Privacy Policy

Privacy Policy

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on data protection can be found in the privacy policy listed below this text.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section "Note on the Responsible Entity" in this privacy policy.

How do we collect your data?

Your data is collected, for example, when you provide it to us. This may include data that you enter into a contact form.

Other data is collected automatically or after your consent when you visit the website. This primarily includes technical data (e.g., internet browser, operating system, or time of page access). The collection of this data occurs automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data is also processed for contract offers, orders, or other inquiries.

What rights do you have regarding your data?

You have the right to receive information free of charge at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Additionally, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time with questions about data protection or regarding your rights.

Analysis Tools and Tools from Third-Party Providers

When you visit this website, your browsing behavior may be statistically analyzed. This is done primarily using so-called analysis programs.

Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the hosting provider(s). This may include, in particular, IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website access data, and other data generated via the website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Art. 6(1)(f) GDPR). Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) of the German Telecommunications-Digital Services Data Protection Act (TDDDG), insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) as defined by the TDDDG. This consent can be revoked at any time.

Our hosting provider(s) will only process your data to the extent necessary to fulfill their contractual obligations and will follow our instructions regarding this data.

We use the following hosting provider:

Shopify International Limited

Attn: Data Protection Officer

c/o Intertrust Ireland

2nd Floor 1-2 Victoria Buildings

Haddington Road

Dublin 4, D04 XN32

Ireland

3. General Information and Mandatory Disclosures

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this occurs.

Please note that data transmission over the Internet (e.g., when communicating via email) may have security vulnerabilities. A complete protection of data against access by third parties is not possible.

Note on the Responsible Entity

The responsible party for data processing on this website is:

ELIAS Heiztechnik GmbH

Horst Burgstaller

Unterbruckendorf 14, 9314 Launsdorf, Austria

Authorized representative: Horst Burgstaller

Phone: +43 4212 46715

Email: info@schimmel-dry.at

The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will occur once these reasons no longer apply.

General Information on the Legal Bases for Data Processing on This Website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, if special categories of data are processed in accordance with Art. 9(1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g., via device fingerprinting), data processing is additionally based on § 25(1) TDDDG. Consent may be withdrawn at any time.

If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data if required to fulfill a legal obligation based on Art. 6(1)(c) GDPR. Data processing may also be carried out on the basis of our legitimate interest according to Art. 6(1)(f) GDPR. The specific legal basis applicable in each individual case is explained in the relevant sections of this privacy policy.

Recipients of Personal Data

As part of our business activities, we work with various external parties. In some cases, this may involve the transfer of personal data to these external parties. We only share personal data with external parties if this is necessary for contract fulfillment, if we are legally obliged to do so (e.g., transfer to tax authorities), if we have a legitimate interest in doing so under Art. 6(1)(f) GDPR, or if another legal basis permits such a transfer.

When using processors, we only transfer personal data of our customers on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may revoke your previously granted consent at any time. The legality of data processing carried out before the revocation remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA, INCLUDING PROFILING BASED ON THOSE PROVISIONS.

THE RELEVANT LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING, INCLUDING PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING.

IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or the location of the alleged infringement. This right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract, in a common, machine-readable format. You also have the right to have this data transmitted directly to another controller, where technically feasible.

Right of Access, Rectification, and Erasure

Within the framework of applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing. You also have a right to rectification or erasure of this data, where applicable. For this, and for any further questions regarding personal data, you may contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You may contact us at any time to exercise this right. The right to restriction of processing applies in the following cases:

If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. During the verification period, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.

If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of the processing of your personal data instead of its deletion.

If you have objected to processing pursuant to Art. 21(1) GDPR, a balancing of your interests and ours must be carried out. Until it is determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data – aside from being stored – may only be processed with your consent, or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the website operator, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser’s address bar from "http://" to "https://" and by the padlock icon in your browser’s address bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted Payment Transactions on This Website

If you are required to transmit your payment details (e.g., account number for direct debit authorization) after entering into a fee-based contract, this data is needed for payment processing.

