Privacy Policy

Thank you for your interest in our website. The protection of your personal data is very important to us. We observe the legal regulations for data protection and data security.

We are subject to the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act in the version applicable since 25.05.2018 (BDSG) and the Telemedia Act (TMG). According to these, we are entitled in particular to collect and use personal data to the extent necessary to enable you to use our Internet offer at schrammek.com including all services and functions contained therein.

Below you will find information on what personal data we collect when you use our website and the services and functions it contains and how we use this data and for what purposes.

I. Name and address of the controller

The controller in terms of the general data protection regulation and other national data protection laws of the member states and other data protection regulations is the:

Dr. med. Christine Schrammek Kosmetik GmbH & Co. KG
Kibbelstraße 6
D-45127 Essen, Germany

Phone: +49 (0)201 8277070
Fax: +49 (0)201 8277068

Website: www.schrammek.com

 

II. Name and address of the Data Protection Officer

The data protection officer of the controller is:

Johannes Schwiegk
180° Datenschutz GmbH
Hansaallee 321
D-40549 Düsseldorf

Phone: +49-211-17607255
e-mail: [email protected]

Website: https://www.180-datenschutz.de/

 

III. General information on data processing

  1. The scope of processing of personal data

As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of personal data of our users regularly only takes place with the user’s consent. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

  1. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 (1) (f) GDPR serves as the legal basis for the processing.

  1. Data erasure and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of data is also carried out when a storage period prescribed by the aforementioned standards expires, unless a Necessity for further storage of the data for the conclusion or fulfilment of a contract exists.

 

IV. Provision of the website and creation of log files

  1. Description and scope of data processing

Whenever our website is called up, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (concrete page)
– Access status/HTTP status code
– Amount of data transferred in each case
– Website from which the request is received
– Browser
– Operating system and its interface
– Language and version of the browser software

We cannot assign this data to specific persons. We do not merge this data with other data sources.

The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f GDPR.

  1. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. The storage is also done to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also include our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f GDPR.

  1. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended. Furthermore, the data will be deleted after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an allocation of the calling client is no longer possible.

  1. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is therefore no possibility of objection on the part of the user.

 

V. Use of cookies

  1. Description and scope of data processing

In addition to the data mentioned above, cookies are stored on your computer when you use this website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which we receive certain information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall. This website uses the following types of cookies, the scope and function of which are explained below:

Cookie & Cookie Groups

Essential

Essential cookies enable basic functions and are necessary for the proper function of the website.

Custom

NameCustom
ProviderDr. med. Christine Schrammek Kosmetik GmbH & Co. KG
PurposeIt's necessary for us to store the visitor's country information in order to provide localized services.
Privacy Policyhttps://www.schrammek.com/privacy-policy/
Cookie Namebis_mega_rule
Cookie Expiry365

Statistics

Statistics cookies collect information anonymously. This information helps us to understand how our visitors use our website.

Google Analytics

NameGoogle Analytics
ProviderGoogle LLC
PurposeCookie by Google used for website analytics. Generates statistical data on how the visitor uses the website.
Privacy Policyhttps://policies.google.com/privacy?hl=en
Cookie Name_ga,_gat,_gid
Cookie Expiry2 Years

Marketing

Marketing cookies are used by third-party advertisers or publishers to display personalized ads. They do this by tracking visitors across websites.

External Media

Content from video platforms and social media platforms is blocked by default. If External Media cookies are accepted, access to those contents no longer requires manual consent.

Google Maps

NameGoogle Maps
ProviderGoogle
PurposeUsed to unblock Google Maps content.
Privacy Policyhttps://policies.google.com/privacy?hl=en&gl=en
Host(s).google.com
Cookie NameNID
Cookie Expiry6 Month

Instagram

NameInstagram
ProviderFacebook
PurposeUsed to unblock Instagram content.
Privacy Policyhttps://www.instagram.com/legal/privacy/
Host(s).instagram.com
Cookie Namepigeon_state
Cookie ExpirySession

YouTube

NameYouTube
ProviderYouTube
PurposeUsed to unblock YouTube content.
Privacy Policyhttps://policies.google.com/privacy?hl=en&gl=en
Host(s)google.com
Cookie NameNID
Cookie Expiry6 Month

Besides these persistent cookies, there are also transient cookies.

Transient cookies are automatically deleted when you close the browser. These include in particular session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies, on the other hand, are automatically deleted after a specified period of time, which may vary depending on the cookie. You can configure these persistent cookies according to your wishes via our cookie banner, which is displayed when you visit our website and also refers to this privacy policy, and, for example, refuse to accept third-party cookies. Please note that in such cases you may not be able to use all the functions of this website. In addition to the configuration options via the cookie banner displayed when you call up our website, you can also set your preferences subsequently by clicking on the following button:

Cookie Settings

You can get a complete overview of your preferences under consideration of the time schedule in your

DateVersionConsents

 

  1. Legal basis for the data processing

 The legal basis for the processing of personal data using cookies is Art. 6 para. 1 sentence 1 lit. a,c and f GDPR.

