Privacy Policy

Privacy policy

  1. Name and address of the responsible person

The controller within the meaning of Art. 4 (7) of the EU Regulation 2016/679, referred to as the General Data Protection Regulation (GDPR), and other national data protection laws of the Member States, as well as other data protection provisions, is the:

 

momox SE
represented by the Board of Directors Christian von Hohnhorst and Heiner Kroke (Chairman)
Schreiberhauer Straße 30
10317 Berlin, Germany

 

  1. Name and address of the data protection officer

The data protection officer of the controller is:

PROLIANCE GmbH
www.datenschutzexperte.de
 Leopoldstr. 21
80802 Munich, Germany

[email protected]

 

III. General information on data processing

  1. scope of the processing of personal data

Basically, you can visit us (i.e. internet services especially websites of momox SE) without telling us who you are. By visiting our website, your browser automatically transmits various data, see below "IV. Provision of the website and creation of log files". This information is evaluated for purely statistical purposes and then deleted. Our services are reserved for visitors of legal age.

Personal data is only collected on our website if you provide it to us voluntarily (e.g. when opening a user account or as part of the ordering process). We use this data exclusively for the purposes stated in each case, as listed below.

We contractually bind external service providers who process personal data for us, so-called order processors, in accordance with Art. 28 of the GDPR. The processors have been carefully selected by us, specifically commissioned and are bound by our instructions. The GDPR designates countries outside the European Union/European Economic Area as third countries and regulates the transfer of data to these countries separately in accordance with Articles 44 to 49 of the GDPR. In some cases, we use processors from third countries. The cooperation with these processors is based on standard contractual clauses pursuant to Art. 46 (2)(c) of the GDPR.

We maintain up-to-date technical measures to ensure the protection of personal data. These are adapted to the current state of the art in each case.

  1. legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1)(a) of the GDPR serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1)(b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

The processing of personal data is also lawful under Article 6(1)(f) of the GDPR if it is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

  1. data deletion and storage period

The personal data of the data subject shall be deleted or blocked as soon as the purpose for which it was stored no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted upon expiration of a storage period prescribed by the aforementioned standards expires, unless further storage of the data for is necessary the conclusion or performance of a contract.

  1. Provision of the website and creation of log files
  2. description and scope of data processing

Each time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  1. Information about the browser type, language and version used
  2. The operating system of the user
  3. The Internet service provider of the user
  4. The IP address of the user
  5. Date and time/time zone of access
  6. Content of the request (concrete page)
  7. Access status/http status code
  8. Websites from which the user's system accesses our website
  9. Web pages that are called up by the user's system via our website
  10. Amount of data transferred

The data is also stored in the log files of our system. These data are not stored together with other personal data of the user does not take place. However, in the event of an error during an interface request, we additionally log the ID (pseudonymous identification), the IP address and the relevant http request, if used, the email of the requesting user, in order to enable subsequent error analysis and correction.

  1. legal basis for data processing

To the extent that our log files involve the processing of personal data, the legal basis is Art. 6 (1)(f) of the GDPR. Our legitimate interest is to ensure a smooth connection establishment of the website and to enable a comfortable use of our website by the users. In addition, the log file is used to evaluate the security and stability of the system and for administrative purposes.

  1. purpose of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the Site to the user's computer. For this purpose, the user’s IP address must be stored for the duration of the session. Repeated automated reading of the web pages (so-called scraping) is also made more difficult by recording the IP address. The storage of data in the event of an error is necessary in the sense of Art. 6 (1)(f) of the GDPR to ensure the functionality of the website.

  1. duration of storage

The data is deleted when it is no longer necessary for the purpose for which it was collected. In the case of the IP address, this is truncated, i.e. anonymized, at the end of each session. The data is then no longer personally indentifiable. The entire log files are deleted after 50 days.

  1. possibility of objection or revocation and removal

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.

  1. Use of cookies and similar technologies
  2. description and scope of data processing

The websites use so-called cookies and similar technologies in several places. They are used to make our site more user-friendly and effective. Cookies are small text files that are stored on your computer and saved by your browser. Some of the cookies we use are so-called "session cookies", which are automatically deleted when you close your browser. There are also some persistent cookies that allow us to recognize you as a visitor. Cookies do not harm your computer and do not contain viruses. If you do not want cookies to be installed, you can disable the acceptance of cookies in your browser. Please note, however, that you may not be able to use the full funtionality of our website if cookies are disabled.

The user data collected in this way is pseudonymized by technical means. It is therefore not possible to assign the data to the calling user as a person is not possible. The data is not stored together with other personal data of the users, unless otherwise described below.

When first visiting our website, users are informed about the use of cookies by means information banners and are referred to this data protection policy. This also includes information on how to prevent the storage of cookies in the browser settings.

