Privacy Policy
Table of Contents
Controller
Overview of Processing Activities
Relevant Legal Bases
Security Measures
Transfer of Personal Data
Data Processing in Third Countries
Deletion of Data
Use of Cookies
Liability for Content
Dispute Resolution Procedure
Business Services
Payment Procedures
Registration, Login and User Account
Contact and Inquiry Management
Newsletter and Electronic Notifications
Promotional Communication via Email, Post, Fax or Telephone
Web Analytics, Monitoring and Optimization
Online Marketing
Customer Reviews and Rating Procedures
Plugins and Embedded Functions and Content
Changes and Updates to the Privacy Policy
Controller
Overview of Processing Activities
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.
Types of Data Processed
Master data.
Payment data.
Contact data.
Content data.
Contract data.
Usage data.
Meta, communication and procedural data.
Categories of Data Subjects
Customers.
Prospective customers.
Communication partners.
Users.
Business and contractual partners.
Purposes of Processing
Provision of contractual services and customer service.
Contact requests and communication.
Security measures.
Direct marketing.
Reach measurement.
Tracking.
Office and organizational procedures.
Remarketing.
Conversion measurement.
Administration and response to inquiries.
Feedback.
Marketing.
Profiles with user-related information.
Provision of our online offering and user-friendliness.
Relevant Legal Bases
Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.
Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – The data subject has given consent to the processing of personal data concerning them for one specific purpose or several specific purposes.
Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
In addition to the data protection regulations of the GDPR, national data protection regulations apply in Switzerland. This includes in particular the Federal Act on Data Protection (FADP). The FADP applies in particular when no EU/EEA citizens are affected and, for example, only data of Swiss citizens are processed.
Security Measures
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances and purposes of the processing, as well as the differing likelihood of occurrence and severity of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, transfer of, safeguarding the availability of, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to threats to the data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection, through technology design and through privacy-friendly default settings.
TLS encryption (https): In order to protect your data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in your browser’s address bar.
Transfer of Personal Data
In the context of our processing of personal data, it may occur that the data are transferred to other bodies, companies, legally independent organizational units or persons or disclosed to them. Recipients of these data may include, for example, service providers entrusted with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and in particular conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.
Data Processing in Third Countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is done only in accordance with the legal requirements.
Subject to explicit consent or contractually or legally required transfer, we process or have the data processed only in third countries with a recognized level of data protection, contractual obligation through so-called standard data protection clauses of the EU Commission, where certifications or binding internal data protection regulations are in place (Art. 44 to 49 GDPR, information page of the EU Commission).
Deletion of Data
The data processed by us will be deleted in accordance with the legal requirements as soon as the consents permitting processing are revoked or other permissions cease to apply (e.g., if the purpose of processing these data no longer applies or they are no longer necessary for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted to these purposes. I.e., the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.
Our privacy notices may also contain further information on the retention and deletion of data, which shall take precedence for the respective processing operations.
Use of Cookies
Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, in order to store the login status in a user account, a shopping cart content in an e-shop, the accessed content or used functions of an online offering. Cookies can also be used for different purposes, e.g., for the purposes of functionality, security and convenience of online offerings as well as the creation of analyses of visitor flows.
Notes on consent: We use cookies in accordance with the statutory provisions. Therefore, we obtain prior consent from users unless this is not required by law. Consent is particularly not necessary if the storage and reading of information, including cookies, is strictly necessary in order to provide the users with a telemedia service expressly requested by them (i.e., our online offering). The revocable consent is clearly communicated to users and contains the information about the respective cookie use.
Notes on data protection legal bases: The legal basis under data protection law on which we process users’ personal data with the help of cookies depends on whether we ask users for consent. If the users consent, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the help of cookies are processed on the basis of our legitimate interests (e.g., in an economically efficient operation of our online offering and improvement of its usability) or, if this occurs in the context of fulfilling our contractual obligations, if the use of cookies is necessary in order to fulfill our contractual obligations. The purposes for which the cookies are processed by us are clarified by us in the course of this privacy policy or in the context of our consent and processing procedures.
Storage Duration
With regard to storage duration, the following types of cookies are distinguished:
Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).
Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be stored or preferred content can be displayed directly when the user visits a website again. Likewise, the user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information on the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are permanent and that the storage duration may be up to two years.
General notes on withdrawal and objection (opt-out): Users can withdraw the consents they have given at any time and can also object to the processing in accordance with the statutory provisions in Art. 21 GDPR. Users can also declare their objection via the settings of their browser, e.g., by deactivating the use of cookies (whereby this may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via corresponding opt-out websites.
Further Notes on Processing Operations, Procedures and Services
Processing of cookie data on the basis of consent: We use a cookie consent management procedure in the context of which the users’ consents to the use of cookies, or the processing operations and providers named in the cookie consent management procedure, can be obtained and managed and withdrawn by the users. In this process, the declaration of consent is stored in order not to have to repeat its request and in order to be able to prove consent in accordance with the legal obligation. Storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual information on the providers of cookie management services, the following notes apply: The duration of storage of the consent may be up to two years. In this process, a pseudonymous user identifier is formed and stored together with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers), as well as the browser, system and end device used.
Liability for Content
As a service provider, we are responsible for our own content on these pages in accordance with general laws pursuant to § 7 para. 1 TMG. According to §§ 8 to 10 TMG, however, we as a service provider are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity.
Obligations to remove or block the use of information under general laws remain unaffected by this. However, liability in this respect is only possible from the time of knowledge of a specific infringement. Upon becoming aware of corresponding infringements, we will remove this content immediately.
Liability for Links
Our offering contains links to external third-party websites, on whose content we have no influence. Therefore, we cannot assume any liability for this external content either. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time of linking. Illegal contents were not recognizable at the time of linking.
However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of an infringement. Upon becoming aware of infringements, we will remove such links immediately.
Copyright
The content and works created by the site operators on these pages are subject to Swiss copyright law. Reproduction, editing, distribution and any kind of use outside the limits of copyright require the written consent of the respective author or creator. Downloads and copies of this page are permitted only for private, non-commercial use.
Insofar as the content on this page was not created by the operator, the copyrights of third parties are respected. In particular, third-party content is marked as such. Should you nevertheless become aware of a copyright infringement, we ask you to notify us accordingly. Upon becoming aware of infringements, we will remove such content immediately.
Dispute Resolution Procedure
We are neither willing nor obliged to participate in dispute resolution proceedings before a consumer arbitration board.
Business Services
We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as “contractual partners”) within the context of contractual and comparable legal relationships as well as related measures and within the context of communication with the contractual partners (or pre-contractually), e.g., in order to answer inquiries.
We process these data in order to fulfill our contractual obligations. These include in particular the obligations to provide the agreed services, any updating obligations and remedy in the event of warranty and other service disruptions. In addition, we process the data in order to protect our rights and for the purposes of the administrative tasks associated with these obligations as well as the organization of the company. Furthermore, we process the data on the basis of our legitimate interests in proper and economically efficient business management as well as in security measures to protect our contractual partners and our business operations against misuse, endangerment of their data, secrets, information and rights (e.g., for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we pass on the data of contractual partners to third parties only insofar as this is necessary for the aforementioned purposes or to fulfill legal obligations. The contractual partners are informed about further forms of processing, e.g., for marketing purposes, within the framework of this privacy policy.
We inform the contractual partners which data are required for the aforementioned purposes before or in the course of data collection, e.g., in online forms, by special marking (e.g., colors) or symbols (e.g., asterisks or similar), or personally.
We delete the data after expiry of statutory warranty and comparable obligations, i.e., in principle after expiry of 4 years, unless the data are stored in a customer account, e.g., as long as they must be retained for legal reasons of archiving. The statutory retention period is ten years for tax-relevant documents as well as for commercial books, inventories, opening balance sheets, annual financial statements, the work instructions required for understanding these documents and other organizational documents and accounting records, and six years for received commercial and business letters and reproductions of dispatched commercial and business letters. The period begins at the end of the calendar year in which the last entry in the book was made, the inventory, opening balance sheet, annual financial statement or management report was drawn up, the commercial or business letter was received or dispatched or the accounting document arose, furthermore the record was made or the other documents arose.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Processed data types: Master data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., email, telephone numbers); contract data (e.g., subject matter of contract, term, customer category); usage data (e.g., visited websites, interest in content, access times); meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, consent status).
