Privacy Policy

1) Information on the Collection of Personal Data and Contact Details of the Controller 1.1 We are pleased that you are visiting our website and thank you for your interest. On the following pages, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified. 1.2 The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is Homedia GmbH, Wolfratshauser Str. 150, 82049, Germany, Phone.: +49 89 21555001, e-mail: [email protected]. The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. 2) Data Collection When You Visit Our Website 2.1 When using our website for information only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you: - Our visited website - Date and time at the moment of access - Amount of data sent in bytes - Source/reference from which you came to the page - Browser used - Operating system used - IP address used (if applicable: in anonymized form) Data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use. 2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line. 3) Hosting & Content Delivery Network 3.1 For the hosting of our website and the presentation of the page content, we use a provider that provides its services itself or through selected subcontractors exclusively on servers within the European Union. All data collected on our website is processed on these servers. We have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorised disclosure to third parties. 3.2 Cloudflare We use a content delivery network offered by the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA This service enables us to deliver large media files such as graphics, page content or scripts faster via a network of regionally distributed servers. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6 (1) point f GDPR. We have concluded an order processing agreement with the provider, ensuring the protection of our site visitors' data and prohibiting unauthorised disclosure to third parties. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 4) Cookies In order to make your visit to our website more attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. In some cases, these cookies are automatically deleted again after the browser is closed (so-called "session cookies"), in other cases, these cookies remain on your end device for longer and allow page settings to be saved (so-called "persistent cookies"). In the latter case, you can find the duration of the storage in the overview of the cookie settings of your web browser. If personal data is also processed by individual cookies set by us, the processing is carried out either in accordance with Art. 6 (1) point b GDPR for the performance of the contract, in accordance with Art. 6 (1) point a GDPR in the case of consent given or in accordance with Art. 6 (1) point f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit. You can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Please note that the functionality of our website may be limited if cookies are not accepted. 5) Contacting Us 5.1 Crisp This website uses a live chat system offered by the following provider: Crisp IM SARL, 2 Boulevard de Launay, 44100 Nantes, France The processing of personal data transmitted via chat is carried out either in accordance with Art. 6 (1) point b GDPR, to the extent necessary for the initiation or execution of the contract, or in accordance with Art. 6 (1) point f GDPR based on our legitimate interest in the effective support of our site visitors. Unless otherwise required by law, your data transmitted will be deleted once the relevant facts have been conclusively clarified. Furthermore, additional information may be collected and evaluated by means of cookies for the purpose of creating pseudonymised user profiles. However, this information will not be used to identify you personally and will not be merged with other data records. To the extent this information has a personal reference, the processing is carried out in accordance with Art. 6 (1) point f GDPR based on our legitimate interest in the statistical analysis of user behaviour for optimisation purposes. The placing of cookies may be prevented by appropriate browser settings. However, the functionality of our website may be restricted in such a case. You may object to the collection and storage of data for the purpose of creating a pseudonymised user profile at any time with effect for the future. We have concluded an order processing agreement with the provider, ensuring the protection of our site visitors' data and prohibiting unauthorised disclosure to third parties. 5.2 Our Own Evaluation Reminder We use your e-mail address exclusively based on your express consent in accordance with Art. 6 (1) point a GDPR for a one-time reminder to submit a rating of your order. You can revoke your consent at any time by sending a message to the data controller. 5.3 Calendly For the provision of an online appointment booking function, we use the services of the following provider: Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA For the purpose of making an appointment, your first name, surname and e-mail address (and telephone number, if a telephone appointment is requested) are collected in accordance with Art. 6 (1) point b GDPR and transferred to the provider in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in effective customer management and efficient appointment management and stored there for the purpose of organising the appointments. After the appointment has been held or after the agreed appointment period has expired, your data will be deleted by the provider. We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 5.4 WhatsApp Business We offer visitors to our website the opportunity to contact us via the WhatsApp news service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called "Business Version" of WhatsApp. If you contact us via WhatsApp in connection with a specific business transaction (e.g. an order placed), we will store and use the mobile telephone number you use at WhatsApp and - if provided - your first name and surname in accordance with Art. 6 para. 1 lit. b. GDPR to process and answer your request. Based on the same legal basis, we will ask you via WhatsApp to provide further data (order number, customer number, address or e-mail address), if necessary, in order to be able to allocate your enquiry to a specific transaction. If you use our WhatsApp contact for general enquiries (e.g. about the range of services, availability or our website), we will store and use the mobile phone number you use at WhatsApp and - if provided - your first and last name in accordance with Art. 6 Para. 1 lit. f GDPR based on our justified interest in the efficient and prompt provision of the requested information. Your data will always be used only to answer your request via WhatsApp. Your data will not be passed on to third parties. Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transfers telephone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. To operate our WhatsApp Business account, we use a mobile device whose address book saves only the WhatsApp contact data of those users who have also contacted us via WhatsApp. This ensures that each person whose WhatsApp contact data is stored in our address book has already consented to the transmission of his WhatsApp telephone number from the address books of his chat contacts in accordance with Art. 6 Para. 1 lit. a GDPR when using the app on his device for the first time by accepting the WhatsApp terms of use. The transmission of data of such users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded. For the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your rights and setting options for protecting your privacy, please refer to WhatsApp's data protection information: https://www.whatsapp.com/legal/?eea=1#privacy-policy In the course of the above-mentioned processing, data may be transferred to servers of Meta Platforms Inc. in the USA. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 5.5 When you contact us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration. The legal basis for processing data is our legitimate interest in responding to your request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, provided there are no legal storage obligations to the contrary. 