTCHA, you no longer have to actively solve puzzles. The tool uses modern risk techniques to distinguish humans from bots. All you have to do is tick the "I am not a robot" text box, or in the case of Invisible reCAPTCHA, even that is no longer necessary. With reCAPTCHA, a JavaScript element is embedded in the source code and the tool then runs in the background and analyses your user behaviour. The software calculates a so-called captcha score from these user actions. Google uses this score to calculate the probability that you are a human being even before you enter the captcha. reCAPTCHA and captchas in general are always used when bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).

Why do we use reCAPTCHA on our website?

We only want to welcome real people to our site. Bots or spam software of any kind are welcome to stay at home. That's why we do everything we can to protect ourselves and offer you the best possible user experience. For this reason, we use Google reCAPTCHA from Google. This allows us to be fairly certain that we remain a "bot-free" website. When you use reCAPTCHA, data is sent to Google to check if you're really a human. So reCAPTCHA helps keep our website safe and, as a result, keeps you safe too. Without reCAPTCHA, for example, a bot could register as many email addresses as possible during registration in order to subsequently "spam" forums or blogs with unwanted advertising content. With reCAPTCHA, we can prevent such bot attacks.

What data is stored by reCAPTCHA?

reCAPTCHA collects personal data from users to determine whether the actions on our website are actually performed by humans. This means that the IP address and other data required by Google for the reCAPTCHA service may be sent to Google. IP addresses are almost always truncated within the member states of the EU or other signatory states to the Agreement on the European Economic Area before the data is sent to a server in the United States. The IP address is not combined with other data from Google unless you are logged into your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) are already placed on your browser. reCAPTCHA then sets an additional cookie in your browser and captures a snapshot of your browser window.

The following list of collected browser and user data is not exhaustive. Rather, these are examples of data that, to our knowledge, is processed by Google.

Referrer URL (the address of the page from which the visitor comes)
IP address (e.g. 256.123.123.1)
Information about the operating system (the software that enables your computer to operate. Well-known operating systems are Windows, Mac OS X or Linux)
Cookies (small text files that store data in your browser)
Mouse and keyboard behaviour (every action you perform with the mouse or keyboard is stored)
Date and language settings (the language and date you have set on your PC are stored)
All JavaScript objects (JavaScript is a programming language that enables websites to adapt to the user. JavaScript objects can collect all kinds of data under one name)
Screen resolution (indicates how many pixels the image display consists of)

It is undisputed that Google uses and analyses this data even before you click on the "I am not a robot" checkbox. With the Invisible reCAPTCHA version, there is no need to tick the box and the entire recognition process runs in the background. Google does not provide detailed information about exactly how much and what data it stores.

The following cookies are used by reCAPTCHA: We refer here to the reCAPTCHA demo version from Google at https://www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:

Name: IDE Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-122586564-8 Purpose: This cookie is set by DoubleClick (also owned by Google) to record and report a user's actions on the website when interacting with advertisements. This allows the effectiveness of advertising to be measured and appropriate optimisation measures to be taken. IDE is stored in browsers under the domain doubleclick.net. Expiry date: after one year

Name: 1P_JAR Value: 2019-5-14-12 Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. Furthermore, the cookie can be used to prevent a user from seeing the same advertisement more than once. Expiry date: after one month

Name: ANID Value: U7j1v3dZa1225865640xgZFmiqWppRWKOr Purpose: We were unable to find out much information about this cookie. In Google's privacy policy, the cookie is mentioned in connection with "advertising cookies" such as "DSID", "FLC", "AID" and "TAID". ANID is stored under the domain google.com. Expiry date: after 9 months

Name: CONSENT Value: YES+AT.de+20150628-20-0 Purpose: This cookie stores the status of a user's consent to use various Google services. CONSENT also serves security purposes by verifying users, preventing login information fraud and protecting user data from unauthorised attacks. Expiry date: after 19 years

Name: NID Value: 0WmuWqy122586564zILzqV_nmt3sDXwPeM5Q Purpose: NID is used by Google to tailor advertisements to your Google search. With the help of this cookie, Google "remembers" your most frequently entered search queries or your previous interaction with ads. This ensures that you always receive tailored advertisements. The cookie contains a unique ID to collect the user's personal settings for advertising purposes. Expiry date: after 6 months

Name: DV Value: gEAABBCjJMXcI0dSAAAANbqc122586564-4 Purpose: This cookie is set as soon as you tick the "I am not a robot" box. The cookie is used by Google Analytics for personalised advertising. DV collects information in anonymised form and is also used to differentiate between users. Expiry date: after 10 minutes

Note: This list cannot claim to be exhaustive, as experience has shown that Google frequently changes its choice of cookies.

How long and where is the data stored?

By inserting reCAPTCHA, your data is transferred to the Google server. Even after repeated inquiries, Google does not clearly state where exactly this data is stored. Without confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on European or American Google servers. The IP address that your browser transmits to Google is not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged. In this case, Google's different privacy policy applies.

How can I delete my data or prevent data storage?

If you do not want any data about you and your behaviour to be transmitted to Google, you must log out of Google completely and delete all Google cookies before visiting our website or using the reCAPTCHA software. In principle, the data is automatically transmitted to Google as soon as you visit our site. To delete this data, you must contact Google Support at https://support.google.com/?hl=de&tid=122586564.