The following data is stored and transmitted in the technically necessary cookies:

  1. Language settings
  2. Items in a shopping cart
  3. Log-in information: Email address, first and last name, gender, SessionID (no password).

We also use cookies and similar technologies on our website that allow us to analyze user behavior, the success of advertising (known as conversion) and to redirect users to third-party websites (so-called retargeting) and our website (such as recently viewed offers or favorites). Third parties may place cookies directly on a user's device when they visit our websites, or we may transmit non personally identifiable informaion.

In this way, the following data can be transmitted:

  1. Entered search terms
  2. Frequency of page views
  3. Use of website functions
  4. Log-in (e-mail address)

We use the following third-party providers to analyze usage behavior:

  1. "Google Analytics 4", a service of the company Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), with which the use of websites can be analyzed. When using Google Analytics 4, so-called "cookies" are used. The information collected by cookies about your use of this website (including the IP address transmitted by your terminal device, shortened by the last few digits, see below) is usually transmitted to a Google server, where it is stored and processed. This may also result in the transfer of information to the servers of Google LLC, a company based in the USA, where the information is further processed. When using Google Analytics 4, the IP address transmitted by your terminal device when using the website is always collected and processed by default and automatically only in a shortened form, so that a direct personal reference of the collected information is excluded. This automatic anonymization is carried out by Google within member states of the European Union (EU) or other contracting states to the Agreement on the European Economic Area (EEA) by shortening the IP address transmitted by your terminal device by the last digits. On our behalf, Google will use this and other information on our behalf to evaluate your use of the website, compilling reports (reports) on your website activity for us and providing other services relating to website activity and internet usage. In this context, the IP address transmitted by your device and shortened in the context of Google Analytics 4 will not be combined with other data of Google. The data collected through the use of Google Analytics 4 will be stored for 2 months and then deleted. Google Analytics 4 also makes it possible to create statistics with statements about the age, gender and interests of website users on the basis of an evaluation of interest-based advertising and with the inclucion of third-party information via a special function, the so-called "demographic characteristics". This makes it possible to identify and distinguish between groups of website users for the purpose of targeted marketing. However, the information collected through the use of "demographic characteristics" cannot be linked to any specific individual and is therefore not personally identifiable. This data collected through the "demographic characteristics" function will be storted for 2 months and then deleted. All the processing described above, in particular the setting of Google Analytics cookies to store and read information on the terminal device used by you to use the website, will only take place if you have given us your express consent to do so in accordance with Art. 6 (1)(a) of the GDPR. In connection with this website, the "UserIDs" feature is also used as an extension of Google Analytics 4. By assigning individual UserIDs, we can have Google create cross-device reports (so-called "cross-device tracking"). This means that your usage behavior can also be analyzed across devices if you have given your corresponding consent to the use of Google Analytics 4 in accordance with Art. 6 (1)(a) of the GDPR, if you have set up a personal account by registering on this website and are logged into your personal account on different end devices with your respective login data. The data collected in this way shows, among other things, on which end device you first clicked on an advertisement for the first time and on which end device the relevant conversion took place.  For our use of Google Analytics 4, we have entered into a data processing agreement with Google, which requires Google to protect the data of our website users and not to share this information with third parties. Because Google may transfer personal data to affiliates and subcontractors in countries outside the EU and the EEA is possible, further safeguards are required to ensure the level of data protection required by the GDPR. For the U.S., there is an adequacy decision issued by the EU Commission pursuant to Article 45 (1) of the GDPR with respect to companies certified under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework and has committed to adhere to adequate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the GDPR. These clauses require the recipient of the data in the third country to process the data in accordance with the level of protection in Europe. Additional legal information about Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found at the following link: https://policies.google.com/privacy. For more information about the processing triggered by Google Analytics 4 and Google's treatment, please visit: https://policies.google.com/technologies/partner-sites
  2. "Hotjar", analysis software of Hotjar Ltd, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, to measure and analyze user behavior (mouse movements, clicks, scroll height, etc.) on the websites. This is done according to an order processing. For this purpose, Hotjar sets cookies on users' end devices and may collect non-personally indentifiable information from users, such as browser information, operating system, time spent, etc. (only with anonymized IP address). More information here: https://www.hotjar.com/privacy, options to disable this feature here: https://www.hotjar.com/opt-out
  3. "adjust", the analytics service of adjust GmbH, Saarbrücker Str. 37a, 10405 Berlin, Germany. With the help of adjust, by setting cookies and by using so-called "tracking links" in banners and icons on our website, we are able to analyze from which areas of our website our app is accessed and downloaded by website visitors. We do so by collecting ans analyzing information that your device sends to us. The following data is collected: IP address, which is immediately anonymized, MAC address, anonymized device ID (IDentifier For Advertisers - IDFA or Google Advertiser ID - GAID), URL of the access page, date of access. There is no direct personal reference. The data collected in this way is used to create anonymous usage profiles. We have concluded an data processing agreement with adjust GmbH, which ensures that your data will be processed by the provider confidentially and only in strict accordance with our instructions. Detailed information about adjust can be found here: https://www.adjust.com/privacy-policy/

