Privacy Policy

1) Information on the collection of personal data, and the data controller's contact details

1.1 We are glad that you are visiting our website and would like to thank you for the interest you have shown. The following information will tell you how we handle your personal data when you use our website. "Personal data" refers to all data by which you can be personally identified.

1.2 The data controller responsible for processing data on our website, as per the General Data Protection Regulation (GDPR), hydesk.co, Brunsteiner & Carey GbR, Fallmerayerstr. 23, 80796 München, office@hydesk.co. The controller responsible for handling personal data is a natural person or legal entity that, on their own, or together with others, decides on the purposes and means for processing personal data.

1.3 The data controller has designated a data protection officer, who may be reached using the following contact details:

Mr. Finian Carey

Brunsteiner & Carey GbR

Fürstenackerstrasse 5

81477 München

E-Mail: office@hydesk.co

1.4 For security reasons, and in order to protect personal data and other confidential content (e.g. orders or requests sent to the data protection officer) sent, this website uses SSL/TLC encryption. An encrypted connection may be identified by the characters "https://" and the lock symbol in your browser line.

2) Data collection when visiting our website

When you use our website for information purposes only, i.e. when you do not register or send us other information, we only collect the data which your browser sends to our server (what are called server log files). When you access our website, we collect the following data, which we require for technical reasons in order to display our website to you:

Our website which you have visited
The date and time at which you accessed it
Volume of data sent (in bytes)
Point of origin/link from which you accessed the page
Browser used
Operating system used
IP address used (if relevant, anonymised)

Data processing is carried out as per Article 6, Section 1, Point f of the GDPR, based on our legitimate interest in improving the stability and functionality of our website. The data will not be transmitted to third parties or used for other purposes. We do, however, reserve the right to check the server logfiles post factum, should there be specific indications of illegal use.

3) Hosting

Hosting using EditorX by Wix.com Ltd.

We use the shop system provided by Editor X, by Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel („Wix“) for the purpose of hosting and displaying the online shop, based on the relevant data being processed at our request. All the data collected on our website is processed on the Shopify servers. Shopify ensures, using appropriate technical and organisational measures, that the data is only processed within the EU/EEA. In respect of the theoretical possibility of Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA, accessing the data, the European Commission has adopted an adequacy decision for Canada, certifying that an adequate level of data protection is guaranteed. Further information on Wix data protection can be obtained at the following internet page: Internetseite: https://de.wix.com/about/privacy and here: https://support.wix.com/en/article/gdpr-frequently-asked-questions

4) Cookies

We use what are called "cookies". Cookies are small text files which are stored on the end device used, and which are saved by the browser. Cookies are used for making what we offer user-friendlier, more effective and more secure. There are different kinds of cookies, which are used for different purposes.

Some cookies ensure that what we offer functions properly, and/or that, having registered successfully, you can be identified on your end device ("essential" cookies). By placing these essential cookies, we make it somewhat easier for you to visit what we have to offer, and to use the services available there. Other cookies are placed for the purpose of analysing your user preferences and thus to improve our offer ("advanced cookies").

We only place advanced cookies with your consent. When you visit what we have to offer for the first time, a pop-up window is displayed with an explanatory message about cookies. As soon as you click on the relevant "agree" button, you consent to us using the relevant cookies selected, which are described in the relevant pop-up window and in this Data Protection Declaration.

You can configure your browser so that you are notified when cookies are being placed, and only allow cookies on a case-by-case basis, accept cookies for particular purposes, or exclude them in general, as well as activating the automatic deletion of cookies when you close the browser. We would point out that, if cookies are deactivated, this may limit the functionality of this website.

Insofar as personal data is processed when "essential" cookies are used, this is done on the legal basis as per Article 6, Section 1, Clause 1, Letter f of the GDPR, on account of a legitimate interest in ensuring quality, and in the interests of the web page displaying without any technical impediment. The processing of personal data when using what are called "advanced" cookies is based on your consent (legal basis: Article 6, Section 1, Clause 1, Letter a of the GDPR). Please bear in mind that not accepting cookies may affect the functionality of our website.

5) Getting in contact

If you get in contact with us (e.g. using the contact form or by email), personal details will be collected. In the case of a contact form, the data collected will be apparent from the contact form in question. This data will only be stored and used for the purpose of responding to your request and/or for making contact, and associated technical administration work. If you make contact with us with a view to concluding a contract, this represents an additional legal basis for data processing as per Article 6, Section 1, Letter b of the GDPR. Otherwise, the legal basis is as per Article 6, Section 1, Letter a of the GDPR. Once your request has been dealt with, your data will be deleted. This is the case if, based on the circumstances, it may be concluded that the relevant matter has been dealt with, and thus there is no legal requirement to retain the data.

6) Data processing in the case of opening a customer account and for processing a contract

As per Article 6, Section 1, Letter b of GDPR, further personal data will be collected and processed, if you send this to us for the purpose of implementing a contract, or when opening a customer account. The data being collected will be cleared from the relevant submission form. You may delete your customer account at any time, and can do so by means of a message sent to the data controller's address above. We store and use the data you send us for the purpose of processing the contract. Once we have fully processed a contract, or have deleted your customer account, your data is retained, bearing in mind statutory fiscal and commerce law retention periods, and then deleted after these have expired, unless you have expressly given your consent for the further use of your data, or if, on our page, we have reserved the right to the further use of your data within the bounds of the law.

7) Use of your data for the purpose of direct marketing

7.1 Registering to receive our email newsletter

If you register to receive our email newsletter, we will regularly send you information on our offers. Your email address is all you need to provide in order to receive the newsletter. You have the option to provide additional data, allowing us to address the newsletter to you personally. For the purposes of sending out the newsletter we use what is called the double opt-in procedure. This means that we only send you an email newsletter, if you have expressly confirmed that you agree to receive the newsletter. We then send you a confirmation email which asks you to click on the relevant link, in order to confirm that you would like to receive the newsletter in future.