By using our website, you agree that Google LLC and its representatives may automatically collect, process and use data.

Please note that when using this tool, your data may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data may therefore not simply be transferred to, stored and processed in unsafe third countries unless there are appropriate safeguards (such as EU standard contractual clauses) between us and the non-European service provider.

Legal basis

If you have consented to the use of Google reCAPTCHA, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by Google reCAPTCHA.

We also have a legitimate interest in using Google reCAPTCHA to optimise our online service and make it more secure. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use Google reCAPTCHA if you have given your consent.

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

You can find out more about reCAPTCHA on Google's web developer page at https://developers.google.com/recaptcha/. Although Google goes into more detail about the technical development of reCAPTCHA here, you will not find any specific information about data storage and data protection issues. A good overview of the basic use of data at Google can be found in the company's own privacy policy at https://policies.google.com/privacy.

Cloud services

What are cloud services?

Cloud services provide us, as website operators, with storage space and computing power via the Internet. Data can be transferred to an external system, processed and stored via the Internet. The relevant cloud provider is responsible for managing this data. Depending on requirements, an individual or a company can choose the amount of storage space or computing power they need. Cloud storage is accessed via an API or storage protocols. API stands for Application Programming Interface and refers to a programming interface that connects software and hardware components.

Why do we use cloud services?

We use cloud services for several reasons. A cloud service offers us the opportunity to store our data securely. In addition, we have access to the data from different locations and devices, which gives us more flexibility and simplifies our work processes. Cloud storage also saves us money because we do not have to set up and manage our own infrastructure for data storage and data security. By storing our data centrally in the cloud, we can also expand our fields of application and manage our information much more effectively.

As website operators and as a company, we therefore primarily use cloud services for our own purposes. For example, we use the services to manage our calendar and to store documents or other important information in the cloud. However, this may also involve the storage of your personal data. This is the case, for example, if you provide us with your contact details (such as your name and email address) and we store our customer data with a cloud provider. Consequently, data that we process about you may also be stored and processed on external servers. If we offer certain forms or content from cloud services on our website, cookies may also be set for web analysis and advertising purposes. Furthermore, such cookies remember your settings (such as the language used) so that you will find your usual web environment when you next visit our website.

What data is processed by cloud services?

Much of the data we store in the cloud is not personal, but some data is considered personal data according to the definition in the GDPR. This often includes customer data such as name, address, IP address or telephone number, or technical device information. Videos, images and audio files can also be stored in the cloud. How exactly the data is collected and stored depends on the service in question. We try to only use services that are very trustworthy and handle data professionally. In principle, services such as Amazon Drive have access to the stored files in order to be able to offer their own services accordingly. However, to do so, the services require permissions such as the right to copy files for security reasons. This data is processed and managed within the scope of the services and in compliance with applicable laws. This also includes the GDPR for US providers (via the standard contractual clauses). In some cases, these cloud services also work with third-party providers who can process data under instruction and in accordance with data protection guidelines and other security measures. We would like to emphasise once again that all known cloud services (such as Amazon Drive, Google Drive or Microsoft Onedrive) reserve the right to access stored content in order to offer and optimise their own services accordingly.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, cloud services store data until you or we revoke the data storage or delete the data. In general, personal data is only stored for as long as is absolutely necessary for the provision of services. However, it may take several months for data to be permanently deleted from the cloud. This is because the data is usually not only stored on one server, but is distributed across several servers.

Right to object

You also have the right and the option to revoke your consent to data storage in a cloud at any time. If cookies are used, you also have a right of revocation here. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. We also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective cloud providers.

Legal basis

We use cloud services primarily on the basis of our legitimate interests (Art. 6(1)(f) GDPR) in a good security and storage system.

Certain processing operations, in particular the use of cookies and storage functions, require your consent. If you have consented to your data being processed and stored by cloud services, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the services we use set cookies in your browser to store data. We therefore recommend that you read our privacy policy on cookies carefully and review the privacy policy or cookie policy of the respective service provider.

Information on specific tools, if available, can be found in the following sections.

Dropbox privacy policy

We use Dropbox, an online storage service for files, photos and videos, for our website. The service provider is the American company Dropbox Inc. The company's European branch is located in Ireland (One Park Place, Floor 5, Upper Hatch Street, Dublin 2).

Dropbox also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

In addition, Dropbox uses standard contractual clauses (= Art. 46(2) and (3) GDPR). Standard contractual clauses (SCC) are templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Dropbox undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The data processing agreements, which comply with the standard contractual clauses, can be found at https://assets.dropbox.com/documents/en/legal/dfb-data-processing-agreement.pdf.

For more information about the data processed through the use of Dropbox, please refer to the Privacy Policy at https://www.dropbox.com/privacy.

Payment providers Introduction

What is a payment provider?

We use online payment systems on our website that enable us and you to make secure and smooth payments. This may involve personal data being sent to, stored and processed by the respective payment provider. Payment providers are online payment systems that enable you to place an order via online banking. The payment is processed by the payment provider you have selected. We then receive information about the payment made. This method can be used by any user who has an active online banking account with a PIN and TAN. There are hardly any banks left that do not offer or accept such payment methods.

Why do we use payment providers on our website?

Of course, we want to offer the best possible service with our website and our integrated online shop so that you feel comfortable on our site and take advantage of our offers. We know that your time is precious and that payment processing in particular must be quick and smooth. For these reasons, we offer you a variety of payment providers. You can choose your preferred payment provider and pay in the usual manner.