  1. Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. We must also use cookies in order to be able to meet our legal obligations or accountability obligations under the GDPR. These require the browser to be recognised even after a page change. The user data collected by technically necessary cookies is not used to create user profiles. The analysis cookies are used for the purpose of improving the quality of our website and its contents. They are only set with the user’s consent (Art. 6 para. 1 sentence 1 lit.a GDPR). The analysis cookies enable us to find out how the website is being used and thus to constantly optimise our offer. These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 Para. 1 S.1 lit. f GDPR.

  1. Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted by the user to our site. Therefore you as a user have full control over the use of cookies. In addition, you are also entitled to the above-mentioned configuration options via the cookie banner displayed when you call up our website and via the button in this data protection declaration, with which you as a user can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically.

 

VI. Applications

  1. Description and scope of data processing

Your applicant data will be reviewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the departmental managers responsible for the vacant position. The rest of the process is then coordinated. Within the company, only those persons who need access to your data for the proper processing of our application procedure have access to it. The data is processed exclusively in data processing centres in the Federal Republic of Germany.

 Legal basis for data processing

The legal basis for the processing of your personal data in this application procedure is primarily § 26 BDSG in the version valid since 25.05.2018. According to this, the processing of data required in connection with the decision to establish an employment relationship is permissible.

Should the data be necessary for legal prosecution after the application procedure has been completed, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 Para. 1 letter f) GDPR. Our interest then consists in the assertion or defence of claims.

  1. Purpose of data processing

We process the data that you have sent us in connection with your application in order to check your suitability for the position (or other open positions in our company, if applicable) and to carry out the application procedure.

  1. Duration of storage

Data of applicants will be deleted after 6 months in case of a cancellation.

In case you have agreed to a further storage of your personal data, we will transfer your data to our pool of applicants. There the data will be deleted after two years.

If you have been awarded a job during the application procedure, the data will be transferred from the applicant data system to our personnel information system.

 

VII. Contact form and e-mail contact

  1. Description and scope of data processing

On our website, contact forms are available in several places, which can be used to contact us electronically and to request information material by post and e-mail. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored.

Your explanation of the processing of the data with reference to this privacy policy will be documented during the sending process.

Alternatively, it is possible to contact us via the e-mail addresses provided, ending in @schrammek.de. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

  1. Legal basis for the data processing

The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

If the purpose of contacting you by e-mail is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 letter b GDPR.

  1. Purpose of data processing

The processing of the personal data from the input mask serves us only for the processing of the establishment of contact. In the case of contacting us by e-mail, this is also the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

  1. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified.

  1. Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.

All personal data stored in the course of the contact will be deleted in this case.

 

VIII. Use of Google Ads

  1. Description and scope of data processing

On our website we use Google Ads Conversion, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. With this we can use advertising material (so-called Google Ads) on external websites to draw attention to our offers and services. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are.

These advertising media are delivered by Google via so-called “Ad Servers”. For this purpose, we use ad server cookies, through which certain parameters can be measured to measure success, such as the display of ads or clicks by users. If you reach our website via a Google ad, Google Ads will store a cookie on your end device. These cookies usually expire after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be contacted) are usually stored as analysis values for this cookie.

These cookies enable Google to recognize your internet browser. If a user visits certain pages of an ad client’s website and the cookie stored on their computer has not expired, Google and the client may recognize that the user clicked on the ad and was redirected to that page. A different cookie is associated with each ad client. As a result, cookies cannot be tracked through the websites of ad clients.

In cases where personal information is transferred to the United States, Google has adopted the EU-US Privacy Shield, https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

For more information about how we treat user information, please see Google’s privacy policy at: https://www.google.de/intl/de/policies/privacy.

  1. Legal basis for the processing of personal data

The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

  1. Purpose of data processing

If you agree to the use of Google Ads, we have the possibility to show you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs. Through the use we can make our company and the services we offer better known and spread. We hope to reach more potential customers.

  1. Duration of the storage

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Ads Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out and save your IP address.

  1. Possibility of objection and removal

You can withdraw your consent to processing at any time by changing the settings in our cookie banner.

We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

 

IX. Use of Google CDN 

  1. Description and scope of data processing

To make our website faster and more secure, we use Google CDN from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland or Google LLC, Mountain View 1600 Amphitheatre Parkway Mountain View, CA 94043 USA. Google CDN provides a content delivery network, which is a network of servers connected over the Internet. This network only transmits data that is controlled by us as the website operator. Therefore, the content is not determined by Google CDN, but by us.