We use the following third-party providers to retarget the user (remarketing):

  1. Remarketing by Google using "Double Click" and "Audiences" technology to retarget users who have previously visited our websites through interest-based advertising on the pages of the Google Partner Network. With the help of cookies, interests when visiting the website can be analyzed and subsequently used for relevant product advertising. Where users have opted in to have Google associate their web and app browsing history with their Google Account and use information from their Google Account to personalize the ads they see on third-party websites, Google will use data about those logged-in users, together with data from Google Analytics, to create and define audience lists for cross-device remarketing. To support this feature, Google Analytics collects Google-authenticated Ids from these users. This personal data from Google is temporarily linked to our Google Analytics data for the purpose of building audiences. For more information and to opt out of this ad serving, please visit http://www.google.com/settings/u/0/ads/anonymous?hl=de (link "Ad Settings", then "Disable"). As there is a transfer of personal data to the USA, further protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the GDPR. These require the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we will endeavor to obtain additional provisions and commitments from the recipient in the USA. More information about the provider Google can be found in this privacy policy under "Google Analytics".
  2. Criteo SA, 32 Rue Blanche, 75009 Paris, France ("Criteo"), for advertising on third party websites and third party emails (https://emailprivacy.criteo.com/de/index.html) to address our former customers. In this process, the customer is not personally identified, but only recognized in a pseudonymized manner. This is done across the customer’s multiple devices using an encrypted (non-recoverable) email address. More information: https://support.criteo.com/hc/de/articles/202427141-Cross-Device-Implementierung. At http://www.criteo.com/de/privacy, you can also opt out of the use of your usage and other data for certain purposes (your preference - "opt-out"). The advertments will no longer be targeted based on the usage data collected by Criteo. To extend its reach, Criteo works with a network of partners who use similar technology and may set cookies on our website under their own name.
  3. "Facebook Custom Audiences" by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"), is used as a pixel to advertise on the social network. When you visit our websites, the piel establishes a direct connection between your browser and the Facebook server. If you are a Facebook user and do not delete the cookie before logging in to Facebook, Facebook will be able to associate your visit to our website with your user account. We can only select which segments of Facebook users (such as age, interests) should be shown our ads. No personally indentifiable information, including email addresses, is transmitted to Facebook in either encrypted or unencrypted form. Facebook may be notified about browser and device type, cookie ID, number and amount of orders. Since there is a transfer of personal data to the USA, additional safeguards are required to ensure the data protection level required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the GDPR. These require the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we will endeavor to obtain additional provisions and commitments from the recipient in the USA. For more information, please see Facebook's privacy policy at https://www.facebook.com/about/privacy. If you are a Facebook user and do not wish to have your information collected through Custom Audiences, please visit: https://www.facebook.com/settings?tab=ads
  4. "emetriq", the service of emetriq GmbH, Vorsetzen 35, 20459 Hamburg, Germany. We use this service to place ads on websites on the Internet. In doing so, we use cookies to serve ads based on a user's previous visits to our website. You can opt out of interest-based advertising technology by visiting http://www.emetriq.com/opt-out/.
  5. Bing Ads" advertising network of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, ("Microsoft"). A cookie is set by Microsoft when the user accesses the websites through a Microsoft Bing ad. This allows Microsoft Bing and us to know that someone clicked on an ad, was redirected to our website and has reached a pre-determined destination page (conversion page). In addition, the same conditions apply as for Google’s conversion tracking described above. For more information about Mircrosoft’s privacy practices and the cookies we use, please visit https://www.microsoft.com/privacystatement/de-de/core/default.aspx. Customers can also opt out of Microsoft‘s tracking by visiting http://choice.microsoft.com/de-de/opt-out. Since there is a transfer of personal data to the USA, additional safeguards are required to ensure the data protection level required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the GDPR. These require the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we will endeavor to obtain additional provisions and commitments from the recipient in the USA.