What data is processed?

The exact data that is processed depends, of course, on the respective payment provider. However, data such as your name, address, bank details (account number, credit card number, passwords, TANs, etc.) are generally stored. This data is necessary in order to carry out a transaction. In addition, any contract data and user data, such as when you visit our website, what content you are interested in or which subpages you click on, may also be stored. Most payment providers also store your IP address and information about the computer you are using.

The data is usually stored and processed on the payment providers' servers. As the website operator, we do not receive this data. We are only informed whether the payment was successful or not. For identity and credit checks, payment providers may forward data to the relevant authority. All payment transactions are always subject to the business and data protection principles of the respective provider. Therefore, please always check the general terms and conditions and privacy policy of the payment provider. You also have the right to have data deleted or corrected at any time. Please contact the respective service provider regarding your rights (right of withdrawal, right to information and right to be affected).

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If required by law, for example in the case of accounting, this storage period may be exceeded. For example, we retain accounting documents relating to a contract (invoices, contract documents, account statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they have been created.

Right to object

You always have the right to access, correct and delete your personal data. If you have any questions, you can also contact the responsible person at the payment provider used at any time. Contact details can be found either in our specific privacy policy or on the website of the relevant payment provider.

You can delete, deactivate or manage cookies used by payment providers for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.

Legal basis

In order to process contractual or legal relationships (Art. 6 (1) (b) GDPR), we offer other payment service providers in addition to traditional banking/credit institutions. The privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay or Discover) provide you with a detailed overview of data processing and data storage. In addition, you can always contact the responsible parties if you have any questions about data protection issues.

Information on specific payment providers can be found in the following sections, where available.

PayPal privacy policy

What is PayPal?

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European region.

With PayPal, all users can send and receive money electronically. The company was founded in 1998 and now has over 325 million active customers, making it one of the best-known and largest online payment service providers worldwide.

Why do we use PayPal for our website?

There are several reasons why we use PayPal and offer it on our website. As PayPal is one of the best-known online payment providers, many of our website visitors also use and trust this service. PayPal also offers high security standards for digital money transfers. The service uses various encryption methods to protect your personal data in the best possible way. We also appreciate PayPal's ease of use and the option of making international payments in different currencies. Transactions are usually completed very quickly, which is another advantage for both us and you as a customer.

What data is processed by PayPal?

In its privacy policy, PayPal distinguishes between different categories of personal data that may be processed when using the service. These include registration and contact details, identification and signature data, payment information, information on imported contacts, data from your account profile, device data such as your IP address, location data and so-called derived data. This refers to information that can be derived from transactions or other data. This can include purchasing habits, behaviour patterns, creditworthiness or personal preferences.

There is also personal data collected by third parties (such as identity verifiers, fraud detection providers or your bank). This data includes information from credit agencies, transaction data, information on legal regulations, technical usage data, location data and, again, derived data.

PayPal and its partners also use tracking technologies such as cookies, pixel tags, web beacons and widgets to recognise you as a user, customise content and perform analyses for interest-based advertising.

How long and where is the data stored?

In principle, PayPal stores the data for as long as is necessary to fulfil its obligations and for the purpose for which it was collected. Personal data that is necessary for the customer relationship is retained for up to 10 years after the end of the relationship. If PayPal is subject to a legal obligation, the retention period for personal data is determined by the applicable law (e.g. insolvency law). PayPal also stores personal data for as long as necessary if storage is advisable in view of legal disputes.

As PayPal is a global company, the service also has data centres around the world where your data may be stored. This means that your data may also be stored on PayPal servers outside your country and outside the scope of the GDPR.

How can I delete my data or prevent data storage?

You have the right to access, correct, delete and restrict the processing of your personal data at any time. You can also revoke your consent to the processing of your data at any time.

If you want to deactivate, delete or manage cookies in general, you will find the relevant links to the respective instructions for the most popular browsers in the "Cookies" section.

Legal basis

We have a legitimate interest in integrating an external payment service with PayPal in order to make our offering more attractive and to improve it technically and economically. The legal basis for this is Art. 6 (1) lit. f GDPR (legitimate interests). Please note that you can only use PayPal if you enter into a contractual relationship with PayPal. Here, it may be necessary to provide further data protection and contractual declarations (e.g. consent).

PayPal also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

PayPal uses standard contractual clauses (= Art. 46(2) and (3) GDPR) as the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfers to such countries. Standard contractual clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through these clauses, PayPal undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on the standard contractual clauses and the data processed through the use of PayPal, please refer to the privacy policy at https://www.paypal.com/webapps/mpp/ua/privacy-full.

Web design Introduction

What is web design?

We use various tools on our website that serve our web design purposes. Contrary to popular belief, web design is not just about making our website look pretty, but also about functionality and performance. But of course, the right look for a website is also one of the main goals of professional web design. Web design is a subfield of media design and deals with the visual, structural and functional design of a website. The aim of web design is to improve your experience on our website. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all the impressions and experiences that a website visitor has on a website. One sub-item of user experience is usability. This refers to the user-friendliness of a website. The main focus here is on ensuring that content, subpages or products are clearly structured and that you can find what you are looking for quickly and easily. In order to offer you the best possible experience on our website, we also use third-party web design tools. In this privacy policy, the category "web design" therefore includes all services that improve the design of our website. These can be, for example, fonts, various plugins or other integrated web design functions.