By activating the confirmation link, you give us your consent to use your personal data as per Article 6, Section 1, Letter a of the GDPR. When you register for the newsletter, we save the IP address specified by the internet service-provider (ISP), as well as the date and time when you registered, in order to be able to detect if someone else were to potentially misuse your email address at a later point in time. The data we collect from you when you register to receive the newsletter is only used for the purposes of targeted advertising in the form of the newsletter. You can unsubscribe from the newsletter at any time using the link provided in the newsletter, or by means of a message sent to the designated data controller. As soon as you unsubscribe, your email address will immediately be deleted from our email distribution list, unless you have expressly consented to the further use of your data, or unless we have reserved the right to the further use of your data, within the bounds of the law, in which case we will have notified you in the present Declaration.

7.2 Sending the email newsletter out to existing customers

If, when purchasing goods or services from us, you have provided us with your email address, we reserve the right to send you regular offers by email in respect of products and services in our range similar to those you have already purchased. To this end we have to obtain consent from you as per Paragraph 7, Section 3 of the German Fair Trade Practices Act (UWG). In this case, data processing is based solely on our legitimate interest in personalised direct marketing as per Article 6, Section 1, Letter f of the GDPR. If, at the start, you did not consent to your email address being used for this purpose, the mailing will not be sent out from our side. You are entitled, at any time, to withdraw consent for future use of your email address for the purpose previously stated, by notifying the data controller designated at the start. The only cost to you will be the cost of sending the message, based on the basic rates. Once we have received notification that you have withdrawn consent, the use of your email address for marketing purposes will cease immediately.

7.3 Newsletter sent out using Klavio

Our email newsletter is sent out using the technical service provider, Klavio, Inc., 125 Summer St, Floor 6 Boston, MA 02111 United States (https://www.klaviyo.com/), to whom we send the data you provided when you registered to receive the newsletter. This data is transmitted to a third party as per Article 6, Section 1, Letter f of the GDPR, and serves our legitimate interest in the use of a promotionally effective, secure, and user-friendly newsletter system.

Klavio uses this information for the purposes of sending out the newsletter, and, at our request, for statistical assessment of the newsletter. For assessment purposes, the emails sent out contain what are called web beacons and/or tracking pixels, which represent single-pixel image files saved on our website. This allows us to ascertain whether a newsletter message has been opened, and, if relevant, which links have been clicked on. Using web beacons Klavio compiles automated general statistics, not related to specific persons, on the response to newsletter campaigns. Based on our legitimate interest in statistical assessment of newsletter campaigns, for the purposes of optimising of marketing communication and improved focus on the interests of the target audience, data relating to the relevant recipient of the newsletter, as per Article 6, Section 1, Letter f of the GDPR, is collected using web beacons (email address, time accessed, IP address, browser type, and operating system), and assessed. This data can be traced to an individual recipient of the newsletter and is processed by Mailchimp in order to compile automated statistics, ascertaining whether a given recipient opened the newsletter email.

If you wish to deactivate data analysis carried out for the purposes of statistical assessment, you will have to unsubscribe to the newsletter.

Klavio may, itself, also use this data as per Article 6, Section 1, Letter f of the GDPR, based on its legitimate interest in arranging and optimising the service based on customer needs, as well as for market research purposes, in order to determine recipients' countries of origin. Klavio does not, however, use the data of those who receive our newsletter in order to write to them, or in order to pass it on to third parties.

For the purpose of protecting your data in the USA, we have signed a data processing agreement with Klavio, based on the European Commission standard contract clause, in order to allow your personal data to be sent to Klavio. If you are interested, this data processing contract may be viewed at the following internet address: https://www.klaviyo.com/privacy/dpa/. Please bear in mind that, as a rule, your data will be sent to the Klavio server in the USA, and stored there. In order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause. You can view Klavio's data protection policy here: https://www.klaviyo.com/privacy/policy

7.4 Notification by email that a given product is available

Insofar as we offer the option, in our online shop, of receiving notifications by email that a given selected item, which was temporarily unavailable, has now become available, you have the option of registering for our product availability email notification service. If you register for our product availability email notification service, we will send you a one-time message via email that the relevant item you selected is available. Your email address is all you need to provide in order to receive the notification. You have the option to provide additional data, allowing us to address the notification to you personally. For the purposes of sending out the notifications we use what is called the double-opt-in procedure. This means that we will only send you the relevant notifications, if you have expressly confirmed that you agree to receive this type of notification. We will then send you a confirmation email that will ask you to click on the relevant link, in order to confirm that you would like to receive this type of notification in the future.

By activating the confirmation link, you give us your consent to use your personal data as per Article 6, Section 1, Letter a of the GDPR. When you register for our product availability email notification service, we save the IP address specified by the internet service provider (ISP), as well as the date and time when you registered, in order to be able to detect if someone else were to potentially misuse your email address at a later point in time. The data collected by us when you register for our product availability email notification service is used exclusively for the purpose of informing you of the availability of a specific item in our online shop. You can unsubscribe from the product availability email notification service at any time by sending a relevant message to the data controller specified initially. As soon as you unsubscribe, your email address will immediately be deleted from our relevant email distribution list, unless you have expressly consented to the further use of your data, or unless we have reserved the right to the further use of your data, within the bounds of the law, in which case we will have notified you in the present Declaration.

8) Data processing for the purposes of processing an order

8.1 In order to process your order, we work in partnership with the following service provider(s) who support us entirely or in part as we implement the contracts we have concluded. Certain personal data is passed on to these service providers, as stated below.