  6. Market research/analysis "Neory" of NEORY GmbH, Brandschachtstraße 2, 44149 Dortmund, Germany, in order to to carry out effective market research/analysis, to collect statistical data for campaign tracking or to optimize the user-friendliness of our offer. This is done using pseudonymous usage profiles, in which do not contain any personal data, but only anonymized or pseudonymized data. Cookies may be used for this purpose. Among other things, the following data is collected: Time of the call, channel information including possible parameters as well as the domain of the referrer. The data will not be used to personally identify the visitor of this website. NEORY GmbH will use the transmitted data on our behalf, in particular to implement campaign tracking. All of the above data will be collected for this purpose onlyand will be stored without any personal reference. You can prevent the collection of campaign tracking by NEORY GmbH as well as the processing of these data by carrying out a so-called opt-out under the following link: http://d.neory-tm.net/privacy/l661hfqafe4v/optout.
  7. "RichRelevance" of RichRelevance, Inc., 303 Second Street, Suite 350, San Francisco, CA 94107, USA, to provide you with relevant product recommendations to you across channels. For this purpose, a user ID (MD5 hash), browser information, products viewed, category viewed, time, purchases are transmitted to RichRelevance under a pseudonym, i.e. not traceable to you. Since there is a transfer of personal data to the USA, additional safeguards are required to ensure the data protection level required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the GDPR. These require the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we will endeavor to obtain additional provisions and commitments from the recipient in the USA. Information on data protection can be found here: http://richrelevance.de/richrelevance-datenschutzrichtlinie/ You can opt out of this collection at the following link: http://richrelevance.de/richrelevance-datenschutzrichtlinie/opt-out/
  8. "Outbrain", technology provided by Outbrain UK Limited, 100 New Bridge Street, UK and Outbrain Inc 615 South DuPont Highway, Dover, Delaware 19901, USA ("Outbrain"). As a user, you will be referred to other content within our website and on third-party websites that may also be of interest to you using a widget. Your pseudonymized IP address at the time of the request, the device you are using, the browser and the operating system used as well as the pages visited, the time of the visit and the referring URL are transmitted to the external provider. Outbrain uses a visitor pixel and cookies, which are stored on user’s device or browser, to display this advanced interest-related content. Outbrain also assigns a so-called Universally Unique Identifier (UUID), that can identify the user on a device-specific basis when he or she visits a website on which the Outbrain widget is implemented. Outbrain creates user profiles in which user interactions (e.g. page views and clicks) of a browser or device are aggregated in order to derive the preferences of the UUID. The data collected in this way is provided to us by Outbrain in an anonymized form only; we do not store any personal data in this context. According to Outbrain, the data collected in this way will be stored for a period of 13 months. After the expiration of 13 months, the data is anonymized so that it can no longer be associated with you. Since there is a transfer of personal data to the USA, additional safeguards are required to ensure the data protection level required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the GDPR. These require the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we will endeavor to obtain additional provisions and commitments from the recipient in the USA. For more information, please see Outbrain's privacy policy at https://www.outbrain.com/legal/privacy#privacy-policy.
  9. technologies of the service provider "RTB HOUSE" (RTB HOUSE GmbH, Kurfürstendamm 226, 10719 Berlin, Germany). In the event that you have provided your consent pursuant to Art. 6 (1)(a) of the GDPR, RTB House collects information on our behalf about your online activities on our website for the purpose of conducting personalized advertising campaigns. Cookies and similar technologies may be used to collect data that qualify as personal data under the GDPR based on your prior consent. This data may include online identifiers (e.g. cookie ID / mobile ad ID), information about specific pages visited, products viewed or added to the shopping cart along with timestamps and purchases, and technical device and browser details. Using this data, RTB House may run advertising campaigns on our behalf and serve personalized ads on other platforms and websites. The data will be deleted as soon as it is no longer necessary for the purposes for which it was collected or if you exercise your right of withdrawal. Cookies placed by RTB House on our behalf are deleted after 365 days. For this purpose, RTB House will process the data relating to the interaction with our website strictly in accordance with our instructions and in accordance with the data processing agreement concluded with them. In addition, RTB House may also process, under its own responsibility, data about your browsing behavior that RTB House has collected about you on other platforms independently of your visit to our website (including user cookie ID). For more information about RTB House‘s processing of your personal data and to exercise your rights in this regard, please contact RTB House directly. More information can be found here:  https://rtbhouse.com/privacy-center