Google CDN may collect certain information about the use of our website and process data that is sent by us or for which Google CDN has received instructions. In most cases, Google CDN receives data derived from browser activity. For example, log data helps Google CDN identify new threats.

In cases where personal information is transferred to the US, Google CDN has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. For more information about the information Google CDN collects, how Google CDN uses that information, and with whom the service shares the information, please see the Privacy notices from Google Cloud Services.

  1. Legal basis for the processing of personal data

The legal basis for the use of Google CDN is Art. 6 para. 1 sentence 1 lit. f) GDPR.

  1. Purpose of data processing

The Google CDN servers are distributed around the world to make our website appear faster on visitors’ end devices.

A load balancing system ensures that our website is delivered from the server that can display our website to visitors most quickly. This is especially helpful for users from abroad. The content of the website is therefore not only delivered by our hosting server.

Google CDN also blocks threats and limits abusive bots and crawlers that waste bandwidth and server resources. Google CDN allows us to significantly reduce our bandwidth usage and cut the average website load time by about half. Overall, using Google CDN therefore makes our website much more powerful and less vulnerable to spam or other attacks. This is also our overriding interest according to Art. 6 para. 1 p.1 lit. f) GDPR.

  1. Duration of storage

Google CDN does not store any personal data, such as IP addresses. However, there is information that Google CDN does store indefinitely as part of its permanent logs to improve overall performance and to identify potential security risks.

The data logs are kept only as long as necessary.

  1. Possibility of objection and removal

Since Google CDN only receives data that is controlled and determined by us as the website operator, Google CDN does not offer any possibility of objection or removal.

However, since Google CDN does not store any personal data, such options are not necessary.

Nevertheless, you can completely prevent the entire collection and processing of your data by Google CDN by deactivating the execution of script code in your browser or by integrating a script blocker into your browser.

 

X. Use of YouTube

  1. Description and scope of data processing

Our website uses plug-ins from the YouTube page operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you agree to the use of YouTube, a connection to the servers of YouTube will be established each time you access one of our pages that are equipped with a YouTube plug-in. This tells the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to assign your surfing behavior directly to your personal profile.

In cases where personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

For more information on how Google treats user information, please see the YouTube privacy policy at: https://www.google.de/intl/de/policies/privacy.

  1. Legal basis for the processing of personal data

The legal basis for the use of YouTube is Art. 6 para. 1 sentence 1 lit. a GDPR.

  1. Purpose of data processing

By using YouTube we have the possibility of an attractive presentation of our online offers. Through the use of YouTube, we can make our company and the services we offer better known and more widely distributed. We hope to reach more potential customers.

  1. Duration of the storage

We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by YouTube.

  1. Possibility of objection and removal

You can withdraw your consent at any time by changing the setting in our cookie banner. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

If you do not want YouTube to be able to assign visits to our pages to your YouTube user account, please log out of your YouTube user account.

 

XI. Use of Google Maps

  1. Description and scope of data processing

On this page maps of the service “Google Maps” are integrated. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The processed data includes in particular your IP address and your location data, which, however, are not collected without your consent (e.g. through appropriate browser settings). The data may be processed in the USA.

  1. Legal basis for the processing of personal data

The legal basis for the use of Google Maps is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

  1. Purpose of data processing

By using Google Maps, we are able to visually present geographical information and offer you an easy way to find your way to our company from any location.

  1. Duration of storage

We would like to point out that we have no concrete knowledge of the transmitted data or its use by Google. Further information about Google Maps is available at https://maps.google.com/help/terms_maps.html. Google’s current privacy policy can be found at https://www.google.com/policies/privacy/.

  1. Possibility of objection and removal

You can withdraw your consent at any time by changing the setting in our cookie banner. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

XII. Use of Google reCAPTCHA

  1. Description and scope of data processing

To protect input forms on our site, we use the service “reCAPTCHA”. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To our knowledge, the referrer URL, the IP address, the behaviour of the website visitors, information about the operating system, browser and duration of stay, cookies, display instructions and scripts, the input behaviour of the user as well as mouse movements in the area of the “reCAPTCHA” checkbox are transmitted to “Google”. The data can be processed in the USA.

Google uses the information obtained in this way to digitise books and other printed matter and to optimise services such as Google Street View and Google Maps (e.g. house number and street name recognition).

  1. Legal basis for the processing of personal data

The legal basis for the use of Google reCAPTCHA is Art. 6 para. 1 sentence 1 lit. f GDPR.

  1. Purpose of data processing

We use the service to protect input forms on our site. By using this service, it is possible to distinguish whether the corresponding input is of human origin or whether it is misused by automated machine processing.

