data protection

1. Data Protection at a Glance
General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on data protection can be found in our privacy policy below.

Data Collection on this Website
Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the legal notice of this website.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This could include, for example, data that you enter into a contact form.

Other data is collected automatically by our IT systems when you visit the website, either automatically or with your consent. This is primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you access this website.

What do we use your data for?

Some data is collected to ensure the proper functioning of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive information free of charge at any time about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

For this and other questions regarding data protection, you can contact us at any time at the address provided in the legal notice.

Analytics tools and third-party tools

When you visit this website, your browsing behavior may be statistically analyzed. This is done primarily using so-called analytics programs.

Detailed information about these analytics programs can be found in the following privacy policy.

2. General Information and Mandatory Disclosures

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

Please note that data transmission over the Internet (e.g., when communicating by email) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Notice regarding the data controller

The data controller for this website is:

Whelsy

Jessica Schweizer

Schulweg 1 

38272 Burgdorf

Germany

Email: whelsyy@gmail.com

The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Data retention period

Unless a more specific data retention period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for erasure or withdraw your consent to data processing, your data will be deleted, provided we have no other legally permissible grounds for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will occur after these grounds cease to apply.

Notice regarding data transfer to the USA

Our website uses tools from companies based in the USA. When these tools are active, your personal data may be transferred to the US servers of the respective companies. Please note that the USA is not considered a safe third country under EU data protection law. US companies are legally obligated to disclose personal data to security authorities without you, as the data subject, having any legal recourse. Therefore, it cannot be ruled out that US authorities (e.g., intelligence agencies) may process, analyze, and permanently store your data located on US servers for surveillance purposes. We have no control over these processing activities.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. The lawfulness of the data processing carried out before the withdrawal remains unaffected by the withdrawal.

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims (objection pursuant to Article 21(1) GDPR).

... If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be processed for direct marketing purposes (objection pursuant to Article 21(2) GDPR).... Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement. This right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) and the processing is carried out by automated means. Where technically feasible, you also have the right to have the personal data transmitted directly from us to another controller.

SSL/TLS Encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the padlock icon in your browser's address bar.

When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted Payment Transactions on this Website

If, after concluding a paid contract, you are required to provide us with your payment details (e.g., bank account number for direct debit), this data is necessary for processing the payment.

Payment transactions using common payment methods (Visa/MasterCard, direct debit) are conducted exclusively via an encrypted SSL/TLS connection. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the padlock icon in your browser's address bar.

With encrypted communication, your payment details that you transmit to us cannot be intercepted by third parties.

Information, Deletion, and Correction

In accordance with applicable legal provisions, you have the right at any time to obtain information free of charge about your stored personal data, its origin and recipients, and the purpose of the data processing, and, if applicable, a right to rectification or deletion of this data. For this purpose, as well as for further questions regarding personal data, you can contact us at any time at the address provided in the legal notice.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address provided in the legal notice. The right to restriction of processing exists in the following cases:

If you contest the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.

If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.

If you have objected to processing pursuant to Article 21(1) GDPR, a balancing of interests between your interests and ours must be carried out. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data—apart from its storage—may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

Objection to advertising emails

The use of contact details published within the scope of the legal notice for sending unsolicited advertising and informational materials is hereby prohibited. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.

3. Data Collection on this Website
Cookies

Our website uses so-called "cookies." Cookies are small text files that do not harm your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after you leave our website. Persistent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your device when you visit our website (third-party cookies). These allow us or you to use certain services provided by the third-party company (e.g., cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies are used to analyze user behavior or to display advertising.

Cookies that are necessary for the electronic communication process (essential cookies), for providing certain functions you have requested (functional cookies, e.g., for the shopping cart function), or for optimizing the website (e.g., cookies for measuring website traffic) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies to ensure the technically flawless and optimized provision of its services. If consent to the storage of cookies has been requested, the relevant cookies are stored exclusively on the basis of this consent (Article 6(1)(a) GDPR); this consent can be revoked at any time.

You can configure your browser to notify you when cookies are set and to allow cookies only in individual cases, to block cookies in certain cases or entirely, or to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.


If cookies from third-party companies or for analysis purposes are used, we will inform you separately about this within the framework of this privacy policy and, if necessary, request your consent.

Cookie Consent with Borlabs Cookie

Our website uses Borlabs Cookie's cookie consent technology to obtain your consent to the storage of certain cookies in your browser and to document this consent in accordance with data protection regulations. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (hereinafter referred to as Borlabs).