Data subjects: Customers; interested parties; business and contractual partners.
Purposes of processing: Provision of contractual services and customer service; security measures; contact requests and communication; office and organizational procedures; administration and response to inquiries; conversion measurement (measurement of the effectiveness of marketing measures); profiles with user-related information (creation of user profiles).
Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Further Notes on Processing Operations, Procedures and Services
Customer account: Contractual partners can create an account within our online offering (e.g., customer or user account, in short “customer account”). If the registration of a customer account is required, contractual partners are informed of this as well as of the information required for registration. The customer accounts are not public and cannot be indexed by search engines. In the course of registration as well as subsequent logins and use of the customer account, we store the IP addresses of the customers together with the access times in order to be able to prove the registration and to prevent any misuse of the customer account. If customers have terminated their customer account, the data concerning the customer account will be deleted, subject to their retention being required for legal reasons. It is the responsibility of the customers to secure their data after termination of the customer account; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).
Watch list/wish list: Customers can create a product/wish list. In this case, the products are stored within the framework of fulfilling our contractual obligations until the account is deleted, unless the product list entries are removed by the customer or we explicitly inform the customer of deviating storage periods; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).
Economic analyses and market research: For business management reasons and in order to be able to recognize market trends and wishes of contractual partners and users, we analyze the data available to us regarding business transactions, contracts, inquiries, etc., whereby the group of data subjects may include contractual partners, interested parties, customers, visitors and users of our online offering. The analyses are carried out for the purpose of business evaluations, marketing and market research (e.g., to determine customer groups with different characteristics). In doing so, if available, we can take into account the profiles of registered users together with their information, e.g., on services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with aggregated, i.e., anonymized values. Furthermore, we take into consideration the privacy of the users and process the data for analysis purposes as pseudonymously as possible and, where feasible, anonymously (e.g., as aggregated data); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Shop and e-commerce: We process the data of our customers in order to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and delivery, or execution. Insofar as required for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, in order to carry out the delivery or execution to our customers. For the processing of payment transactions, we make use of the services of banks and payment service providers. The required information is marked as such within the scope of the ordering or comparable purchase process and includes the information required for delivery or provision and invoicing as well as contact information in order to be able to hold any consultation; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).
Craft services: We process the data of our customers as well as clients (hereinafter uniformly referred to as “customers”) in order to enable them to select, purchase or commission the selected services or works as well as related activities and their payment and delivery or execution or provision. The required information is marked as such within the framework of the order, purchase order or comparable contract conclusion and includes the information required for delivery and invoicing as well as contact information in order to be able to hold any consultations; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).
Project and development services: We process the data of our customers as well as clients (hereinafter uniformly referred to as “customers”) in order to enable them to select, purchase or commission the selected services or works as well as related activities and their payment and provision or execution or performance. The required information is marked as such within the framework of the order, purchase order or comparable contract conclusion and includes the information required for service provision and invoicing as well as contact information in order to be able to hold any consultations. Insofar as we gain access to information of end customers, employees or other persons, we process these in accordance with the statutory and contractual requirements; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).
Technical services: We process the data of our customers as well as clients (hereinafter uniformly referred to as “customers”) in order to enable them to select, purchase or commission the selected services or works as well as related activities and their payment and provision or execution or performance. The required information is marked as such within the framework of the order, purchase order or comparable contract conclusion and includes the information required for service provision and invoicing as well as contact information in order to be able to hold any consultations. Insofar as we gain access to information of end customers, employees or other persons, we process these in accordance with the statutory and contractual requirements; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).
Business consulting: We process the data of our customers, clients as well as interested parties and other clients or contractual partners (uniformly referred to as “customers”) in order to be able to provide them with our contractual or pre-contractual services, in particular consulting services. The processed data, the type, scope, purpose and necessity of their processing are determined by the underlying contractual and business relationship. Insofar as it is necessary for the fulfillment of our contract or required by law, or where the customers’ consent exists, we disclose or transfer the data of the customers, taking into account professional law requirements, to third parties or agents, such as authorities, courts or in the area of IT, office or comparable services; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).