6) Data Processing When Opening a Customer Account and for Contract Processing Pursuant to Art. 6 (1) point b GDPR, personal data will continue to be collected and processed to the extent required in each case if you provide us with this data when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. After deletion of your customer account, your data will be deleted, provided that all contracts concluded via it have been fully processed, no legal retention periods are opposed and no legitimate interest on our part in the continued storage exists. 7) Use of Client Data for Direct Advertising 7.1 Subscribe to our e-mail newsletter If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory data for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter once you have expressly confirmed that you consent to receiving newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in future by clicking on an appropriate link. By activating the confirmation link, you give us your consent for the use of your personal data pursuant to Art. 6 (1) point a GPPR. When you register for the newsletter, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration for the purpose of tracing any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter is used exclusively for the promotional purposes by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data, or we reserve the right to a more extensive use your data which is permitted by law and about which we inform you in this declaration. 7.2 Sending the newsletter to existing customers If you have provided us with your e-mail address when purchasing products, we reserve the right to regularly send you offers for products similar to those already purchased by e-mail. Pursuant to Section 7 (3) German law against unfair competition, we do not need to obtain separate consent from you. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising pursuant to Art. 6 (1) point f GDPR. If you have initially objected to the use of your e-mail address for this purpose, we will not send you an e-mail. You are entitled to object to the future use of your e-mail address for the aforementioned advertising purpose at any time by notifying the controller named at the beginning of this document. In this regard, you only have to pay the transmission costs according to the basic tariffs. Upon receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately. 7.3 WhatsApp newsletter If you subscribe to our WhatsApp newsletter, we will regularly send you information about our offers via WhatsApp. Only your mobile phone number is required for sending the newsletter. To send the newsletter, please add our mobile phone number to the address book of your mobile phone and send us the message "Start" via WhatsApp. By sending this WhatsApp message, you give us your consent to use your personal data in accordance with Art. 6 (1) point a GDPR for the purpose of sending the newsletter. We will then add you to our newsletter distribution list. The data we collect when you subscribe to the newsletter will be processed exclusively for the purpose of addressing you in an advertising manner by the newsletter. You can unsubscribe from the newsletter at any time by sending us the message "Stop" via WhatsApp. After unsubscribing, your mobile phone number will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this policy. Please note that WhatsApp obtains access to the address book of the mobile device used by us for sending the newsletter and automatically transfers telephone numbers stored in the address book to a Facebook server in the USA. For sending our WhatsApp newsletter, we therefore use a mobile end device in whose address book only the WhatsApp contact data of our newsletter recipients are stored. This ensures that each person whose WhatsApp contact data is stored in our address book has already consented to the transfer of their WhatsApp telephone number from the address books of their chat contacts in accordance with Art. 6 (1) point a GDPR when using the app on their device for the first time by accepting the WhatsApp terms of use. A transfer of data of such users who do not use WhatsApp and/or have not contacted us via WhatsApp is excluded in this respect. For the purpose and scope of the data collection and the further processing and use of the data by WhatsApp, as well as your rights in this regard and setting options for protecting your privacy, please refer to the WhatsApp privacy policy: https://www.whatsapp.com/legal/privacy-policy-eea?lang=en In the course of the above-mentioned processing, data may be transferred to servers of Meta Platforms Inc. in the USA. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 7.4 Notification by e-mail of stock availability If our online shop provides the possibility of informing you by e-mail about the time of availability for selected, temporarily unavailable items, you can subscribe to our e-mail notification service for product availability. If you register for our e-mail notification service for product availability, we will send you a one-time message by e-mail about the availability of the article you have selected. The only mandatory information needed to send this notification is your e-mail address. The indication of further data is voluntary and is used if appropriate, in order to be able to address you personally. We use the so-called double opt-in procedure when sending this notification. This means that we will only send you a corresponding notification after you have expressly confirmed that you agree to receive such a message. We will then send you a confirmation e-mail asking you to click on a link to confirm that you wish to receive such notification. By activating the confirmation link, you consent to the use of your personal data in accordance with Art. 6 (1) point a GDPR. When you register for our e-mail notification service for product availability, we store your IP address as registered by the internet service provider (ISP) as well as the date and time of registration in order to be able to track any possible misuse of your e-mail address at a later time. The data collected by us when you register for our e-mail notification service regarding the availability of goods is used exclusively for the purpose of informing you about the availability of a particular item in our online shop. You can cancel the e-mail notification service for the availability of goods at any time by sending a corresponding message to the controller in charge of data processing named at the beginning. After you have unsubscribed, your e-mail address will be deleted immediately from our distribution list, unless you have expressly consented to the further use of your data or unless we reserve the right to make further use of your data in accordance with the law about which we inform you in this declaration. 7.5 Advertising by post Based on our legitimate interest in personalized direct mail, we reserve the right to store your first and last name, your postal address and - if we have received this additional information from you within the framework of the contractual relationship - your title, academic degree, year of birth and your professional, industry or business name in accordance with Art. 6 (1) point f GDPR and to use this data for sending interesting offers and information on our products by letter post. You can object to the storage and use of your data for this purpose at any time by sending an appropriate message to the controller. 8) Processing of Data for the Purpose of Order Handling 8.1 Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b GDPR. If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact data (name, address, e-mail address) provided by you when placing the order in order to inform you personally by suitable means of communication (e.g. by post or e-mail) about upcoming updates within the legally stipulated period of time within the framework of our statutory duty to inform pursuant to Art. 6 Para. 1 lit. c GDPR. Your contact details will be used strictly for the purpose of informing you about updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the respective information. In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information. 8.2 SendCloud We use the following provider for order processing: SendCloud GmbH, Kanalstr. 10, 80538 Munich, Germany Name, address and, if applicable, other personal data will be passed on to the provider in accordance with Art. 6 (1) point b GDPR exclusively for the purpose of processing the online order. Your data will only be passed on insofar as this is actually necessary for the processing of the order. 