We use the following third-party providers to analyze advertising success:

  1. "Google Ads", a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). We use Google Ads for marketing and optimization purposes, in particular to advertise our attractive offers on external websites and to measure the success of individual advertising campaigns. The ads are delivered by Google through so-called "AdServers". For this purpose, we use AdServer cookies, which can be used to measure certain success parameters for, such as display of the ads or clicks by users. When you visit our website through a Google ad, Google Ads places a cookie on your device. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (indicating that the user does not want to be targeted) are typically stored as analytics values for this cookie. These cookies allow Google to recognize your browser. When a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. Each Ads user receives a separate cookie. Cookies can therefore not be tracked across Ads users' websites. We receive statistical and aggregated evaluations of these activities from Google. This tells us, for example, the total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking cookie. Based on the evaluations provided by Google, we can see which of the advertising measures used are particularly effective. However, we do not receive any information with which users can be personally identified. As part of the use of Google Ads, we also use the "Enhanced Conversions" function from Google. This is a function that can be used to improve the accuracy of conversion tracking by Google Ads by additionally transmitting conversion data collected on our website by ourselves to Google using an "Upload from File" solution. For more information on Google's privacy policy, please visit https://www.google.com/policies/?hl=de. Users can also deactivate or object to Google Ads in whole or in part at https://privacy.google.com/?hl=de#google-experience (perform opt-out).
  2. Within the framework of Microsoft Bing Ads, we use so-called conversion tracking. When you click on an ad placed by Bing, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Microsoft and we can recognize that the user clicked on the ad and was redirected to this page. For more information about the provider Microsoft, see "Advertising network Bing".
  3. We use the affiliate network "AWIN" of AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany. Affiliate marketing is an Internet-based form of distribution that enables commercial operators of websites, the so-called merchants or advertisers, to display advertising, which is usually remunerated via click or sale commissions, on third-party websites, i.e. with distribution partners, who are also called affiliates or publishers. The merchant provides an advertising medium via the affiliate network, i.e. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated by an affiliate on its own websites or advertised via other channels, such as keyword advertising or e-mail marketing. AWIN sets a cookie on the device of the data subject. What cookies are has already been explained above. The tracking cookie from AWIN does not store any personal data. Only the identification number of the affiliate, i.e., of the partner referring the potential customer, as well as the order number of the visitor to a website and of the advertising material clicked on are stored. The purpose of storing this data is to process commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e. AWIN. The applicable data protection provisions of AWIN can be found at https://www.awin.com/de/rechtliches/privacy-policy.
  4. "Kelkoo" and "ProductsUp" to measure the success of our offers in price comparisons, etc., whereby a cookie from the price comparison page records without personal reference whether and in what amount a sale was made on our website. For more information, please visit http://www.kelkoo.de/unternehmen/datenschutz.
  5. "ProductsUp" of Products Up GmbH, Bahnhofstr. 5, 91245 Simmelsdorf, Germany, to measure the success of our offers in price comparisons, etc., whereby a cookie from the price comparison page records without personal reference whether and in what amount a sale was made on our website. For more information, please visit https://productsup.io/de/rechtlicher-hinweis/.
  6. The Analytics cookie from Realytics (Realytics SAS, 73 Rue D'Anjou, 75008, Paris, France) is an audience measurement and statistics cookie and is used by Realytics to measure the performance of advertisers' TV campaigns on its digital channels. The cookie is exempt from consent under the CNIL. In the context of possible retargeting, user consent is mandatory. Realytics, in the case of consent, forwards the data to the advertiser's partners, which verifies the compliance of the operating partner. In these two cases, the Realytics cookie does not collect any personal or sensitive data. For more information, please visit https://www.realytics.io/optout/ Realytics cookie and https://www.realytics.io/de/vertraulichkeitsregeln/. The cookie can be deactivated via the opt-out function https://www.realytics.io/optout/.
  7. "TikTok Pixel" of the provider TikTok Information Technologies UK Limited, Aviation House, 125 Kingsway Holborn, London, WC2B 6NH, United Kingdom ("TikTok"). This is a code that we have implemented on our site. Through this code, if you give your explicit consent, when you visit our website, a connection is established with the TikTok servers to track your behavior on our website. In addition, cookies are also used via a TikTok pixel, through which information is stored on the terminal device you are using. With the help of the TikTok pixel, it is possible for TikTok, on the one hand, to determine you as a visitor to our online offer as a target group for the display of advertisements (so-called "TikTok ads"). Accordingly, we use the TikTok pixel to display the TikTok ads placed by us only to those TikTok users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to TikTok (so-called "Custom Audiences"). With the help of the TikTok pixel, we also want to ensure that our TikTok ads correspond to the potential interest of users. With the help of the TikTok pixel, we can further track the effectiveness of the TikTok ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a TikTok ad (so-called "conversion"). Personal data such as IP address and other information such as device ID, device ID, device type and operating system may also be transmitted to TikTok. TikTok uses email or other login or device information to identify users of our website and associate their actions with a TikTok user account. TikTok uses this data to display targeted and personalized advertising to its users and to create interest-based user profiles. The collected data is anonymous and not visible to us and is only used for us in the context of measuring the effectiveness of ad placements. Since there is a transfer of personal data to third countries outside the EU, further protection mechanisms are required to ensure the level of data protection of the GDPR. According to TikTok, a transfer of data to third countries takes place under the European Commission's model contracts for the transfer of personal data to third countries (i.e., standard data protection clauses) under Commission Decision 2004/915/EC or 2010/87/EU (as applicable) or under a substitute mechanism approved under EU law. For more information about how TikTok processes personal data, including the legal basis on which TikTok relies and how you can exercise your rights against TikTok, please see TikTok's Data Policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE.

