Privacy Policy
1. Information about the collection of personal data and contact details of the controller
2. Data collection when visiting our website
3. Contacting us
4. Cookies
5. Data processing for order processing
6. Data processing when opening a customer account and for contract processing
7. Use of your data for direct marketing
8. Use of social media: Social plugins
9. Use of social media: Video
10. Online marketing
11. Web analytics services
12. Retargeting / Remarketing / Recommendation advertising
13. Tools and other services
14. Rights of the data subject
15. Duration of storage of personal data
1. Information about the collection of personal data and contact details of the controller
1.1. Thank you for visiting our website. Below we would like to inform you about the handling of your personal data when using our website. Personal data is fundamentally all data with which you can be personally identified.
1.2. The controller for the processing of data on our website within the meaning of the General Data Protection Regulation (GDPR) is:
MyMineralMix GmbH
Harrasser Str. 6
83209 Prien
Germany
Tel.: 08051-96550
Email: kontakt@mymineralmix.de
1.2.0.0.1. The controller has appointed a data protection officer, whom you can contact at the following contact details:
MyMineralMix GmbH
Attn: Data Protection Officer
Harrasser Str. 6
83209 Prien
Germany
Tel: 08051-96550
Email: kontakt@mymineralmix.de
1.3. To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL or TLS) via HTTPS.
2. Data collection when visiting our website
Each time our website is accessed, our system automatically collects data and information that your browser transmits to our server (so-called "server log files"). The following data, which is technically necessary for us, is collected:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Operating system used
- Browser used
- IP address used (if applicable: in anonymized form)
The legal basis for the processing is Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and maintaining the functionality of our website. The data is not passed on or otherwise used. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
We reserve the right to check the server log files subsequently if there are concrete indications of illegal use. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of collecting data to provide the website, this is the case when the respective session has ended.
In the case of storing data in log files, this is the case after no later than seven days. Further storage is possible. In this case, the users' IP addresses are deleted or alienated so that an assignment of the calling client is no longer possible. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
3. Contacting us
If you contact us using a contact form, the data entered in the input mask will be transmitted to us and stored. The data collected can be seen from the respective input mask. When contacting us by email, only the data you enter there will be transmitted to us.
The data is used exclusively for processing the conversation and your request. The legal basis for the processing of the data is, if the user has given consent, Art. 6 (1) (a) GDPR. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 (1) (f) GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected and provided that no statutory retention obligations oppose this. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified. The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
3.1. WhatsApp Business
Visitors to our website have the possibility to communicate with us via WhatsApp (a service of Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA).
We use the so-called "Business Version" of WhatsApp for this purpose. If you contact us via WhatsApp in the context of a specific contract, we store and use the mobile phone number you use on WhatsApp and - if published and/or transmitted - your first and last name (Art. 6 (1) (b) GDPR) for the purpose of processing your request.
If necessary, you will be asked to provide further data if this is required to process your request (Art. 6 (1) (b) GDPR).
If the contact via WhatsApp Business is used for general inquiries that do not relate to a specific contract, we store and use the mobile phone number you use on WhatsApp and - if published and/or provided - your first and last name (pursuant to Art. 6 (1) (f) GDPR) for the purpose of processing your request.
Our legitimate interest lies in the prompt response to the questions of our customers or interested parties.
The data is not passed on to third parties.
WhatsApp Business gains access to the address book of the mobile device used for this purpose. Telephone numbers stored there are automatically transmitted to a server of Facebook in the USA.
The mobile device we use for WhatsApp Business only contains the WhatsApp contact details of those users who have already contacted us via WhatsApp.
For data transfers from the European Economic Area to the USA, WhatsApp relies on the standard contractual clauses of the EU Commission. Further details on the handling of data by WhatsApp can be found in WhatsApp's privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
4. Cookies
Our website uses cookies.
Cookies are text files that are stored on the user's end device. When a user calls up a website, a cookie can be stored on the user's operating system.
Some functions of our website cannot be offered without the use of cookies. For this, it is necessary that the browser is recognized even after a page change. The user data collected by technically necessary cookies is not used to create user profiles. The aforementioned purposes also constitute our legitimate interest in processing the personal data in accordance with Art. 6 (1) (f) GDPR.
Furthermore, our website may use cookies that enable an analysis of the user's surfing behavior (so-called third-party cookies). Further information on the scope, purpose, legal basis and objection options can be found in the respective sections of the respective chapter of this privacy policy.
As a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable, restrict or delete the transmission of cookies. If you disable cookies for our website, it may no longer be possible to use all functions of the website to their full extent.