8.3 Use of Payment Service Providers - Apple Pay If you choose the payment method "Apple Pay" of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your terminal device operated with iOS, watchOS or macOS by debiting a payment card deposited with "Apple Pay". Apple Pay uses security features built into the hardware and software of your device to protect your transactions. In order to release a payment, it is therefore necessary to enter a code previously defined by you and to verify it using the "Face ID" or "Touch ID" function of your terminal. For the purpose of payment processing, your information provided during the ordering process, along with information about your order, will be transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay for payment processing. The encryption ensures that only the website from which the purchase was made can access the payment information. After the payment is made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm the payment. If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR. Apple retains anonymised transaction data, including the approximate amount of the purchase, the approximate date and time and whether the transaction was completed successfully. Anonymisation completely excludes any personal reference. Apple uses the anonymised data to improve Apple Pay and other Apple products and services. When you use Apple Pay on iPhone or the Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate through an encrypted channel on Apple's servers. Apple does not process or store this information in any format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone preferences. Go to "Wallet & Apple Pay" and disable "Allow payments on Mac". For more information about Apple Pay privacy, please visit the following web address: https://support.apple.com/en-gb/HT203027 - Google Pay If you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), the payment processing is carried out via the "Google Pay" application of your mobile device running at least Android 4.4 ("KitKat") and having an NFC function by charging a payment card deposited at Google Pay or a payment system verified there (e.g. PayPal). For the release of a payment via Google Pay in the amount of more than 25,- € the prior unlocking of your mobile device by the respective verification measure (e.g. face recognition, password, fingerprint or pattern) is required. For the purpose of payment processing, your information provided during the ordering process, together with the information about your order, will be forwarded to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the source website, which is used to verify a payment. This transaction number does not contain any information about the real payment data of your means of payment deposited with Google Pay, but is created and transmitted as a uniquely valid numeric token. For all transactions via Google Pay, Google acts merely as an intermediary to process the payment transaction. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the means of payment deposited with Google Pay. If personal data are processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR. Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time and amount of the transaction, the merchant's location and description, a description provided by the merchant of the goods or services purchased, photos that you have attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction. According to Google, this processing is carried out exclusively in accordance with Art. 6 para. 1 lit. f GDPR on the basis of the legitimate interest in proper accounting, verification of transaction data and optimisation and maintenance of the functionality of the Google Pay service. Google also reserves the right to combine the processed transaction data with other information which is collected and stored by Google when using other Google services. The terms of use of Google Pay can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en Further information on data protection at Google Pay can be found at the following Internet address: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en - Paypal Online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg If you select a payment method of the provider for which you make an advance payment, your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) point b GDPR. In this case, your data will only be passed on for the purpose of processing payment with the provider and only to the extent necessary for this purpose. When selecting a payment method of the provider with which the provider makes advance payments, you will also be asked to provide certain personal data (first name and surname, street, house number, postcode, city, date of birth, e-mail address, telephone number, if applicable data on alternative means of payment) during the ordering process. In order to safeguard our legitimate interest in determining the solvency of our customers, this data is passed on to the provider by us for the purpose of a credit check in accordance with Art. 6 (1) point f GDPR. On the basis of the personal data provided by you as well as further data (such as shopping cart, invoice total, order history, payment history), the provider checks whether the payment option selected by you can be granted with regard to payment and/or bad debt risks. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual processing of payments. - Paypal Checkout This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal's own payment methods and local payment methods from third-party providers. When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "Pay Later" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only insofar as this is necessary for the payment processing. For the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "Pay later" via PayPal - PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments. If you select the PayPal payment method "purchase on account", your payment data will first be transferred to PayPal in preparation for payment, whereupon PayPal will forward them to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") in order to carry out the payment. The legal basis in each case is Art. 6 para. 1 lit. b GDPR. In this case, RatePay carries out an identity and creditworthiness check on its own behalf to determine solvency in accordance with the principle already mentioned above and passes on your payment data to credit agencies on the basis of the legitimate interest in determining solvency in accordance with Art. 6 Para. 1 lit. f GDPR. A list of the credit agencies that Ratepay may use can be found here: https://www.ratepay.com/legal-payment-creditagencies/ When using the payment method of a local third party provider, your payment data will first be forwarded to PayPal for the preparation of the payment in accordance with Art. 6 (1) lit. b GDPR. Depending on your selection of an available local payment method, PayPal will then transfer your payment data to the corresponding provider in order to carry out the payment in accordance with Art. 6 Para. 1 lit. b GDPR: - Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Irland) - Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland) - Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany). - iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands) - bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium) - blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland) - eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2 1200 Vienna, Austria) - MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France) - Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland). For further information on data protection, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full - Stripe Online payment methods from the following provider are available on this website: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland If you select a payment method of the provider for which you make an advance payment (e.g. credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) point b GDPR. In this case, your data will only be passed on for the purpose of processing payment with the provider and only to the extent necessary for this purpose.