  1. Duration of storage

We would like to point out that we do not have any concrete knowledge of the data transmitted or of its use by Google beyond the data mentioned. The applicable data protection regulations of Google can be found at https://www.google.com/policies/privacy/.

  1. Possibility of objection and removal

The IP address transmitted in the context of “reCAPTCHA” is not merged with other data from Google, unless you are logged into your Google account at the time of using the “reCAPTCHA” plug-in. If you wish to prevent this transmission and storage of data about you and your behaviour on our website by “Google”, you must log out of “Google” before you visit our site or use the reCAPTCHA plug-in. The processing of the data by Google can be changed and excluded under https://adssettings.google.com/ authenticated.

 

XIII. Use of Google Web Fonts

  1. Description and scope of data processing

Our site uses so-called web fonts from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

To do this, the browser you use must connect to Google’s servers. This enables Google to know that our website has been accessed via your IP address.

  1. Legal basis for the processing of personal data

The legal basis for the use of Google Web Fonts is Art. 6 para. 1 sentence 1 lit. f GDPR.

  1. Purpose of data processing

We use the service for the uniform representation of fonts and in the interest of a consistent and attractive presentation of our online presence.

  1. Duration of storage

We would like to point out that we do not have any concrete knowledge of the data transmitted or of its use by Google beyond the data mentioned. Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq. Google’s applicable privacy policy can be found at https://www.google.com/policies/privacy/.

  1. Possibility of objection and removal

You can set your browser so that the fonts are not loaded from the Google servers (e.g. by installing browser add-ons such as NoScript or Ghostery for Firefox). If your browser does not support Google Web Fonts or if you prevent access to the Google servers, the text will be displayed in the system default font. The processing of data by Google can be changed and excluded at https://adssettings.google.com/authenticated.

 

XIV. Use of Facebook plug-ins (Like button)

  1. The scope of processing of personal data

Our pages integrate plug-ins from the social network Facebook, provider Facebook Inc. 1 Hacker Way, Menlo Park, California 94025, USA, and Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can recognize the Facebook plug-ins by the Facebook logo or the “Like Button” (“Like”) on our site. An overview of the Facebook plug-ins can be found here: https://developers.facebook.com/docs/plugins/

If you visit our pages and have consented to the use of Facebook plugins, a direct connection between your browser and the Facebook server is established via the plug-in. Facebook thereby receives the information that you have visited our site with your IP address. If you click on the Facebook “Like-Button” while you are logged into your Facebook account, you can link the contents of our pages on your Facebook profile. This allows Facebook to associate your visit to our Pages with your user account.

In addition, we maintain an online presence on Facebook, the so-called fan page, in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services.

When using the fan page or the plug-ins, your data may be processed outside the European Union. This can result in risks for you, because it can make it more difficult for you to enforce your rights, for example. In cases where personal data is transferred to the USA, Facebook has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

  1. Legal basis for the processing of personal data

The legal basis for the use of Facebook plug-ins on our website is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

If you are asked by Facebook for consent to the described data processing, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a GDPR.

In addition, on the basis of an agreement on joint processing of personal data pursuant to Art. 26 GDPR in conjunction with the declaration deposited under this link https://www.facebook.com/legal/terms/page_controller_addendum.

  1. Purpose of data processing

Facebook plug-ins make it easier to share content on social platforms.

If content is posted by users on Facebook, we reach more potential customers. In addition, we are also able to carry out a so-called reach analysis if necessary.

Furthermore, Facebook generally processes user data for market research and advertising purposes. For example, user profiles can be created from the user behaviour and the resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the user interests. For these purposes, cookies are usually stored on the users’ computers, in which the usage behaviour and interests of the users are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users.

  1. Duration of storage

We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. You can find further information on this in the Facebook privacy policy at https://de-de.facebook.com/policy.php. And especially for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data

 Possibility of opposition and removal

You can withdraw your consent at any time by changing the setting in our cookie banner.

If you do not want Facebook to be able to assign visits to our pages to your Facebook user account, please log out of your Facebook user account.

An opt-out possibility exists at: https://www.facebook.com/settings?tab=ads

 

XV. Use of Facebook Pixels

  1. Description and scope of data processing

Our site uses the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA or Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With the help of the Facebook pixel, it is possible to determine certain visitors to our website as a target group for the display of advertisements and thus to display the advertisements placed by us only to those Facebook users who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interest in certain topics, products or services determined on the basis of the websites visited).

When you visit our pages, a direct connection between your browser and the Facebook server is established via the pixel. Facebook thereby receives information that you have visited our site with your IP address. If you are logged in to your Facebook account, Facebook can assign your visit to our pages to your user account.