Why do we use web design tools?

How you absorb information on a website depends heavily on the structure, functionality and visual perception of the website. That is why good, professional web design has become increasingly important to us. We are constantly working to improve our website and see this as an extended service for you as a website visitor. Furthermore, an attractive and functional website also has economic advantages for us. After all, you will only visit us and take advantage of our offers if you feel completely at ease.

What data is stored by web design tools?

When you visit our website, web design elements may be integrated into our pages that can also process data. The exact nature of this data depends, of course, on the tools used. Below you can see exactly which tools we use for our website. For more detailed information about data processing, we recommend that you also read the respective privacy policy of the tools used. In most cases, you will find out what data is processed, whether cookies are used and how long the data is stored. Fonts such as Google Fonts, for example, also automatically transfer information such as language settings, IP address, browser version, browser screen resolution and browser name to Google servers.

Duration of data processing

How long data is processed is very individual and depends on the web design elements used. If cookies are used, for example, the storage period can be as short as one minute or as long as a few years. Please inform yourself about this. We recommend that you read our general section on cookies and the privacy policies of the tools used. There you will usually find out exactly which cookies are used and what information is stored in them. Google font files, for example, are stored for one year. This is to improve the loading time of a website. As a matter of principle, data is only stored for as long as is necessary to provide the service. Data may also be stored for longer if required by law.

Right to object

You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. You can do this either via our cookie management tool or via other opt-out functions. You can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. However, some web design elements (usually fonts) contain data that cannot be deleted so easily. This is the case when data is automatically collected when a page is accessed and transmitted to a third-party provider (such as Google). In this case, please contact the support team of the relevant provider. In the case of Google, you can reach support at https://support.google.com/?hl=de.

Legal basis

If you have consented to the use of web design tools, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by web design tools. We also have a legitimate interest in improving the web design of our website. After all, this is the only way we can provide you with an attractive and professional website. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use web design tools if you have given your consent. We would like to emphasise this again here.

Information on specific web design tools can be found in the following sections, if available.

Font Awesome Privacy Policy

What is Font Awesome?

We use Font Awesome from the American company Fonticons (307 S. Main St., Suite 202, Bentonville, AR 72712, USA) on our website. When you visit one of our web pages, the Font Awesome web font (specifically icons) is loaded via the Font Awesome Content Delivery Network (CDN). This ensures that the text, fonts and icons are displayed correctly on every device. In this privacy policy, we go into more detail about data storage and data processing by this service.

Icons are playing an increasingly important role on websites. Font Awesome is a web font that was developed specifically for web designers and web developers. With Font Awesome, icons can be scaled and coloured as desired using the CSS stylesheet language. They thus replace old image icons. Font Awesome CDN is the easiest way to load the icons or fonts onto your website. To do this, we only had to embed a small line of code into our website.

Why do we use Font Awesome on our website?

Font Awesome allows us to present content on our website in a more appealing way. This makes it easier for you to navigate our website and understand the content. The icons can even be used to replace entire words, saving space. This is particularly useful when optimising content specifically for smartphones. These icons are inserted as HTML code instead of images. This allows us to edit the icons with CSS exactly as we want. At the same time, Font Awesome also improves our loading speed because it only uses HTML elements and not icon images. All these advantages help us to make the website even clearer, fresher and faster for you.

What data is stored by Font Awesome?

The Font Awesome Content Delivery Network (CDN) is used to load icons and symbols. CDNs are networks of servers distributed worldwide that make it possible to quickly load files from nearby. This means that as soon as you visit one of our pages, the corresponding icons are provided by Font Awesome.

In order for the web fonts to be loaded, your browser must connect to the servers of Fonticons, Inc. Your IP address is recognised in the process. Font Awesome also collects data about which icon files are downloaded and when. Technical data such as your browser version, screen resolution or the time the page was accessed is also transmitted.

This data is collected and stored for the following reasons:

to optimise content delivery networks
to detect and fix technical errors
to protect CDNs from misuse and attacks
to be able to charge fees to Font Awesome Pro customers
to determine the popularity of icons
to know which computer and software you are using

If your browser does not support web fonts, a standard font from your PC will be used automatically. To the best of our knowledge, no cookies are set. We are in contact with Font Awesome's data protection department and will let you know as soon as we find out more.

How long and where is the data stored?

Font Awesome stores data about the use of the Content Delivery Network on servers in the United States of America. However, the CDN servers are located worldwide and store user data wherever you are. In identifiable form, the data is usually only stored for a few weeks. Aggregated statistics on the use of the CDNs may also be stored for longer. Personal data is not included here.

How can I delete my data or prevent data storage?

To the best of our knowledge, Font Awesome does not store any personal data via the content delivery networks. If you do not want data about the icons used to be stored, you will unfortunately not be able to visit our website. If your browser does not allow web fonts, no data will be transferred or stored. In this case, your computer's default font will simply be used.

Legal basis

If you have consented to the use of Font Awesome, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by Font Awesome.

We also have a legitimate interest in using Font Awesome to optimise our online service. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use Font Awesome if you have given your consent.

We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. Data processing is mainly carried out by Font Awesome. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may have access to individual data. It may also happen that this data is linked to data from other Font Awesome services for which you have a user account.