In the context of processing your order, the personal data we collect is passed on to shipment companies tasked with delivery, insofar as this is required for the purposes of delivering the goods. In the context of processing payment, we send your payment details to the credit institution we are using, insofar as this is necessary for processing the payment. Insofar as payment service providers are used, we will explicitly notify you of this below. The legal basis for passing on data is Article 6, Section 1, Letter b of the GDPR.

8.2 Use of payment service providers (payment services)

- Amazon Pay

When the "Amazon Pay" option is selected as the form of payment, payment is made via the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (henceforth: "Amazon Payments"), to which we pass on the information you have shared with us in the context of the order process, along with the information regarding your order as per Article 6, Section 1, Letter b of the GDPR. Your data is shared, exclusively for the purpose of processing the payment, with the payment service provider, Amazon Payments, and only insofar as this is required for this purpose. At the following internet address you can obtain further information on the data protection stipulations for Amazon Payments: https://pay.amazon.com/de/help/201751600

- Apple Pay

if you opt for "Apply Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, then payment will be processed via the "Apple Pay“ function on your end device, operated using iOS, watchOS or macOS, by charging a payment card saved on "Apply Pay". This will involve Apply Pay using security functions which are integrated into the hardware and software for your device, in order to protect your transactions. In order to approve a payment you will need to enter a code you have set previously, and to obtain verification of your identity using the "Face ID" or "Touch ID" function on your end device.

For the purpose of processing the payment, your information, which was shared during the course of the payment procedure, along with the information regarding the order, will be passed on to Apple in encrypted form. Apple then re-encrypts this information using a developer-specific key before the data is sent to the relevant payment service provider (for the payment card saved on Apple Pay) for the purpose of carrying out the payment. The encryption ensures that only the website via which the purchase was actioned is able to access the payment details. Once the payment has been actioned, Apple will send your device account number and a transaction-specific, dynamic security code to the original website to confirm that payment has been made successfully.

Insofar as personal data has been processed during the course of the data transfers described, the data is processed exclusively for the purpose of processing the payment as per Article 6, Section 1, Letter b of the GDPR.

Apple saves anonymised transaction data, including the approximate purchase amount, the approximate date, and the approximate time, as well as specifying whether the transaction was completed successfully. Due to anonymisation, personal identification is completely excluded. Apple uses the anonymised data to improve "Apple Pay" and other Apple products and services.

If you use Apple Pay on the iPhone or Apple Watch to complete a purchase you have actioned via Safari or on the Mac, then the Mac and the authorization device communicate with one another via an encrypted channel on the Apple servers. Apple does not process or save any of this information in a format that would make it possible to identify you. You can deactivate the option of using Apple Pay on your Mac in the settings on your iPhone. Go to "Wallet & Apple Pay", and deactivate "Allow payments on Mac".

You can find further information on data protection for Apple Pay at the following internet address: https://support.apple.com/de-de/HT203027

- Google Pay

If you opt for payment by "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google“), payment will be processed via the "Google Pay" application on your end device, as long it operates using at least version 4.4 of Android ("KitKat") and is available via an NFC function, by charging a payment card registered with Google Pay or using a form of payment verified there (e.g. PayPal). In order to approve payment via Google Pay of more than € 25, you will need to unlock your mobile end device using the relevant form of verification (face recognition, password, fingerprint or pattern).

For the purpose of processing the payment, your information, which was shared during the course of the payment procedure, along with the information regarding the order, will be passed on to Google. Google then passes on your payment information, stored on Google Pay, to the original website in the form of a one-time transaction number. This is used to verify that payment has been successful. This transaction number does not contain any information on the real payment details for your means of payment stored on Google Pay, but is generated and sent as a one-time numeric token. In the case of all transactions via Google Pay, Google only acts as a mediator for processing the payment. This is completed as a transaction, involving only the user and the original website, by charging the means of payment stored on Google Pay.

Insofar as personal data is processed during the course of the data transfer described, this occurs solely for the purpose of processing the payment as per Article 6, Section 1, Letter b of the GDPR.

Google reserves the right, in the case of every payment actioned using Google Pay, to collect, save and assess certain information specific to the payment process. This information includes the date, time and amount of the transaction, the location and a description of the trader, a description, provided by the trader, of the products or services being purchased, photos which you have appended to the transaction, the name and email address of the seller and buyer (or, alternatively, the sender and recipient), the method of payment used, your description of the reason for the transaction and, if relevant, the offer associated with the transaction.

According to Google, this data processing is performed exclusively in accordance with Article 6, Section 1, Letter f of the GDPR, on the basis of a legitimate interest in orderly invoicing, verification of details of the procedure, and optimising and maintaining functionality of the Google Pay service.

Moreover, Google reserves the right to combine the processed data relating to the procedure with other information collected and saved by Google in connection with the use of other Google services.

The conditions of use for Google Pay may be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

You can find more information on data protection for Google Pay at the following internet address:

https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

- Klarna

When you select the Klarna payment service, payment is processed via Klarna Bank AB (publ) [https://www.klarna.com/de], Sveavägen 46, 111 34 Stockholm, Sweden (henceforth, "Klarna“). In order to make it possible for the payment to be processed, your personal details (given name and family name, street, house number, postcode, postal town, gender, email address, telephone number and IP address), as well as data relating to the order (e.g. invoice sum, items, form of delivery), are passed on to Klarna for the purpose of verifying your identity and performing a credit check, insofar as you have expressly given your consent during the course of the order process as per Article 6, Section 1, Letter a of the GDPR. This is where you can see which credit agencies your data may be passed on to:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit check may contain probability values (what are called score values). Insofar as score values are fed into the credit check result, they are based on a scientifically accepted mathematical/statistical process. One element, but not the only one, fed into the score value calculation is address data. The information obtained on the statistical probability of payment default is used by Klarna for weighing up a decision on creating, implementing or terminating a contractual relationship.