In addition, we maintain an online presence on Facebook, the so-called fan page, in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services.

When using the fan page or the pixel method, your data may be processed outside the European Union. This can result in risks for you, as it can make it more difficult for you to enforce your rights, for example. In cases where personal data is transferred to the USA, Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

Specific information and details about the Facebook pixel and how it works can be found in the help section of Facebook: https://www.facebook.com/business/help/651294705016616.

  1. Legal basis for the processing of personal data

The legal basis for the use of the Facebook pixel is Art. 6 para. 1 sentence 1 lit. a GDPR.

If you are asked by Facebook to consent to the described data processing, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a GDPR.

In addition, on the basis of an agreement on joint processing of personal data pursuant to Art. 26 GDPR in conjunction with the declaration deposited under this link https://www.facebook.com/legal/terms/page_controller_addendum.

  1. Purpose of data processing

With the help of the Facebook pixel we want to make sure that our ads match the potential interest of the users of our website and are not annoying. The Facebook pixel also allows us to track the effectiveness of the ads for statistical and market research purposes by seeing whether users have been directed to our website after clicking on an ad.

  1. Duration of storage

We would like to point out that we, as the provider of the pages, have no further knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook’s privacy policy at https://de-de.facebook.com/policy.php and especially for the fan page: https://www.facebook.com/legal/terms/information_about_page_insights_data.

  1. Possibility of objection and removal

You can withdraw your consent at any time by changing the setting in our cookie banner.

 

XVI. Use of Pinterest Ad Tag

  1. Description and scope of data processing

We use the conversion tracking technology “Pinterest Ad Tag” from Pinterest, Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. For this purpose, a so-called conversion tracking pixel is integrated into our webshop, which places a cookie on your device. Pinterest uses this cookie to obtain information about which parts of our offer you have viewed in order to display Pinterest advertisements based on this information.

If you are logged in to your Pinterest profile during your visit to our website or visit it later, Pinterest receives the following information: Device information, operating system, time of access, product and item pages accessed, category pages accessed, recording of items added to the shopping cart, recording of completed transactions, recording of video playback, registration for our services, interest in services.

  1. Legal basis for the processing of personal data

The legal basis for the processing is your consent in accordance with Art. 6 Para. 1 S.1 lit. a GDPR.

  1. Purpose of data processing

The use of Pinterest Ad Tag enables us to provide our clients who have a Pinterest account with interest-based advertising and to draw attention to relevant offers.

  1. Duration of storage

Any data transferred to Pinterest may be merged with your account. We would like to point out that we, as the provider of the pages, have no knowledge of the exact storage period or the use of the transmitted data by Pinterest. For further information, please refer to Pinterest’s privacy policy: https://policy.pinterest.com/de/privacy-policy

  1. Possibility of opposition and removal

You can withdraw your consent to data processing at any time by changing the settings in our cookie banner.

 

XVII. Use of Cloudflare

  1. Description and scope of data processing

To make our webshop faster and more secure, we use Cloudflare from the provider Cloudflare, Inc, 101 Townsend St., San Francisco, CA 94107, USA. Cloudflare provides a content delivery network, which is a network of servers connected via the Internet. This network forwards only those data that are controlled by us as the website operator. The contents are therefore not determined by Cloudflare, but by us.

For security reasons Cloudflare also uses a cookie. This cookie – (__cfduid) – is used to identify individual users behind a shared IP address and to apply security settings for each individual user. This cookie is useful, for example, if you visit our website from a public place or network where there are a number of infected devices. If your terminal device is trustworthy, this can be recognised by the cookie. In this way, you can surf through the website unhindered, despite other infected devices in the vicinity. The cookie used does not store any personal data. It is absolutely necessary for the Cloudflare security functions and cannot be deactivated.

In addition, Cloudflare may collect certain information about the use of our website and process data that is sent by us or for which Cloudflare has received instructions. In most cases Cloudflare receives data that is derived from browser activity. For example, log data helps Cloudflare to identify new threats.

In cases where personal data is transferred to the USA, Cloudflare has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active. Further information about the data that is collected by Cloudflare, how Cloudflare uses this data and to whom the service passes the data on, can be found at: https://www.cloudflare.com/de-de/privacypolicy/.

  1. Legal basis for the processing of personal data

The legal basis for the use of cloudflare is Art. 6 para. 1 lit. f GDPR.

  1. Purpose of data processing

The cloudflare servers are distributed all over the world in order to be able to display the webshop of our website faster on the end devices of the visitors.

For this purpose, a system of load distribution ensures that our website is delivered by the server that can display our website to visitors the fastest. This is especially helpful for users from abroad. The content of the website is therefore not only delivered by our hosting server.