If you would like to learn more about Font Awesome and how it handles data, we recommend reading the privacy policy at https://fontawesome.com/privacy and the help page at https://fontawesome.com/support.

Google Fonts Privacy Policy

What are Google Fonts?

We use Google Fonts on our website. These are the "Google fonts" from Google Inc. For the European area, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

You do not need to register or enter a password to use Google fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account data will be transmitted to Google when using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will take a closer look at exactly how data storage works.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users free of charge.

Many of these fonts are published under the SIL Open Font License, while others are published under the Apache License. Both are free software licences.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our own website without having to upload them to our own server. Google Fonts is an important component in maintaining the high quality of our website. All Google fonts are automatically optimised for the web, which saves data volume and is a great advantage, especially for use on mobile devices. When you visit our site, the low file size ensures fast loading times. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can sometimes distort text or entire web pages visually. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform issues with Google Fonts. Google Fonts supports all popular browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts so that we can present our entire online service as beautifully and uniformly as possible.

What data is stored by Google?

When you visit our website, the fonts are downloaded via a Google server. This external call transmits data to the Google servers. This also allows Google to recognise that you or your IP address has visited our website. The Google Fonts API was developed to reduce the use, storage and collection of end-user data to what is necessary for the proper provision of fonts. API stands for "Application Programming Interface" and serves, among other things, as a data transmitter in the software sector.

Google Fonts stores CSS and font requests securely at Google and is therefore protected. The usage statistics collected enable Google to determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the BigQuery database of Google Fonts. Entrepreneurs and developers use the Google web service BigQuery to examine and move large amounts of data.

However, it should be noted that every Google Font request automatically transmits information such as language settings, IP address, browser version, browser screen resolution and browser name to Google's servers. It is not clear whether this data is also stored, nor is this clearly communicated by Google.

How long and where is the data stored?

Google stores requests for CSS assets on its servers, which are mainly located outside the EU, for one day. This allows us to use the fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to quickly and easily change the design or font of a website, for example.

The font files are stored by Google for one year. Google's goal is to improve the loading time of websites. When millions of websites refer to the same fonts, they are cached after the first visit and immediately reappear on all other websites visited later. Google sometimes updates font files to reduce file size, increase language coverage and improve design.

How can I delete my data or prevent data storage?

Data that Google stores for a day or a year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. To delete this data prematurely, you must contact Google Support at https://support.google.com/?hl=de&tid=122586564. In this case, you can only prevent data storage by not visiting our site.

Unlike other web fonts, Google gives us unrestricted access to all fonts. This means we have unlimited access to a sea of fonts, allowing us to get the most out of our website. You can find more information about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=122586564. Although Google addresses data protection issues there, it does not provide truly detailed information about data storage. It is relatively difficult to obtain truly precise information about stored data from Google.

Legal basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by Google Fonts.

We also have a legitimate interest in using Google Fonts to optimise our online service. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use Google Fonts if you have given your consent.

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

You can also read about what data Google collects and what this data is used for at https://www.google.com/intl/de/policies/privacy/.

Shopify Privacy Policy

plantoCAPS pharm operates this shop and website, including all related information, content, features, tools, products and services, to provide you, the customer, with a personalised shopping experience (the "Services"). plantoCAPS pharm is based on Shopify, which enables us to provide you with the Services. This Privacy Policy describes how we collect, use, or share personal information when you visit, use, or purchase or otherwise interact with the Services. If there is a conflict between our Terms and Conditions and this Privacy Policy, this Privacy Policy shall take precedence with respect to the collection, processing, and sharing of your personal information.

Please read this privacy policy carefully. By using and accessing any of the Services, you acknowledge that you have read this privacy policy and agree to the collection, use and disclosure of your information as described in this privacy policy.

What personal data do we collect or process?

When we use the term "personal data", we are referring to information that identifies you or another person or can be directly associated with you. Personal data does not include information that has been collected anonymously or anonymised in such a way that it cannot be identified or attributed to you. Depending on how you interact with the Services, where you live, and as permitted or required by applicable law, we may collect or process the following categories of personal data, including inferences drawn from that personal data:

Contact details, including name, postal address, billing address, delivery address, telephone number and email address.
Financial data, including credit, debit card and financial account numbers, payment card information, financial account information, transaction details, payment method, payment confirmation and other payment details.
Account information, including username, password, security questions, configurations, and settings.
Transaction information, including items you view, add to your shopping cart, add to your wish list, or purchase, return, exchange, or cancel, as well as your past transactions.
Communications with us, including the information you provide when communicating with us, such as when you send a query to customer support.
Device information, including information about your device, browser or network connection, IP address and other unique identifiers.
Usage information, including information about your interaction with the Services, including how and when you interact with or browse the Services.

Sources of personal data

We may collect personal data from the following sources:

Directly from you We collect data when you create an account, access or use the Services, communicate with us, or otherwise provide us with your personal data.
Automatically through the Services We collect data from your device, when you use our products or services or visit our website, and through the use of cookies and similar technologies, among other things.
From our service providers We collect data when, among other things, we engage service providers to enable certain technologies and when they collect or process your personal data on our behalf.
From our partners and other third-party providers

How do we use your personal data?