Payment transactions via common means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the browser’s address bar switching from "http://" to "https://" and by the padlock icon.

When communication is encrypted, your payment data that you transmit to us cannot be read by third parties.

Objection to Promotional Emails

We hereby object to the use of contact data published as part of the imprint obligation for sending unsolicited advertising and informational materials. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.

4. Data Collection on This Website

Cookies

Our website uses so-called "cookies." Cookies are small data packets that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or your web browser automatically removes them.

Cookies can be set by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies allow the integration of certain services from third-party companies on websites (e.g., cookies for processing payment services).

Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., shopping cart functionality or displaying videos). Other cookies are used to analyze user behavior or for advertising purposes.

Cookies that are necessary for the electronic communication process, the provision of certain features requested by you (e.g., shopping cart function), or the optimization of the website (e.g., cookies for measuring the web audience) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically flawless and optimized provision of its services. If consent for the storage of cookies and similar recognition technologies has been requested, processing is based solely on this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent can be revoked at any time.

You can configure your browser to inform you about the use of cookies, allow cookies only in individual cases, exclude the acceptance of cookies in certain cases or in general, and activate the automatic deletion of cookies when the browser is closed. Disabling cookies may limit the functionality of this website.

You can find which cookies and services are used on this website in this privacy policy.

GDPR Legal Cookie by Shopify

Our website uses GDPR Legal Cookie by Shopify to obtain your consent for storing certain cookies on your device or using certain technologies and to document this consent in a GDPR-compliant manner. The provider of this technology is beeclever GmbH, Friedrich-Mohr-Straße 1, 56070 Koblenz, Germany (hereinafter "beeclever").

When you enter our website, a connection is established to beeclever's servers. In this process, personal data such as the browser used, IP address, and a timestamp are transmitted to beeclever. Subsequently, a cookie is stored in your browser to link the consent given or its withdrawal. The data collected in this way is stored until you request its deletion, delete the cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected. For details, see: https://apps.shopify.com/gdpr-legal-cookie.

The use of GDPR Legal Cookie by Shopify is carried out to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.

Server Log Files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes:

Browser type and version

Operating system used

Referrer URL

Hostname of the accessing device

Time of the server request

IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website – for this purpose, server log files must be collected.

Contact Form

If you send us inquiries via the contact form, your data from the inquiry form, including the contact details you provide, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested; consent can be revoked at any time.

The data you enter in the contact form remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been fully processed). Mandatory legal provisions – especially retention periods – remain unaffected.

Use of Artificial Intelligence (AI) to Respond to Customer Inquiries

We use AI-based software to process and respond to customer inquiries. The AI we use analyzes the content of your message in order to generate an appropriate response or response suggestion either autonomously or semi-autonomously. In this context, our AI processes the entire content of your message, including names, email addresses, communication content, and technical information (e.g., IP addresses, device data).

The use of AI software is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the most efficient customer communication possible through the use of modern technical solutions.

We use the following AI applications:

(Please list the AI applications if available.)

ChatGPT

We use ChatGPT for our customer communication. The provider is OpenAI, 3180 18th St, San Francisco, CA 94110, USA, https://openai.com.

If you contact us, your inquiries—including metadata—may be transferred to ChatGPT’s servers and processed there to generate an appropriate response.

We have configured ChatGPT in such a way that the data we transmit to ChatGPT is not used to train the ChatGPT algorithm.

You can find more information here: https://openai.com/policies/privacy-policy.

Inquiries by Email, Phone, or Fax

If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (e.g., name and inquiry content), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or is necessary for pre-contractual steps. In all other cases, processing is based on our legitimate interest in effectively handling the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested; consent can be revoked at any time.

The data you send to us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., once your request has been fully processed). Mandatory legal requirements—especially retention periods—remain unaffected.

Registration on This Website

You can register on this website to use additional features on the site. The data entered for this purpose will only be used to provide the respective service or offer for which you registered. The required fields requested during registration must be provided in full. Otherwise, registration will be rejected.

We use the email address provided during registration to notify you of important changes, such as to the scope of the offer or technical updates.