9) Web Analysis Services Google Analytics 4 This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which can be used to analyze the use of websites. When using Google Analytics 4, so-called "cookies" are used as standard. Cookies are text files that are stored on your terminal device and enable an analysis of your use of a website. The information collected by cookies about your use of the website (including the IP address transmitted by your terminal device, shortened by the last digits, see below) is usually transmitted to a Google server and stored and processed there. This may also result in the transmission of information to the servers of Google LLC, a company based in the USA, where the information is further processed. When using Google Analytics 4, the IP address transmitted by your terminal device when you use the website is always collected and processed by default and automatically only in an anonymized manner, so that a direct personal reference of the collected information is excluded. This automatic anonymization is carried out by shortening the IP address transmitted by your terminal device by Google within member states of the European Union (EU) or other contracting states of the Agreement on the European Economic Area (EEA) by the last digits. On our behalf, Google uses this and other information to evaluate your use of the website, to compile reports (reports) on your website activities or your usage behavior and to provide us with other services related to your website usage and internet usage. In this context, the IP address transmitted and shortened by your terminal device within the scope of Google Analytics 4 will not be merged with other data from Google. The data collected in the context of the use of Google Analytics 4 will be retained for 2 months and then deleted. Google Analytics 4 also enables the creation of statistics with statements about age, gender and interests of website users on the basis of an evaluation of interest-based advertising and with the involvement of third-party information via a special function, the so-called "demographic characteristics". This makes it possible to determine and distinguish between groups of website users for the purpose of targeting marketing measures. However, data collected via the "demographic characteristics" cannot be assigned to a specific person and thus not to you personally. This data collected via the "demographic characteristics" function is retained for two months and then deleted. All processing described above, in particular the setting of Google Analytics cookies for the storage and reading of information on the terminal device used by you for the use of the website, will only take place if you have given us your express consent for this in accordance with Art. 6 (1) lit. a GDPR. Without your consent, Google Analytics 4 will not be used during your use of the website. You can revoke your consent once given at any time with effect for the future. To exercise your revocation, please deactivate this service via the "Cookie Consent Tool" provided on the website. Google Signals On this website, the "Google Signals" service can also be used as an extension of Google Analytics 4. With Google Signals, cross-device reports can be created by Google (so-called "cross-device tracking"). If you have activated "personalised ads" in your Google account settings and you have linked your internet-enabled devices to your Google account, Google can analyse user behaviour across devices and create database models based on this, provided you have given your consent to the use of Google Analytics in accordance with Art. 6 Para. 1 letter a GDPR (see above). The logins and device types of all page visitors who were logged into a Google account and performed a conversion are taken into account. The data shows, among other things, on which device you first clicked on an ad and on which device the associated conversion took place. Insofar as Google Signals is used, we do not receive any personal data from Google, but only statistics compiled on the basis of Google Signals. You have the option of deactivating the "personalised ads" function in the settings of your Google account and thus turning off the cross-device analysis. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de Further information can be found here: https://support.google.com/analytics/answer/7532985?hl=de User IDs As an extension of Google Analytics 4, the "UserIDs" function can also be used on this website. By assigning individual UserIDs, we can have Google create cross-device reports (so-called "cross-device tracking"). This means that your usage behaviour can also be analysed across devices if you have given your corresponding consent to the use of Google Analytics in accordance with Art. 6 Para. 1 letter a GDPR, if you have set up a personal account by registering on this website and are logged into your personal account on different end devices with your relevant login data. The data collected in this way shows, among other things, on which end device you clicked on an ad for the first time and on which end device the relevant conversion took place. We have concluded a so-called data processing agreement with Google for our use of Google Analytics 4, by which Google is obliged to protect the data of our website users and not to pass it on to third parties. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. Further legal information on Google Analytics 4 can be found at the following link: https://policies.google.com/privacy?hl=en Details on the processing triggered by Google Analytics 4 and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites 10) Retargeting/Remarketing/ Referral Advertising 10.1 Meta Pixel with extended data synchronisation Within our online offering, we use the "Meta Pixel" service of the following provider in extended data synchronisation mode: Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Meta") If a user clicks on an advert placed by us on Facebook or Instagram, "Meta Pixel" is used to add a parameter to the URL of our linked page. This URL parameter is then entered in the user's browser after redirection by a cookie that our linked page sets itself. In addition, this cookie collects specific customer data, such as the email address, which we collect on our website linked to the Facebook or Instagram ad during processes such as purchase transactions, account logins or registrations (extended data synchronisation). The cookie is then read and enables the data, including specific customer data, to be transmitted to Meta. We use "Meta Pixel" with extended data matching to make our adverts (so-called "Ads") on Facebook and/or Instagram more effective and to ensure that they correspond to the interests of users or have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Meta (so-called "Custom Audiences"). In addition, we analyse the effectiveness of our advertisements by tracking whether users were redirected to our website after clicking on an advertisement (conversion). Compared to the standard version of "Meta Pixel", the extended data synchronisation function helps us to better measure the effectiveness of our advertising campaigns by recording more associated conversions. All transmitted data is stored and processed by Meta so that an assignment to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with Meta's data usage guidelines (https://www.facebook.com/about/privacy/). The data may enable Meta and its partners to place adverts on and off Facebook. All processing described above, in particular the setting of cookies for reading information on the terminal device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "cookie consent tool" provided on the website. We have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorised disclosure to third parties. The information generated by Meta is usually transferred to a Meta server and stored there; in this context, it may also be transferred to servers of Meta Platforms Inc. in the USA. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 10.2 Google Ads Remarketing This website uses the online advertising program "Google Ads" and, within the scope of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use Google Ads to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google Adwords). We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, we pursue the concern of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of the advertising costs incurred The conversion tracking cookie is set when a user clicks on an ad placed by Google. Cookies are small text files that are stored on your terminal device. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize if the user has clicked on the ad and has been directed to this page. Each Google Ads customer receives a different cookie. Cookies therefore cannot be tracked across Google Ads customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have chosen conversion tracking. Customers learn the total number of users who clicked on their ad and who were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. The use of Google Ads may also result in the transmission of personal data to the servers of Google LLC. in the USA. Details on the processing operations initiated by Google Ads conversion tracking and on Google's handling of data collected from websites can be found here: https://policies.google.com/technologies/partner-sites?hl=en All processing described above, in particular the setting of cookies for the reading of information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. Without this consent, Google Conversion Tracking will not be used during your visit to the website. You can permanently disable the setting of cookies by Google Ads Conversion Tracking for advertising preferences. You may download and install the browser plug-in available at the following link: https://support.google.com/ads/answer/7395996? Please note that certain functions of this website may not be available or may be restricted if you have deactivated the use of cookies. Further information about Google’s privacy policy can be viewed at: https://www.google.com/policies/technologies/ads/ For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 10.3 Pinterest retargeting pixel This website uses retargeting technology from the following provider: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland This enables us to target visitors to our website with personalized, interest-related advertising who have already shown interest in our shop and our products. The advertising material is displayed based on a cookie-based analysis of previous and current user behavior; whereby no personal data is stored. In the cases of retargeting technology, a cookie is stored on your computer or mobile device to collect pseudonymized data about your interests and thus adapt the advertising individually to the stored information. These cookies are small text files that are stored on your computer or mobile device. You are thus shown advertising that is most likely to match your product and information interests. All processing described above, in particular the setting of cookies for reading out information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. Without this consent, retargeting technology will not be used during your visit to the website. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "cookie consent tool" provided on the website. 10.4 Google Ads Conversion-Tracking This website uses the online advertising program "Google Ads" and, within the framework of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use Google Ads to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google Adwords). We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. Our aim is to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of the advertising costs incurred. The conversion tracking cookie is set when a user clicks on an ad placed by Google. Cookies are small text files that are stored on your end device. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across Google Ads clients' websites. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted in to conversion tracking. Clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. The use of Google Ads may also result in the transmission of personal data to the servers of Google LLC. in the USA. Details on the processing triggered by Google Ads Conversion Tracking and on Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites. All of the processing described above, in particular the setting of cookies for reading out information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website. You can also permanently object to the setting of cookies by Google Ads conversion tracking by downloading and installing the Google browser plug-in available at the following link: https://www.google.com/settings/ads/plugin?hl=en Please note that certain functions of this website may not be available or may be restricted if you have deactivated the use of cookies. Google's privacy policy can be viewed here: https://policies.google.com/privacy For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 10.5 Pinterest-Tag Conversion-Tracking This website uses the conversion tracking technology of the following provider: Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland If you have accessed our website from an advertisement on the provider's domain, the success of the advertisement can be tracked with the help of cookies and/or comparable technologies (tracking pixels, web beacons, pings, or HTTP requests). For this purpose, certain end device and browser information, including your IP address if applicable, is read via the tracking technology in order to record and evaluate user actions predefined by us (e.g., completed transactions, leads, search queries on the website, calls to product pages). This enables us to compile statistics on user behavior on our website after forwarding from an advertisement, which we use to optimize our offer. All processing described above, in particular the setting of cookies for the reading of information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. You can revoke your consent at any time with future effect by deactivating this service in the "cookie consent tool" provided on the website. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties. 10.6 TikTok Pixel This website uses the conversion tracking technology of the following provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland If you have accessed our website from an advertisement on the provider's domain, the success of the advertisement can be tracked with the help of cookies and/or comparable technologies (tracking pixels, web beacons, pings, or HTTP requests). For this purpose, certain end device and browser information, including your IP address if applicable, is read via the tracking technology in order to record and evaluate user actions predefined by us (e.g., completed transactions, leads, search queries on the website, calls to product pages). This enables us to compile statistics on user behavior on our website after forwarding from an advertisement, which we use to optimize our offer. All processing described above, in particular the setting of cookies for the reading of information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. You can revoke your consent at any time with future effect by deactivating this service in the "cookie consent tool" provided on the website. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties. 10.7 Twitter Conversion Tracking This website uses the conversion tracking technology of the following provider: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland If you have accessed our website from an advertisement on the provider's domain, the success of the advertisement can be tracked with the help of cookies and/or comparable technologies (tracking pixels, web beacons, pings, or HTTP requests). For this purpose, certain end device and browser information, including your IP address if applicable, is read via the tracking technology in order to record and evaluate user actions predefined by us (e.g., completed transactions, leads, search queries on the website, calls to product pages). This enables us to compile statistics on user behavior on our website after forwarding from an advertisement, which we use to optimize our offer. All processing described above, in particular the setting of cookies for the reading of information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR. You can revoke your consent at any time with future effect by deactivating this service in the "cookie consent tool" provided on the website. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties. 11) Site Functionalities 11.1 Facebook Connect On our website we provide a single sign-on function offered by the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Quary, Square, Dublin 2, Ireland In addition to the transfer of data to the above-mentioned provider location, data may also be transferred to: Meta Platforms Inc, USA If you have an account with the provider, you can use this account data to create a user account or to register on our website. When you visit this page, a direct connection between your browser and the provider's servers can be established via this login function, even if you do not have an account with the provider or are not logged in to one. The provider thereby receives the information that you have visited our site. The information collected in this respect (including your IP address, if applicable) is transmitted by your browser directly to a server of the provider and stored there. However, the information is not used to identify you personally and is not passed on to third parties. These data processing operations are carried out in accordance with Art. 6 (1) point f GDPR based on our legitimate interest in a user-friendly and interactive design of our online presence. If you click on the registration button to register with your account data by logging into the provider's website, the provider will transmit the general and publicly accessible information stored in your account (user ID, name, address, e-mail address, age, and gender) to us based on your express consent pursuant to Art. 6 (1) point a GDPR. We store and use the data transmitted by the provider to set up a user account containing the necessary data (title, first name, surname, address data, country, email address, date of birth), if you have released that data to the provider. Conversely, data (e.g., information about your surfing or purchasing behavior) may be transferred from us to your account held with the provider based on your consent. The consent given can be revoked at any time with effect for the future vis-à-vis us. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 11.2 Google Sign-In On our website we provide a single sign-on function offered by the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 ESW5, Ireland In addition to the transfer of data to the above-mentioned provider location, data may also be transferred to: Google LLC, USA If you have an account with the provider, you can use this account data to create a user account or to register on our website. When you visit this page, a direct connection between your browser and the provider's servers can be established via this login function, even if you do not have an account with the provider or are not logged in to one. The provider thereby receives the information that you have visited our site. The information collected in this respect (including your IP address, if applicable) is transmitted by your browser directly to a server of the provider and stored there. However, the information is not used to identify you personally and is not passed on to third parties. These data processing operations are carried out in accordance with Art. 6 (1) point f GDPR based on our legitimate interest in a user-friendly and interactive design of our online presence. If you click on the registration button to register with your account data by logging into the provider's website, the provider will transmit the general and publicly accessible information stored in your account (user ID, name, address, e-mail address, age, and gender) to us based on your express consent pursuant to Art. 6 (1) point a GDPR. We store and use the data transmitted by the provider to set up a user account containing the necessary data (title, first name, surname, address data, country, email address, date of birth), if you have released that data to the provider. Conversely, data (e.g., information about your surfing or purchasing behavior) may be transferred from us to your account held with the provider based on your consent. The consent given can be revoked at any time with effect for the future vis-à-vis us. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 11.3 Google Meet We use this provider to conduct online meetings, video conferences and/or webinars: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland This may also result in a transmission to the servers of Google LLC. in the USA. The provider processes different data, whereby the scope of the processed data depends on the data you provide before or during the participation in an online meeting, video conference or webinar. Your data as a communication participant is processed and stored on servers of the provider. This may include, in particular, your registration data (name, e-mail address, telephone number (optional) and password) and session data (topic, participant IP address, device information, description (optional)). In addition, participants' image and sound contributions as well as voice input in chats may be processed. For the processing of personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 (1) point b GDPR serves as the legal basis. If you have given us your consent to process your data, the processing is based on Art. 6 (1) point a GDPR. You can revoke your consent at any time with effect for the future. In addition, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest pursuant to Art. 6 (1) point f GDPR in the effective conduct of the online meeting, webinar or video conference. We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 11.4 Microsoft Teams We use this provider to conduct online meetings, video conferences and/or webinars: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA The provider processes different data, whereby the scope of the processed data depends on the data you provide before or during the participation in an online meeting, video conference or webinar. Your data as a communication participant is processed and stored on servers of the provider. This may include, in particular, your registration data (name, e-mail address, telephone number (optional) and password) and session data (topic, participant IP address, device information, description (optional)). In addition, participants' image and sound contributions as well as voice input in chats may be processed. For the processing of personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 (1) point b GDPR serves as the legal basis. If you have given us your consent to process your data, the processing is based on Art. 6 (1) point a GDPR. You can revoke your consent at any time with effect for the future. In addition, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest pursuant to Art. 6 (1) point f GDPR in the effective conduct of the online meeting, webinar or video conference. We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 11.5 Zoom We use this provider to conduct online meetings, video conferences and/or webinars: Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA The provider processes different data, whereby the scope of the processed data depends on the data you provide before or during the participation in an online meeting, video conference or webinar. Your data as a communication participant is processed and stored on servers of the provider. This may