Depending on how you interact with us or which of our services you use, we may use personal data for the following purposes:

Provision, customisation and improvement of services. We use your personal data to provide you with services. This includes, among other things, fulfilling our contract with you, processing your payments, fulfilling your orders, storing your configurations and the items you are interested in, sending notifications related to your account, creating, maintaining and otherwise managing your account, organising shipping, facilitating returns and exchanges, allowing you to submit reviews, and creating a personalised shopping experience for you, for example by recommending products based on your purchases. This may also include using your personal data to better tailor and improve the Services.
Marketing and advertising. We use your personal data for marketing and advertising purposes, for example to send marketing and advertising communications by email, SMS or post, and to display online advertisements for products or services for the Services or other websites, including based on items you have previously purchased or added to your shopping basket, as well as other activities related to the Services.
Security and fraud prevention. We use your personal data to authenticate your account, provide a secure payment and shopping experience, detect, investigate or take action regarding potential fraudulent, illegal, unsafe or malicious activity, protect public safety and ensure the security of our Services. If you decide to use the Services and register for an account, you are responsible for protecting your account login details. We strongly recommend that you do not share your username, password or other access details with anyone else.
Communicating with you. We use your personal data to provide you with customer support and effective services, respond to your enquiries in a timely manner, and maintain our business relationship with you.
Legal reasons. We use your personal data to comply with applicable law or respond to lawful process, including requests from law enforcement or regulatory authorities, to investigate or participate in civil investigations, potential or actual litigation or other adversarial proceedings, and to investigate or enforce potential violations of our terms and conditions or policies.

How do we share personal data?

In certain circumstances, we may share your personal data with third parties for legitimate purposes in accordance with this Privacy Policy. Such circumstances may include:

At Shopify, these are providers and other third parties who provide services on our behalf (e.g., IT management, payment processing, data analysis, customer support, cloud storage, fulfilment and shipping).
We share personal data with business and marketing partners who provide marketing services to you and display advertisements to you. For example, we use Shopify to support personalised advertising with third-party services based on your online activities across various retailers and websites. Our business and marketing partners use your information in accordance with their own privacy policies. Depending on where you live, you may have the right to instruct us not to share information about you in order to show you targeted advertising and marketing based on your online activities across different retailers and websites.
When you request or otherwise consent to us sharing certain information with third parties, for example to deliver products to you, or when you use social media widgets or login integrations.
We share personal information with our affiliates or otherwise within our group of companies.
In connection with a business transaction such as a merger or insolvency, to comply with applicable legal obligations (including responding to subpoenas, search warrants and similar requests), to enforce applicable service terms or policies, and to protect or defend the Services, our rights and the rights of our users or others.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal data about your access to and use of the Services in order to provide and improve the Services. Data you submit to the Services is shared with Shopify and third parties who may be located in countries other than your country of residence in order to provide and improve the Services for you. To protect, expand, and improve our business, we also use certain advanced Shopify features that incorporate data and information from your interactions with our shop, other merchants, and Shopify. To provide these advanced features, Shopify may use personal data collected from your interactions with our shop, other merchants, and Shopify. In these circumstances, Shopify is responsible for processing your personal data, including responding to your requests to exercise your rights regarding the use of your personal data for these purposes. For more information about how Shopify uses your personal data and what rights you have, please see the Shopify Consumer Privacy Policy. Depending on where you live, you may be able to exercise certain rights regarding your personal data listed here Link to Shopify Privacy Portal.

Third-party websites and links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to websites that are not affiliate websites or are not controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such websites, including the accuracy, completeness or reliability of the information contained on those websites. Information you provide in public or semi-public areas, including information you share on third-party social networking platforms, may also be viewed by other users of the Services and/or users of those third-party platforms, without restriction on their use by us or any third party. The inclusion of such links by us does not imply that we endorse the content of these platforms or their owners or operators, unless expressly stated in the Services.

Children's Data

The Services are not intended for use by children, and we do not knowingly collect personal data from children who are under the age of majority in your country. If you are the parent or guardian of a child who has provided us with their personal data, you may contact us using the contact details below to request that this data be deleted. As of the effective date of this Privacy Policy, we are not aware that we "share" or "sell" (as those terms are defined under applicable law) personal data from individuals under the age of 16.

Security and storage of your data

Please note that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security". In addition, information you send to us may be exposed to risks during transmission. We recommend that you do not use unsecure channels when transmitting sensitive or confidential information to us.

How long we retain your personal data depends on various factors. These include, for example, whether we need the data to manage your account, provide you with services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.

Your rights and options

Depending on where you live, you may have some or all of the rights listed below in relation to your personal data. However, these rights are not absolute, may only apply in certain circumstances, and in certain cases we may refuse your request to the extent permitted by law.

Right of access/information. You may have the right to request access to the personal data we hold about you.
Right to erasure. You may have the right to request that we erase the personal data we hold about you.
Right to rectification. You may have the right to request that we correct inaccurate personal data we hold about you.
Right to data portability. You may have the right to obtain a copy of the personal data we hold about you and to request that we transfer it to a third party in certain circumstances and with certain exceptions.
Managing communication preferences. We may send you promotional emails. You can opt out of receiving these emails at any time by using the unsubscribe option included in our emails to you. If you opt out, we may still send you non-promotional emails, such as about your account or orders you have placed.

If you are a resident of the United Kingdom or the European Economic Area, subject to the exceptions and limitations under local law, you may exercise the following rights in addition to the rights mentioned above:

Right to object and right to restrict processing. You may have the right to request that we stop or restrict the processing of personal data for certain purposes.
Withdrawal of consent. Where we rely on consent to process your personal data, you have the right to withdraw that consent. If you withdraw your consent, this will not affect the lawfulness of processing based on your consent before its withdrawal.