Cloudflare also blocks threats and limited abusive bots and crawlers that waste bandwidth and server resources. Cloudflare allows us to reduce our bandwidth usage by about 60% and cut the average website loading time by about half. Overall, using Cloudflare therefore makes our website much more powerful and less vulnerable to spam or other attacks.

  1. Duration of storage

Cloudflare does not store personal data, such as IP addresses. However, there is information that Cloudflare stores indefinitely as part of its permanent logs to improve overall performance and identify any security risks. You can find out exactly which permanent logs are stored at https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/.

All data that Cloudflare collects (temporarily or permanently) is cleansed of all personal data. All permanent logs are also anonymized by Cloudflare. The data logs are kept only as long as necessary and in most cases deleted within 24 hours.

  1. Possibility of opposition and removal

Since Cloudflare receives only those data, which are steered and determined by us as web page operators, Cloudflare does not offer own contradiction and removal possibility.

Since Cloudflare does not store personal data, such possibilities are not necessary.

Nevertheless, you can completely prevent the entire collection and processing of your data by Cloudflare by deactivating the execution of script code in your browser or by integrating a script blocker into your browser.

 

XVIII. Use of Twitter

  1. Description and scope of data processing

Functions of the Twitter service are integrated on our pages (Webshop). These functions are offered by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Responsible for the data processing of persons living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

Twitter Inc. is committed to the principles of the EU-US Privacy Shield. You can find more information on this at: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

We have no influence on the type and scope of the data processed by Twitter, the type of processing and use or the transfer of this data to third parties. We also have no effective means of control in this respect. By using Twitter, your personal data will be collected, transferred, stored, disclosed and used by Twitter Inc. and, in doing so, transferred to, stored and used in the United States, Ireland and any other country in which Twitter Inc. does business, regardless of your place of residence. Twitter processes data that you voluntarily enter such as your name and user name, e-mail address, telephone number or the contacts in your address book when you upload or synchronize it.

Twitter also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages that you send directly to other users, and can determine your location using GPS data, wireless network information, or your IP address to send you advertising or other content.

  1. Legal basis for the processing of personal data

The legal basis for the use of Twitter is Art. 6 para. 1 sentence 1 lit. f DSGVO.

  1. Purpose of data processing

We use Twitter mainly for our own tweets and retweets. In selected cases, we will also communicate via direct messages and respond to retweets and comments, as far as this involves the exchange of information about our services or products. Entries, complaints etc. will not be taken note of and will not be answered via Twitter.

  1. Duration of storage

We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. For further information, please refer to the Twitter privacy policy at twitter.com/privacy.

  1. Possibility of objection and removal

You can change your privacy settings on Twitter in the account settings at twitter.com/account/settings. On mobile devices (smartphones, tablet computers) you can also restrict Twitter access to contact and calendar data, photos, location data, etc. in the settings there. However, this depends on the operating system used.

Further information on these points is available on the following Twitter support pages:

https://support.twitter.com/articles/105576#

https://help.twitter.com/de/search?q=datenschutz

You can find out about the possibility of viewing your own data on Twitter here: https://support.twitter.com/articles/20172711#

Information about the conclusions drawn from Twitter to you can be found here:

https://twitter.com/your_twitter_data

Information on the available personalization and data protection settings can be found here (with further references):

https://twitter.com/personalization

You also have the option of requesting information via the Twitter privacy form or the archive requirements:

https://support.twitter.com/forms/privacy

https://support.twitter.com/articles/20170320#

 

XIX. Use of Instagram

  1. Description and scope of data processing

Functions of the Instagram service are integrated on our pages. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our sites with your account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.

  1. Legal basis for the processing of personal data

The legal basis for the use of Instagram is Art. 6 para. 1 sentence 1 lit. f GDPR.

  1. Purpose of data processing

Using Instagram makes content sharing easier.

When users post content on Instagram, we reach more potential customers. In addition, the use of Instagram helps us to further promote our company and the services we offer.

  1. Duration of storage

We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.

For further information, please refer to the Instagram privacy policy:

instagram.com/about/legal/privacy/

  1. Possibility of opposition and removal

If you do not want Instagram to associate your visit to our site with your Instagram account, please log out of your Instagram account.

 

XX. Use of Mailchimp

  1. Description and scope of data processing

It is possible to subscribe to a free newsletter on our website, see above IX.

The newsletter is sent by mailchimp. Mailchimp is operated by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. If you add your email address to the mailing list, this address will be temporarily stored with Mailchimp.

When a customer adds his email address to the mailing list, this address is first stored temporarily at Mailchimp. When the email address has been confirmed (double opt-in), it will be stored permanently at Mailchimp until it is deleted by the owner or by us as list operator. Furthermore, the date of registration and the IP address under which the registration is made are stored.

In addition, the following data are stored at Mailchimp:

– Date of the last profile update
– Geolocation & time zone:

Based on the e-mail address, MailChimp performs a geolocation and determines information about the IP address (geolocation data and possibly available location information) with the help of a “Geolocation Service Provider”. Geolocation is also used to determine time zones. This in turn is used for the simultaneous sending of newsletters at certain times, if necessary.

Geolocation is performed both when subscribing to the newsletter and when opening newsletter e-mails. Further information can be found here. Unfortunately we have no influence on the execution of the geolocation. This function cannot be deactivated by us for MailChimp at present.

– Language information:

If MailChimp is able to determine the language from your browser when subscribing to the newsletter or when opening links, this will be saved to your profile. This function can be used in particular to create segments of subscribers by language. This enables us to use e.g. the Sending newsletter mails in English to subscribers who have set English as their default language in their browser. This function cannot be deactivated by us either.

– Groups & Segments:

We sometimes send out more than just one newsletter, which is the same for all subscribers. Sometimes we send different newsletters that are different. For example, it may happen that new subscribers receive a different newsletter or a separate newsletter or e-mail.

When you open an e-mail sent with MailChimp, a file contained in the e-mail (so-called web-beacon) connects to the servers of MailChimp in the USA. This way it can be determined whether a newsletter message has been opened and which links have been clicked on.

In cases where personal data is transferred to the USA, Mailchimp has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active. For more information about the data collected by Mailchimp, how Mailchimp uses this data and with whom the service may share it, please visit: https://mailchimp.com/legal/privacy/.

  1. Legal basis for the processing of personal data

The legal basis for the processing of the data after registration for the newsletter is your consent in accordance with Art. 6 Para. 1 lit. a) GDPR.

For the evaluation of the newsletter and for the cooperation with Mailchimp it is art. 6 par. 1 p.1 lit. f) GDPR.

  1. Purpose of data processing

The collection of the user’s e-mail address is used to send the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

We use Mailchimp to create, send, manage and select our newsletter. This is done exclusively on a group basis. The evaluation also includes information about how many users have been sent e-mails, whether they have been withdrawn and whether users have unsubscribed from the list. Furthermore, it is also possible for us to track whether and when newsletters were opened and which information was clicked on, i.e. considered useful. The personal data collected by Mailchimp is used to optimize or improve our own services, such as technical optimization of mailing. In these purposes lies also our predominant interest in the processing according to article 6 paragraph 1 p.1 lit. f) GDPR.

  1. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active.

Mailchimp stores personal data, such as IP addresses. These are kept as long as Mailchimp has a legitimate business or legal need to do so. These retention periods vary according to the nature of the data concerned. Afterwards the data is either deleted or made anonymous. For more information you can read the section “F. Retention Of Data” on https://mailchimp.com/legal/privacy/.

  1. Possibility of objection and removal

The subscription to the newsletter can be cancelled by the data subject at any time. For this purpose there is a corresponding link in every newsletter.

The revocation of consent does not affect the legality of the processing carried out on the basis of the consent. If you revoke your consent, we will delete this data and no longer send you newsletters.

The newsletters contain a pixel-sized file (“web-beacon”), which is retrieved from our server when the newsletter is opened. Within the scope of this retrieval, technical information is collected which serves to achieve the purposes listed under point 3. A separate revocation of the purpose is unfortunately not possible, in this case the entire newsletter subscription must be cancelled or objected to.

 

XXI. Integration of Google DoubleClick

  1. Description and scope of data processing

We have integrated components from DoubleClick by Google in our webshop. DoubleClick is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transfers data to the DoubleClick server with every impression as well as with clicks or other activities.

Each of these data transfers triggers a cookie request to the browser of the data subject. If the browser accepts this request, DoubleClick sets a cookie in your browser.

DoubleClick uses a cookie ID, which is required to complete the technical process. For example, the cookie ID is needed to display an advertisement in a browser. DoubleClick may also use the cookie ID to track which ads have already been displayed in a browser to avoid duplication. The cookie ID also enables DoubleClick to track conversions. For example, conversions are captured when a DoubleClick ad has been previously displayed to a user and that user subsequently makes a purchase on the advertiser’s website using the same Internet browser.

A DoubleClick cookie may contain additional campaign identifiers. A campaign identifier is used to identify campaigns that you have already been in contact with on other websites. As part of this service, Google will learn about data that will also be used by Google to generate commission statements. Among other things, Google can track that you have clicked on certain links on our site. In this case your data will be passed on to the operator of Double Click, Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Further information and DoubleClick by Google’s applicable privacy policy can be found at https://www.google.com/intl/de/policies/.

  1. Legal basis for the processing of personal data

The legal basis for the processing is your consent according to Art. 6 para. 1 S.1 lit.a GDPR.

  1. Purpose of data processing

We use DoubleClick to serve and display user-relevant advertising, and to report on or enhance our advertising campaigns. DoubleClick is also used to prevent multiple displays of the same ad. Each time you visit a single page on our website that has a DoubleClick component built in, your browser is automatically prompted by the DoubleClick component to submit data to Google for the purposes of online advertising and commissions.

  1. Duration of storage

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google LLC. For more information, please see the Google DoubleClick privacy policy: https://policies.google.com/privacy.

  1. Possibility of objection and removal

You can withdraw your consent at any time by changing your settings in our cookie banner. If you do not give us your consent, a visit to our website is possible without restriction, but not all functions may be available in full.

XXII. Rights of the data subject

If personal data are processed by you, you are the data subject within the meaning of the GDPR and you are entitled to the following rights in relation to the controller:

  1. Right of information

You can request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing has taken place, you can request information from the data controller about the following:

(1) the purposes for which the personal data are processed

(2) the categories of personal data which are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the envisaged duration of the storage of the personal data concerning you or, if it is not possible to give specific details, criteria for determining the duration of storage;

(5) the existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) any available information as to the source of the data, if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling in accordance with Art. 22 (1) and (4) DPA and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.

You have the right to request information as to whether the personal data concerning you are being transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 DPA in connection with the transfer.

  1. Right of rectification

You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the correction without delay.

  1. Right to limit processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

(1) if you dispute the accuracy of the personal data concerning you for a period which enables the controller to verify the accuracy of the personal data

(2) if the processing is unlawful and you object to the deletion of the personal data and instead demand the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of the processing, but you need the personal data for the purpose of asserting, exercising or defending legal claims; or

(4) if you have lodged an objection to the processing in accordance with Art. 21 para. 1 DPA and it has not yet been established whether the legitimate reasons given by the controller outweigh your reasons.

If the processing of personal data relating to you has been restricted, such data may be processed – apart from storage – only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

  1. Right of deletion

a) Duty to delete

You may request the controller to delete personal data concerning you without delay and the controller is obliged to delete such data without delay if one of the following reasons applies:

(1) the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed

(2) you revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a FADP, and there is no other legal basis for the processing.

(3) You lodge an objection to the processing pursuant to Art. 21(1) DPA and there are no legitimate reasons for the processing, or you lodge an objection to the processing pursuant to Art. 21(2) DPA.

(4) The personal data concerning you have been processed unlawfully.

(5) The deletion of personal data relating to you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.

(6) The personal data concerning you have been collected in relation to information society services offered in accordance with Article 8(1) of the DPA.

(b) Information to third parties

If the controller has made public the personal data concerning you and is obliged to delete them pursuant to Art. 17 para. 1 DPA, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to these personal data or copies or replications of these personal data.

c) Exceptions

The right of cancellation does not exist insofar as the processing is necessary

(1 ) on the exercise of the right to freedom of expression and information;

(2) to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the field of public health pursuant to Article 9 (2) lit. h and i and Article 9 (3) GDPR;

(4) for archival, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or

(5) to assert, exercise or defend legal claims.

  1. Right to information

If you have asserted the right to rectify, erase or limit the processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.

You have the right vis-à-vis the controller to be informed of these recipients.

  1. Right to data transferability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. You also have the right to have this data communicated to another person in charge without interference from the person in charge to whom the personal data has been communicated, provided that

(1) the processing is based on a consent pursuant to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract pursuant to Art. 6 para. 1 letter b GDPR and

(2) the processing is carried out by means of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another, as far as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data transferability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  1. Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out pursuant to Article 6 paragraph 1 letter e or f FADP; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you, unless he can demonstrate compelling reasons for processing which are justified on grounds of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing.

If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes.

You have the possibility to exercise your right of objection in relation to the use of information society services, without prejudice to Directive 2002/58/EC, by using automated procedures involving technical specifications.

  1. Right to revoke the declaration of consent under data protection law

You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.

  1. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or significantly affects you in a similar manner. This shall not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller

(2) is authorised by Union law or the law of the Member States to which the controller is subject and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or

(3) with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the data controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of a person from the data controller, to present his or her point of view and to challenge the decision.

  1. Right to appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the DPA.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

XXIII. Amendments to this Privacy Policy

The further development of the internet and our internet offer can also have an effect on the handling of personal data. We therefore reserve the right to change this data protection declaration in the future within the framework of the applicable data protection laws and, if necessary, to adapt it to changed data processing. The current version of the data protection declaration is always available under the heading “Data Protection” or “Privacy Policy”.