Payment Procedures
Within the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and for this purpose use other service providers in addition to banks and credit institutions (collectively “payment service providers”).
The data processed by the payment service providers include master data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums as well as the contract, amount and recipient-related information. The information is required in order to carry out the transactions. However, the entered data are processed and stored only by the payment service providers. I.e., we do not receive any account- or credit card-related information, but only information with confirmation or negative information regarding the payment. Under certain circumstances, the payment service providers may transmit the data to credit agencies. This transfer serves the purpose of identity and creditworthiness checks. In this regard, we refer to the GTC and the privacy notices of the payment service providers.
For payment transactions, the terms and conditions and the privacy notices of the respective payment service providers apply, which are available within the respective websites or transaction applications. We also refer to these for the purpose of further information and the assertion of rights of withdrawal, access and other data subject rights.
Processed data types: Master data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contract data (e.g., subject matter of contract, term, customer category); usage data (e.g., visited websites, interest in content, access times); meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, consent status).
Data subjects: Customers; interested parties.
Purposes of processing: Provision of contractual services and customer service.
Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).
Further Notes on Processing Operations, Procedures and Services
Amazon Payments: Payment services (technical connection of online payment methods); service provider: Amazon Payments Europe S.C.A., 38 avenue J.F. Kennedy, L-1855 Luxembourg; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); website and privacy policy available from the provider.
Mastercard: Payment services (technical connection of online payment methods); service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); website and privacy policy available from the provider.
PayPal: Payment services (technical connection of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); website and privacy policy available from the provider.
Visa: Payment services (technical connection of online payment methods); service provider: Visa Europe Services Inc., London branch, 1 Sheldon Square, London W2 6TT, GB; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); website and privacy policy available from the provider.
Registration, Login and User Account
Users can create a user account. In the context of registration, the required mandatory information is communicated to the users and processed for the purposes of providing the user account on the basis of fulfillment of contractual obligations. The processed data include in particular the login information (user name, password and an email address).
Within the context of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. As a matter of principle, these data are not disclosed to third parties unless this is necessary for the pursuit of our claims or there is a legal obligation to do so.
Users can be informed by email about processes that are relevant to their user account, such as technical changes.
Processed data types: Master data (e.g., names, addresses); contact data (e.g., email, telephone numbers); content data (e.g., entries in online forms); meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, consent status).
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing: Provision of contractual services and customer service; security measures; administration and response to inquiries; provision of our online offering and user-friendliness.
Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Further Notes on Processing Operations, Procedures and Services
Registration with pseudonyms: Users may use pseudonyms instead of real names as user names; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).
Deletion of data after termination: If users have terminated their user account, their data with regard to the user account will be deleted, subject to legal permission, obligation or consent of the users; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).
No retention obligation for data: It is the responsibility of users to secure their data before the end of the contract after termination has taken place. We are entitled to irretrievably delete all data of the user stored during the term of the contract; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).
Contact and Inquiry Management
When contacting us (e.g., by post, contact form, email, telephone or via social media) as well as within the context of existing user and business relationships, the information of the inquiring persons is processed insofar as this is necessary to answer the contact inquiries and any requested measures.
Processed data types: Contact data (e.g., email, telephone numbers); content data (e.g., entries in online forms); usage data (e.g., visited websites, interest in content, access times); meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, consent status).
Data subjects: Communication partners.
Purposes of processing: Contact requests and communication; administration and response to inquiries; feedback (e.g., collection of feedback via online form); provision of our online offering and user-friendliness.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Newsletter and Electronic Notifications
We send newsletters, emails and other electronic notifications (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. Insofar as the contents of the newsletter are specifically described within the scope of registration for the newsletter, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.
To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name, for the purpose of personal address in the newsletter, or further information, insofar as this is necessary for the purposes of the newsletter.