You can exercise these rights as indicated in the Services or by contacting us using the contact details provided below. For more information about how Shopify uses your personal data and your rights, including rights relating to data processed by Shopify, please visit https://privacy.shopify.com/en.

Exercising these rights will not result in any disadvantage to you. Where permitted or required by applicable law, we may need to verify your identity before we can process your requests. In accordance with applicable law, you may appoint an authorised representative to make requests on your behalf to exercise your rights. Before we accept such a request from a representative, we will require proof that you have authorised them to act on your behalf. This may require you to confirm your identity directly to us. We will respond to your request promptly in accordance with applicable law.

Complaints

If you have any complaints about how we process your personal data, please contact us using the contact details below. Depending on where you live, you have the right to object to our decision by contacting us using the contact details below or by submitting your complaint to the relevant data protection authority. For the European Economic Area, there is a list of competent data protection supervisory authorities. If you wish to access it, you can do so here.

International transfers

Please note that we may transfer, store and process your personal data outside the country in which you reside.

When we transfer your personal data outside the European Economic Area or the United Kingdom, we rely on recognised transfer mechanisms such as the European Commission's Standard Contractual Clauses or equivalent contracts issued by the relevant UK authority, unless the data transfer is to a country that has been found to provide an adequate level of protection.

Changes to this privacy policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal or regulatory reasons. We will post the revised privacy policy on this website, update the "Last Revised" date accordingly, and provide the notice required by applicable law.

Contact

If you have any questions about our data protection practices or this privacy policy, or if you wish to exercise any of your rights, please contact us by email at office@plantocaps.com or by post at Moosbrunnweg 1, Graz, 8042, AT. In accordance with applicable data protection laws, we are the data controller for your personal data.

Miscellaneous Introduction

What falls under "Miscellaneous"?

The "Miscellaneous" category includes those services that do not fit into any of the above categories. These are usually various plugins and integrated elements that improve our website. These functions are usually obtained from third-party providers and integrated into our website. Examples include web search services such as Algolia Place, Giphy, Programmable Search Engine or online services for weather data such as OpenWeather.

Why do we use other third-party providers?

We want our website to offer you the best web service in our industry. For a long time now, a website has been more than just a business card for companies. Rather, it is a place that should help you find what you are looking for. In order to make our website even more interesting and helpful for you, we use various third-party services.

What data is processed?

Whenever elements are integrated into our website, your IP address is transmitted to the respective provider, stored and processed there. This is necessary because otherwise the content will not be sent to your browser and will therefore not be displayed correctly. Service providers may also use pixel tags or web beacons. These are small graphics on websites that can record a log file and also create analyses of this file. Providers can use the information obtained to improve their own marketing measures. In addition to pixel tags, such information (such as which button you click or when you visit which page) can also be stored in cookies. In addition to analysis data on your web behaviour, technical information such as your browser type or operating system can also be stored in these cookies. Some providers may also link the data obtained to other internal services or third-party providers. Each provider handles your data differently. We therefore recommend that you carefully read the privacy policies of the respective services. We always endeavour to use only services that handle data protection with great care.

Duration of data processing

Legal basis

If we ask for your consent and you agree that we may use the service, this constitutes the legal basis for the processing of your data (Art. 6(1)(a) GDPR). In addition to your consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our offering both technically and economically. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). However, we only use the tools if you have given your consent.

Information on the specific tools, if available, can be found in the following sections.

Clarity Privacy Policy

We use the project and portfolio management tool Clarity for our website. The service provider is the American company Broadcom Inc., 1320 Ridder Park Drive, San Jose, CA 95131, USA.

Broadcom also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

Broadcom uses standard contractual clauses (= Art. 46 (2) and (3) GDPR) as the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfers to such countries. Standard contractual clauses (SCCs) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through these clauses, Broadcom undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information on Broadcom's standard contractual clauses, please refer to the data processing terms and conditions at https://docs.broadcom.com/docs/dpa-amendment-2021-standard-contractual-clauses.

For more information about the data processed through the use of Clarity, please refer to the Privacy Policy at https://www.broadcom.com/company/legal/privacy/policy.

Google Sheets Privacy Policy

We also use the Google Sheets spreadsheet programme for our business. The service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

For more information about the data processed through the use of Google Sheets, please refer to the privacy policy at https://policies.google.com/privacy.

Tally Privacy Policy

Use of Tally (form tool)

We use the Tally tool from Tally BV, August Van Lokerenstraat 71, 9050 Ghent, Belgium, to provide online forms for data collection and management. Tally enables us to easily design and process forms (e.g. for contact enquiries, customer surveys or product orders).

Processed data We process the following personal
data in particular via Tally:

Name, email address, telephone number and other contact information
Company name and position, if applicable
Contents of messages or enquiries that you submit via the form
Technical data (e.g. IP address, time of transmission)

Purpose of processing
The data is processed in order to:

process your enquiry
provide our forms technically and
enable secure, efficient and user-friendly communication.

Legal basis Your
personal data is processed in accordance with

Art. 6 (1) (b) GDPR (performance of a contract or pre-contractual measures), insofar as the data is necessary for the preparation or execution of a contract,
and Art. 6 (1) (f) GDPR (legitimate interest) in the efficient organisation of our communication and form processes.