You can, at any time, withdraw your consent by sending a message to the data controller or to Klarna. However, where relevant, Klarna remains entitled to process your personal details, insofar as this is required for processing payment as per the contract.

Your personal details are handled in accordance with the data protection stipulations and in line with what is stated in Klarna's data protection policy for residents of Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

or, if relevant, for residents of Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy

- Paypal

In the case of payment using PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "payment on invoice" or "payment in installments" via PayPal, as part of the payment process, we will pass your payment details on to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg (henceforth, "PayPal"). Your details will be passed on as per Article 6, Section 1, Letter b of the GDPR, and only insofar as this is required for processing the payment.

PayPal reserves the right to carry out a credit check in the case of payment by credit card via PayPal, direct debit via PayPal or - if offered - "payment on invoice" or "payment in installments" via PayPal. To this end payment details will, if relevant, be passed on to credit agencies, as per Article 6, Section 1, Letter f of the GDPR, on the basis of PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check in relation to the statistical probability of default with a view to deciding on whether or not to offer a given method of payment. The credit check may also contain probability values (what are called score values). Insofar as score values are fed into the credit check result, they are based on a scientifically accepted mathematical/statistical process. One element, but not the only one, fed into the score value calculation is address data. You can find more information on data protection, including credit agencies used, in PayPal's data protection declaration at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You may, at any time, refuse for your data to be processed in this way by sending a message to PayPal. If this is the case, PayPal nevertheless remains entitled to process your personal data insofar as this is required in order to process payment in accordance with the contract.

- Shopify Payments

We use the payment service provider, "Shopify Payments“, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you opt for a mode of payment using the payment service provider "Shopify Payments", then payment will be processed via the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we will pass on the information shared during the order process, along with information relating to your order (name, address, account number, sort code, credit card number (if relevant), invoice sum, currency and transaction number), as per Article 6, Section 1, Letter b of the GDPR. Your data is passed on exclusively for the purpose of processing the payment with Stripe Payments Europe Ltd. and only insofar as this is necessary. You can find more detailed information data protection for Shopify Payments at the following internet address: https://www.shopify.com/legal/privacy.

Legal information on data protection relating to Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy

- SOFORT

When you select SOFORT as the payment method, the payment is processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (henceforth, "SOFORT"), to which we pass on the information shared during the course of the order process, along with information on your order, as per Article 6, Section 1, Letter b of the GDPR. Sofort GmbH forms part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data is shared, exclusively for the purpose of processing the payment, with the payment service provider, SOFORT, and only insofar as this is required for this purpose. At the following internet address, you can obtain more information on SOFORT's data protection stipulations: https://www.klarna.com/sofort/datenschutz

9) Making contact with you to remind you to leave a review

We send out our own reminder for you to leave a review (this is not sent out via a customer review system)

We use your email address to send out a one-time reminder to leave a review of your order on the review system we use, as long as, for this purpose, during or after your order, you have expressly given your consent as per Article 6, Section 1, Letter a of the GDPR.

You may withdraw your consent at any time by sending a message to the data controller.

10) Online marketing

10.1 Facebook Pixel for creating Custom Audiences with enhanced data matching

Our online presence uses what is called "Facebook Pixel" from the social network Facebook in the form of enhanced data matching, operated by Facebook Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Facebook“).

Based on having obtained their express consent, if a user clicks on a web ad featured by us and shown in Facebook, Facebook Pixel appends a suffix to the URL of our linked page. Once the user has been redirected in the browser, this URL parameter is then registered by means of a cookie placed by our linked page. In addition, this cookie collects specific customer data such as, for example, the email address, which we collect on our website linked to the Facebook ad during processes such as purchases, applications to open an account or registrations (extended data matching). The cookie is then read by Facebook Pixel, and this allows the data, including the specific customer details, to be forwarded to Facebook. The information generated by Facebook is, as a rule, transferred to a Facebook server, and saved there, whereby data may be sent to servers belonging to Facebook Inc. in the USA. In order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.

Using Facebook Pixel with enhanced data matching, Facebook is able to precisely determine who has visited our online presence, creating a target group to be shown ads (what are called "Facebook ads"). Thus, we use Facebook Pixel with enhanced data matching so that we only show our Facebook ads to those Facebook users who have also shown an interest in our online presence, or who meet various criteria (e.g. interest in particular topics or products, determined by websites they have visited) we have communicated to Facebook (what are called "custom audiences"). Using Facebook Pixel with extended data matching we also want to ensure that our Facebook Ads match users' potential interests, and are not annoying. This allows us to assess the effectiveness of Facebook ads for the purposes of statistics and market research by understanding whether users were redirected to our site having clicked on a Facebook ad (what is called "conversion"). Compared to the standard version of Facebook Pixel, the enhanced data matching function helps us to better measure the effectiveness of our advertising campaigns by detecting more assigned conversions.

All data passed on is stored and processed by Facebook, so it can be traced to a given user profile, and Facebook can use the data for its own advertising purposes in line with the Facebook guidelines on the use of data (https://www.facebook.com/about/privacy/). The data in question can allow Facebook and its partners to show ads on Facebook and beyond.

This data processing occurs exclusively in the case of you giving your express consent, as per Article 6, Section 1, Letter a of the GDPR. You can withdraw your consent at any time by deactivating Facebook Pixel tracking. To this end, by clicking on the following link, you can place an opt-out cookie, which deactivates Facebook Pixel tracking:

Deactivate Facebook Pixel

This opt-out cookie only functions in this browser and only for this domain. If you deleted your cookies in this browser, you will need to click on the link above again.