Double opt-in procedure: Registration for our newsletter generally takes place in a so-called double opt-in procedure. I.e., after registration, you will receive an email in which you are asked to confirm your registration. This confirmation is necessary so that nobody can register with third-party email addresses. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Likewise, changes to your data stored with the shipping service provider are logged.
Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of these data is restricted to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is simultaneously confirmed. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocking list (so-called “blocklist”).
The logging of the registration procedure takes place on the basis of our legitimate interests for the purposes of proving its proper course. Insofar as we commission a service provider to send emails, this takes place on the basis of our legitimate interests in an efficient and secure shipping system.
Contents
Information about us, our services, campaigns and offers.
Processed data types: Master data (e.g., names, addresses); contact data (e.g., email, telephone numbers); meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, consent status); usage data (e.g., visited websites, interest in content, access times).
Data subjects: Communication partners.
Purposes of processing: Direct marketing (e.g., by email or post).
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
Possibility of objection (opt-out): You can cancel the receipt of our newsletter at any time, i.e., revoke your consents or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or can otherwise use one of the contact options given above, preferably email, for this purpose.
Further Notes on Processing Operations, Procedures and Services
Measurement of opening and click rates: The newsletters contain a so-called “web beacon”, i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from its server. In the context of this retrieval, technical information is initially collected, such as information about the browser and your system, as well as your IP address and the time of retrieval. This information is used for the technical improvement of our newsletter on the basis of the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until they are deleted. The evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of opening rates and click rates as well as the storage of the measurement results in the profiles of the users and their further processing take place on the basis of a consent of the users. A separate withdrawal of the performance measurement is unfortunately not possible; in this case, the entire newsletter subscription must be canceled or objected to. In this case, the stored profile information will be deleted; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
Promotional Communication via Email, Post, Fax or Telephone
We process personal data for the purposes of promotional communication, which can take place via various channels, such as email, telephone, post or fax, in accordance with the legal requirements.
The recipients have the right to revoke granted consents at any time or to object to promotional communication at any time.
After revocation or objection, we store the data required to prove the previous authorization for contact or dispatch for up to three years after the end of the year of revocation or objection on the basis of our legitimate interests. The processing of these data is limited to the purpose of a possible defense against claims. On the basis of the legitimate interest in permanently observing the revocation or objection of the users, we furthermore store the data required to avoid renewed contact (e.g., depending on the communication channel, the email address, telephone number, name).
Processed data types: Master data (e.g., names, addresses); contact data (e.g., email, telephone numbers).
Data subjects: Communication partners.
Purposes of processing: Direct marketing (e.g., by email or post).
Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Web Analytics, Monitoring and Optimization
Web analytics (also referred to as “reach measurement”) serves to evaluate the visitor flows of our online offering and can include behavior, interests or demographic information on the visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offering or its functions or content are most frequently used or invite repeated use. Likewise, we can understand which areas require optimization.
In addition to web analytics, we may also use test procedures in order, for example, to test and optimize different versions of our online offering or its components.
Unless otherwise stated below, profiles, i.e., data combined for a usage process, may be created for these purposes and information may be stored in a browser or end device and read from it. The collected information includes, in particular, visited websites and elements used there as well as technical details, such as the browser used, the computer system used and details on usage times. If users have consented to the collection of their location data by us or by the providers of the services used by us, location data may also be processed.
The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) for the protection of the users. In general, no clear data of the users (such as email addresses or names) are stored in the context of web analytics, A/B testings and optimization, but rather pseudonyms. I.e., both we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.
Processed data types: Usage data (e.g., visited websites, interest in content, access times); meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, consent status).
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing: Remarketing; reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); tracking (e.g., interest/behavior-related profiling, use of cookies); provision of our online offering and user-friendliness.
Security measures: IP masking (pseudonymization of the IP address).
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
Further Notes on Processing Operations, Procedures and Services
Google Analytics: Web analytics, reach measurement as well as measurement of user flows; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); website, privacy policy, data processing agreement, standard contractual clauses, opt-out options and further information available from the provider.