The processing of the data entered during registration is based on Art. 6(1)(b) GDPR and serves the purpose of fulfilling the user relationship established by registration and, if necessary, initiating further contracts.

The data collected during registration will be stored by us as long as you are registered on this website and will be deleted afterward. Legal retention periods remain unaffected.

5. Social Media

Facebook

Elements of the social network Facebook are integrated into this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the collected data may also be transferred to the USA and other third countries.

An overview of Facebook social media plugins can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thereby receives information that you have visited this website with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account.

Please note that, as the provider of this site, we have no knowledge of the content of the data transmitted or how it is used by Facebook. For more information, please see Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.

The use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

To the extent that personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection and transmission of the data to Facebook. Further processing after the transmission is the sole responsibility of Facebook.

Our joint responsibilities have been outlined in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing privacy information regarding the use of the Facebook tool and for its secure implementation on our website. Facebook is responsible for the data security of its products.

Data subject rights (e.g., access requests) regarding data processed by Facebook can be exercised directly with Facebook. If you assert rights with us, we are obliged to forward them to Facebook.

Data transfers to the USA are based on the standard contractual clauses of the EU Commission. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum

https://de-de.facebook.com/help/566994660333381

https://www.facebook.com/policy.php

The company is certified under the “EU-U.S. Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF is committed to complying with these data protection standards. More information is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

nstagram

Functions of the Instagram service are integrated into this website. These functions are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website.

If you are logged into your Instagram account, clicking the Instagram button allows you to link the contents of this website to your Instagram profile. This enables Instagram to associate your visit to this website with your user account.

We would like to point out that, as the provider of this website, we have no knowledge of the content of the transmitted data or how it is used by Instagram.

The use of this service is based on your consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

To the extent that personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited solely to the collection of the data and its transmission to Facebook and/or Instagram. Any processing that takes place after the transmission is the sole responsibility of Facebook/Instagram.

The mutual obligations are set out in a joint controller agreement. The text of this agreement can be found at:

https://www.facebook.com/legal/controller_addendum

According to this agreement, we are responsible for providing privacy information when using the Facebook or Instagram tool and for its privacy-compliant implementation on our website. Facebook is responsible for the data security of its products.

You can exercise data subject rights (e.g., access requests) with respect to the data processed by Facebook or Instagram directly with Facebook. If you assert your rights with us, we are obliged to forward them to Facebook.

Data transfers to the USA are based on the EU Commission’s standard contractual clauses. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum

https://privacycenter.instagram.com/policy/

https://de-de.facebook.com/help/566994660333381

Further information can be found in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/

The company is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards for data processing in the U.S. Any company certified under the DPF commits to adhering to these data protection standards. Further information is available from the provider at:

https://www.dataprivacyframework.gov/participant/4452

6. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or analytics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or conduct independent analyses. It merely serves to manage and deploy the tools integrated through it. However, Google Tag Manager does record your IP address, which may be transmitted to Google's parent company in the United States.

The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the efficient and easy integration and management of various tools on its website.

If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards when processing data in the U.S. Any company certified under the DPF commits to adhering to these standards.

More information is available from the provider at the following link:

https://www.dataprivacyframework.gov/participant/5780

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data such as page views, time spent on the site, operating systems used, and the user’s origin. These data are assigned to the respective user’s device. There is no assignment to a user ID.

In addition, we may use Google Analytics to record mouse and scroll movements as well as clicks. Google Analytics also uses various modeling approaches to supplement the collected data and applies machine learning technologies for data analysis.

Google Analytics uses technologies that make it possible to recognize the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here:

👉 https://privacy.google.com/businesses/controllerterms/mccs/

The company is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards when processing data in the USA. Each company certified under the DPF commits to these data protection standards. Further information is available from the provider at:

👉 https://www.dataprivacyframework.gov/participant/5780

IP Anonymization

IP anonymization is activated on this website. This means that Google will truncate your IP address within member states of the European Union or other parties to the Agreement on the European Economic Area before transmitting it to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.