10.2 Use of Google Ads Conversion Tracking

This website uses the online "Google Ads" advertising program, and, in connection with Google Ads, conversion tracking from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google“). We use what Google Ads has to offer, using these marketing tools (what are called Google Adwords) to draw attention, on external webpages, to our appealing offers. The data from the advertising campaigns allows us to determine how successful individual advertising activities have been. Thus, we are motivated by a desire to show you advertising which you are interested in, to present our website in a way which is more interesting for you, and to achieve a fair calculation of the advertising costs payable.

The cookie for conversion tracking is placed, if a user clicks on one of the ads displayed by Google. Cookies are small text files that are saved on your end device. As a rule, these cookies expire after 30 days and cannot be used to identify someone personally. If the user visits particular pages on this website, and if the cookie has not expired, Google and we can tell that the user has clicked on the ad, and has been forwarded to this page. Each Google Ads customer gets a different cookie. So cookies cannot be traced via the websites of Google Ads customers. The information gathered using the conversion cookie serves the purpose of compiling statistics for Google Ads customers who have chosen conversion tracking. Customers can see the total number of users who have clicked on their ad and have been forwarded to a page featuring a conversion tracking tag. However, they do not receive any information which would allow users to be personally identified. If you don't want to take part in tracking, you can block this use by deactivating the Google conversion tracking cookie via your internet browser using the keyword "user settings". Then you will not be included in the conversion tracking statistics. We only place Google Ads with your consent as per Article, Section 1, Letter a of the GDPR. In connection with using Google Ads, it is possible that your personal data may be sent to Google LLC. servers in the USA. In order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.

At the following internet address, you can obtain more information on Google's data protection policy: https://www.google.de/policies/privacy/

You can permanently deactivate cookies relating to ad preferences by blocking these using the relevant setting in your browser software, or by downloading and installing the browser plug-in available at the following link:

https://www.google.com/settings/ads/plugin?hl=de

Please note that it may not be possible to use some functions on this website, or their use may be limited if you deactivate the use of cookies.

Insofar as this is a legal requirement, we have obtained your consent for processing your data, as described above in accordance with Article 6, Section 1, Letter a of the GDPR. You may, at any time, withdraw the consent you have granted with future effect. In order to exercise your right to withdraw consent, please follow the procedure for filing your objection set out above.

10.3 Google Marketing Platform

This webpage uses the online marketing tool, Google Marketing Platform, operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("GMP").

GMP places cookies in order to show users relevant ads, to improve reports on campaign performance, or to avoid a user seeing the same ads several times. Using a cookie ID, Google finds out which ads have been displayed in which browsers, and so can avoid these being displayed more than once. The data is processed based on your consent as per Article 6, Section 1, Letter a of the GDPR.

Moreover, GMF can use cookie IDs, also register what are called conversions, which relate to inquiries in respect of the ad. This is the case if a user sees a GMP ad, and later, using the same browser, accesses the advertiser's website and, via the website, makes a purchase. According to Google, the GMP cookies do not contain any person-related information.

Based on the marketing tools used, your browser automatically sets up a direct connection with the Google server. We do not have any influence on the volume and further use of data collected by Google using this tool, and therefore hereby inform you of what we know: by embedding GMP, Google obtains the information that you have accessed the relevant part of our internet presence, or have clicked on one of our ads. As long as you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google, or have not logged in, there is a possibility of your provider finding out and saving your IP address. In connection with using GMP, it is possible that your personal data may be sent to Google LLC. servers in the USA. In order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.

If you do not wish to take part in this tracking process, you can deactivate cookies for conversion tracking by configuring your browser so that cookies from the www.googleadservices.com domain are blocked (see https://www.google.de/settings/ads). This setting is cleared if you deactivate your cookies. Alternatively, you can find out about the placing of cookies from the Digital Advertising Alliance at www.aboutads.info, and configure your settings accordingly. Finally, you can configure your browser so that you are notified when cookies are being placed, and only accept cookies on a case-by-case basis, or exclude cookies being placed in particular cases or in general. If you do not accept cookies, the functionality of our website may be impaired.

At the following internet address you can obtain more information on Google's data protection policy: https://www.google.de/policies/privacy/

11) Web analysis services

Google (Universal) Analytics

Google (Universal) Analytics with Google Signals

This website uses Google (Universal) Analytics, a web analysis service from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google (Universal) Analytics uses what are called "cookies", which are text files that are saved on your computer, and allow use of the website to be analysed. The information on the use of this website (included the abbreviated IP address) generated by the cookie, is, as a rule, sent to a Google server and saved there. In this connection, it is possible that the information will be sent to the servers at Google LLC. in the USA.

This website uses Google (Universal) Analytics exclusively with the "_anonymizeIp()" extension, ensuring that the IP address is anonymised, and excluding the possibility of it being directly linked to a particular individual. The extension means that Google previously shortens the IP address within the European Union and European Economic Area. In exceptional cases only, the full IP address will be sent to a Google LLC. server in the USA, and shortened there. In order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.

At our request, Google uses this information to assess your use of the website, in order to produce reports on website activity, and to provide additional services for us, related to the use of the website and of the internet. The IP address communicated by your browser in connection with Google (Universal) Analytics is not merged with other Google data.