The transmission of Flash cookies can be prevented by changing the settings of the Flash Player.
Help for the settings can be found in the respective help menu of your browser or under the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Some of the cookies used here are deleted again after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
5. Data processing for order processing
5.1. If you wish to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. We process the data you provide to process your order.
In some cases, we work with external service providers to process your order. For this purpose, we must pass on the necessary personal data.
If we commission transport companies with the delivery of your goods, we will pass on your data required for the delivery of the goods to the respective transport company. For the processing of payments, we pass on your data to the commissioned credit institution as required. If we use payment service providers, you will also be informed about this below.
The legal basis for the transfer of your data is Art. 6 (1) (b) GDPR.
5.2. External service providers for order processing and order fulfillment
- DHL Fulfilment
Order processing is carried out by DHL Home Delivery GmbH, Sträßchensweg 10, 53113 Bonn within the framework of the "Shipping by DHL Fulfilment" option.
We pass on your personal data to DHL Fulfilment exclusively for the purpose of processing your order and only to the extent necessary in accordance with Art. 6 (1) (b) GDPR.
- Lexoffice
Order processing is carried out by the service provider "lexoffice" (Haufe-Lexware GmbH & Co. KG in Freiburg i. Breisgau).
We pass on your name, your address and, if applicable, further personal data in accordance with Art. 6 (1) (b) GDPR exclusively for the purpose of processing your order and only to the extent necessary to lexoffice.
Details on data protection at lexoffice and the privacy policy of Haufe-Lexware GmbH & Co. KG can be found at the following link: https://www.lexoffice.de/datenschutz/
5.3. Passing on your personal data to shipping service providers
- DHL
If the goods are delivered to you by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will pass on your data required for delivery and to the extent necessary in accordance with Art. 6 (1) (b) GDPR only the name of the recipient and the delivery address to DHL.
Only if you have given your express consent during the ordering process will we pass on your email address to DHL in accordance with Art. 6 (1) (a) GDPR prior to delivery of the goods for the purpose of coordinating a delivery date or for delivery notification. Your consent can be revoked at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the transport service provider DHL.
5.4. Use of payment service providers
5.5. bancontact
When paying via "bancontact" via the PayPal Checkout, the payment is processed by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal").
Further information on PayPal Checkout can be found in the corresponding section below.
5.6. blik
When paying via "blik" via the PayPal Checkout, the payment is processed by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal").
Further information on PayPal Checkout can be found in the corresponding section below.
5.7. mybank
When paying via "mybank" via the PayPal Checkout, the payment is processed by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal").
Further information on PayPal Checkout can be found in the corresponding section below.
- PayPal
If you select the payment method PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "Purchase on account" or "Installment payment" via PayPal, the payment is processed by PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
We pass on your personal data to PayPal in accordance with Art. 6 (1) (b) GDPR as necessary. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "Purchase on account" or "Installment payment" via PayPal.
For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of default for the purpose of deciding on the provision of the respective payment method.
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
Which other data is collected by PayPal results from the respective privacy policy of PayPal. This can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
5.8. PayPal Checkout
We use PayPal Checkout (PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal")) on this website.
PayPal Checkout is an online payment solution from PayPal that handles both PayPal payment methods and local payment methods from third parties.
If you select (if offered) the payment methods PayPal, credit card via PayPal, direct debit via PayPal or "Pay Later" via PayPal, we will pass on your necessary payment data to PayPal for the purpose of payment processing. The transfer is permissible in accordance with Art. 6 (1) (b) GDPR.
For the payment methods credit card via PayPal, direct debit via PayPal or "Pay Later" via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, PayPal may pass on your necessary payment data to credit agencies. The processing is based on the legal basis of Art. 6 (1) (f) GDPR. PayPal has a legitimate interest in determining your solvency. You can object to this processing of your data at any time by sending a message to PayPal, although PayPal may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
'
If you select the PayPal invoice payment method, we will transmit your payment data to PayPal in accordance with Art. 6 (1) (b) GDPR. PayPal then forwards your data to the Ratepay GmbH, Ritterstr. 12-14, 10969 Berlin to carry out the payment. Ratepay then carries out an identity and credit check in its own name. The legal basis for this is Art. 6 (1) (f) GDPR, the legitimate interest in determining solvency. For this purpose, Ratepay passes on your payment data to credit agencies in accordance with Art. 6 (1) (f) GDPR.