On behalf of the website operator, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link:

👉 https://tools.google.com/dlpage/gaoptout?hl=en

More information on how Google Analytics handles user data can be found in Google’s privacy policy:

👉 https://support.google.com/analytics/answer/6004245?hl=en

Google Analytics E-Commerce Tracking

This website uses the “E-Commerce Tracking” feature of Google Analytics. E-Commerce Tracking allows the website operator to analyze the purchasing behavior of website visitors to improve online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product is collected. This data may be grouped by Google under a transaction ID associated with the respective user or their device.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter certain search terms (keyword targeting). Targeted advertising can also be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As the website operator, we can analyze this data quantitatively, for example, by analyzing which search terms led to the display of our ads and how many ads resulted in clicks.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here:

👉 https://policies.google.com/privacy/frameworks

👉 https://business.safety.google/controllerterms/

The company is certified under the EU-U.S. Data Privacy Framework (DPF). Each DPF-certified company commits to adhering to European data protection standards. More information is available at:

👉 https://www.dataprivacyframework.gov/participant/5780

Google Ads Remarketing

This website uses features of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads Remarketing allows us to assign users who interact with our online services to specific audiences so that we can show them interest-based advertising within the Google advertising network (remarketing or retargeting).

In addition, the advertising audiences created with Google Ads Remarketing can be linked with Google’s cross-device capabilities. This means that interest-based, personalized advertising messages—adapted to your previous usage and browsing behavior on one device (e.g., a mobile phone)—can also be displayed on another of your devices (e.g., tablet or PC).

If you have a Google account, you can opt out of personalized advertising using the following link:

👉 https://adssettings.google.com/anonymous?hl=en

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

Further information and Google’s privacy policy can be found here:

👉 https://policies.google.com/technologies/ads?hl=en

The company is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards when processing data in the USA. Each DPF-certified company commits to upholding these standards. More information is available from the provider at:

👉 https://www.dataprivacyframework.gov/participant/5780

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, both Google and we can determine whether users have taken certain actions. For example, we can evaluate which buttons are clicked most often on our website and which products are viewed or purchased frequently. This information helps us create conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that could personally identify the user. Google uses cookies or comparable recognition technologies for this purpose.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

More information about Google Conversion Tracking can be found in Google’s privacy policy:

👉 https://policies.google.com/privacy?hl=en

The company is certified under the EU-U.S. Data Privacy Framework (DPF). Each DPF-certified company commits to adhering to European data protection standards. Further details are available at:

👉 https://www.dataprivacyframework.gov/participant/5780

7. Plugins and Tools

YouTube

This website embeds videos from YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our web pages that includes YouTube content, a connection to YouTube servers is established. In this process, the YouTube server is informed about which of our pages you have visited.

Furthermore, YouTube may store various cookies on your device or use comparable recognition technologies (e.g., device fingerprinting). This allows YouTube to collect information about visitors to this website. These data are used, among other things, to record video statistics, improve user-friendliness, and prevent fraud attempts. The collected data are also processed within the Google advertising network.

If you are logged into your YouTube account, you enable YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is carried out in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If a corresponding consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, provided that consent includes storing cookies or accessing information on the user’s device (e.g., device fingerprinting) as defined by the TDDDG. Consent can be revoked at any time.

Further information on how user data is handled can be found in YouTube’s privacy policy at:

https://policies.google.com/privacy?hl=en.

The company is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF commits to comply with these data protection standards. More information is available from the provider at:

https://www.dataprivacyframework.gov/participant/5780.

Google Fonts

This website uses so-called Google Fonts for the uniform display of fonts, which are provided by Google. When you access a page, your browser loads the required fonts into its browser cache to correctly display texts and fonts.

To do this, the browser you use must establish a connection to Google’s servers. This gives Google knowledge that this website was accessed via your IP address. The use of Google Fonts is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a uniform appearance of fonts on its website. If consent has been obtained, processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TDDDG, provided that consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by the TDDDG. Consent can be revoked at any time.

If your browser does not support Google Fonts, a standard font on your computer will be used.