When you visit our website, a Borlabs cookie is stored in your browser, which saves the consents you have given or withdrawn. This data is not shared with the provider of Borlabs Cookie.

The collected data is stored until you request its deletion, delete the Borlabs cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected. Details regarding data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

The Borlabs Cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

Server Log Files

The provider of this website automatically collects and stores information in server log files, which your browser automatically transmits to us. This information includes:

Browser type and version

Operating system used

Referrer URL

Hostname of the accessing computer

Time of the server request

IP address

This data is not merged with other data sources.

The collection of this data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the technically flawless presentation and optimization of its website – the server log files must be recorded for this purpose.

Contact Form

If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provided, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR, provided your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the efficient handling of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if such consent has been obtained.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions – in particular, retention periods – remain unaffected.

Inquiries via Email, Telephone, or Fax

When you contact us via email, telephone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We will not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR if your inquiry relates to the performance of a contract or is necessary for taking steps prior to entering into a contract. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if such consent has been obtained.

The data you send us via contact requests will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Communication via WhatsApp

We use the instant messaging service WhatsApp, among others, to communicate with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication is end-to-end encrypted (peer-to-peer), which prevents WhatsApp or other third parties from accessing the content of the communication. However, WhatsApp does have access to metadata generated during the communication process (e.g., sender, recipient, and time). We would also like to point out that, according to WhatsApp, it shares its users' personal data with its US-based parent company, Facebook. Further details on data processing can be found in WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in communicating with customers, prospective customers, and other business and contractual partners as quickly and effectively as possible (Art. 6 para. 1 sentence 1 lit. f GDPR). If consent has been requested, data processing is carried out exclusively on the basis of that consent; this consent can be revoked at any time with effect for the future.

The communication content exchanged between you and us on WhatsApp remains with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular, retention periods – remain unaffected.

We use WhatsApp in the "WhatsApp Business" version.

Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.whatsapp.com/legal/business-data-processing-terms?lang=de.

We have concluded a data processing agreement with WhatsApp.

Registration on this website

You can register on this website to use additional features. We use the data you provide only for the purpose of providing the specific offer or service for which you registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

For important changes, such as changes to the scope of services or technically necessary modifications, we will use the email address you provided during registration to inform you.

The data you provide during registration is processed for the purpose of fulfilling the user agreement established by your registration and, if applicable, for initiating further contracts (Art. 6 para. 1 lit. b GDPR).

The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.

Comment Function on this Website

For the comment function on this page, in addition to your comment, the time of its creation, your email address, and, if you are not posting anonymously, your chosen username will be stored.

Storage of IP Addresses

Our comment function stores the IP addresses of users who post comments. Since we do not review comments on this website before publication, we need this data to be able to take action against the author in the event of legal violations such as defamation or propaganda.

Subscribing to Comments

As a user of this site, you can subscribe to comments after registering. You will receive a confirmation email to verify that you are the owner of the email address provided. You can unsubscribe from this feature at any time via a link in the notification emails. The data entered when subscribing to comments will be deleted in this case; however, if you have submitted this data to us for other purposes and elsewhere (e.g., newsletter subscription), this data will remain with us.

Comment Retention Period

Comments and their associated data are stored and remain on this website until the commented content is completely deleted or the comments must be deleted for legal reasons (e.g., offensive comments).

Legal Basis

Comments are stored based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. An informal notification by email to us is sufficient. The lawfulness of data processing operations already carried out remains unaffected by the revocation.

4. Social Media
Facebook Plugins (Like & Share Button)

This website integrates plugins from the social network Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

You can recognize the Facebook plugins by the Facebook logo or the "Like" button on this website. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When you visit this website, the plugin establishes a direct connection between your browser and the Facebook server. This informs Facebook that you have visited this website with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. Please note that as the provider of this website, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation.

If you do not want Facebook to be able to associate your visit to this website with your Facebook user account, please log out of your Facebook account.

The use of Facebook plugins is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in achieving the broadest possible reach on social media. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; this consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Instagram Plugin

This website integrates features of the Instagram service. These features are provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that as the website provider, we have no knowledge of the content of the transmitted data or its use by Instagram.

The storage and analysis of data is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in achieving the broadest possible reach on social media. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; consent can be withdrawn at any time.

Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

Further information can be found in Instagram's privacy policy: https://instagram.com/about/legal/privacy/.

5. Analytics Tools and Advertising
Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on the site, operating systems used, and the user's origin. This data may be aggregated by Google into a profile that is assigned to the respective user or their device.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to and stored on a Google server in the USA.

The use of this analytics tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If consent has been requested (e.g., consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; this consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP Anonymization

We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

More information about how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Data Processing Agreement

We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Demographic Features in Google Analytics

This website uses the "demographic features" function of Google Analytics to display relevant advertisements to website visitors within the Google advertising network. This allows reports to be generated that contain information about the age, gender, and interests of website visitors. This data comes from Google's interest-based advertising and from third-party visitor data. This data cannot be attributed to any specific individual. You can deactivate this feature at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section "Objection to Data Collection."

Google Analytics E-Commerce Tracking

This website uses the "E-Commerce Tracking" feature of Google Analytics. E-Commerce Tracking allows the website operator to analyze the purchasing behavior of website visitors to improve their online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing a product to purchasing it are collected. This data can be aggregated by Google under a transaction ID that is assigned to the respective user or their device.

Data Retention Period

Data stored by Google at the user and event level that is linked to cookies, user identifiers (e.g., User ID), or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. Details can be found at the following link: https://support.google.com/analytics/answer/7667196?hl=de

WP Statistics

This website uses the WP Statistics analytics tool to statistically evaluate visitor access. The provider is Veronalabs, ARENCO Tower, 27th Floor, Dubai Media City, Dubai, Dubai 23816, UAE (https://veronalabs.com).

WP Statistics allows us to analyze the use of our website. WP Statistics collects, among other things, log files (IP address, referrer, browser used, user origin, search engine used) and actions taken by website visitors on the site (e.g., clicks and views).

The data collected by WP Statistics is stored exclusively on our own server and is not shared with WordPress.

The use of this analytics tool is based on Article 6 Paragraph 1 Letter f GDPR. We have a legitimate interest in the anonymized analysis of user behavior in order to optimize both our website and our advertising. If consent has been requested (e.g., consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; this consent can be revoked at any time.

Facebook Pixel

This website uses the Facebook pixel for conversion tracking. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

This allows the behavior of website visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising campaigns to be optimized.

The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Policy. This allows Facebook to display ads on Facebook pages as well as on websites outside of Facebook. We, as the website operator, have no influence over this use of data.

The use of Facebook Pixel is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in effective advertising measures, including those on social media. If corresponding consent has been requested (e.g., consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; this consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Further information on protecting your privacy can be found in Facebook's Privacy Policy: https://de-de.facebook.com/about/privacy/.


``` ... You can also deactivate the "Custom Audiences" remarketing feature in the ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook to do this.

If you do not have a Facebook account, you can deactivate Facebook's interest-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

6. Newsletter

Newsletter Data

If you wish to subscribe to the newsletter offered on this website, we require your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not share it with third parties.

The processing of the data entered into the newsletter registration form is based solely on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of your data, your email address, and its use for sending the newsletter at any time, for example, via the "Unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe or when the purpose for which it was collected no longer applies. We reserve the right to delete or block email addresses from our newsletter mailing list at our own discretion, based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

After you unsubscribe from the newsletter mailing list, your email address may be stored on a blacklist by us or the newsletter service provider to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be combined with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage on the blacklist is not time-limited. You can object to this storage if your interests outweigh our legitimate interest.

7. Plugins and Tools

YouTube with Enhanced Privacy

This website embeds videos from YouTube. The operator of the site is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode prevents YouTube from storing information about visitors to this website before they watch the video. However, enhanced privacy mode does not necessarily prevent data from being shared with YouTube partners. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to YouTube's servers is established. This informs the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.


Furthermore, YouTube may store various cookies on your device or use similar recognition technologies (e.g., device fingerprinting) after you start a video. This allows YouTube to obtain information about visitors to this website. This information is used, among other things, to compile video statistics, improve user-friendliness, and prevent fraud.

Other data processing operations may be triggered after you start a YouTube video, over which we have no control.

The use of YouTube is in the interest of presenting our online content in an appealing way. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be withdrawn at any time.

Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

Vimeo without tracking (Do Not Track)

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA.

When you visit one of our pages featuring Vimeo videos, a connection to Vimeo's servers is established. This informs the Vimeo server which of our pages you have visited. Vimeo also receives your IP address. However, we have configured Vimeo so that it will not track your user activity or set cookies.

The use of Vimeo is in the interest of presenting our online content in an appealing way. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; consent can be withdrawn at any time.


Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses and, according to Vimeo, on "legitimate business interests." Details can be found here: https://vimeo.com/privacy.

Further information on how Vimeo handles user data can be found in Vimeo's privacy policy at: https://vimeo.com/privacy.

Google Web Fonts (local hosting)

This website uses web fonts provided by Google for consistent font display. The Google Fonts are installed locally. No connection to Google servers is established.

Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Font Awesome (local hosting)

This website uses Font Awesome for consistent font display. Font Awesome is installed locally. No connection to servers of Fonticons, Inc. is established.

Further information about Font Awesome and its privacy policy can be found at: https://fontawesome.com/privacy.

Google Maps

This website uses the Google Maps service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.


Font Awesome (local hosting)

This website uses Font Awesome for consistent font display. Font Awesome is installed locally. No connection to servers of Fonticons, Inc. is established. To use the functions of Google Maps, it is necessary to store your IP address. This information is generally transmitted to and stored on a Google server in the USA. The provider of this website has no influence on this data transfer.

The use of Google Maps is in the interest of presenting our online services in an appealing way and making it easy to find the locations we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; this consent can be revoked at any time.

The data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