You can prevent cookies being saved by configuring your browser software accordingly. However, we advise you that in this case not all of the functions on this website can be used to their full extent. Over and above this, you can block the data generated by the cookie and related to your use of the website (incl. your IP address) being sent to Google, and this data being processed by Google, by downloading and installing the browser plug-in available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plug-in or in browsers on mobile devices, please click on the following link to place an opt-out cookie which will block Google Analytics from gathering any data on this website in future (this opt-out cookie only functions in this browser and only for this domain. If you delete your cookies in this browser, you have to click on this link again:

Deactivate Google Analytics

Further information on Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de

This website also uses the Google Signals service as an extension of Google Analytics Google Signals allow us to perform cross device tracking using Google. Insofar as you have activated "personalised ads" in the settings on your Google account, and have linked your internet-enabled devices with your Google account, Google can perform cross-device analysis of your user behaviour, and, on that basis, create database models. This takes into consideration the log-ins and device types of all those who have visited the page, who are logged into a Google account and have performed a conversion. Among other things, the data shows what device you were on when you first clicked on an ad, and on what device the associated conversion occurred. This does not mean that we obtain personal data from Google, but rather only on the basis of statistics produced by Google Signals. The data is processed as per Article 6, Section 1, Letter a of the GDPR, based on your consent.

12) Retargeting/ Remarketing/ Recommendations

Bing Ads (Microsoft Corporation) Universal Event Tracking

This website uses universal event tracking related to "Bing Ads“ conversion tracking technology by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA).

For the purpose of universal event tracking, a tag has been saved on each page on our website, which interacts with the conversion cookie placed by Microsoft Bing Ads. This interaction allows user behaviour on our website to be tracked, and sends the relevant information collected in this regard to Microsoft Bing Ads. The purpose of this is to be able to statistically measure and assess certain outcomes such as, for example, purchases or leads, in order to tailor the focus and content of what we offer more in line with customer interest. At no time do the tags allow users to be personally identified.

To the extent to which the information on user behaviour sent to Microsoft Bing Ads contains personal user data, this occurs in accordance with Article 6, Section 1, Letter a of the GDPR, on the basis of you giving your consent. Insofar as the data is sent to the USA, In order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.

If you do not wish to participate in tracking, you can opt out by deactivating the Bing Ads conversion tracking cookie in the user settings in your internet browser. You will not then be included in the Conversion Tracking statistics. Alternatively, using the deactivation page for users in the EU http://www.youronlinechoices.com/de/praferenzmanagement/

, you can check whether ad cookies from Microsoft have been placed in your browser, and deactivate them.

At the following internet address you can obtain further information on the Microsoft Bing Ads data protection stipulations: https://privacy.microsoft.com/de-de/privacystatement.

Google Ads Remarketing

Our website uses the functions of Google Ads Remarketing. We use this to advertise for our website in the Google search results, as well as on third party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). To this end Google places a cookie in the browser on your end device, which automatically, using a pseudonymous cookie ID, based on the pages you have visited, allows us to show you advertising based on your interests. This data processing is based on you giving your consent as per Article 6, Section 1, Letter a of the GDPR.

Any data processing over and beyond this will only be performed insofar as you have agreed with Google that your internet and app browser use is linked with your Google account, and that information from your Google account may be used to personalise the ads you see on the web. If, in this case, when you visit pages on our website, you are logged into Google, then Google will use your data, along with Google Analytics data, to create and define target group lists for the purposes of cross-device remarketing. To this end Google temporarily links your personal data to Google Analytics data, in order to form target groups. In the context of using Google Ads Remarketing your personal data may be sent to Google LLC. servers in the USA.

You can permanently deactivate the placing of cookies for ad preferences by downloading and installing a browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/

Alternatively, you can find out about the placing of cookies from the Digital Advertising Alliance at the following URL: www.aboutads.info, and configure your settings accordingly. Finally, you can configure your browser so that you are notified when cookies are being placed, and only accept cookies on a case-by-case basis, or exclude cookies being placed in particular cases or in general. If you do not accept cookies, this may limit the functionality of our website.

Given the possibility that personal data may be sent to the USA, in order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause. You can see more information, and the relevant data protection stipulations in respect of advertising and Google, at the following URL:

https://www.google.com/policies/technologies/ads/

Pinterest Tag conversion tracking

This website uses "Pinterest Tag“ conversion tracking technology from Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest“).

Insofar as you have reached our website via a Pin on Pinterest, we will place a cookie on your computer which interacts with a "tag", implemented likewise, in the form of a JavaScript code from Pinterest. Cookies are small text files that are saved on your end device. These cookies expire after 180 days and cannot be used for personal identification.

If the user has been redirected to our website by a Pin on Pinterest, and if the cookie has not expired, the tag detects certain user actions we have pre-determined, and can track these (e.g. transactions completed, leads, search requests, product pages accessed). If you perform this action, your browser will send an HTTP request, via the Pinterest tag from the cookie, to the Pinterest server, with particular information on the action in question (among others, type of action, time, and browser type on end device). Given the possibility that personal data may be sent to the USA, in order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.

Sending the data in this way allows Pinterest to compile statistics on user behaviour on our website after users have been redirected from a Pinterest Pin,; we use these statistics to optimise what we have to offer.

Insofar as personal data is processed in this connection, this is in accordance with Article 6, Section 1, Letter a of the GDPR on the basis of your consent.

However, we do not receive any information which would allow users to be personally identified.

If you do not wish to participate in tracking, you can decline this by deactivating the Pinterest Tag conversion tracking cookie under user settings in your internet browser. You will not then be included in the conversion tracking statistics. Alternatively, using the deactivation page for users in the EU http://www.youronlinechoices.com/de/praferenzmanagement/

, you can check whether ad cookies from Microsoft have been placed in your browser, and deactivate them.

At the following internet address you can obtain further information on Pinterest's data protection stipulations: https://policy.pinterest.com/de/privacy-policy.

13) Using a live chat system

Our own live chat system

On this website, in order to operate a live chat system for answering live requests, your chat name and the chat content you share are collected as data, and saved for the duration of the chat. The chat and your chosen chat-name are only stored in what is called RAM (Random Access Memory), and immediately deleted, as soon as we or you have ended the chat, however, no later than 2 hours after the last message in the chat conversation. Cookies are used for operating the chat function. Cookies allow us to identify the internet browser used by the person visiting the page, in order to differentiate between different users of the chat function on our internet page.

Insofar as the information gathered allows a person to be identified, this data processing is on the basis of Article 6, Section 1, Letter f of the GDPR, namely on the basis of our legitimate interest in effective customer care and the statistical analysis of user behaviour with a view to achieving optimisation. Cookies are placed on the basis of you giving your consent, as per Article 6, Section 1, Letter b of the GDPR.

In order to avoid cookies being saved, you can configure your internet browser, so that cookies cannot be stored on your computer in future and/or so that cookies that have already been stored are deleted. If you switch off all cookies, this can, however, mean that the chat function on our internet site will no longer work.

14) Tools and other things

14.1 Google reCAPTCHA

On this website we also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google“). Above all, this function is used for determining whether information has been entered by a human person or, fraudulently, by a machine or automated means. The service encompasses sending Google the IP address and, if relevant, other data required by Google for the reCAPTCHA service, and this takes place in accordance with Article 6, Section 1, Letter f of the GDPR on the basis of our legitimate interest in establishing individual responsibility on the internet, and the avoidance of misuse and spam. In connection with using reCAPTCHA from Google, personal data may also be sent to the Google LLC. servers in the USA. Insofar as the data is sent to the USA, in order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.

You can find more information on Google reCAPTCHA, as well as Google's data protection declaration, at: https://www.google.com/intl/de/policies/privacy/

14.2 Google customer reviews (previously Google's certified trader program)

We work in partnership with Google as part of the "Google customer reviews" program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This program allows us to receive customer reviews from users of our website. This involves you being asked after you have made a purchase on our website, whether you would like to take part in an email survey from Google. If you give your consent, as per Article 6, Section 1, Letter a of the GDPR, we will pass your email address on to Google. You will receive an email from Google customer reviews, which will ask you to evaluate your customer experience on our website. Your evaluation will then be combined with other evaluations and displayed under our Google customer reviews logo, and on our Merchant Center dashboard. Your evaluation will also be used for Google Seller evaluations. In connection with using Google Customer Reviews, it is possible that your personal data may be sent to Google LLC. servers in the USA. Insofar as the data is sent to the USA, in order to guarantee an adequate level of data protection, the provider has implemented what is referred to as the European Union standard contract clause. In addition, we carry out case-by-case risk analysis in order to ensure data protection over and above the standard contract clause.

At the following link, you can access more information on Google's data protection in connection with the Google Customer Review program: https://support.google.com/merchants/answer/7188525?hl=de

You can read more information on data protection in connection with Google Buyer Reviews at the following link: https://support.google.com/google-ads/answer/2375474

14.3 Advertising for vacant positions by email

On our website, in a separate section, we advertise vacant positions which those interested can apply for using our staff management tool, BambooHR.

Being accepted into the application process assumes that applicants, along with the application uploaded, will provide us with the necessary personal data to allow us to make a well-grounded and informed assessment of their application, and to select the successful candidate accordingly.

The necessary details include general information on the individual (name, address, telephone or electronic contact details), as well as specific evidence in respect of the qualifications for the position in question. If relevant, health-related data is also required, which must be taken into consideration from the particular perspective of employment law and social legislation, in the interests of the social protection of the person applying.

As to the particular elements your application must contain in order for you to be considered for the position, and in what form these elements should be communicated by email, please refer to the relevant job posting.

Once the advertising has been sent out to the contact email address provided, we save the applicant's data and assess it exclusively for the purpose of processing the application. For any follow-up questions which may arise during the course of processing the application, we will use, at our discretion, either the email address provided by the applicant along with their application, or the telephone number they gave.

The legal basis for processing this data, including making contact in the case of follow-up questions, is essentially Article 6, Section 1, Letter b of the GDPR in conjunction with § 26, Section 1 of the German Federal Data Protection Act (BDSG), pursuant to which the application process qualifies as initiating a work contract.

Insofar as, during the course of the application process, special categories of personal data as per Article 9, Section 1 of the GDPR (e.g. health details, such as information on major disability) are requested of applicants, the data processing is performed in accordance with Article 9, Section 2, Letter b of the GDPR, so that we respect the rights arising from labour legislation and the right to social security and social protection, and are able to fulfil our obligations in this regard.

Cumulatively or alternatively, the processing of special categories of data can also be based on Article 9, Section 1, Letter h of the GDPR, if it takes place for the purpose of healthcare or occupational healthcare, for assessing the applicant's fitness to work, for the purposes of medical diagnosis, for healthcare or treatment in the area of healthcare or social services, or for the administration of systems and services in the area of healthcare or social services.

If, during the course of the evaluation described above, a given application is not chosen, or they withdraw their application beforehand, then, after due notification, all the data they have shared by email, as well as the entire electronic correspondence, including the original application email, will be deleted within 6 months at the latest. This period of retention is based on our legitimate interest in answering any follow-up questions on the application, and, if relevant, to be able to fulfil our obligations to provide supporting evidence in respect of the rules on the equal treatment of applicants.

In the case of a successful application, the data provided is further processed based on Article 6, Section 1, Letter b of the GDPR in conjunction with § 26, Section 1 of the German Federal Data Protection Act (BDSG) for the purpose of establishing the employment relationship.