Further information about Google Fonts can be found at:

https://developers.google.com/fonts/faq

and in Google’s privacy policy:

https://policies.google.com/privacy?hl=en.

The company is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF commits to comply with these data protection standards. More information is available from the provider at:

https://www.dataprivacyframework.gov/participant/5780.

8. eCommerce and Payment Providers

Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data for the purpose of establishing, designing, and modifying our contractual relationships. Personal data regarding the use of this website (usage data) are collected, processed, and used only to the extent necessary to enable the user to use the service or to invoice for it. The legal basis for this is Article 6(1)(b) GDPR.

The collected customer data will be deleted after completion of the order or termination of the business relationship and after any applicable statutory retention periods have expired. Statutory retention periods remain unaffected.

Data Transfer Upon Conclusion of Contract for Online Shops, Retailers, and Shipping

When you order goods from us, we pass your personal data on to the shipping company entrusted with delivery as well as to the payment service provider commissioned to process payments. Only such data are transmitted as the respective service provider requires to fulfill its task. The legal basis for this is Article 6(1)(b) GDPR, which permits the processing of data to fulfill a contract or pre-contractual measures. If you have given your consent in accordance with Article 6(1)(a) GDPR, we will pass your email address on to the shipping company responsible for delivery so that it can inform you by email about the shipping status of your order; you can revoke this consent at any time.

Payment Services

We integrate payment services from third-party providers on our website. When you make a purchase with us, your payment data (e.g., name, payment amount, bank details, credit card number) are processed by the payment service provider for the purpose of payment processing. The respective contractual and privacy policies of the providers apply to these transactions. The use of the payment service providers is based on Article 6(1)(b) GDPR (contract processing) as well as the interest in a smooth, convenient, and secure payment process (Article 6(1)(f) GDPR). If your consent is requested for certain actions, Article 6(1)(a) GDPR is the legal basis for data processing; consents can be revoked at any time for the future.

We use the following payment services/providers on this website:

PayPal

Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”).

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here:

https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

Privacy details are available in PayPal’s privacy policy:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Apple Pay

Provider of this payment service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA.

Apple’s privacy policy can be found at:

https://www.apple.com/legal/privacy/de-ww/.

Google Pay

Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google’s privacy policy can be found here:

https://policies.google.com/privacy.

Stripe

For customers within the EU, the provider is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”).

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details are available here:

https://stripe.com/de/privacy and

https://stripe.com/de/guides/general-data-protection-regulation.

Privacy details can also be found here:

https://stripe.com/de/privacy.

Klarna

Provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (“Klarna”). Klarna offers various payment options (e.g., installment purchase). When you choose to pay with Klarna (Klarna Checkout), Klarna collects various personal data from you. Klarna uses cookies to optimize the Klarna Checkout solution. Details on Klarna cookies can be found here:

https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.

Further privacy information is available at:

https://www.klarna.com/de/datenschutz/.

Paydirekt

Provider is Paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany (“Paydirekt”). When you pay via Paydirekt, Paydirekt collects various transaction data and forwards these to the bank where you are registered with Paydirekt. In addition to the data necessary for payment, Paydirekt may collect further data during transaction processing, such as delivery address or individual items in the shopping cart. Paydirekt authenticates the transaction using the authentication method registered with the bank. The payment amount is then transferred from your account to ours. Neither we nor third parties have access to your bank data. Details about Paydirekt payments can be found in the Terms & Conditions and privacy policy of Paydirekt at:

https://www.paydirekt.de/agb/index.html.

Sofortüberweisung (Sofort)

Provider is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (“Sofort GmbH”). Using the “Sofortüberweisung” method, we receive real-time payment confirmation from Sofort GmbH and can immediately begin fulfilling our obligations. If you choose Sofortüberweisung, you transmit your PIN and a valid TAN to Sofort GmbH, allowing them to log in to your online banking account. Sofort GmbH automatically checks your account balance and executes the transfer to us using the TAN you provided. A transaction confirmation is immediately sent to us. Additionally, after login, your transactions, overdraft credit limit, and the existence and balances of other accounts are automatically checked. Besides PIN and TAN, personal data such as first and last name, address, phone number(s), email address, IP address, and other data necessary for payment processing are transmitted to Sofort GmbH. This data transfer is necessary to verify your identity and prevent fraud. Details about Sofort payments can be found here:

https://www.klarna.com/sofort/.