include, in particular, your registration data (name, e-mail address, telephone number (optional) and password) and session data (topic, participant IP address, device information, description (optional)). In addition, participants' image and sound contributions as well as voice input in chats may be processed. For the processing of personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 (1) point b GDPR serves as the legal basis. If you have given us your consent to process your data, the processing is based on Art. 6 (1) point a GDPR. You can revoke your consent at any time with effect for the future. In addition, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest pursuant to Art. 6 (1) point f GDPR in the effective conduct of the online meeting, webinar or video conference. We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 11.6 Google Forms We use the services of the following provider to conduct surveys or for online forms: xxx In addition to a transfer of data to the above-mentioned provider location, data may also be transferred to: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland The provider enables us to design and analyse surveys and online forms. In addition to the personal data that you enter into the forms, information on your operating system, browser, date and time of your visit, referrer URL and your IP address is also collected, transferred to the provider and stored on the provider's servers. The information you enter in the forms is stored under password protection to ensure that third party access is excluded and that only we can analyse the data for the purpose specified in the form. For the processing of personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 (1) point b GDPR serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 (1) point a GDPR. Consent given can be revoked at any time with effect for the future. We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 11.7 Applications for job advertisements On our website, we advertise current vacancies in a separate section, for which interested parties can apply by e-mail using the contact address provided. If applicants want to be included in the application process, they must provide us with all personal details required for a well-founded and informed assessment and selection in conjunction with their application by e-mail. The required data should include general personal information (name, address, telephone or electronic contact) as well as performance-specific evidence showing the qualifications required for the advertised position. In addition, health-related information may be required, which in the interest of social protection must be given special attention to regarding the applicant's person according to labor and social law. The components an application must contain to be considered and the form in which these components must be sent by e-mail can be found in the respective job advertisement. After receipt of the application sent using the e-mail contact address supplied, the applicant data will be stored by us and evaluated exclusively for the purpose of processing the application. In the event of queries arising in the course of processing the application, we will use either the e-mail address supplied by the applicant with his application or a telephone number supplied, at our discretion. The legal basis for such processing, including the contacting of applicants for queries, is basically Art. 6 (1) point b GDPR in conjunction with Art. 26 (1) Federal Data Protection Act. According to these provisions, the completion of the application procedure is deemed to be the initiation of an employment contract. If special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data such as information on severely disabled status) are requested from applicants as part of the application procedure, processing will take place in accordance with Art. 9 (2) point b GDPR, so as to enable us to exercise the rights arising from labor law, social security and social protection law and to fulfil our obligations in this regard. The processing of special categories of data may also be based cumulatively or alternatively on Art. 9 (1) point h GDPR if it is used for the purposes of health care or occupational medicine, for the assessment of the applicant's ability to work, for medical diagnostics, health or social care or for the management of systems and services in the health or social sector. If, in the course of the evaluation described above, the applicant is not selected or if an applicant withdraws his application prematurely, his data transmitted by e-mail as well as all electronic correspondence including the original application e-mail will be deleted at the latest after 6 months following a corresponding notification. This period shall be determined on the basis of our legitimate interest in being able to answer any follow-up questions regarding the application and, if necessary, to comply with our obligation to provide evidence under the regulations governing the equal treatment of applicants. In the event of a successful application, the data provided will be processed on the basis of Art. 6 (1) point b GDPR in conjunction with Art. 26 (2) Federal Data Protection Act for the purposes of implementing the employment relationship. 11.8 Applications for job advertisements using a form On our website, we offer those interested in a job the possibility to apply online using an appropriate form. In order to be included in the application process, applicants must provide us with all personal data required for a well-founded and informed assessment and selection. The required data includes general personal information (name, address, telephone or electronic contact details) as well as performance-specific evidence of the qualifications required for a position. Where appropriate, health-related information may also be required, which, in the interests of social protection, must be given special consideration in the applicant's own person under labour and social law. In the course of sending the form, the applicant's data will be encrypted according to the state of the art, transmitted to us, stored by us and evaluated exclusively for the purpose of processing the application. The legal basis for these processing operations is generally Art. 6 Para. 1 lit. b, in the sense of which passing through the application procedure is considered to be the initiation of an employment contract. Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data such as information on the status of severely disabled persons) are requested from applicants in the context of the application procedure, processing is carried out in accordance with Art. Art. 9 para. 2 lit. b. GDPR so that we can exercise the rights arising from labour law and social security and social protection law and fulfil our obligations in this respect. Cumulatively or alternatively, the processing of the special categories of data may also be based on Art. 9 para. 1 lit. h GDPR, if it is carried out for purposes of preventive health care or occupational medicine, for the assessment of the applicant's ability to work, for medical diagnosis, care or treatment in the health or social field or for the management of systems and services in the health or social field. If, in the course of the evaluation described above, the applicant is not selected, or if an applicant withdraws his or her application prematurely, the data submitted on the application form will be deleted after 6 months at the latest after notification. This period is calculated on the basis of our legitimate interest in being able to answer any follow-up questions about the application and, if necessary, to comply with our obligation to provide evidence in accordance with the regulations on the equal treatment of applicants. In the event of a successful application, the data provided will be further processed on the basis of Art. 6 para. 1 lit. b GDPR for the purposes of the employment relationship.

12) Tools and Miscellaneous 12.1 - BuchhaltungsButler We use the cloud-based accounting software of BuchhaltungsButler GmbH, Ausbau 1, 15910 Unterspreewald („BuchhaltungsButler “) to handle our accounting. BuchhaltungsButler processes incoming and outgoing invoices and, if applicable, also the bank transactions of our business to automatically record invoices, match them to the transactions and create the financial accounting from this in a semi-automated process. If personal data is also processed in this process, the processing is carried out in accordance with Art. 6 (1) point f GDPR based on our legitimate interest in the efficient organization and documentation of our business transactions. You can find more information about BuchhaltungsButler, the automated processing of data and its privacy policy at www.buchhaltungsbutler.de/. - DATEV For the execution of the accounting, we use the service of the cloud-based accounting software of the following provider: DATEV eG, Paumgartnerstr. 6-14, 90429 Nuremberg, Germany The provider processes incoming and outgoing invoices and, if applicable, also the bank transactions of our company in order to automatically record invoices, match them to the transactions and create the financial accounting from this in a semi-automated process. Insofar as personal data is also processed in this context, the processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in the efficient organisation and documentation of our business transactions. 12.2 This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "cookie consent tool" is displayed to users in the form of an interactive user interface when they access the page, on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate box. Using the tool, all cookies/services requiring consent are only loaded if the respective user provides the corresponding consent by ticking the corresponding box. This ensures that such cookies are only set on the respective end device of the user if consent has been granted. The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed. If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) point GDPR based on our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website. Further legal basis for the processing is Art. 6 (1) point c GDPR. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent. Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website. 12.3 Cloudflare For security purposes, this website uses the service of the following provider: Cloudflare, Inc, 101 Townsend St. San Francisco, CA 94107, USA The provider protects the website and the associated IT infrastructure from unauthorised third-party access, cyber attacks and viruses and malware. The provider collects the IP addresses of users and, if necessary, further data on their behaviour on our website (in particular URLs accessed and header information) in order to detect and defend against illegitimate page accesses and dangers. In doing so, the collected IP address is compared with a list of known attackers. If the captured IP address is identified as a security risk, the provider can automatically block it from accessing the website. The information collected in this way is transferred to a server of the provider and stored there. The described data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interests in protecting the website from harmful cyber attacks and in maintaining structural and data integrity and security. We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties. For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

13) Rights of the Data Subject 13.1 The applicable data protection law grants you the following comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data: - Right of access by the data subject pursuant to Art. 15 GDPR; - Right to rectification pursuant to Art. 16 GDPR; - Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR; - Right to restriction of processing pursuant to Art. 18 GDPR; - Right to be informed pursuant to Art. 19 GDPR; - Right to data portability pursuant to Art. 20 GDPR; - Right to withdraw a given consent pursuant to Art. 7 (3) GDPR; - Right to lodge a complaint pursuant to Art. 77 GDPR. 13.2 RIGHT TO OBJECT IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS. IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA WHICH ARE USED FOR DIRECT MARKETING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES. 14) Duration of Storage of Personal Data The duration of the storage of personal data is based on the respective legal basis, the purpose of processing and - if relevant – on the respective legal retention period (e.g. commercial and tax retention periods). If personal data is processed basis on an express consent pursuant to Art. 6 (1) point a GDPR, this data is stored until the data subject revokes his consent. If there are legal storage periods for data that is processed within the framework of legal or similar obligations on the basis of Art. 6 (1) point b GDPR, this data will be routinely deleted after expiry of the storage periods if it is no longer necessary for the fulfillment of the contract or the initiation of the contract and/or if we no longer have a justified interest in further storage. When processing personal data on the basis of Art. 6 (1) point f GDPR, this data is stored until the data subject exercises his right of objection in accordance with Art. 21 (1) GDPR, unless we can provide compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. If personal data is processed for the purpose of direct marketing based on Art. 6 (1) point f GDPR, this data is stored until the data subject exercises his right of objection pursuant to Art. 21 (2) GDPR. Unless otherwise stated in the information contained in this declaration on specific processing situations, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.

Payment
Shipping
Customer Service
Privacy
GTC
Legal Notice
Instagram
Facebook
X
YouTube
TikTok