15) Rights of the affected person

15.1 Current data protection legislation guarantees you wide-ranging rights as an affected person vis-à-vis the data controller in respect of the processing of your personal data (right to information and right to intervene), as we will explain below:

Right of access as per Article 15 of the GDPR: In particular, you have a right of access to your personal data processed by us, the purpose for which they are being processed, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned period of retention or the criteria for setting the period of retention, the applicability of a right of rectification, erasure or restriction of processing, objection to processing, complaints to supervisory bodies, the source of your data (if this was not collected from you), the presence of automated decision-making, including profiling and significant information on the logic involved, and the scope and intended effects of the data processing in question, as well as your right of rectification, and what guarantees apply in respect of your data being forwarded to third countries, as per Article 46 of the GDPR;
Right to rectification as per Article 16 of the GDPR: You have the right to rectify data that is inaccurate about you immediately, and/or to complete data we hold which is incomplete;
"Right to be forgotten" as per Article 17 of the GDPR: You have the right to demand that your personal data is deleted, if the conditions set out in Article 17, Section 1 of the GDPR are met. This right however does not apply, in particular, if data processing is required for the exercise of the right to free expression and right to information, in order to fulfil a legal obligation, on the grounds of the public interest, or in order to assert, exercise or defend a person's rights:
Right to restrict processing of data as per Article 18 of the GDPR: You have the right to demand that processing of your personal data be restricted, as long as the accuracy of the data you are contesting can be verified, if you decline for your data to be deleted on the grounds of impermissible data processing, and, instead, demand that its processing be restricted, should you require your data to assert, exercise or defend your rights, after we no longer require the data in question for the purpose for which it was collected, or if you have lodged an objection based on your specific circumstances, unless it has been established that our legitimate grounds outweigh yours;
Right of rectification as per Article 19 of the GDPR: If you have asserted your right, vis-a-vis the data controller, to rectify, erase or restrict processing of data, then they are obligated to notify each recipient to whom the personal data has been disclosed, of its rectification or deletion or restriction of its processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed as to who these recipients are.
Right to data portability as per Article 20 of the GDPR: You have the right to obtain your personal data, which you have provided us with, in a structured, accessible and machine-readable format, or to demand that this be sent to another designated person, insofar as this is technically feasible:
Right to withdraw consent as per Article 7, Section 3 of the GDPR: You have the right, at any time, to withdraw, with future effect, consent you have given for your data to be processed. In the case of consent being withdrawn, we will immediately delete the data in question, insofar as there is no legal basis for further processing of the data without your consent. In the case of consent being withdrawn, this does not affect the legality of the data having been processed prior to consent having been withdrawn:
Right to complain as per Article 77 of the GDPR: If you are of the view that your personal data has been processed in violation of the GDPR, you have the right - irrespective of any other administrative or legal proceedings - to lodge a complaint with a supervisory body, in particular in the Member State where you are resident, where you work or where the offence allegedly took place.

15.2 RIGHT OF OBJECTION

IF, IN THE CONTEXT OF WEIGHING UP COMPETING INTERESTS, WE PROCESS YOUR DATA BASED ON A PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT, AT ANY TIME, FOR REASONS BASED ON YOUR PERSONAL CIRCUMSTANCES, TO FILE AN OBJECTION TO YOUR DATA BEING PROCESSED WITH FUTURE EFFECT.

IF YOU MAKE USE OF THIS RIGHT, WE WILL CEASE TO PROCESS THE DATA OF THE AFFECTED PERSON, HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESS YOUR DATA, IF WE CAN PROVE COMPELLING, DEFENSIBLE GROUNDS FOR PROCESSING IT, WHICH OUTWEIGH YOUR INTERESTS, BASIC RIGHTS AND BASIC FREEDOMS, OR IF PROCESSING THE DATA SERVES THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING A PERSON'S RIGHTS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT, AT ANY TIME, TO FILE AN OBJECTION TO THE RELEVANT PERSONAL DATA BEING PROCESSED FOR THE PURPOSE OF THIS KIND OF MARKETING. YOU CAN EXERCISE YOUR RIGHT OF OBJECTION IN THE MANNER DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL CEASE PROCESSING THE DATA AFFECTED FOR THE PURPOSES OF DIRECT MARKETING.

16) Retention period for personal data

The retention period for personal data depends on the relevant legal basis, the purpose for which they are processed, and - if applicable - any additional period of retention on statutory grounds (e.g. retention periods due to trade and tax legislation).

When personal data is processed based on express consent, as per Article 6, Section 1, Letter a of the GDPR, this data is retained until the affected person withdraws their consent.

If there are statutory retention periods for data processed in the context of contractual or similar obligations, on the basis of Article 6, Section 1, Letter b of the GDPR, then the data in question is routinely deleted once the retention periods have expired, provided that the data is not required for implementing or setting up a contract, and/or, from our side, that there is no longer a legitimate interest in it being stored for a further period of time.

In the case of data processing on the basis of Article 6, Section 1, Letter f of the GDPR, this data is stored as long as the affected party does not exercise their right of objection as per Article 21, Section 1 of the GDPR, unless we can prove that there are compelling, defensible grounds which outweigh the interests, rights and freedoms of the affected person, or if processing of the data can be used to assert, exercise or defend a person's rights.

When processing personal data for the purpose of direct marketing on the basis of Article 6, Section 1, Letter f of the GDPR, the data in question is saved as long as the affected party does not exercise their right of objection as per Article 21, Section 2 of the GDPR.

Unless otherwise specified elsewhere in the present Declaration, in respect of specific instances of data processing, any other personal data which has been saved will be deleted if it is no longer required for the purposes for which it was collected or otherwise processed.

Data Protection Declaration