Amazon Pay

Provider is Amazon Payments Europe S.C.A., 38 avenue J.F. Kennedy, L-1855 Luxembourg.

Details on data handling are available in Amazon Pay’s privacy policy at:

https://pay.amazon.de/help/201212490?ld=APDELPADirect.

PayOne

Provider is PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany (“PayOne”).

Details can be found in PayOne’s privacy policy:

https://www.payone.com/DE-de/datenschutz.

CopeCart

Provider is CopeCart GmbH, Ufnaustraße 10, 10553 Berlin, Germany (“CopeCart”).

Details can be found in CopeCart’s privacy policy:

https://www.copecart.com/de/datenschutz.

Shopify Payment

Provider in the EU is Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify Payment”).

Details can be found in Shopify Payment’s privacy policy:

https://www.shopify.de/legal/datenschutz.

American Express

Provider is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (“American Express”).

American Express may transfer data to its parent company in the USA. The data transfer to the USA is based on Binding Corporate Rules. Details can be found here:

https://www.americanexpress.com/en-cz/company/legal/privacy-centre/binding-corporate-rules/.

Further privacy information is available here:

https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/.

Mastercard

Provider is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (“Mastercard”).

Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Details can be found here:

https://www.mastercard.de/de-de/datenschutz.html and

https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

Provider is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (“VISA”).

The United Kingdom is considered a data protection safe third country, meaning it offers a data protection level equivalent to that of the European Union.

VISA may transfer data to its parent company

Scope

This privacy policy informs users about the nature, scope, and purposes of the collection and use of personal data by the provider tricoma AG (Am Mühlbach 1, 97475 Zeil am Main, 09521-7031310) on this website (hereinafter referred to as the “Offer”).

The legal basis for data protection can be found in the Federal Data Protection Act (BDSG) and the Digital Services Act (DDG).

Access Data / Server Log Files

The provider (or its webspace provider) collects data about every access to the offer (so-called server log files). Access data includes:

Name of the retrieved web page, file, date and time of access, amount of data transferred, message about successful retrieval, browser type including version, user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

The provider uses the log data only for statistical evaluations for the purpose of operation, security, and optimization of the offer. However, the provider reserves the right to retrospectively check the log data if there are concrete indications of unlawful use.

Collection, Processing, and Use of Personal Data in Orders

For inquiries/orders, we collect and use your personal data only to the extent necessary to fulfill and process your order as well as to handle your inquiries. Providing the data is required for the conclusion of the contract. Failure to provide data means no contract can be concluded. The processing is based on Art. 6 (1) lit. b GDPR and is necessary for the fulfillment of a contract with you. Your data will not be passed on to third parties without your explicit consent. Exceptions include only our service partners who are necessary for handling the contractual relationship or service providers we use within the scope of order processing. Besides the recipients named in the respective clauses of this privacy policy, these include, for example, recipients in the following categories: shipping service providers, web hosts, and IT service providers. In all cases, we strictly observe legal requirements. The scope of data transmission is limited to the minimum necessary.

Collection and Processing When Using the Contact Form

When using the contact form, we collect your personal data (name, email address, message text) only to the extent you provide it. The data processing serves the purpose of contacting you or processing your inquiry. By submitting your message, you consent to the processing of the transmitted data. The processing is based on Art. 6 (1) lit. a GDPR with your consent.

You can revoke your consent at any time by notifying us without affecting the legality of the processing carried out based on the consent until revocation. Your data will then be deleted, unless you have consented to further processing and use.

Customer Account

When opening a customer account, we collect your personal data to the extent indicated there. The data processing serves to simplify order processing. The processing is based on Art. 6 (1) lit. a GDPR with your consent. You can revoke your consent at any time by notifying us without affecting the legality of the processing carried out based on the consent until revocation. Your customer account will then be deleted.