Ratepay can access the following credit agencies: https://www.ratepay.com/legal-payment-creditagencies/
If you select the payment method of a local third-party provider, we will first pass on your payment data to PayPal in accordance with Art. 6 (1) (b) GDPR. PayPal then forwards your payment data to the provider you have selected to carry out the payment (Art. 6 (1) (b) GDPR):
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main)
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2,1200 Vienna, Austria)
- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
Further information can be found in PayPal's privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- SOFORT
If you select the payment method "SOFORT", the payment is processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT").
We pass on your personal data together with information about your order to SOFORT in accordance with Art. 6 (1) (b) GDPR exclusively for the purpose of payment processing and only to the extent necessary.
Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden).
The privacy policy of SOFORT can be viewed here: https://www.klarna.com/sofort/datenschutz
- SOFORT
When paying by "SOFORT" via the PayPal Checkout, the payment is processed by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal").
For this purpose, PayPal uses the service of SOFORT GmbH, Theresienhöhe 12, 80339 Munich (hereinafter "SOFORT").
Further information on data protection for PayPal Checkout can be found in the corresponding section below.
6. Data processing when opening a customer account and for contract processing
If you open a customer account with us, personal data is collected and processed in accordance with Art. 6 (1) (b) GDPR. The scope of the data can be seen from the input form. The data you enter will be stored and used by us for contract processing.
You can delete your customer account at any time. This can be done by sending a message to the address of the controller or, if offered, directly in the customer account. In this case, we will also block your data with regard to tax and commercial law retention periods and delete it after these periods have expired. Only your consent to permanent storage or a legally permitted further use of data on our part can oppose this.
7. Use of your data for direct marketing
7.1. Newsletter
On our website, you have the option of subscribing to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. The only mandatory information is your email address. If you make further voluntary entries, these will only be used for personal contact.
The legal basis for the processing of your data after registration for the newsletter is, if the user has given consent, Art. 6 (1) (a) GDPR. We obtain this by sending you a confirmation email after registering for the newsletter, which contains a confirmation link. When you click on this link, you simultaneously give your consent to receive the newsletter.
When you submit your registration for the newsletter, we also store your IP address and the date and time of registration. This storage serves to be able to trace any possible misuse of your email address.
We use the data collected during newsletter registration exclusively for the purpose of sending the newsletter.
You can cancel your subscription to the newsletter at any time. For this purpose, you will find a corresponding link in every newsletter. This also enables you to revoke your consent to the storage of the personal data collected during the registration process.
7.2. Newsletter for existing customers
If you purchase goods or services on our website and provide your email address, this may subsequently be used by us to send a newsletter. In such a case, the newsletter will only send direct advertising for our own similar goods or services.
The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG and Art. 6 (1) (f) GDPR. The data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising.
If you have already objected to the use of your email address for direct advertising purposes, you will not receive this newsletter. However, you also have the option of objecting to the use of your email address for the advertising purpose mentioned here at any time with effect for the future by notifying us. Upon receipt of your objection, the use of your email address for advertising purposes will cease immediately.
7.3. Advertising by post
If you have provided your first and last name, your postal address and, if applicable, further personal data as part of an order with us, we reserve the right to store this data in order to safeguard our legitimate interest in personalized direct advertising in accordance with Art. 6 (1) (f) GDPR and to send you our offers by post.
You can object to the storage and use of your data for this purpose at any time by sending a corresponding message to the controller.
7.4. WhatsApp Newsletter
If you have subscribed to our WhatsApp newsletter, you will also receive it via WhatsApp.
To register, we only need your mobile phone number. To subscribe to the newsletter,
save the mobile phone number we provide in your contacts in your mobile device and send the message "Start" to this number via WhatsApp. By doing so, you simultaneously give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR to send our WhatsApp newsletter.
You can unsubscribe from the newsletter at any time by sending a "Stop" message via WhatsApp. After that, we will delete your mobile phone number from our distribution list, unless you have expressly consented to further use of your data or we are required to retain your data due to legal regulations.
8. Use of social media: Social plugins
8.1. Facebook as a standard plugin
We use social plugins ("plugins") from the social network Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) (hereinafter "Facebook") on our website.
You can usually recognize the plugins by the Facebook logo, usually a white "f" on a blue background. Other designs of the Facebook plugin can be viewed here:
https://developers.facebook.com/docs/plugins
When you call up one of our web pages into which such a plugin is integrated, your browser establishes a direct connection to Facebook's servers and transmits the content of the plugin directly to your browser, even if you do not have a Facebook profile or are not currently logged into Facebook. This information (including your IP address) can be transmitted by your browser directly to a Facebook server in the USA and stored there.
If you are logged into Facebook at the relevant time, Facebook can immediately assign your visit to our website to your Facebook profile. If you interact with a plugin (e.g., click the "Like" button or comment on something), this information is also transmitted directly to a Facebook server and stored there. The actions may be published on your Facebook profile and displayed to your Facebook friends.
Our legitimate interest lies in displaying personalized advertising and exploiting the full financial potential of our website. The legal basis is Art. 6 (1) (f) GDPR.
Facebook's legitimate interest lies in displaying personalized advertising and tailoring the service to requirements. The legal basis is Art. 6 (1) (f) GDPR.
If you do not want the data collected via our website to be assigned to your Facebook profile, you must log out of Facebook before visiting our website. You can also prevent the loading of Facebook plugins with add-ons for your browser, e.g., with the script blocker "NoScript" (http://noscript.net/).
Meta Platforms, Inc. based in the USA is certified for the US-European data protection agreement "EU-U.S. Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU.
Further information can be found in Facebook's privacy policy: http://www.facebook.com/policy.php https://www.facebook.com/legal/EU_data_transfer_addendum
8.2. Google+ as a standard plugin
We use the "Google+" plugin of the social network Google+ (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) (hereinafter "Google+") on our website.
You can recognize the plugin by the "+1" on a white or colored background. Other possible designs can be viewed here: https://developers.google.com/+/plugins.
If you are logged into Google+ at the relevant time, Google+ can immediately assign your visit to our website to your Google+ profile. If you interact with a plugin, this information is also transmitted directly to a Google+ server and stored there. A transfer of data to the USA is possible.
Our legitimate interest lies in displaying personalized advertising and exploiting the full financial potential of our website. The legal basis is Art. 6 (1) (f) GDPR.
Google+'s legitimate interest lies in displaying personalized advertising and tailoring the service to requirements. The legal basis is Art. 6 (1) (f) GDPR.
If you do not want the data collected via our website to be assigned to your Google+ profile, you must log out of Google+ before visiting our website. You can also prevent the loading of Google+ plugins with add-ons for your browser, e.g., with the script blocker "NoScript" (http://noscript.net/).
Google LLC based in the USA is certified for the US-European data protection agreement "EU-U.S. Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU.
Further information can be found in Google+'s privacy policy:
https://www.google.de/intl/de/policies/privacy/
8.3. Instagram as a standard plugin
We use social plugins ("plugins") from the social network Instagram (operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) (hereinafter "Instagram") on our website.
You can usually recognize the plugins by the "Instagram camera". Other designs of the Instagram plugin can be viewed here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
When you call up one of our web pages into which such a plugin is integrated, your browser establishes a direct connection to Instagram's servers and transmits the content of the plugin directly to your browser, even if you do not have an Instagram profile or are not currently logged into Instagram. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there.
If you are logged into Instagram at the relevant time, Instagram can immediately assign your visit to our website to your Instagram profile. If you interact with a plugin (e.g., click the "Instagram" button or comment on something), this information is also transmitted directly to an Instagram server and stored there. The actions may be published on your Instagram profile and displayed to your Instagram friends.
Our legitimate interest lies in displaying personalized advertising and exploiting the full financial potential of our website. The legal basis is Art. 6 (1) (f) GDPR.
If you do not want the data collected via our website to be assigned to your Instagram profile, you must log out of Instagram before visiting our website. You can also prevent the loading of Instagram plugins with add-ons for your browser, e.g., with the script blocker "NoScript" (http://noscript.net/).
Meta Platforms, Inc. based in the USA is certified for the US-European data protection agreement "EU-U.S. Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU.
Further information can be found in Instagram's privacy policy: https://instagram.com/about/legal/privacy/
8.4. LinkedIn Plugin as a Shariff solution
We use social plugins ("plugins") from the online service LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA) (hereinafter "LinkedIn") on our website.
To increase the protection of your data when visiting our website, the plugin buttons are only integrated into the page using an HTML link (so-called Shariff solution). This ensures that when you call up our website with a LinkedIn button, a connection to LinkedIn's servers is only established when you click the button and interact with the plugin, which then opens in a new browser window. You may also need to log in separately.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://de.linkedin.com/legal/l/dpa
LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy
8.5. Pinterest plugins with 2-click solution
We use social plugins ("plugins") from the social network Pinterest (Pinterest Inc., 808 Brannan Street, San Francisco, CA, 94103, USA) (hereinafter "Pinterest") on our website.
To increase the protection of your data when visiting our website, the plugins are integrated into our website using a so-called "2-click solution". This ensures that when you call up a page of our website that contains these plugins, no connection is yet established to Pinterest's servers and thus no data is sent. Only when you click on a plugin and thereby give your consent to the data transfer does your browser establish a direct connection to Pinterest's servers. The content of the respective plugin is then transmitted directly to your browser and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective provider or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a Pinterest server. If you are logged into Pinterest, the providers can immediately assign your visit to our website to your Pinterest profile. If you interact with the plugins, for example by clicking the "Pinterest" button, the corresponding information is also transmitted directly to a Pinterest server and stored there. The information is also published in the social network and displayed there to your contacts.
The processing is based on Art. 6 (1) (a) GDPR through your consent. You can revoke your consent by clicking the activated plugin again and thus deactivating it. Data that has already been transmitted is excluded from this.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea
Pinterest's privacy policy: https://about.pinterest.com/de/privacy-policy
If you do not want Pinterest to immediately assign the data collected via our website to your profile, you must log out of Pinterest before activating the plugin.
8.6. X (formerly Twitter) as a plugin with 2-click solution
We use social plugins ("plugins") from the online service X (X Corp., 1355 Market St, Suite 900, San Francisco, CA 94103, US) (hereinafter "X") on our website.
To increase the protection of your data when visiting our website, the plugins are integrated into our website using a so-called "2-click solution". This ensures that when you call up a page of our website that contains these plugins, no connection is yet established to X's servers and thus no data is sent. Only when you click on a plugin and thereby give your consent to the data transfer does your browser establish a direct connection to X's servers. The content of the respective plugin is then transmitted directly to your browser and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective provider or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a Twitter server. If you are logged into Twitter, the providers can immediately assign your visit to our website to your Twitter profile. If you interact with the plugins, for example by clicking the "Twitter" button, the corresponding information is also transmitted directly to a Twitter server and stored there. The information is also published in the social network and displayed there to your contacts.
The processing is based on Art. 6 (1) (a) GDPR through your consent. You can revoke your consent by clicking the activated plugin again and thus deactivating it. Data that has already been transmitted is excluded from this.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://twitter.com/de/privacy
Twitter's privacy policy: https://twitter.com/privacy
If you do not want X to immediately assign the data collected via our website to your profile, you must log out of X before activating the plugin.
8.7. Xing plugins
We have integrated the "XING Share Button" on our website.
When you call up our website, your browser briefly establishes a connection to servers of XING SE, Caffamacherreihe 8, 20355 Hamburg (hereinafter "XING"), with which the "XING Share Button" functions (in particular the calculation/display of the counter value) are provided. However, XING does not store any personal data about you when you access this website, in particular no IP addresses. Likewise, no evaluation of your usage behavior takes place through the use of cookies in connection with the "XING Share Button".
Details can be found here:
https://www.xing.com/app/share?op=data_protection
9. Use of social media: Video
Use of YouTube videos
On this website, we use the YouTube embedding function to display and play videos from the provider "YouTube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Here we use the extended data protection mode, which, according to the provider, only initiates the storage of user information when the video(s) is/are played. If you start playing embedded YouTube videos, the provider "YouTube" uses cookies to collect information about your user behavior. According to "YouTube", these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive practices. If you are logged into Google at the time, your data will be directly assigned to your account.
If you do not want the assignment to your profile on YouTube, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.
Such an evaluation is carried out in particular in accordance with Art. 6 (1) (a) GDPR on the basis of your express consent.
You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. Regardless of whether the embedded videos are played, a connection to the Google "DoubleClick" network is established each time this website is accessed, which may trigger further data processing operations without our influence.
Data may also be transmitted to the servers of Google LLC. in the USA. Further information on data protection at "YouTube" can be found in the provider's privacy policy at: https://policies.google.com/privacy?hl=de Settings for personalized advertising are possible at: https://adssettings.google.com/authenticated.
Google LLC based in the USA is certified for the US-European data protection agreement "EU-U.S. Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/
10. Online marketing
10.1. DoubleClick by Google
This website uses the online marketing tool DoubleClick by Google of the operator Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") ("DoubleClick").
DoubleClick by Google uses cookies to display ads that are relevant to you. Your browser is assigned a pseudonymous identification number (ID) to check which ads have been displayed in your browser and which ads have been called up. In this way, we obtain valuable information to make our websites even faster and more customer-friendly. The aforementioned analysis is carried out on the basis of your express consent in accordance with Art. 6 (1) (a) GDPR. The cookies do not contain any personal information. The use of DoubleClick cookies only enables Google and its partner websites to place ads based on previous visits to our or other websites on the Internet.
The information generated by the cookies is transmitted by Google to a server in the USA for evaluation and stored there. A transfer of data by Google to third parties only takes place on the basis of legal regulations or within the framework of order data processing. Under no circumstances will Google combine your data with other data collected by Google. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of our websites to their full extent.
You can also prevent the collection of the data generated by the cookies and related to your use of the websites to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (https://adssettings.google.com/) under the point DoubleClick deactivation extension.
Alternatively, you can deactivate the DoubleClick cookies on the website of the Digital Advertising Alliance at the following link (http://optout.aboutads.info/?c=2#!/).
Google LLC based in the USA is certified for the US-European data protection agreement "EU-U.S. Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU. You can find more information about DoubleClick by Google's privacy policy at the following internet address:
http://www.google.de/policies/privacy/
10.2. Use of Google Ads Conversion Tracking
This website uses the online advertising program "Google Ads" and, as part of Google Ads, conversion tracking by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
We use advertising media (so-called Google Adwords) to advertise our offers on external websites. Our legitimate interest lies in displaying advertising that is of interest to you and in achieving a fair calculation of advertising costs. The legal basis is Art. 6 (1) (a) GDPR, namely your express consent.
Google Ads uses cookies for conversion tracking, which are set when you click on an AdWords ad placed by Google.
These cookies usually lose their validity after 30 days and are not used for personal identification. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across the websites of Ads customers.
The information obtained in this way is used to create conversion statistics for Ads customers about the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag.
You cannot be personally identified with it.
If you wish to prevent tracking, you can disable the Google conversion tracking cookie via your internet browser under user settings.
Google LLC based in the USA is certified for the US-European data protection agreement "EU-U.S. Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU. You can find more information about Google's privacy policy at the following internet address: http://www.google.de/policies/privacy/ You can permanently disable conversion cookies by setting your browser accordingly or by downloading and installing the browser plugin available at the following link: http://www.google.com/settings/ads/plugin?hl=de
In this case, certain functions of this website may not be available or may only be available to a limited extent.
11. Web analytics services
Google Analytics 4
We use Google Analytics 4 on our website, a web analytics service provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) (hereinafter "GA4").
Google Analytics uses "cookies". These are small text files that are stored on your end device and enable an analysis of your use of the website. The information generated about your use of this website (including the shortened IP address) is transmitted to a Google server and stored and processed there, whereby a transfer to the USA is possible. IP addresses are anonymized by default. For IPv4 addresses, the last octet and for IPv6 addresses, the last 80 bits are set to zero in memory and thus "anonymized". Personal reference is excluded. A transfer to servers of Google LLC based in the USA cannot be ruled out.
During your website visit, GA4 records your user behavior in the form of "events", such as: page views, first visit to the website, start of session, your "click path", interaction with the website, scrolls, clicks on external links, internal search queries, interaction with videos, file downloads, viewed/clicked ads, language setting. GA4 also records your approximate location (region), your IP address (in anonymized form), technical information about your browser and the end devices you use (e.g., language setting, screen resolution), your internet provider, the referrer URL (via which website/advertising medium you came to this website).
On our behalf, Google uses this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website and internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
The data collected in this context will be stored for fourteen months.
The legal basis for the data processing described here and the setting of cookies is your express consent in accordance with Art. 6 (1) (a) GDPR. This consent can be revoked at any time with effect for the future, for example by deactivating this Google service via the cookie consent tool in which you have already given your consent.
Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your given consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the "cookie consent tool" provided on the website.
Google LLC based in the USA is certified for the US-European data protection agreement "EU-U.S. Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU.
We have also concluded an order processing agreement with Google.
Further information on data protection with Google Analytics 4 can be found on the following websites:
https://policies.google.com/technologies/partner-sites
and
https://policies.google.com/privacy?hl=de&gl=de
Demographic characteristics
The "demographic characteristics" function of GA4 can create statistics that can be used to make statements about the age, gender and interests of page visitors. For this purpose, advertising and information from third-party providers are analyzed and target groups for certain marketing activities are identified. However, no personal assignment of data takes place. The data will be deleted after fourteen months.
UserIDs
If we use the extended "UserIDs" function, your activities (including conversions) can be analyzed across devices. In this case, the analysis is not pseudonymous.
This is possible if you have given your consent to the use of Google Analytics 4 in accordance with Art. 6 (1) (a) GDPR, you have set up an account on this website and log in to this account on different devices.
Google Signals
If we use the "Google Signals" extension, we can have cross-device reports on your usage behavior created. However, we only receive statistics and no personal data. This analysis is only possible if you have activated personalized ads in your Google account and linked your end devices to a Google account. Likewise, your consent to the use of Google Analytics in accordance with Art. 6 (1) (a) GDPR must exist. Cross-device analysis can be prevented by deactivating the "personalized advertising" function in your Google account.
Further information on Google Signals can be found here: https://support.google.com/analytics/answer/7532985?hl=de
12. Retargeting / Remarketing / Recommendation advertising
12.1. Microsoft Advertising (formerly Bing Ads)
This website uses the conversion tracking technology "Microsoft Advertising" from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA).
If you have reached our website via a Microsoft Advertising ad, Microsoft Advertising sets a cookie on your end device. The information obtained using the conversion cookie is used to create conversion statistics. We thereby learn the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not receive any information with which users can be personally identified.
These cookies lose their validity after 180 days.
If a user visits a website and the cookie has not yet expired, Microsoft Advertising and we can recognize that the user clicked on the ad and was redirected to this page (conversion page).
If personal data is processed, this is done in accordance with Art. 6 (1) (a) GDPR on the basis of your express consent.
You can object to tracking by deactivating the Microsoft Advertising conversion tracking cookie via your internet browser under user settings.
Alternatively, you can use the deactivation page for consumers from the EU http://www.youronlinechoices.com/uk/your-ad-choices/ to check whether advertising cookies from Microsoft are set in your browser and deactivate them.
Microsoft Corporation is certified for the US-European data protection agreement "EU-U.S. Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU. Further information on data protection: https://privacy.microsoft.com/de-de/privacystatement
12.2. Meta Custom Audience via the Pixel method
On this website, we use the "Meta Pixel" from Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta").
If there is express consent, this can be used to track the behavior of users after they have seen or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimize future advertising measures. The data collected is anonymous for us, so we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/).
You can enable Meta and its partners to place ads on and off Facebook. For these purposes, a cookie may be stored on your end device. These processing operations are carried out exclusively upon granting express consent in accordance with Art. 6 (1) (a) GDPR. Consent to the use of the Meta Pixel may only be declared by users who are older than 13 years. If you are younger, we ask you to ask your legal guardians for permission. You can disable the use of cookies on your computer by adjusting your browser settings. However, this may mean that some functions on our websites can no longer be used to their full extent. You can also disable the use of cookies by third parties such as Meta on the following website of the Digital Advertising Alliance: http://www.aboutads.info/choices/
Meta Platforms Inc. is certified for the US-European data protection agreement "EU-U.S. Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU.
Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.
12.3. Google AdWords Remarketing
Our website uses the functions of Google Ads (formerly "Google AdWords") Remarketing, whereby we advertise for this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google"). For this purpose, Google sets a cookie in the browser of your end device, which automatically enables interest-based advertising using a pseudonymous cookie ID and on the basis of the pages you visit and usually loses its validity after 30 days. The processing is based on our legitimate interest in the optimal marketing of our website and the exploitation of the financial potential of our website. The legal basis is Art. 6 (1) (a) GDPR, namely your express consent.
Further data processing only takes place if you have agreed with Google that your internet and app browser history will be linked to your Google account and that information from your Google account will be used to personalize ads that you view on the web. If you are logged into Google during your visit to our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked by Google with Google Analytics data to form target groups.
You can permanently disable the setting of cookies for ad preferences by downloading and installing the browser plugin available at the following link: https://www.google.com/settings/ads/onweb/
Alternatively, you can obtain information about the setting of cookies and make settings from the Digital Advertising Alliance at the internet address www.aboutads.info. Finally, you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be limited.
Google LLC based in the USA is certified for the US-European data protection agreement "EU-U.S. Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU. You can find more information about Google's privacy policy at the following internet address: http://www.google.de/policies/privacy/
12.4. Facebook Custom Audience via the Pixel method
On this website, we use the "Facebook Conversion API" from Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook").
If there is express consent, your data can be transmitted to Facebook via user behavior for evaluation. This allows users to be shown advertising based on their user behavior.
Data used are:
Email address, telephone number, gender, date of birth, first and last name, city, state and country, zip code, user IDs, IP addresses, client user agent (the browser and operating system you use), click IDs, browser ID, product IDs, advertising ID, Facebook login ID
The data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/).
You can disable the use of cookies on your computer by adjusting your browser settings. However, this may mean that some functions on our websites can no longer be used to their full extent. You can also disable the use of cookies by third parties such as Facebook on the following website of the Digital Advertising Alliance: http://www.aboutads.info/choices/
Meta Platforms Inc. based in the USA is certified for the US-European data protection agreement "EU-U.S. Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU.
13. Tools and other services
13.1. Health data
If you provide us with health data, we process it strictly for the intended purpose and only within the framework of the applicable legal data protection requirements. We do not pass on your data to third parties, unless it is an order for prescription medicines - in this case, we forward the health data you have provided to your health insurance company for billing purposes.
We only collect your health data for the purpose of contract performance after your express consent (Art. 6 (1) (a) and Art. 7 (2) (a) GDPR). You can revoke this consent at any time with effect for the future vis-à-vis the controller responsible for processing your data.
Health data is personal data that allows direct or indirect conclusions to be drawn about the physical and/or mental health status of a person.
13.2. Google reCAPTCHA
We use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in avoiding misuse and spam.
reCAPTCHA is a function that is intended to ensure that an input is made by a natural person.
The service sends your IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google.
When using Google reCAPTCHA, your personal data may also be transmitted to the servers of Google LLC. in the USA.
Google LLC based in the USA is certified for the US-European data protection agreement "EU-U.S. Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU. You can find more information about Google's privacy policy at the following internet address: http://www.google.de/policies/privacy/
13.3. Google Web Fonts
We use so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") for the uniform display of fonts.
As soon as you call up our website, your browser loads the required web fonts into its cache.
For this purpose, your browser must establish a connection to Google's servers, which means that Google learns your IP address. In this case, your personal data may also be transmitted to the servers of Google LLC. in the USA.
The legal basis is Art. 6 (1) (a) GDPR, namely your express consent.
If your browser does not support web fonts or you refuse their use, a standard font will be used by your computer.
Details on Google Web Fonts can be found here:
https://developers.google.com/fonts/faq
Google LLC based in the USA is certified for the US-European data protection agreement "EU-U.S. Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU. You can find more information about Google's privacy policy at the following internet address: http://www.google.de/policies/privacy/
13.4. Google Tag Manager
We use the Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
With the help of the Google Tag Manager, we can integrate tracking or statistical tools and other technologies on our website via tags. Tags are code sections that record specific activities on the website. The tags usually come from other Google programs, but can also be integrated by other companies. The tags can, for example, collect browser data, integrate buttons or set cookies.
However, the Google Tag Manager itself does not create user profiles, store cookies or carry out independent analyses, but only manages and delivers the tools integrated via it.
Your IP address is recorded by the Google Tag Manager and may also be transmitted to Google's parent company in the United States.
The legal basis for the use of the Google Tag Manager is Art. 6 (1) (a) GDPR, namely your consent.
Google LLC based in the USA is certified for the US-European data protection agreement "EU-U.S. Data Privacy Framework", which ensures compliance with the data protection level applicable in the EU. You can find more information about Google's privacy policy at the following internet address: http://www.google.de/policies/privacy/
14. Rights of the data subject
14.1. The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
- Right of access pursuant to Art. 15 GDPR:
You can request confirmation from the controller as to whether personal data concerning you is being processed by the controller. Furthermore, you have the right to information about the purpose, the categories of personal data, the recipients, the planned duration of storage and the existence of further rights such as correction of the data or the existence of a right of appeal to a supervisory authority, the origin of your data if it was not collected by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and the intended effects of such processing, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR that exist in the event of your data being transferred to third countries;
- Right to rectification pursuant to Art. 16 GDPR:
You have the right to immediate rectification of inaccurate data concerning you and/or completion of your incomplete data stored by us; the rectification or completion must be carried out immediately.
- Right to restriction of processing pursuant to Art. 18 GDPR:
You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being verified, if you refuse the deletion of your data due to inadmissible data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved, or if you have lodged an objection for reasons relating to your particular situation as long as it has not yet been determined whether our legitimate reasons prevail;
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction of processing has been restricted, you will be informed by the controller before the restriction is lifted.
- Right to erasure pursuant to Art. 17 GDPR:
You have the right to the immediate erasure of your personal data if the requirements of Art. 17 (1) GDPR are met. However, this right to erasure does not apply in particular - not exhaustively - if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
- Right to information pursuant to Art. 19 GDPR:
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
- Right to data portability pursuant to Art. 20 GDPR:
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller, insofar as this is technically feasible;
- Right to withdraw consent pursuant to Art. 7 (3) GDPR:
You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint pursuant to Art. 77 GDPR:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
14.2. Right to object
You have the right to object to the processing of your data at any time with effect for the future if we process your data on the basis of our overriding legitimate interest after weighing up the interests.
If you make use of this right to object, we will cease processing your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.
15. Duration of storage of personal data
The duration of the storage of personal data is based on the respective legal retention periods. After these periods have expired, we routinely delete the data if it is no longer required for the fulfillment or initiation of the contract and/or if there is no legitimate interest on our part in continuing to store it.