``` For more information on how user data is handled, please see Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to verify whether data entered on this website (e.g., in a contact form) is entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g., IP address, the website visitor's time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.

The storage and analysis of the data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its website from abusive automated access and spam. If consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; this consent can be revoked at any time.

Further information on Google reCAPTCHA can be found in Google's Privacy Policy and Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

8. eCommerce and Payment Providers
Processing of Data (Customer and Contract Data)

We collect, process, and use personal data only to the extent necessary for establishing, defining the content of, or amending the contractual relationship (master data). This is done on the basis of Article 6 Paragraph 1 Letter b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We collect, process, and use personal data concerning the use of this website (usage data) only to the extent necessary to enable the user to access the service or for billing purposes.

The collected customer data is deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data Transfer upon Conclusion of Contracts for Online Shops, Merchants, and Shipping

We transfer personal data to third parties only if this is necessary for the execution of the contract, for example, to the companies entrusted with the delivery of the goods or the credit institution commissioned with processing the payment. Your data will not be transmitted further, or only if you have expressly consented to such transmission. Your data will not be shared with third parties without your express consent, for example, for advertising purposes.

The legal basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or for taking steps prior to entering into a contract.

Data transmission upon conclusion of a contract for services and digital content

We only transmit personal data to third parties if this is necessary for the execution of the contract, for example, to the bank commissioned with processing payments.

Your data will not be transmitted further, or only if you have expressly consented to such transmission. Your data will not be shared with third parties without your express consent, for example, for advertising purposes.

The legal basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or for taking steps prior to entering into a contract.

Payment Services

We integrate payment services from third-party companies on our website. When you make a purchase with us, your payment data (e.g., name, payment amount, bank account details, credit card number) is processed by the payment service provider for the purpose of payment processing. The respective terms and conditions and privacy policies of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6 para. 1 lit. b GDPR (contractual necessity) and in the interest of ensuring the smoothest, most convenient, and most secure payment process possible (Art. 6 para. 1 lit. f GDPR). Where your consent is requested for specific actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent can be withdrawn at any time for the future.

We use the following payment services/payment service providers on this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

For further details, please see PayPal's Privacy Statement: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Instant Bank Transfer

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter referred to as "Sofort GmbH"). Using the "Instant Bank Transfer" method, we receive real-time payment confirmation from Sofort GmbH and can immediately begin fulfilling our obligations. If you have chosen the "Instant Bank Transfer" payment method, you will submit your PIN and a valid TAN to Sofort GmbH, which they will use to log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and executes the transfer to us using the TAN you provided. They then immediately send us a transaction confirmation. After logging in, your transactions, overdraft limit, and the existence and balances of any other accounts you may have are also automatically checked. In addition to your PIN and TAN, the payment details you enter and your personal data are also transmitted to Sofort GmbH. The personal data we collect includes your first and last name, address, telephone number(s), email address, IP address, and any other data required for payment processing. Transmitting this data is necessary to verify your identity beyond doubt and to prevent fraud. For details on payment via Sofortüberweisung (instant bank transfer), please see the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.