Registration Function

The data entered during registration is used for the purposes of utilizing the offer. Users may be informed by email about offer- or registration-related information, such as changes in the scope of the offer or technical circumstances. The collected data is visible in the input mask during registration.

Comments and Contributions

When users leave comments on the blog or other contributions, their IP addresses are stored. This is for the provider’s security, in case someone posts unlawful content in comments and contributions (insults, forbidden political propaganda, etc.). In such cases, the provider can be held liable for the comment or contribution and is therefore interested in the identity of the author.

When commenting on an article or contribution, we collect your personal data (name, email address, comment text) only to the extent you provide it. The processing serves the purpose of enabling comments and displaying them. By submitting a comment, you consent to the processing of the data provided. The processing is based on Art. 6 (1) lit. a GDPR with your consent. You may revoke your consent at any time by notifying us without affecting the legality of the processing carried out based on consent until revocation. Your personal data will then be deleted.

Newsletter

With the newsletter, we inform you about us and our offers.

If you wish to receive the newsletter, we need a valid email address from you and information that allows us to verify that you are the owner of the provided email address or that the owner agrees to receive the newsletter. No further data will be collected. This data is used only for sending the newsletter and will not be passed on to third parties.

When you subscribe to the newsletter, we store your IP address and the date of subscription. This storage serves only as proof in case a third party abuses an email address and subscribes to the newsletter without the owner’s knowledge.

You may revoke your consent to the storage of data, the email address, and its use for sending the newsletter at any time. Revocation can be done via a link in the newsletters themselves, in your profile area, or by notification to the contact details listed above.

Inclusion of Third-Party Services and Content

It may happen that within this online offer, content from third parties, such as videos from YouTube, map material from Google Maps, RSS feeds, or graphics from other websites, is embedded. This always requires that the providers of these contents (hereinafter referred to as “third-party providers”) perceive the IP address of users. Without the IP address, they could not send the content to the browser of the respective user. The IP address is therefore necessary to display this content. We strive to use only such content whose respective providers use the IP address only to deliver the content. However, we have no influence if third-party providers store the IP address, e.g., for statistical purposes. To the extent that this is known to us, we inform users accordingly.

Cookies

Cookies are small files that make it possible to store specific device-related information (PC, smartphone, etc.) on the user’s access device. They serve both to improve user-friendliness of websites (e.g., storing login data) and to collect statistical data on website usage in order to analyze and improve the offer. Users can influence the use of cookies. Most browsers have an option to restrict or completely prevent the storage of cookies. However, please note that usage and especially user convenience may be limited without cookies.

Additionally, we use cookies on our website to enable analysis of the surfing behavior of our site visitors.

Furthermore, we use cookies to subsequently address site visitors with targeted, interest-based advertising on other websites.

The processing is based on § 15 (3) DDG and Art. 6 (1) lit. f GDPR, deriving from the legitimate interest in the above-mentioned purposes.

The data collected from you in this way is pseudonymized by technical means. Therefore, it is no longer possible to assign the data to your person. The data is not stored together with any other personal data about you.

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you based on Art. 6 (1) lit. f GDPR.

Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can prevent the storage of cookies and the transmission of the contained data. Cookies already stored can be deleted at any time. However, we point out that you may not be able to use all the functions of this website fully in this case.

You can find information on how to manage (including disable) cookies in the most common browsers at the following links:

Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en

Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files that are stored on the users’ computers and that enable an analysis of the use of the website by the users. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

If IP anonymization is activated on this website, Google will shorten the IP address of users within member states of the European Union or other parties to the Agreement on the European Economic Area before transmission. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google. Users can prevent the storage of cookies by configuring their browser software accordingly; however, this website points out that in this case, you may not be able to use all features of the website to their full extent.

The processing is based on Art. 6 (1) lit. f GDPR due to the legitimate interest in the demand-oriented and targeted design of the website.

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you based on Art. 6 (1) lit. f GDPR.