Order processing and data storage

Tally acts as a processor for us within the meaning of Art. 28 GDPR.

A contract processing agreement (CPA) has been concluded with Tally to ensure compliance with European data protection standards. The data is processed and stored exclusively on servers within the European Union.

Disclosure and security

Tally uses appropriate technical and organisational security measures to protect the stored data from unauthorised access, loss or disclosure. The data is not passed on to third parties unless this is required by law.

Storage period

The data you submit via our Tally forms will only be stored for as long as is necessary to process your enquiry or as required by statutory retention obligations.
For more information on data processing by Tally, please refer to Tally's privacy policy at: 👉 https://tally.so/privacy

Hyros

On our website, we use the "Hyros" service provided by Hyros, Inc., 13359 N Highway 183 Ste 406 # 2008, Austin, TX 78750 USA. By using Hyros, we can determine whether our advertisements have been successful. We also receive statistical data to optimise the effectiveness of our advertisements. The use is based on Art. 6 (1) lit. a GDPR (consent). Your consent is voluntary and can be revoked at any time. When using this service, data may also be transferred to the USA. When transferring data to the USA, an adequate level of data protection cannot be guaranteed. In particular, access by US authorities cannot be ruled out. The transfer to the USA is based on Art. 49 (1) (a) GDPR (consent).

PDFMonkey Privacy Policy

Processing of personal data when using PDFMonkey

We use the PDFMonkey service for the automated creation and processing of PDF documents, such as invoices, order confirmations, contracts or delivery notes. The data generated in the course of contract processing is transmitted to the PDFMonkey servers via a secure interface. On this basis, PDFMonkey creates the respective document and then makes it available to us for download or dispatch. Using this service enables us to create the required documents efficiently, accurately and in a resource-saving manner.

Responsible service provider:
PDFMonkey SAS, 15 Rue des Halles, 75001 Paris, France
Website: https://pdfmonkey.io
Privacy policy: https://pdfmonkey.io/privacy-policy

PDFMonkey is a provider based in the European Union and is therefore directly subject to the provisions of the General Data Protection Regulation (GDPR).

When using PDFMonkey, the following personal data in particular may be processed:

Master data such as name, address, email address, customer number or telephone number,
Contract and order data such as order number, product description, prices, and billing and delivery data,
Payment and transaction data, insofar as they are part of the generated document (e.g. invoice amount, payment method),
and metadata such as internal identifiers, timestamps or document references.

The data is used exclusively for the creation of the respective PDF documents. PDFMonkey does not use the data independently for other purposes (e.g. marketing or analysis).

Processing is carried out on the basis of Art. 6 (1) (b) GDPR (for the performance of a contract or pre-contractual measures) and Art. 6 (1) (f) GDPR (legitimate interest in efficient and secure document creation).

PDFMonkey acts as a processor in accordance with Art. 28 GDPR. There is a data processing agreement in place which ensures that PDFMonkey processes the data exclusively in accordance with our instructions, takes appropriate technical and organisational measures to protect the data and does not pass it on to unauthorised third parties. The current Data Processing Agreement can be viewed here:
https://pdfmonkey-resources.s3-eu-west-3.amazonaws.com/documents/2023-03-01%20PDFMonkey%20DsPA.pdf

The data is generally processed on servers within the European Union or the European Economic Area. If transfer to a third country outside the EU is necessary, PDFMonkey ensures that appropriate data protection guarantees are in place (e.g. standard contractual clauses or an adequacy decision in accordance with Art. 45 ff. GDPR).

PDFMonkey stores the processed data and the created documents only for as long as is necessary to fulfil the respective processing purpose. Once processing has been completed or the defined retention period has expired, both the transmitted data and the generated PDF files are automatically deleted. Details can be found in the documentation at
https://docs.pdfmonkey.io/frequent-questions/security/retention-policy

To ensure data security, PDFMonkey uses modern protection mechanisms, including TLS encryption, role-based access control and encrypted storage. In addition, regular internal security checks and backups are performed to prevent unauthorised access and data loss.

Under the GDPR, data subjects have the right to access, rectify, erase, restrict processing, data portability and object to certain processing operations. To exercise these rights, you can contact us at any time (see the information in the legal notice or in the "Controller" section of this privacy policy).

Further information on data processing by PDFMonkey can be found in the official privacy policy of the service at https://pdfmonkey.io/privacy-policy

Final words

Congratulations! If you are reading these lines, you have really "fought your way through" our entire privacy policy, or at least scrolled down to this point. As you can see from the scope of our privacy policy, we take the protection of your personal data very seriously. It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. However, we don't just want to tell you what data is processed, we also want to explain the reasons for using various software programmes. Privacy policies usually sound very technical and legal. However, since most of you are not web developers or lawyers, we wanted to take a different approach linguistically and explain the facts in simple and clear language. Of course, this is not always possible due to the nature of the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy. If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible authority. We hope you enjoy your visit and look forward to welcoming you back to our website soon.

If this policy, any content on this website or this document is translated into other languages, the translation is for informational purposes only. In the event of contradictions, discrepancies or doubts regarding interpretation, the original German version is authoritative and legally binding.

plantoCAPS

Our most popular products

Why customers trust us

Privacy policy

Your starting advantage – 10% discount on your first order.