Google Universal Analytics: Reach measurement and web analytics – We use Universal Analytics, a version of Google Analytics, in order to carry out a user analysis on the basis of a pseudonymous user identification number. This identification number does not contain any clear data, such as names or email addresses. It serves to assign analysis information to a user, e.g., to recognize which content users have accessed within one usage or whether they access our online offering again. In this process, pseudonymous profiles of users are created with information from the use of different devices; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); website, GTC, privacy policy, data processing agreement, standard contractual clauses, opt-out options and further information available from the provider.
Google Analytics 4: We use Google Analytics to measure and analyze the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It serves to assign analysis information to an end device in order to recognize which content the users have accessed within one or various usage processes, which search terms they have used, accessed again or interacted with our online offering. Likewise, the time of use and its duration are stored, as well as the sources of the users referring to our online offering and technical aspects of their end devices and browsers. In this process, pseudonymous profiles of users are created with information from the use of different devices, whereby cookies may be used. In Analytics, data on geographical location are provided at a higher level by collecting the following metadata via IP lookup: “city” (and the latitude and longitude derived from the city), “continent”, “country”, “region”, “subcontinent” (and the ID-based equivalents). To ensure the protection of user data in the EU, Google receives and processes all user data via domains and servers within the EU. The IP address of users is not logged and is shortened by the last two digits by default. The shortening of the IP address takes place on EU servers for EU users. In addition, all sensitive data collected from users in the EU are deleted before they are collected via EU domains and servers; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); website, privacy policy, data processing agreement, standard contractual clauses, opt-out options and further information available from the provider.
Online Marketing
We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) on the basis of potential interests of the users as well as the measurement of their effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used by means of which the user information relevant for the display of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical details, such as the browser used, the computer system used as well as information on usage times and functions used. If users have consented to the collection of their location data, these may also be processed.
The IP addresses of the users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) for the protection of the users. In general, no clear data of the users (such as email addresses or names) are stored in the context of online marketing procedures, but pseudonyms. I.e., both we and the providers of the online marketing procedures do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is generally stored in the cookies or by means of similar procedures. These cookies can later generally also be read on other websites that use the same online marketing procedure, analyzed for the purposes of displaying content and supplemented with further data and stored on the server of the online marketing procedure provider.
Exceptionally, clear data can be assigned to the profiles. This is the case if the users are, for example, members of a social network whose online marketing procedures we use and the network connects the profiles of the users with the aforementioned information. We ask you to note that users may make additional agreements with the providers, e.g., by consent in the context of registration.
As a matter of principle, we receive access only to aggregated information about the success of our advertisements. However, within the context of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to the conclusion of a contract with us. The conversion measurement is used solely for the analysis of the success of our marketing measures.
Unless stated otherwise, we ask you to assume that cookies used are stored for a period of two years.
Processed data types: Usage data (e.g., visited websites, interest in content, access times); meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, consent status).
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest/behavior-related profiling, use of cookies); marketing; profiles with user-related information (creation of user profiles).
Security measures: IP masking (pseudonymization of the IP address).
Possibility of objection (opt-out): We refer to the privacy notices of the respective providers and the possibilities of objection stated for the providers (so-called “opt-out”). If no explicit opt-out option has been stated, there is, on the one hand, the possibility that you can deactivate cookies in your browser settings. However, this may restrict functions of our online offering. We therefore additionally recommend summarized opt-out options for Europe, Canada, the USA as well as cross-territorial services.
Customer Reviews and Rating Procedures
We participate in review and rating procedures in order to evaluate, optimize and promote our services. If users rate us via the participating rating platforms or procedures or otherwise provide feedback, the general terms and conditions or terms of use and the privacy notices of the providers additionally apply. As a rule, the rating also requires registration with the respective providers.
In order to ensure that the rating persons have actually used our services, we transmit, with the consent of the customers, the data required for this in relation to the customer and the service used to the respective rating platform (including name, email address and order number or item number). These data are used solely to verify the authenticity of the user.
Processed data types: Contract data (e.g., subject matter of contract, term, customer category); usage data (e.g., visited websites, interest in content, access times); meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, consent status).
Data subjects: Customers; users (e.g., website visitors, users of online services).
Purposes of processing: Feedback (e.g., collection of feedback via online form); marketing.
Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
Further Notes on Processing Operations, Procedures and Services
Trusted Shops (Trustedbadge): Rating platform – Within the framework of the joint controllership existing between us and Trusted Shops, please preferably contact Trusted Shops for data protection questions and to assert your rights using the contact options stated in the data protection information. Regardless of this, however, you can always contact the controller of your choice. Your inquiry will then, if necessary, be forwarded to the other controller for response. The Trustbadge is provided by a US CDN provider (content delivery network). An appropriate level of data protection is ensured by standard data protection clauses and further contractual measures. When the Trustbadge is called up, the web server automatically stores a so-called server log file, which also contains your IP address, date and time of access, amount of data transferred and the requesting provider (access data) and documents the access. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to your person. The anonymized data are used in particular for statistical purposes and for error analysis. If you have given your consent, the Trustbadge accesses order information stored in your terminal device after completion of the order (order amount, order number, if applicable purchased product) as well as email address and your email address is hashed by means of a cryptological one-way function. The hash value is then transmitted together with the order information pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR to Trusted Shops. This serves to check whether you are already registered for services of Trusted Shops. If this is the case, the further processing takes place in accordance with the contractual agreement concluded between you and Trusted Shops. If you are not yet registered for the services or do not give your consent to automatic recognition via the Trustbadge, you will subsequently receive the opportunity to register manually for the use of the services or to conclude the protection within the framework of your possibly already existing usage contract. For this purpose, after completion of your order, the Trustbadge accesses the following information stored in the terminal device used by you: order amount, order number and email address. This is necessary so that we can offer you buyer protection. A transfer of the data to Trusted Shops takes place only if you actively decide to conclude buyer protection by clicking the accordingly designated button in the so-called Trustcard. If you decide to use the services, the further processing is governed by the contractual agreement with Trusted Shops pursuant to Art. 6 para. 1 lit. b GDPR in order to complete your registration for buyer protection and secure the order as well as, if applicable, to be able subsequently to send you review invitations by email. Trusted Shops uses service providers in the areas of hosting, monitoring and logging. Legal basis is Art. 6 para. 1 lit. f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third countries (USA and Israel). An appropriate level of data protection is ensured in the case of the USA by standard data protection clauses and further contractual measures and in the case of Israel by an adequacy decision.; service provider: Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); website and privacy policy available from the provider.
Plugins and Embedded Functions and Content
We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as “content”).
The integration always presupposes that the third-party providers of this content process the IP address of the users, because without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content or functions. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may furthermore use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Through the “pixel tags”, information, such as the visitor traffic on the pages of this website, can be evaluated. The pseudonymous information may furthermore be stored in cookies on the users’ device and may contain, among other things, technical information on the browser and operating system, referring websites, time of visit and further information on the use of our online offering, as well as be linked with such information from other sources.
Processed data types: Usage data (e.g., visited websites, interest in content, access times); meta, communication and procedural data (e.g., IP addresses, time details, identification numbers, consent status).
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing: Provision of our online offering and user-friendliness.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Further Notes on Processing Operations, Procedures and Services
Google Fonts (obtained from Google server): Obtaining fonts (and symbols) for the purpose of a technically secure, maintenance-free and efficient use of fonts and symbols with regard to timeliness and loading times, their uniform display and consideration of possible license restrictions. The provider of the fonts is informed of the IP address of the user so that the fonts can be made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted, which are necessary for the provision of the fonts depending on the devices used and the technical environment. These data may be processed on a server of the font provider in the USA. When visiting our online offering, the users’ browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides the users with the Cascading Style Sheets (CSS) of Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server and (3) the HTTP headers, including the user-agent, which describes the browser and operating system versions of the website visitors, as well as the referrer URL (i.e., the web page on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user-agent and referrer URL). Access to these data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. These data are logged so that Google can determine how often a particular font family is requested. In the Google Fonts Web API, the user-agent must adjust the font that is generated for the respective browser type. The user-agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the “Analytics” page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance and an aggregated report on the top integrations can be generated based on the number of font requests. According to its own statements, Google does not use any of the information collected by Google Fonts to create profiles of end users or to place targeted ads; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); website, privacy policy and further information available from the provider.