We use the following third-party providers to protect against attacks and improve performance:

  1. "Cloudflare" of our technology partner CloudFlare Inc, 101 Townsend St, San Francisco, CA 94107, USA, to protect against attacks, harmful bots and to improve performance. All data to and from this server is transmitted through Cloudflare's CDN ("Content Delivery Network"). Cloudflare provides internet security services and distributed DNS services (domain name servers) that act as a reverse proxy for websites.Cloudflare collects statistical data about visits to this website. Access data includes: Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type along with version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. Cloudflare uses the log data for statistical analysis for the purpose of operation, security and optimization of its own offer.When a customer account is deleted, the data is deleted from the servers. In addition, you have the option to clean data from the cache at any time. Log files are stored for up to 7 days.Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA. Further information on the data processing of the provider, in particular on data protection and data security, can be found at: https://www.cloudflare.com/security-policy/
  2. "Google Tag Manager" of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Through this service, website tags can be managed by us via an interface in case of your consent. The Google Tag Manager only implements tags. This means that no cookies are used and only your IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager. Since there is a transfer of the IP address to Google in third countries (including the USA), further protection mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the GDPR. These oblige the recipient of the data in the third countries to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
  3. legal basis for data processing

We use technically necessary cookies and similar technologies on the basis of our legitimate interest according to Art. 6 (1)(f) of the GDPR. Our legitimate interests are to ensure a smooth connection setup of the website, to enable a comfortable use of our website by the users and to protect our website from external attacks. We use cookies and similar technologies to analyze user behavior, to retarget customers and to analyze advertising success exclusively on the basis of your consent pursuant to Art. 6 (1)(a) of the GDPR. You have the option to revoke your consent at any time by changing your cookie settings or by opting out.

  1. purpose of data processing

The purpose of the use of technically necessary cookies according to Art. 6 (1)(f) of the GDPR is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

We need cookies for the following applications:

  1. Registration
  2. Log-In
  3. Shopping cart for purchase and sale

The user data collected through technically necessary cookies are not used to create user profiles. We set non-technically necessary cookies on the basis of your consent pursuant to Art. 6 (1)(a) of the GDPR.

The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer. We recognize which advertising measures prompted visitors to our website (so-called conversion tracking). In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. In this way, we pursue the interest of showing you advertising that is of interest to you, making our website more interesting and easier for you to use, and achieving a fair calculation of advertising costs.

Retargeting is used to re-address previous users of our websites on third-party websites and to motivate them to interact. Users receive advertising content on third-party websites that is related to their interests instead of just general.

  1. duration of storage

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website (see above "technically necessary cookies").

The cookie storage period is indicated above in each case. Otherwise, they are set indefinitely until you delete the memory in the browser.

  1. possibility of objection or revocation and removal

You can disable or restrict the processing of cookies by the service providers we use using the links above. Furthermore, you can use the preference management of the voluntary commitment "yourchoices" for interest-based advertising: http://www.youronlinechoices.com/de/praferenzmanagement/

The objection is valid as long as the associated opt-out cookie is not deleted. This cookie is set for the domain, per browser and user of a computer. If you access our website from multiple end devices and browsers, you must therefore object to the data collection separately and again on each of these devices and in each browser.

 

You can adjust your cookie settings at any time here.

Another convenient option for deactivating cookies is offered by the BVDW preference manager: http://www.meine-cookies.org/cookies_verwalten/praeferenzmanager-beta.html

 

  1. Sending of newsletters
  2. description and scope of data processing

On our website there is the possibility to subscribe to a free newsletter with promotional content for own offers of momox SE and selected offers of advertising partners. When subscribing to the newsletter, this data is transmitted to us when subscribing to the newsletter:

  1. Email address and salutation as specified
  2. First and last name (optional)
  3. IP address of the calling computer
  4. Date and time of registration

Your consent to data processing will be obtained during the registration process and you will be informed of this Privacy Policy. You will first receive an email asking you to confirm your registration (double opt-in process).

For sending the newsletter, we use the services of Optimizely GmbH, Wallstraße 59, 10179 Berlin, Germany. We have concluded an data processing agreement with the service provider, in which we oblige them to protect our customers' data and not to pass it on to third parties. For more information about Optimizely, please visit: https://www.optimizely.com/de/legal/datenschutz

 

Based on your consent, Optimizely also tracks your interactions (open rates, click rates, unsubscribers) with our newsletter.

If you are a customer, we will also create the newsletter for you as individually as possible, taking into account your customer profile stored with us. The newsletter is personalized for you by means of personal data from your previous purchases and sales as well as, among other things, on the basis of articles that are currently in your shopping cart.

On this basis, we will send you via our newsletter, among other things, reminders of incomplete transactions (shopping cart), inform you about discount promotions, product news and recommendations and ask you to participate in surveys (including product and satisfaction surveys) by email. In addition, you will receive loyalty messages by email via our newsletter if you have made particularly regular transactions or have not made any transactions at all for a longer period of time.

We also use the service provider RichRelevance Inc, 303 Second Street, Suite 350, San Francisco, CA 94107, USA. We have concluded an order processing agreement with the service provider in which we obligate it to protect our customers' data and not to pass it on to third parties. For evaluation purposes, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluation, we link the data and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter are also provided with ID. With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletter, which links you click on in it and infer your personal interests from this. We link this data to your actions performed on our website via the technologies mentioned above.

Based on your consent, we also use your e-mail address to display interest-based information and advertising to you on platforms of our advertising partners (e.g. Google Search or YouTube). For this purpose, we transmit your e-mail address via file upload or by means of a tracking pixel to our advertising partners, whereby the transmission of the data does not take place in plain text, but as a so-called "hash value", i.e. by means of a mathematical mapping of the data. This makes it possible to recognize you as a user of our web services when you visit the platforms of our advertising partners in order to display customized information/advertising to you. We use the following services for this purpose:

Since the use of the above-mentioned service providers for newsletter tracking and cross-channel advertising purposes may result in a transfer of personal data to countries outside the EU and the EEA, further safeguards are required to ensure the level of data protection of the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Article 45 (1) of the GDPR with respect to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC and Meta Platforms Inc. are certified under the EU-U.S. Data Privacy Framework and accordingly commit to compliance with adequate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search. For potential transfers to the above-mentioned service providers for which no certification exists and transfers to other third countries outside the EU and the EEA for which no adequacy decision of the EU Commission exists, we have also agreed standard data protection clauses with the providers in accordance with Art. 46 (2)(c) of the GDPR. These oblige the recipients of the data in the third country to process the data in accordance with the level of protection in Europe.

 

  1. legal basis for data processing

The legal basis for the data processing mentioned in section VI.1. is your consent pursuant to Art. 6 (1)(a) of the GDPR. You have the possibility to revoke your consent at any time with effect for the future (see section VI.5.).

  1. purpose of data processing

The collection of the user's email address is used to deliver the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

The personalization of the newsletter by means of newsletter tracking and on the basis of the customer profile serves the purpose of tailoring the newsletter to the needs and interests of our customers. Newsletter tracking also serves to evaluate the success of our advertising measures and the economic design of our offer. The request for surveys and evaluations also serves the purpose of improving our offer.

The disclosure of the e-mail address to our above-mentioned advertising partners serves the purpose of playing out interest-based information and advertising on the platforms of our advertising partners.

  1. duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected or if you have revoked your consent. Accordingly, the user's e-mail address will be deleted when the subscription to the newsletter is terminated by the user and the processing of the e-mail address is no longer required for any other purposes (e.g. for the performance of the contract or the safeguarding of a legitimate interest on our part).

The other personal data collected during the registration process is usually deleted after a period of seven days. A storage period of 30 days is provided for the scanned articles.

After unsubscribing from the newsletter, your data will no longer be transmitted by us to the above-mentioned advertising partners.

 

  1. revocation and removal option

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter. Furthermore, you also have the option to unsubscribe from the newsletter in your customer account. For more information, see "Rights of the data subject" below.

If you wish to revoke your consent for newsletter tracking and personalization, as well as your consent to share your personal data with our advertising partners for cross-channel advertising purposes, you must generally unsubscribe from the newsletter.

You can also restrict usage measurement by disabling the display of images by default in your e-mail program.

You can also object separately to the creation of a profile by our above-mentioned advertising partners for the purpose of interest-based playout of information and advertising in general under the above-mentioned contact details of our advertising partners.

 

VII. existing customer advertising by e-mail

  1. description and scope of data processing

If you buy and sell goods on our website and enter your e-mail address, this may subsequently be used by us to send a newsletter. In such a case, the newsletter will only be used to send direct advertising for our own similar goods or services (existing customer advertising). You will be informed about this regulation during registration or purchase and sale.

We use the optivo broadmail service of Optimizely GmbH, Wallstraße 59, 10179 Berlin, Germany to send the newsletter. We have concluded an order processing agreement with the service provider, in which we oblige them to protect our customers' data and not to pass it on to third parties.

In connection with the processing of data for the dispatch of advertising to existing customers, the data will not be passed on to third parties for their own purposes.

  1. legal basis for data processing

The legal basis for processing the data for sending existing customer advertising by e-mail is our legitimate interest pursuant to Art. 6 (1)(f) of the GDPR (sec. 7 (3) German Act against unfair competition - UWG). You can object to the processing at any time with effect for the future. To do so, please send your objection to the above e-mail address.