You can prevent the storage of cookies by selecting the appropriate technical settings in your browser software; however, please note that you may not be able to use all features of this website fully in that case.

Furthermore, you can prevent the collection of data generated by the cookie related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: [https://tools.google.com/dlpage/gaoptout?hl=en].

To prevent cross-device data collection by Google Analytics, you can set an opt-out cookie. Opt-out cookies prevent future collection of your data when visiting this website. You must perform the opt-out on all systems and devices you use for it to be effective. By clicking here, the opt-out cookie will be set: Disable Google Analytics.

Further information about terms of use and data protection can be found at https://www.google.com/analytics/terms/en.html and https://www.google.com/intl/en/policies/.

Piwik

This website uses Piwik, an open-source software for statistical analysis of user access. Piwik uses so-called “cookies,” text files stored on the user’s computer that allow analysis of the use of the website by users. The information generated by the cookie about the use of this website is stored on the provider’s server in Germany. The IP address is anonymized immediately after processing and before storage. Users can prevent the installation of cookies by adjusting their browser software; however, the provider points out that in this case, users may not be able to use all functions of this website fully.

Use of Facebook Social Plugins

This website uses social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can be recognized by one of the Facebook logos (white “f” on a blue tile, the terms "Like", "Gefällt mir" or a “thumbs up” icon) or are labeled with the addition "Facebook Social Plugin." The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

When a user visits a webpage of this website containing such a plugin, their browser establishes a direct connection to Facebook servers. The content of the plugin is transmitted directly from Facebook to the user’s browser and integrated into the webpage. The provider has no influence on the scope of data that Facebook collects via this plugin and informs users accordingly to the best of its knowledge:

By embedding the plugins, Facebook receives information that a user has visited the corresponding page of this website. If the user is logged into Facebook, Facebook can associate the visit with their Facebook account. When users interact with the plugins, e.g., by clicking the Like button or posting a comment, the respective information is sent directly from the user’s browser to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook obtains and stores their IP address. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and scope of data collection and further processing and use of the data by Facebook, as well as the related rights and privacy settings available to users, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about them through this website and link it to their Facebook data, they must log out of Facebook before visiting this website. Further settings and objections regarding the use of data for advertising purposes are possible within the Facebook profile settings.

Google+ +1 Button

This website uses the “+1” button of the social network Google Plus, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). The button can be recognized by the “+1” symbol on a white or colored background.

When a user visits a webpage containing such a button, the browser establishes a direct connection to Google servers. The content of the “+1” button is transmitted directly from Google to the browser and integrated into the webpage. The provider has no influence on the scope of data collected by Google through this button. According to Google, no personal data is collected without clicking the button. Data, including IP address, is only collected and processed for logged-in members.

The purpose and scope of data collection, further processing and use of the data by Google, and your rights and privacy settings regarding this, can be found in Google’s privacy information on the “+1” button: http://www.google.com/intl/en/+/policy/+1button.html and in the FAQ: http://www.google.com/intl/en/+1/button/.

Use of YouTube

We use the function to embed YouTube videos from YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA; “YouTube”) on our website.

YouTube is a company affiliated with Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

The function displays videos stored on YouTube in an iframe on the website. The “enhanced privacy mode” is activated. This means that YouTube does not store information about visitors to the website until they play a video.

More information about data collection and use by YouTube and Google, as well as your rights and privacy protection options, can be found in YouTube’s privacy policy (https://www.youtube.com/t/privacy).

Data Retention Period

After full contract processing, the data is initially stored for the duration of the warranty period, then stored according to statutory, especially tax and commercial retention periods, and deleted after these periods expire, unless you have consented to further processing and use.

Rights of the Data Subject

Under the legal requirements, you have the following rights under Articles 15 to 20 GDPR: right to access, rectification, deletion, restriction of processing, and data portability.

In addition, you have the right under Article 21 (1) GDPR to object to processing based on Art. 6 (1) lit. f GDPR, as well as to processing for direct marketing purposes.

Please contact us if desired. Our contact details can be found in the imprint.

Right to Complain to the Supervisory Authority

Under Article 77 GDPR, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful.