Privacy policy

Introduction

 

We are pleased that you are visiting our website and thank you for your interest. The protection of your personal data is our highest priority. We handle your data responsibly and comply with applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR).

 

With this privacy policy, we would like to inform you about which personal data we collect when you use our website, the purposes for which we use this data, and what rights you have with regard to your data. Our goal is to provide you with complete transparency about how we handle your data and to ensure you have a secure online experience.

 

Person responsible

 

The controller within the meaning of the General Data Protection Regulation (GDPR) is the person or body that decides on the purposes and means of processing your personal data.

 

We, as the website operator, are responsible for data processing on this website.

 

VITORI Health GmbH

Lohstraße 2, 07381 Pößneck

Germany

E-mail:dsgvo@vitori.de

Phone: +49 3647 5289688

Data Protection Officer: Karl Pusch DPO Consult GmbH

Responsible data protection authority: TLfDI Thuringia

 

If you have any questions about the processing of your personal data or your rights as a data subject, please feel free to contact us at any time. We will be happy to assist you.

 

Contact details of the data protection officer

 

We take the protection of your personal data very seriously. Therefore, we have appointed a data protection officer to assist us in ensuring compliance with data protection regulations.

 

You can contact our data protection officer directly if you have any questions or concerns about the processing of your personal data or to exercise your rights:

 

DPO Consult GmbH

Karl Pusch (CEO)

Joanneumring 18

8010 Graz

Austria

Telephone: AT: 0800224488 DE: 08002244880

E-mail: dpo@dpo.at

Register court: GRAZ

 

Our data protection officer is available to you at any time as a contact person for data protection-related issues.

 

Competent data protection authority

 

In case of data protection complaints or questions, you have the right to contact the responsible data protection authority. The responsible authority for our company is:

 

The Thuringian State Commissioner for Data Protection and Freedom of Information (TLfDI)

Häßlerstraße 8

99096 Erfurt

Germany

phone: +49 361 573112900

e-mail: poststelle@datenschutz.thueringen.de

Website: www.tlfdi.de

 

Alternatively, you can also contact the data protection authority of the Member State in which you have your habitual residence, your place of work or the place where the alleged data protection infringement occurred.

However, we recommend that you contact us directly if you have any questions or concerns so that we can find a quick and straightforward solution. You can find our contact details in our privacy policy.

 

Processing purposes

 

When you use our website, we process your personal data exclusively for specific, clearly defined purposes. In doing so, we strictly adhere to the requirements of the EU General Data Protection Regulation (GDPR) and other applicable data protection regulations.

 

We only process your data if it is necessary to provide you with our services, respond to your inquiries, operate our website technically and functionally, or fulfill our legal obligations. Furthermore, your data may be processed to improve our online offering, show you personalized content, or implement security measures.

 

Below we will inform you in detail about the purposes for which we process your personal data and the legal basis on which we do so.

 

Joint data processing pursuant to Article 26 GDPR

 

The websites https://arktisquelle.de/, https://www.vitori.de/ and https://www.holistic-heroes.de/ are processed under a joint controllership agreement in accordance with Article 26 GDPR This joint controllership concerns the processing of personal data for specific purposes related to the parties' respective business activities. Below you will find an overview of the data processing principles and responsibilities:

Purpose of joint processing

  1. Vitori Health GmbH: Responsible for data processing in connection with the sale and use of crystal mats.
  2. Holistic Heroes GmbH: Responsible for data processing in connection with the distribution and use of dietary supplements.
  3. C&R Arctic GmbH: Responsible for data processing in connection with the sale and use of water filtration systems.

Responsibilities

Under the joint controllership agreement:

  1. Each party is independently responsible for ensuring that the data it processes is processed in accordance with the requirements of the GDPR.
  2. All parties work together to ensure transparency regarding data processing procedures for data subjects.

Transparency and communication

The parties undertake to provide the data subjects with clear and comprehensive information on:

  1. The purpose and type of data processing.
  2. The respective responsibilities of each party.

Rights of data subjects

Data subjects may exercise their rights (e.g., access, rectification, erasure, objection) with any of the parties involved. The parties have agreed to process these requests transparently and effectively.

Data transfers

Personal data processed under this agreement will only be transferred to third countries if:

  1. The data subject has expressly consented, or
  2. Appropriate safeguards exist in accordance with the requirements of the GDPR.

Storage periods

Each party will comply with statutory retention periods and ensure that personal data is not stored longer than necessary.

Contact information

For data protection inquiries or to exercise your rights, you can contact one of the following parties:

  1. Vitori Health GmbH
  2. Address: Augenseestraße 19, 07381 Pößneck, Germany
  3. E-mail: info@vitori.de
  4. Holistic Heroes GmbH
  5. Address: Augenseestraße 19, 07381 Pößneck, Germany
  6. E-mail: kontakt@holistic-heroes.de
  7. C&R Arctic GmbH
  8. Address: Gerhart-Hauptmann-Straße 2, 46483 Wesel, Germany
  9. E-mail: t.cattarius@arktisquelle.de

 

Objection to advertising emails

 

We expressly point out that we will not use your personal data for advertising purposes without your express consent. However, if you receive unsolicited advertising emails from us in the future, you can object to the use of your email address for advertising purposes at any time.

To exercise your right of objection, you can send us an informal message, e.g., by email to:

[Insert email address]

Alternatively, you can use the unsubscribe link at the end of each promotional email.

Your objection will result in us no longer sending you any further promotional emails and blocking your contact details for this purpose. The legality of the data processing carried out up to the time of the objection remains unaffected.

We are of course at your disposal for any questions or further information.

 

Data processing on the website

 

When you use our website, we process personal data that is collected automatically or generated through your interaction with the website. This data processing includes, in particular:

  1. Server log files:
  2. When you visit our website, certain information is automatically collected and transmitted by your browser to our server. This includes:
  3. IP address (shortened if possible)
  4. Date and time of access
  5. Visited pages
  6. Referrer URL (the page from which you came to our website)
  7. Browser type and version
  8. Operating system and device information
  9. Purpose of processing: Ensuring technical functionality, guaranteeing IT security and optimizing our online offering.
  10. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the security and functionality of our website).
  11. Cookies and tracking technologies:
  12. We use cookies and similar technologies on our website to improve user experience, personalize content, and perform statistical analysis. Detailed information can be found in our Cookie Policy.
  13. Legal basis: Your consent in accordance with Art. 6 (1) (a) GDPR (for cookies that require consent) or Art. 6 (1) (f) GDPR (for technically necessary cookies).
  14. Contact forms and other input masks:
  15. If you use our contact form or other input masks on the website, we process the data you enter (e.g. name, email address, message).
  16. Purpose of processing: Processing your request and communicating with you if necessary.
  17. Legal basis: Art. 6 (1) (b) GDPR (for the implementation of pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest in processing inquiries).

 

Amazon CloudFront

 

a. Type and purpose of processing

 

Amazon CloudFront is a content delivery network (CDN) used to efficiently deliver content to users worldwide. It uses cookies and similar technologies to optimize content delivery speed, enhance security, and analyze performance.

 

b. Legal basis for processing

 

The processing is based on legitimate interests pursuant to Article 6 (1) (f) GDPR in order to ensure and improve the functionality and performance of our website.

 

c. Data categories

 

The data categories processed include technical data such as IP addresses, access times, browser types, operating system information, URL of the requested content and other protocol data.

 

d. Recipient

 

The recipient of the data is Amazon Web Services, the provider of the Amazon CloudFront service.

 

e. Storage periods

 

The data will only be stored for as long as necessary to fulfil the purpose of processing and will then be systematically deleted, unless statutory retention periods require longer storage.

 

f. Legal/contractual requirement

 

The provision of data by the user is neither legally nor contractually required.

 

g. Third country transfer

 

An insecure data transfer to the USA occurs because the provider Amazon is based in the USA. This poses the risk that US authorities could potentially gain access to the data.

 

h. Revocation of consent

 

Since the data is processed on the basis of legitimate interests, revocation of consent is not necessary. However, users have the right to object to the processing.

 

i. Automated decision-making and profiling

 

There is no automated decision-making or profiling within the meaning of the GDPR.

 

Amazon Web Services

 

Type and purpose of processing: Amazon Web Services (AWS) is a hosting service provided by Amazon, primarily used to efficiently and securely host and manage our platform's web presence. This technology may, in some cases, also integrate tracking technologies to analyze and optimize the performance and usage of the services provided. This processing is carried out to continuously improve the user experience and optimize technical processes.

 

Legal basis for processing: AWS processes the data on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR. This legitimate interest lies in the need to provide a reliable and secure web hosting service.

 

Data categories: The data processed by AWS may include server log data, such as IP addresses, timestamps, and technical data related to the use of our services.

 

Recipient: The data is passed on to Amazon as the operator of Amazon Web Services, which provides the infrastructure for the hosting services.

 

Storage periods: The specific storage periods depend on the operational needs and security requirements of our technical operations, whereby these lie within the statutory limitation or retention periods.

 

Legal/contractual requirement: The provision of the above-mentioned data is not required by law or contract. However, it is necessary to ensure the ease of use and security of our online offering.

 

Third country transfer: All data transferred to and from Amazon Web Services may be sent to server locations in the USA. Because the data room is considered insecure and an adequate level of protection is not guaranteed, data protection risks may exist.

 

Revocation of consent: Revoking your consent to process your data is not applicable because the processing is based on legitimate interests and not on consent given.

 

Automated decision-making and profiling: When using AWS, no automated decision-making or profiling within the meaning of the GDPR takes place.

 

CCM19

 

a. Type and purpose of processing

 

CCM19 is a consent management tool provided by Papoo Software & Media and classified in the CONSENT_MANAGER category. The purpose of this processing is to manage and document user consents for the use of cookies, web storage, and other tracking technologies on our website. By integrating CCM19, we can ensure that only those cookies are activated to which the user has explicitly consented. This enables us to ensure compliance with data protection regulations and respect the preferences of our users.

 

b. Legal basis for processing

 

The legal basis for the processing of personal data by CCM19 is the legal obligation to obtain and document the consent of users in accordance with the requirements of the General Data Protection Regulation (Art. 6 (1) (c) GDPR).

 

c. Data categories

 

During the use of CCM19, data categories such as cookie consent status, consent timestamps, and the user's IP address are processed.This data is stored in order to maintain complete consent records.

 

d. Recipient

 

The primary recipient of the data managed by CCM19 is our company, which is responsible for administering the consent management solution. Further disclosure to third parties does not normally occur unless there is a legal obligation or the disclosure occurs as part of contract processing.

 

e. Storage periods

 

The data collected with CCM19 will be stored for the period necessary to fulfill the purposes stated above or until the user revokes their consent. The exact retention periods may vary depending on legal requirements.

 

f. Legal/contractual requirement

 

Obtaining consent using CCM19 is a legal requirement. Without CCM19 processing this data, we cannot guarantee that the use of cookies on our website complies with data protection regulations.

 

g. Third country transfer

 

The use of CCM19 may result in data being transferred to unsafe third countries. In such cases, we ensure that appropriate safeguards, such as standard contractual clauses, are in place to ensure the level of data protection.

 

h. Revocation of consent

 

Users have the right to revoke their consent to the use of CCM19 and the associated processing of their data at any time. Such revocation will have future effect and will not affect the legality of the data processed up to the time of revocation.

 

i. Automated decision-making and profiling

 

When using CCM19, no automated decision-making or profiling of the collected data takes place.

 

CloudFlare

 

a. Type and purpose of processing: CloudFlare is a CDN (Content Delivery Network) service used to reduce website loading times and increase website security by delivering content to site visitors faster and more efficiently. For this purpose, data is collected, analyzed, and processed via cookies, local storage tools, and tracking technologies each time the website is accessed.

 

b. Legal basis for processing: CloudFlare processes data based on its legitimate interest pursuant to Art. 6 (1) (f) GDPR. This legitimate interest is to ensure a reliable and secure connection between the website and its users and to optimize loading times.

 

c. Data categories: The data collected includes IP addresses, access data, date and time of the request, referrer URL, amount of data transferred, information about the browser used and the operating system.

 

d. Recipient: The collected data is transmitted to Cloudflare, based in the USA. This may also include subcontracting to other service providers who work for Cloudflare.

 

e. Storage periods: The data is stored only for as long as necessary for the purposes of data processing. Specific retention periods vary depending on the type of data collected and Cloudflare's storage requirements.

 

f. Legal/contractual requirement: The collection and processing of data by CloudFlare is not required by law or contract, but its use is necessary to ensure the functionality and security of the website.

 

g. Third country transfer: Processing takes place in the USA, a third country outside the EU that is considered unsafe from the GDPR perspective. There may not be suitable or adequate safeguards in place to ensure a level of data protection comparable to that in the EU.

 

h. Revocation of consent: Since the processing is based on legitimate interest, no consent is required, and therefore there is no possibility to withdraw such consent with regard to this service.

 

i. Automated decision-making and profiling: When using CloudFlare, no decisions are made exclusively automatically and no profiling is carried out within the meaning of Art. 22 GDPR.

 

DPO Consent Management

 

a. Type and purpose of processing: DPO Consent Management is used to manage user consent for the use of cookies, web storage methods, and tracking technologies on our website. This involves collecting, storing, and organizing consent data to ensure that all necessary consents are obtained in accordance with legal requirements. The primary goal of this processing is to ensure compliance with data protection laws and provide transparency to users.

 

b. Legal basis for processing: The processing of data by DPO Consent Management is based on a legal obligation (Art. 6 (1) (c) GDPR) in order to meet the requirements for obtaining and managing consent under data protection laws.

 

c. Data categories: Categories of data collected include consent IDs, consent timestamps, information about consent or refusal to specific cookies and technologies, and, where applicable, personal identifiers.

 

d. Recipient: The collected data will be processed exclusively by DPO Consult GmbH as the responsible service provider and will not be passed on to other recipients unless there is a legal obligation to do so.

 

e. Storage periods: The data will be stored for as long as necessary to fulfill legal obligations or until the user revokes his consent.

 

f. Legal/contractual requirement: The provision of personal data for this purpose is required by law to ensure compliance with the GDPR with regard to cookie consent.

 

G.Third country transfer: Data may be transferred to unsafe third countries, meaning that the same data protection standards as in the EU cannot always be guaranteed. We take measures to ensure an appropriate level of protection.

 

h. Revocation of consent: Users can revoke their consent at any time with future effect via the corresponding settings on our website.

 

i. Automated decision-making and profiling: No automated decision-making processes or profiling measures take place in connection with the management of consents through DPO Consent Management.

 

DPO Consent Management

 

a. Type and purpose of processing:

 

DPO Consent Management uses cookies, web storage, and tracking technologies to ensure compliance with data protection regulations and manage user consent. These technologies help capture and store users' preferences regarding the processing of their personal data. They also provide transparency so users have control over their consent and can view real-time information about its status.

 

b. Legal basis for processing:

 

The legal basis for processing is the legal obligation (LEGAL_OBLIGATION) in accordance with the requirements of the General Data Protection Regulation (GDPR), in particular the provisions on consent management.

 

c. Data categories:

 

 

 

d. Recipient:

 

Recipients of the processed data are exclusively authorized employees of DPO Consult GmbH and the responsible supervisory authorities, insofar as this is required by law.

 

e. Storage periods:

 

The data will be stored for the duration of the existing consent. Upon revocation of consent or expiration of the statutory retention period, the data will be deleted immediately.

 

f. Legal/contractual requirement:

 

The provision and processing of data via cookies and tracking technologies is legally required to comply with the obligations under GDPR.

 

g. Third country transfer:

 

Insecure data transfers to third countries may occur that may not offer the same level of protection as the European Union. This occurs in compliance with legal requirements and with the application of appropriate data protection measures.

 

h. Revocation of consent:

 

Users can revoke their consent at any time with future effect. This can be done via the settings in the Consent Manager, which will immediately delete the stored consent data.

 

i. Automated decision-making and profiling:

 

No automated decision-making or profiling takes place when using DPO Consent Management.

 

Doubleclick

 

a. Type and purpose of processing

 

DoubleClick uses cookies and similar tracking technologies to measure and optimize the effectiveness of online advertising. It is used to perform targeting to show you relevant ads based on your browsing behavior. The data is also used to compile statistical reports on website usage and to adjust advertising efforts accordingly.

 

b. Legal basis for processing

 

The processing is based on your consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time.

 

c. Data categories

 

The data categories processed by Doubleclick include online identifiers, browser type, access times, previously visited websites, interests and browsing behavior.

 

d. Recipient

 

The data is processed by Google, the provider of DoubleClick, and may be transferred to other Google companies or advertising partners, depending on the terms of use set by Google.

 

e. Storage periods

 

The retention periods for cookies and similar technologies used by DoubleClick vary. Tracking cookies can remain active for up to 540 days unless consent is revoked beforehand.

 

f. Legal/contractual requirement

 

Providing this data is neither legally nor contractually required. However, DoubleClick is only used with your consent.

 

g. Third country transfer

 

Because Google is a company headquartered in the US, data is transferred to a country outside the European Economic Area, which may not necessarily offer a level of data protection comparable to that in the EU. This may be considered an insecure transfer.

 

h. Revocation of consent

 

You have the right to revoke your consent to the processing of your data by DoubleClick at any time. You can revoke your consent by deleting cookies or by adjusting your browser settings.

 

i. Automated decision-making and profiling

 

DoubleClick includes profiling to display personalized ads. However, there is no comprehensive automated decision-making pursuant to Art. 22 GDPR.

 

Google

 

Type and purpose of processing: Google uses cookies, web storage, and similar technologies to collect usage data and analyze user behavior on our website. These technologies enable us to provide personalized advertising, optimize the user experience, analyze traffic, and monitor and improve the performance of our platform.

 

Legal basis for processing: This data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

 

Data categories: The data categories processed include, among others, cookie IDs, IP addresses, location information, information about user behavior and technical information about the device and browser used.

 

Recipient: The collected data will be transferred to Google to fulfill the purposes described. Google may also transfer this data to other third parties if required to do so by law or to fulfill contractual obligations.

 

Storage periods: The retention periods for this data vary depending on the type of data and the specific cookies/technologies used. Generally, this data is retained for as long as necessary to fulfill the purposes described or as required by law.

 

Legal/contractual requirement: Providing this data is neither legally nor contractually required. However, without your consent and the provision of this data, certain functions and services on our website may not be able to be provided optimally.

 

Third country transfer: Because Google is based in the USA, your data will be transferred to a third country that may not offer an adequate level of data protection. This potentially poses increased risks to the protection of your personal data.

 

Revocation of consent: You have the right to withdraw your consent to the use of cookies and similar technologies at any time. You can withdraw your consent via your web browser settings or by changing your cookie settings on our website.

 

Automated decision-making and profiling: The data collected through cookies and similar technologies may be used for profiling, to analyze user preferences, and to provide personalized content. Automated decision-making that has legal or similar significant effects on you does not occur.

 

Google Ads

 

Google Ads is a service provided by Google and is primarily responsible for delivering personalized advertising through cookies, web storage, and tracking technologies. These technologies are used to analyze users' browsing behavior so that advertisements can be better tailored to users' individual interests.

 

a. Type and purpose of processingGoogle Ads uses cookies and other tracking technologies to collect information about the usage behavior of website visitors. This information is used to display personalized ads and measure the effectiveness of advertising campaigns. This includes tracking conversions and adapting ad content based on user interests.

 

b. Legal basis for processingProcessing is based on consent pursuant to Art. 6 (1) (a) GDPR. Users must actively consent to the use of cookies and similar technologies.

 

c.Data categoriesCategories of data collected include, but are not limited to, IP addresses, unique device identifiers, browser type, information about the web pages visited, number of clicks, and other interaction data.

 

d. RecipientThe data is transferred to Google as a data recipient, who uses the data to optimize advertisements. Google may also transfer this data to third parties if required to do so by law or if these third parties process the data on Google's behalf.

 

e. Storage periodsInformation collected through Google Ads is typically stored for a period of 13 months, unless a longer retention period is required by law or necessary to provide certain services.

 

f. Legal/contractual requirementThere is no legal or contractual obligation for data processing by Google Ads. Processing takes place exclusively on the basis of the user's consent.

 

g. Third country transferSince Google is based in the USA, the data is transferred to a third country outside the EU and EEA. Data transfer is considered unsafe because an adequate level of data protection may not exist.

 

h. Revocation of consentUsers have the right to revoke their consent to the use of Google Ads at any time with future effect. This can be done via the website's cookie settings or by using opt-out mechanisms provided by Google.

 

i. Automated decision-making and profilingGoogle Ads uses automated decision-making and profiling to display user-specific advertising. This is done based on analyzed usage data in order to deliver targeted ads.

 

Google Ads Conversion

 

a. Type and purpose of processing

 

Google Ads Conversion is a service provided by Google and falls into the "Unknown" category. The purpose of this processing is to measure the effectiveness and success of advertising campaigns served through Google Ads. This is done by setting cookies and using web storage technologies on your device that allow tracking your interactions and determining whether they have led to a conversion.

 

b. Legal basis for processing

 

The processing is based on your consent in accordance with Art. 6 (1) (a) GDPR. No data will be processed via Google Ads Conversion without your express consent.

 

c. Data categories

 

The categories of data processed include, among others: unique identifiers (z.B. Cookie IDs), device information, IP addresses, information about your interactions with the ads and your request regarding the website visits tracked with your consent.

 

d. Recipient

 

The recipient of the data is Google, which is based in the USA. Google may also transfer data to third parties where required to do so by law or where these third parties process the data on Google's behalf.

 

e.Storage periods

 

The data collected through Google Ads Conversion will be retained for the period necessary to fulfill the purposes for which the information was collected or until you withdraw your consent.

 

f. Legal/contractual requirement

 

There is no legal or contractual obligation to provide your data for Google Ads Conversion. Failure to provide your consent or revoking your consent will have no negative consequences.

 

g. Third country transfer

 

Your data will be transferred to the USA, a country considered unsafe under the GDPR. This means that there may not be adequate legal protection for your personal data. However, Google guarantees that it has implemented appropriate safeguards, such as standard contractual clauses.

 

h. Revocation of consent

 

You have the right to withdraw your consent to the use of Google Ads Conversion at any time with future effect. This can be done via your browser settings, by blocking or deleting cookies, or by using other available opt-out options.

 

i. Automated decision-making and profiling

 

Automated decision-making and profiling take place in connection with Google Ads Conversion. These technologies help create personalized ads based on your interests and improve advertising effectiveness by analyzing user behavior.

 

Google Analytics

 

a. Type and purpose of processing: Google Analytics uses cookies and similar tracking technologies to analyze user behavior on our website. The goal is to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage.

 

b. Legal basis for processing: Google Analytics processes your data based on your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke this consent at any time with future effect.

 

c. Data categories: The categories of data processed include online identifiers (including cookie IDs and IP addresses), device information (such as operating system and browser type), location data and usage data (such as website sections visited and interactions).

 

d. Recipient: The data collected is processed by Google, which is headquartered in the USA. Google may link the collected data with other Google services.

 

e. Storage periods: The cookies set by Google Analytics have a maximum storage period of 14 months. The data is stored anonymously and in aggregate form, making individual users unidentifiable.

 

f.Legal/contractual requirement: The provision and processing of your data is neither legally nor contractually required, but your consent is required to use the full range of analytics services.

 

g. Third country transfer: Since Google is based in the US, your data is transferred to third countries. This data transfer is considered unsafe because there are no adequate safeguards or adequacy decisions in place.

 

h. Revocation of consent: You can revoke your consent to the use of Google Analytics at any time with future effect by adjusting the cookie settings on our website or using a browser add-on to deactivate Google Analytics.

 

i. Automated decision-making and profiling: Google Analytics does not use automated decision-making or profiling in the sense of legally or otherwise significantly impacting users.

 

Google Hosted Libraries

 

Type and purpose of processing: Google Hosted Libraries serves as a content delivery network (CDN) to deliver JavaScript libraries and similar files more efficiently. When you access these libraries through our website, Google may collect information about access to ensure technical functionality and optimize content delivery. This may include the use of cookies and similar technologies to collect data about your interactions with our digital offering.

 

Legal basis for processing: The processing of this data is based on our legitimate interest (Article 6 (1) (f) GDPR) in providing a functioning and efficient website infrastructure.

 

Data categories: The categories of data processed may include IP addresses, device information, usage data (z.B. time of access) and possibly cookie data.

 

Recipient: The data collected may be transmitted to Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, because Google provides the infrastructure for Google Hosted Libraries.

 

Storage periods: Information may only be stored for the period necessary to provide the services. The exact retention period is determined by Google and can be viewed in its privacy policy.

 

Legal/contractual requirement: The provision of the above-mentioned data is neither legally nor contractually required, but is necessary for the functioning and optimization of our website.

 

Third country transfer: A transfer of data to servers in the USA is considered unsafe because an equivalent level of data protection as in the EU may not be guaranteed.

 

Revocation of consent: Since the use of this service is based on our legitimate interest and not on consent, there is no possibility to revoke consent.However, users can control or restrict the use of cookies by selecting the appropriate settings in their browser.

 

Automated decision-making and profiling: There is no automated decision-making or profiling within the meaning of the GDPR in the context of the use of Google Hosted Libraries on our website.

 

Google Tag Manager

 

Type and purpose of processing:

 

Google Tag Manager is a service provided by Google that allows us to manage website tags via an interface. It is a technical tool primarily used to manage tracking tags without collecting or storing personal data itself. Google Tag Manager integrates various script codes on the website and forwards them to appropriate third parties to provide tracking and analysis tools.

 

Legal basis for processing:

 

The use of Google Tag Manager is based on your consent in accordance with Art. 6 (1) (a) GDPR, which you can grant within the framework of our cookie banner.

 

Data categories:

 

Since the Google Tag Manager itself does not collect or store any personal user data, no specific data categories are involved in this context.

 

Recipient:

 

The tags managed by Google Tag Manager may share data with other third-party services, such as analytics or marketing services. These recipients are typically contractual partners under Google's terms and conditions.

 

Storage periods:

 

Google Tag Manager does not store any data. Therefore, the retention periods apply exclusively to the third-party providers addressed via the tags and are subject to their privacy policies.

 

Legal/contractual requirement:

 

Providing consent to processing via Google Tag Manager is not a legal or contractual obligation and is not mandatory for using the website.

 

Third country transfer:

 

Since the provider of Google Tag Manager is based in the USA, data is transferred to an unsafe third country that may not offer the same level of data protection as the EU.

 

Revocation of consent:

 

You can withdraw your consent at any time by adjusting the relevant settings in your browser or by visiting our cookie banner again and changing your settings.

 

Automated decision-making and profiling:

 

When using Google Tag Manager, no automated decision-making or profiling takes place as far as the sole use of this tool is concerned.

 

HubSpot

 

a.Type and purpose of processing: HubSpot is a marketing automation platform that uses various cookies, web storage, and tracking technologies to analyze user behavior on our website and enable targeted marketing efforts. This includes tracking website interactions, collecting usage statistics, and improving the user experience with personalized content.

 

b. Legal basis for processing: The data is processed on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest lies in optimizing our marketing and improving the efficiency of our business activities.

 

c. Data categories: In particular, the IP address, device data, website usage data, interactions with content and, if applicable, demographic data are processed.

 

d. Recipient: The data is processed by HubSpot Inc., based in the USA, and may also be transferred to HubSpot partner companies involved in data processing.

 

e. Storage periods: The retention period for data may vary and depends on the purpose of processing. The information will be retained for as long as necessary to fulfill the purposes described, or until the user objects to the processing.

 

f. Legal/contractual requirement: The provision of this data is not required by law or contract and is not necessary for the conclusion of a contract. The website can also be used without the user's consent to such processing.

 

g. Third country transfer: Since HubSpot is based in the USA, data is transferred to a third country that is considered unsafe. We point out that in such cases, data protection that complies with European standards may not be guaranteed.

 

h. Revocation of consent: We base our use not on consent, but on a legitimate interest. However, users have the right to object to the processing of their personal data at any time for reasons related to their particular situation.

 

i. Automated decision-making and profiling: In connection with the use of HubSpot, no automated profiling takes place that has legal or similarly significant effects on the user.

 

HubSpot Forms

 

a. Type and purpose of processing: HubSpot Forms is used to make customer interactions more efficient. This includes collecting data via forms on our website to process inquiries, personalize marketing efforts, and provide an improved user experience. Data is processed for the purpose of improving customer loyalty and optimizing communication processes.

 

b. Legal basis for processing: The data processing is based on the legitimate interest according to Art. 6 Para. 1 lit.f GDPR, whereby our interest lies in offering an efficient and user-friendly communication solution.

 

c. Data categories: The data categories processed include contact information (such as name and email address), communication content, and technical data such as IP addresses and device characteristics.

 

d. Recipient: The collected data is passed on to HubSpot as a service provider, who processes this data on our behalf.

 

e. Storage periods: The data will be stored for as long as necessary to fulfil the processing purposes or until the expiry of statutory retention periods.

 

f. Legal/contractual requirement: There is no legal or contractual obligation to provide the data. However, without it, efficient customer communication is not possible.

 

g. Third country transfer: The data is transferred to the USA. Since a level of data protection comparable to that in the EU cannot be guaranteed in the USA, the data transfer is considered unsafe.

 

h. Revocation of consent: Since data processing is based on legitimate interest, revocation of consent is not required. However, you have the right to object to this processing at any time for reasons related to your particular situation.

 

i. Automated decision-making and profiling: Automated decision-making, including profiling, does not occur when using HubSpot Forms.

 

Hubspot Analytics

 

a. Type and purpose of processing: Hubspot Analytics uses cookies, web storage, and similar tracking technologies to analyze user behavior on our website. The data collected is used to compile reports on activity and to continuously improve our offering. This includes statistical evaluations of pages visited, time spent, and interactions.

 

b. Legal basis for processing: Your data will be processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

 

c. Data categories: The following data categories are processed, among others: usage data (e.g. websites visited, access time), device-related data (e.g. IP address, browser type) and location data.

 

d. Recipient: The collected data is transmitted to HubSpot, based in the USA, and processed there. There are no other recipients.

 

e. Storage periods: The data will be stored for as long as necessary for the analysis purposes or until you revoke your consent.

 

f. Legal/contractual requirement: The provision of data is voluntary and is neither legally nor contractually required.

 

G.Third country transfer: The data is transferred to the USA, a third country for which no adequacy decision has been issued by the EU Commission. Appropriate safeguards pursuant to Art. 46 GDPR are required.

 

h. Revocation of consent: You have the right to withdraw your consent at any time with future effect, for example by deactivating cookies in your browser settings.

 

i. Automated decision-making and profiling: Automated decision-making or profiling within the meaning of Art. 22 GDPR does not take place.

 

Klarna

 

a. Type and purpose of processing: Klarna uses various cookies, web storage, and tracking technologies to improve online customer interactions. These technologies allow us to save user preferences, improve user experience, and provide personalized content and ads. Furthermore, these technologies are used to analyze user behavior and thus continuously optimize the service.

 

b. Legal basis for processing: The data is processed on the basis of your consent pursuant to Art. 6 (1) (a) GDPR.

 

c. Data categories: Among other things, IP address, device type, browser information, time of visit, pages visited as well as other usage statistics and tracking information are recorded.

 

d. Recipient: The data collected is processed by Klarna and may be shared with third parties to enable analytics and personalized advertising.

 

e. Storage periods: The data will be stored for as long as it is necessary for the purpose for which it was collected or until you withdraw your consent.

 

f. Legal/contractual requirement: There is no legal or contractual obligation to provide this data. However, the use of our services may be limited without these technologies.

 

g. Third country transfer: The collected data may be transferred to countries outside the EU and the European Economic Area that do not offer an equivalent level of data protection. Such third-country transfers are considered unsafe.

 

h. Revocation of consent: You can revoke your consent at any time with future effect, without giving reasons, by adjusting your cookie settings on our website.

 

i. Automated decision-making and profiling: The data collected through cookies and tracking technologies may be used to create user profiles to display targeted advertising and personalized content. No automated decision-making takes place.

 

Klaviyo

 

a.Type and purpose of processing: Klaviyo is used as Site Analytics Tool used to analyze and understand user behavior on our website. This allows us to improve the user experience and conduct targeted marketing campaigns. Data processing includes collecting information about visits to the website, navigation, usage patterns, and interactions with our online content.

 

b. Legal basis for processing: The data is processed on the basis of consent in accordance with Art. 6 (1) (a) GDPR, which you grant by using our website and agreeing to cookies.

 

c. Data categories: The following data categories are collected: IP address, cookie ID, browser type and version, device information, website activities (e.g. pages visited, length of stay) and any interactions with our content.

 

d. Recipient: The collected data will only be shared with Klaviyo as a service provider to fulfill the analytics and marketing purposes described.

 

e. Storage periods: The stored data will be retained for as long as necessary to achieve the analysis objectives or until you revoke your consent.

 

f. Legal/contractual requirement: Providing this data is not required by law or contract. It is not necessary to conclude a contract, but it does influence the provision of an optimized user experience.

 

g. Third country transfer: Since Klaviyo is based in the USA, the data is transferred to a third country that does not have the same level of data protection as the EU, whereby the transfer is considered unsure is classified.

 

h. Revocation of consent: You have the right to revoke your consent to data processing at any time. You can do this by selecting the appropriate settings in your browser or by refusing to accept cookies on our website.

 

i. Automated decision-making and profiling: When you use Klaviyo, no automated decision-making or profiling takes place that could have legal consequences for you.

 

MailChimp Tracking

 

a. Type and purpose of processing: MailChimp Tracking uses cookies and similar technologies to analyze user behavior on our website. This processing allows us to evaluate the effectiveness of our marketing campaigns, deliver personalized advertising, and improve the overall user experience.

 

b. Legal basis for processing: The data is processed based on your consent. This means that we only process your data if you have consented to it.

 

c. Data categories: The data processed includes, among other things, your IP address, information about your interactions with advertising materials (e.g.Click and viewer data), as well as technical data about your device and web browser.

 

d. Recipient: The collected data is transmitted to MailChimp, which is based in the USA.

 

e. Storage periods: The data will only be stored for as long as necessary to fulfill the purposes stated above or until you revoke your consent.

 

f. Legal/contractual requirement: There is no legal or contractual obligation for you to provide this data. The provision of this data is voluntary and based on your consent.

 

g. Third country transfer: Data is transferred to MailChimp in the USA. Since the USA does not offer a level of data protection equivalent to that of the EU, data transmission is considered insecure.

 

h. Revocation of consent: You can revoke your consent to data processing at any time with future effect. You can revoke your consent by changing the appropriate settings in your browser or via an opt-out link.

 

i. Automated decision-making and profiling: MailChimp tracking involves automated decision-making, including profiling, to provide personalized advertising and content tailored to your user behavior.

 

Meta Pixel

 

Type and purpose of processing: Meta Pixel is a tracking tool provided by Meta that analyzes user behavior on our website. It collects information about how visitors interact with our website in order to optimize services, display targeted advertising, and provide visitor statistics. The tool uses cookies or similar technologies to collect data, including pages viewed, time spent on the page, and interactions performed. This data helps us improve our marketing strategies and personalize the user experience on the website.

 

Legal basis for processing: The processing of your data by Meta Pixel is based on your voluntarily given consent pursuant to Art. 6 (1) (a) GDPR. Consent can be revoked at any time.

 

Data categories: The data collected by Meta Pixel includes, but is not limited to, IP addresses, device information, browser types, time spent on the website, subpages visited, and interaction data.

 

Recipient: The collected data is transmitted to Meta Platforms, Inc., based in the USA, and may be used by them for further analysis and marketing purposes. Other recipients include marketing agencies entrusted with optimizing our advertising measures.

 

Storage periods: The specific retention periods for the data collected vary, with some information being retained as long as necessary for the purposes of processing. Meta determines the exact retention periods for the data they collect.

 

Legal/contractual requirement: Providing personal data via Meta Pixel is not required by law or contract. Likewise, the use of the website is not dependent on providing your data.

 

Third country transfer: Since the collected data is transferred to Meta in the USA, the data transfer is unsure to be considered, as the US does not guarantee an adequate level of data protection according to EU standards. Nevertheless, the transfer only takes place based on your consent.

 

Revocation of consent: You have the right to withdraw your consent at any time. However, this does not affect the legality of the processing carried out up to the time of withdrawal. You can withdraw your consent by adjusting the cookie settings in your browser.

 

Automated decision-making and profiling: The data collected through the use of Meta Pixel may be used for profiling purposes to personalize advertising tailored to you. However, automated decision-making involving your data does not occur.

 

Microsoft Clarity

 

a. Type and purpose of processing: Microsoft Clarity uses cookies and other tracking technologies to analyze user interactions on our website. The data collected is used to improve the usability and functionality of the website by providing us with insights into user behavior, such as click paths and time spent on different pages. This allows us to make our services more effective and optimize the user experience.

 

b. Legal basis for processing: Your data is processed based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our interest lies in optimizing our website and improving the user experience.

 

c. Data categories: The following types of data are collected: user interaction data (such as clicks, page usage time), technical data (such as browser type, IP address in anonymized form) and device data.

 

d. Recipient: The recipient of the collected data is Microsoft, the provider of Microsoft Clarity.

 

e. Storage periods: The data will be stored for as long as necessary to fulfill the purposes stated above. Specific retention periods may vary and depend on the respective technical and operational requirements.

 

f. Legal/contractual requirement: Providing this data is not required by law or contract. You are free to refuse or block our cookies, but doing so may impact your experience on our website.

 

g. Third country transfer: The data may be transferred to the United States, where an uncertain level of data protection may exist. Microsoft participates in the EUU.S. Privacy Shield Framework to ensure adequate protection of your data.

 

h. Revocation of consent: You can withdraw your consent to the processing of your data by Microsoft Clarity at any time by selecting the appropriate settings in your browser or using special opt-out tools. However, this does not affect the legality of the processing carried out up to the time of withdrawal.

 

i. Automated decision-making and profiling: No automated decision-making or profiling takes place based on the data collected by Microsoft Clarity.

 

Shopify

 

a. Type and purpose of processing: Shopify uses cookies, web storage, and tracking technologies to optimize the delivery of the platform, store user preferences, improve the user experience, and integrate analytics tools that evaluate user behavior. These technologies enable Shopify to efficiently deliver and continuously improve the website.

 

b. Legal basis for processing: Shopify processes data using cookies and tracking technologies on the basis of legitimate interest pursuant to Art. 6 (1) (f) GDPR, as it is essential for the operation and improvement of the online service.

 

c. Data categories: The categories of data processed include usage data, device information, location data and other tracking information necessary to analyze user behavior on the platform and to personalize the services.

 

d. Recipient: The data collected may be shared with Shopify affiliates and third parties involved in hosting, analyzing, and improving the platform services.

 

e. Storage periods: The retention periods of cookies and tracking technologies vary depending on their function and duration. Session cookies are deleted after you leave the website, while persistent cookies can be stored for a defined period of up to two years.

 

f. Legal/contractual requirement: The provision of cookies and tracking data is not required by law or contract, but is necessary to ensure the full functionality of the online service.

 

g. Third country transfer: Because Shopify is based in Canada, data is exported to a third country that does not offer an adequate level of data protection. However, this is protected by appropriate safeguards.

 

h. Revocation of consent: Users can withdraw their consent to the use of cookies and similar technologies at any time through their browser settings, but this may affect the functionality of the website.

 

i. Automated decision-making and profiling: Shopify does not use automated decision-making or profiling based solely on the cookie and tracking data collected.

 

Shopify CDN

 

a.Type and purpose of processing: Shopify CDN (Content Delivery Network) is used to optimize website loading times. It does this by storing and delivering content such as images, scripts, and other files across a globally distributed network. This enhances the user experience and improves content availability.

 

b. Legal basis for processing: Processing is based on legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest lies in particular in ensuring the efficient and secure provision of our website.

 

c. Data categories: Technical usage data is processed, such as z.B. IP addresses, device information and access data to the content provided.

 

d. Recipient: The recipient of the data is Shopify, as the service provider for the CDN. Shopify processes the data as a processor in accordance with our instructions.

 

e. Storage periods: The data will be stored only for as long as necessary to fulfill the purposes of processing. Generally, such data is temporarily stored.

 

f. Legal/contractual requirement: There is no legal or contractual obligation to provide this data. However, providing the data is necessary to optimize the functionality of the website.

 

g. Third country transfer: Data is transferred to countries outside the European Economic Area, particularly to Canada. This represents an uncertain level of data protection, as a level of data protection appropriate to the EU may not be guaranteed there.

 

h. Revocation of consent: Since the processing is based on legitimate interests, no withdrawal of consent is required. However, users can object to the processing by configuring their browser accordingly to prevent data from being sent to the CDN. However, this may affect the functionality of the website.

 

i. Automated decision-making and profiling: No automated decision-making or profiling takes place in connection with the use of Shopify CDN.

 

Shopify Cloud

 

a. Type and purpose of processing: Shopify Cloud uses cookies, web storage, and tracking technologies to improve customer interactions and deliver personalized shopping experiences. These technologies help analyze user behavior by tracking visits and site activity, remembering preferences, and delivering personalized content.

 

b. Legal basis for processing: The processing is based on legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest is to ensure the functionality of our services and to continuously improve them.

 

c. Data categories: The data processed includes user identifiers, session information, preferences, interaction data, and device and browser information.

 

d.Recipient: The data is processed within Shopify and may be shared with affiliated companies and third parties who assist with data processing or provide services related to cookies and tracking.

 

e. Storage periods: Cookies and tracking data are stored for different periods of time depending on their function. Some cookies are stored only for the duration of the session, while others remain permanently on the device until deleted by the user.

 

f. Legal/contractual requirement: Providing cookies is not a legal or contractual requirement, but refusing to use them may impact the functionality and user experience of the website.

 

g. Third country transfer: Because Shopify Cloud is based in Canada, data is transferred to an unsafe third country that does not offer data protection equivalent to that of the EU. Appropriate safeguards are in place in accordance with GDPR requirements to ensure data protection.

 

h. Revocation of consent: Users can withdraw their consent to the use of cookies at any time via their browser's cookie settings. However, this may limit the use of certain services and features.

 

i. Automated decision-making and profiling: Shopify Cloud does not use automated decision-making that could have legal consequences or similarly significant effects on users. Profiling is used only to the extent necessary to provide personalized content.

 

Taboola

 

a. Type and purpose of processing

 

Taboola uses cookies, web storage, and other tracking technologies to analyze your interactions with the website and to display personalized content and targeted ads. These technologies allow Taboola to understand your preferences and tailor content and ads based on your usage behavior.

 

b. Legal basis for processing

 

Your data will be processed on the basis of your consent, as defined in Art. 6 (1) (a) of the GDPR. Your consent is given by agreeing to the use of cookies and similar technologies on this website.

 

c. Data categories

 

The following data categories are processed: device information, IP addresses, usage data, cookie IDs and other online identifiers that help analyze user behavior and preferences.

 

d. Recipient

 

Your information may be shared within Taboola and with affiliated service providers who help Taboola provide analytics and advertising services.

 

e. Storage periods

 

The data collected through cookies and other technologies will be stored until you revoke your consent. The exact retention periods depend on the type of cookie or technology used.

 

f.Legal/contractual requirement

 

The provision of your data through cookies is neither legally nor contractually required, but is necessary to ensure the functionality of the website and the provision of personalized content.

 

g. Third country transfer

 

Taboola processes your data in the United States, for which no adequacy decision has been made by the European Commission. This may pose a higher risk to the protection of your data.

 

h. Revocation of consent

 

You have the right to withdraw your consent at any time by changing the cookie settings in your browser or using the opt-out mechanism on the website.

 

i. Automated decision-making and profiling

 

Taboola uses tracking technologies for Profiling and automated decision-makingto personalize ad content. This means using your data to make predictions about your interests and deliver relevant content without human intervention.

 

Trustpilot

 

Type and purpose of processing: Trustpilot uses cookies and similar technologies to analyze customer interactions on the website. This includes collecting information about your user behavior to optimize reviews and interactions on the platform and to provide you with personalized content and recommendations. This processing helps improve the usability of the platform and ensure that reviews are presented to users in an effective and relevant way.

 

Legal basis for processing: Your data is processed based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest is to improve the platform and offer users a high-quality service.

 

Data categories: The data categories processed include user data such as device type, operating system, originally visited URL, IP address and insights into user behavior on the website.

 

Recipient: The data collected may be shared within the Trustpilot Group and with external service providers who help us analyze and optimize the platform.

 

Storage periods: The retention period of collected data varies depending on the type of cookie or tracking technology. Temporary cookies are deleted when the browser is closed, while persistent cookies are stored for a specified period of time to retain certain preferences or routines for future visits.

 

Legal/contractual requirement: Providing your data through this cookie is neither legally nor contractually required. However, refusing to provide it may result in certain website functions not working properly.

 

Third country transfer: It is possible that your data will be transferred to countries outside the EU/EEA, such as the USA. Please note that such a transfer may not provide an adequate level of data protection.

 

Revocation of consent: Since data processing is based on legitimate interest, no consent is required. However, you can refuse or disable the use of cookies in your browser.

 

Automated decision-making and profiling: The processing does not involve automated decision-making or profiling that produces legal effects concerning the user or significantly affects him or her.

 

Yotpo

 

Yotpo uses cookies, web storage, and tracking technologies to improve the user experience and enable personalized offers. These technologies collect information about your behavior and interaction with the website to optimize marketing efforts and analytics.

 

 

 

YouTube

 

a. Type and purpose of processing: YouTube uses cookies and similar tracking technologies to deliver content and improve the user experience. These technologies help store user preferences, facilitate navigation, and deliver personalized content and advertising. User behavior is also analyzed to optimize features and services on the platform.

 

b. Legal basis for processing: The data is processed based on your consent in accordance with Art. 6 (1) (a) GDPR. This consent can be revoked at any time.

 

c. Data categories: The technologies used collect various categories of data, including unique identifiers, IP addresses, location data, browsing history, and interactions with content and advertising on YouTube.

 

d. Recipient: The information collected through cookies and tracking technologies is transmitted to Google. This information may be shared with affiliated companies and advertising partners to support the purposes outlined above.

 

e. Storage periods: The storage period depends on the type of cookies used. Session cookies are deleted after the end of the browser session, while persistent cookies can remain stored for up to 24 months, or until you actively delete them.

 

f. Legal/contractual requirement: Providing data through cookies is not required by law and is not necessary for concluding a contract. However, the lack of this data may limit the use of certain functions on YouTube.

 

g. Third country transfer: Since the service is provided by Google, a company based in the USA, data is transferred to a third country classified as unsafe by the EU. Adequate protection measures within the meaning of Articles 44 et seq. of the GDPR cannot be guaranteed.

 

h.Revocation of consent: You have the right to withdraw your consent to the use of cookies and tracking technologies at any time. This can be done by changing the privacy settings in your browser or by using opt-out tools.

 

i. Automated decision-making and profiling: YouTube uses automated processes to analyze user behavior to provide predictions and personalized content and advertising. Such profiling activities may occur without human intervention.

 

jQuery

 

a. Type and purpose of processing

 

jQuery is delivered as a content delivery network (CDN). CDNs are used to optimize website loading times by serving files from distributed servers. When using jQuery through a CDN, information such as your IP address is automatically collected to improve website performance and ensure website availability. This is done through the use of cookies or similar technologies to process requests more efficiently.

 

b. Legal basis for processing

 

The data is processed on the basis of legitimate interests (Art. 6 (1) (f) GDPR), in particular to optimize website performance and ensure technical availability.

 

c. Data categories

 

The data categories collected may include the following information: user's IP address, date and time of the request, URL of the retrieved file, HTTP status code.

 

d. Recipient

 

The recipients of the data are the JS Foundation servers, which are operated in the USA and which process the request in order to deliver the requested files.

 

e. Storage periods

 

The data is only cached for as long as necessary to deliver the website. After that, the data is either deleted immediately or stored anonymously, depending on the server configuration.

 

f. Legal/contractual requirement

 

There is no legal or contractual obligation to provide your data for this purpose. However, providing the data is technically necessary in order to correctly deliver the website you are accessing.

 

g. Third country transfer

 

As mentioned, data is transferred to the JS Foundation's servers in the USA. This transfer is considered insecure because the USA does not offer an adequate level of data protection within the meaning of the GDPR. Appropriate protective measures are therefore relevant.

 

h. Revocation of consent

 

Since the processing is based on legitimate interest, no consent is required and revocation is not applicable. However, you have the option of denying the use of cookies and web storage by adjusting your browser settings accordingly.

 

i. Automated decision-making and profiling

 

Automated decision-making, including profiling, does not take place when providing jQuery.

 

jsDelivr

 

a. Type and purpose of processing: jsDelivr is a content delivery network (CDN) designed to enable fast and efficient access to web content and optimize page loading times. It processes HTTP headers, IP addresses, and information about requested files to accelerate content delivery and improve availability.

 

b. Legal basis for processing: The data is processed on the basis of legitimate interest in accordance with Art. 6 (1) (f) GDPR, as it is necessary to ensure the functionality and security of the website and to improve the quality of service.

 

c. Data categories: In particular, IP addresses and log data are processed, which represent the type of files requested and how they are queried by users.

 

d. Recipient: The data is passed on to Prospect One, the operator of jsDelivr, to enable the provision of the CDN service.

 

e. Storage periods: The collected data will only be stored for as long as necessary to fulfill the purposes stated above or as required by law.

 

f. Legal/contractual requirement: The provision of data is not required by law or contract, but is necessary for the use of the website and its services.

 

g. Third country transfer: Some data processing takes place outside the European Economic Area (EEA). There is no adequacy decision from the EU Commission for the destination country; therefore, data transfer is considered insecure.

 

h. Revocation of consent: Since the data processing is based on legitimate interest and no consent is required, the possibility of revocation in this context is not applicable.

 

i. Automated decision-making and profiling: There is no automated decision-making or profiling within the meaning of Art. 22 GDPR.

 

usemessages.com

 

a. Type and purpose of processing: usemessages.com uses cookies, web storage, and tracking technologies to analyze user interactions on our website, optimize user experience, and provide customized content and advertising. These technologies help us better understand user behavior and improve our offerings accordingly.

 

b. Legal basis for processing: The processing is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR, as the analysis of user behavior is necessary to operate and improve our services efficiently.

 

c. Data categories: Data such as IP addresses, device information, geographical location data, usage behavior and user preferences are processed.

 

d.Recipient: The collected data may be passed on to our service provider HubSpot, which is based in the USA.

 

e. Storage periods: The storage period for collected data depends on the type of data and the purpose of processing. Generally, data is only stored for as long as necessary for the respective purposes.

 

f. Legal/contractual requirement: The provision of this data is neither legally nor contractually required. However, without the use of these cookies and tracking technologies, the error-free operation and customization of the website may be impaired.

 

g. Third country transfer: Since the data is transmitted to a service provider in the USA, the data is exported to an unsafe third country that may not have an adequate level of data protection.

 

h. Revocation of consent: In the case of consent-based services, you can withdraw your consent at any time with future effect by changing the relevant settings in your browser or deleting existing cookies.

 

i. Automated decision-making and profiling: The data collected through cookies and tracking technologies may be used for profiling purposes, but no automated decisions will be made that have legal effects or similarly significantly affect you.

 

Data processing from entered data

 

If you actively submit data to us, e.g., via contact forms, order processes, or newsletter registrations, we process this information for the following purposes:

  1. Processing of contact requests:
  2. If you contact us via our contact form or by email, we will store and process the data you provide (e.g. name, email address, telephone number, message) in order to process your request.
  3. Purpose of processing: Processing and answering your request.
  4. Legal basis: Art. 6 (1) (b) GDPR (for the implementation of pre-contractual measures) or Art. 6 (1) (f) GDPR (legitimate interest in communication).
  5. Processing of contracts or orders:
  6. When placing orders, registering or concluding contracts, we process the data you enter (e.g. name, address, payment information).
  7. Purpose of processing: Contract fulfillment, invoicing and, if applicable, shipping of goods or services.
  8. Legal basis: Art. 6 (1) (b) GDPR (performance of contract).
  9. Newsletter registration:
  10. If you sign up for our newsletter, we will use your email address to send you regular information about our offers and news.
  11. Purpose of processing: Sending advertising information (newsletter).
  12. Legal basis: Your consent in accordance with Art. 6 (1) (a) GDPR.
  13. Legal or regulatory requirements:
  14. In certain cases, it may be necessary to store or share your entered data in order to comply with legal or regulatory obligations.
  15. Purpose of processing: Fulfillment of legal retention or reporting obligations.
  16. Legal basis: Art. 6 (1) (c) GDPR (legal obligation).

 

Legal basis for data processing

 

When processing personal data, we rely on the legal bases set out in the General Data Protection Regulation (GDPR). Below, we explain the individual bases on which our data processing is based:

Art. 6 (1) (a) GDPR – Consent

Your personal data is processed based on your voluntary and explicit consent. This applies in particular in cases where:

  1. You actively send us your data via a contact form or by subscribing to our newsletter.
  2. We use cookies or tracking tools that require your consent.

A notice: You have the right to revoke your consent at any time with future effect. This does not affect the legality of the processing carried out up to the time of revocation.

Art. 6 (1) (b) GDPR – Performance of the contract or pre-contractual measures

The processing of your personal data is necessary if it serves to fulfill a contract or to take steps prior to entering into a contract. This is the case, for example, if:

  1. Orders you place through our website.
  2. Inquiries aimed at concluding a contract (e.g. cost estimates, product inquiries).
  3. Services that we provide to you on the basis of an existing contractual relationship.

Art. 6 (1) (c) GDPR – Fulfillment of legal obligations

In some cases, we are legally obligated to process your personal data. This may be necessary to:

  1. To comply with retention obligations under tax and commercial law (e.g. invoice data according to Section 147 AO in Germany).
  2. To comply with official requirements or court orders.
  3. To fulfill obligations in the areas of product liability, consumer protection or safety standards.

Art. 6 (1) (f) GDPR – Legitimate Interests

We process your data based on legitimate interests, unless overriding your interests or rights conflict. Examples include:

  1. IT security measures (e.g. protection against attacks on our website).
  2. Statistical analyses to optimize our offering.
  3. Direct advertising for similar products or services, unless you have objected.

Art. 49 (1) (a) GDPR – Consent for data transfer to third countries

If we transfer personal data to a third country (outside the European Economic Area) that does not have an adequacy decision from the EU Commission, this will only be done with your express consent. In such cases, we will separately inform you of potential risks, such as::

  1. Lack of enforceability of your data subject rights in the respective country.
  2. Inadequate protection measures for your data by local authorities or third parties.

A notice: Here too, you can revoke your consent at any time.

 

Storage period when using the website

 

When you use our website, personal data (e.g. through cookies or tracking technologies) is stored as follows:

  1. Cookies and similar technologies:
  2. The storage period of data collected via cookies or similar technologies depends on the respective cookie categories:
  3. Technically necessary cookies: These cookies are required for the operation of the website and are stored only for as long as they are necessary for its function (usually until the end of the session).
  4. Cookies for statistics, marketing or personalization: The storage period for these cookies depends on your consent and is clearly stated in the settings of our cookie consent banner. Here you can view the respective time limits and categories and adjust or revoke your consent at any time.
  5. A notice: You can delete or block cookies at any time using your browser settings. For more information, see our [Cookie Policy].
  6. Server log files:
  7. The automatically collected data (e.g. IP address, time of access) are stored in our server log files and automatically deleted after [30/60/90 days – customizable] at the latest, unless longer storage is necessary to investigate security incidents.

 

Storage period beyond website use

 

We only store personal data that you actively transmit to us (e.g. through contact forms, orders or newsletter registrations) for as long as it is necessary for the respective purposes or as required by law:

  1. Inquiries and communication:
  2. We store data that you send us as part of inquiries (e.g. name, email address, message) for as long as it is necessary to process your inquiry.
  3. Deletion: As soon as your request has been answered conclusively and there are no legal retention obligations, the data will be deleted.
  4. Contract and processing data:
  5. We store data processed as part of a contract or order for the duration of the contractual relationship. After termination of the contract, statutory retention periods apply:
  6. Commercial and tax retention obligations: We store invoice and payment data for [6 years according to Section 257 HGB] or [10 years according to Section 147 AO] in Germany or in accordance with the respective national requirements.
  7. Newsletter data:
  8. If you have subscribed to our newsletter, we will store your email address until you unsubscribe from the newsletter or revoke your consent. After that, the data will be deleted immediately, unless other legal retention obligations apply.
  9. Legal defense data:

In certain cases, we may store personal data for a longer period if this is necessary to assert, exercise, or defend legal claims. In such cases, storage is based on Art. 6 (1) (f) GDPR (legitimate interest).

 

Data security on our website

 

We take the protection of your personal data when using our website very seriously. To protect your data from unauthorized access, loss, alteration, or disclosure, we use various technical and organizational measures on our website that comply with the requirements of the EU General Data Protection Regulation (GDPR).

Our website security measures include:

  1. SSL/TLS encryption:
  2. Our website uses SSL or TLS encryption to protect the transmission of your data from unauthorized access. This is especially important when using contact forms or entering personal data.
  3. You can recognize the encrypted connection by the lock symbol in the address bar of your browser and by the URL that begins with "https://".
  4. Hosting in secure data centers:
  5. Our website is operated on servers hosted in certified and secure data centers. These data centers comply with modern security standards and have measures such as access controls, firewalls, and backup systems in place.
  6. Protection against attacks:
  7. Our servers are equipped with firewalls and other security measures to protect us from cyberattacks and unauthorized access. We also employ mechanisms such as intrusion detection systems to identify suspicious activity.
  8. Regular security updates:
  9. We always keep the software we use (e.g., the content management system and plugins) up to date to close known security gaps and protect your data as best as possible.
  10. Restricted data processing:
  11. We collect and store only the data necessary for the respective purpose and restrict access to this data to authorized persons.
  12. Protection through secure passwords:
  13. Access to administrative areas of the website is protected by secure passwords that are updated regularly.

Your responsibility for the security of your data:

As a user, you can also help protect your data when using our website:

  1. Use a current browser version with security updates.
  2. Use secure passwords and protect your devices from unauthorized access.
  3. Avoid transmitting personal data over unsecured public Wi-Fi networks.

 

Rights of data subjects under the EU GDPR

 

As a data subject, you have extensive rights regarding the processing of your personal data under the General Data Protection Regulation (GDPR). These rights help ensure you retain control over your data and ensure transparency regarding its use. We explain your rights in detail below:

 

Right to information (Art.15 GDPR)

You have the right to request confirmation from us as to whether we process your personal data. If so, you can request information about the following:

  1. The purposes for which the personal data are processed.
  2. The categories of personal data being processed.
  3. The recipients or categories of recipients to whom the data have been or will be disclosed (in particular recipients in third countries or international organisations).
  4. The planned duration for which your data will be stored or, if this is not possible, the criteria used to determine that retention period.
  5. The existence of a right to rectification, erasure, restriction of processing or objection.
  6. The existence of a right to lodge a complaint with a supervisory authority.
  7. Information about the origin of your data, unless it was collected directly from you.
  8. The existence of automated decision-making, including profiling (Article 22 GDPR), as well as meaningful information about the logic involved, the scope and the intended effects of such processing on you.

You may also request a copy of the personal data being processed. We may charge a reasonable fee based on administrative costs for additional copies.

 

Right to rectification (Article 16 GDPR)

If your personal data is incorrect or incomplete, you have the right to request that this data be corrected or that incomplete data be completed without delay.

 

Right to erasure ("right to be forgotten") (Art. 17 GDPR)

You have the right to request the immediate erasure of your personal data if one of the following reasons applies:

  1. The personal data are no longer necessary for the purposes for which they were collected or processed.
  2. You withdraw your consent (Art. 6 (1) (a) or Art. 9 (2) (a) GDPR) and there is no other legal basis for the processing.
  3. You object to the processing (Article 21 (1) or (2) GDPR) and there are no overriding legitimate reasons for the processing.
  4. The personal data was processed unlawfully.
  5. The deletion is necessary to fulfill a legal obligation.
  6. The personal data were collected in relation to information society services offered in accordance with Art. 8 (1) GDPR (data of a child).

Exceptions:

The right to erasure does not apply if processing is necessary, e.g. to fulfil legal obligations, to assert, exercise or defend legal claims or for reasons of public interest.

 

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data if:

  1. You dispute the accuracy of the data for a period enabling us to verify the accuracy of the data.
  2. The processing is unlawful, but you refuse to delete the data and instead request that the use of the data be restricted.
  3. We no longer need the data, but you require it to assert, exercise or defend legal claims.
  4. You have objected to the processing (Article 21 (1) GDPR) and it has not yet been determined whether our legitimate interests outweigh yours.

If processing is restricted, your data may – apart from storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another person or for important reasons of public interest.

 

Right to data portability (Article 20 GDPR)

You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller, provided that:

  1. The processing is based on your consent (Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR) or a contract (Art. 6 (1) (b) GDPR), and
  2. the processing is carried out using automated procedures.

At your request, we will also transfer your data directly to another responsible party – where technically feasible.

 

Right to object (Art. 21 GDPR)

You have the right to object at any time to the processing of your personal data based on Art. 6 (1) (e) (processing in the public interest) or Art. 6 (1) (f) (legitimate interest) GDPR, for reasons arising from your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

 

Objection to direct marketing:

You can object to the processing of your personal data for direct marketing purposes at any time. In this case, we will no longer use your data for these purposes.

 

Right to withdraw consent (Article 7 (3) GDPR)

If the processing of your personal data is based on your consent, you can revoke this consent at any time with future effect. The revocation can be made informally, e.g., by email. The legality of the processing carried out up to the time of revocation remains unaffected.

 

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority. This may, in particular, be done with the authority of the Member State in which you have your habitual residence, place of work, or place of the alleged infringement.

 

Our right to change this privacy policy

 

We reserve the right to change this privacy policy at any time in order to adapt it to changed legal requirements, regulatory requirements or changes to our data processing procedures.The current version of the privacy policy is always available on our website and is valid from the time of publication.

 

Changes in case of significant adjustments:

If we make material changes to the way we process your personal data, or if new processing purposes are added, we will notify you of these changes in a timely and appropriate manner. This may be done, for example, via our website, by email (if you have provided us with your contact details), or by other means of communication.

 

Recommendation for regular checks:

Since data protection regulations and our internal processes may evolve, we recommend that you review this privacy policy regularly to stay informed of the latest developments.

If you have any questions or concerns about the changes to this Privacy Policy, you can contact us at any time using the contact details provided in this Privacy Policy.