  1. purpose of data processing

The collection of the user's e-mail address is used to deliver the existing customer advertising and thus to send direct advertising for own similar goods or services.

  1. duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected or if you have objected to existing customer advertising. Accordingly, the user's e-mail address will be deleted if an objection is lodged or the customer account is deleted and the processing of the e-mail address is no longer required for any other purposes (e.g. for the performance of the contract or to protect a legitimate interest on our part).

  1. possibility of objection and elimination

You can object to the processing of your e-mail address for purposes of existing customer advertising at any time with effect for the future. To do so, please send your objection to the above e-mail address.

 

VIII. Sending of emails regarding surveys or ratings/reviews and participation in them

  1. description and scope of data processing

When visiting our website, you may be prompted for surveys with separate windows (pop-ups). If you register on our website, buy or sell goods and enter your e-mail address or sign up for the newsletter, we may ask you via e-mail to rate our performance and/or the product. This is done by means of the services designated in the e-mail or on third party platforms. Participation in the evaluation is always voluntary. The platforms do not receive any personal data from us in this process, unless otherwise stated here.

If you submit a review for a product on our website, we only publish your first name stored in the customer account, so that an identification of your person by other users of our website is generally not possible. In the context of the review, you also have the option of entering additional content in a free text field. It is up to you to decide whether you want to enter further information in this free text field that could enable your person to be identified. To protect your privacy, we recommend that you write product reviews without providing any personal data. We reserve the right not to publish or (partially) anonymize reviews that contain personal data. In order to show you for which products a review has already been published by you, we also link your submitted review with your customer account stored with us and the personal data stored there.

We use the following third-party providers:

  1. PopUps for surveys are delivered by the service provider SurveyMonkey Europe UC, 2 Shelbourne Buildings, Second Floor, Shelbourne Road, Dublin 4, Ireland, and SurveyMonkey Inc, One Curiosity Way, San Mateo, CA 94403, USA. Cookies (cf. "Use of cookies" and https://de.surveymonkey.com/mp/legal/survey-page-cookies/ above) and device data (cf. https://de.surveymonkey.com/mp/legal/privacy-policy/#pp-section-2 - respondents) are processed in this process. The service provider is used within the framework of order processing. As there is a transfer of personal data to the USA, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
  2. We send emails about reviews via the service provider the Mandrill Inc, 512 Means Street, Sweet, 404, Atlanta, GA 30318, USA, a company of Rocket Science Group, LLC d/b/a MailChimp LLC. Using Mandrill to manage customer emails and organize processing. Mandrill processes the content and technology of the communication for us. This is done within the framework of order processing. Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA. For more information on data processing by Mandrill, please see the privacy policy at https://mailchimp.com/legal/privacy and the special security measures https://mailchimp.com/help/Mailchimp-european-data-transfers.
  3. We work with the SaaS.group zenloop GmbH, Pappelallee 78/79, 10437 Berlin, Germany ("zenloop"). zenloop is a business-to-business software-as-a-service platform that enables us to collect and analyze feedback from our customers through various channels. This allows us to align and improve our offering to the needs of our customers.

The following data is collected for this purpose:

  • E-mail address
  • Customers ID
  • Customer type
  • Terminal
  • Sales or order number
  • Shopping cart value
  • Shipping partner
  • Number of packages
  • Newsletter status
  • Number of orders or sales
  • Gender

In addition, zenloop collects your survey responses. For more information on data processing by zenloop, please see the privacy policy at https://www.zenloop.com/de/legal/privacy.

  1. we use the analysis software "wootric" of Wootric, Inc., 220 27th St., San Francisco, CA 94131, USA, to survey users (of the newsletter). Wootric processes the user's email address, rating score and optional comments for us here and is acting as a processor. Since the use of the service provider wootric results in a transfer of personal data to the USA, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through a contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
  2. legal basis for data processing

The legal basis for requesting ratings by e-mail and the associated processing of your personal data (e-mail address and name) is your consent pursuant to Art. 6 (1)(a) of the GDPR.

If you provide personal data in the free text field provided for publication when submitting reviews of purchased products on our website, the legal basis for this is your consent pursuant to Art. 6 (1)(a) of the GDPR.

The legal basis for linking submitted reviews with your personal data stored in the customer account is our legitimate interest pursuant to Art. 6 (1)(f) of the GDPR in providing an overview of reviews already submitted and documenting them in the customer account. In addition, we have a legitimate interest pursuant to Art. 6 (1)(f) of the GDPR in assigning reviews to customer accounts in order to take action, if necessary, against the infringement of third party rights or the publication of illegal content.

You have the option to revoke your consent at any time with effect for the future.

  1. purpose of data processing

The purpose of the processing of the data by us or our order processors is to improve our services for the users and to be able to increase the reach through (positive) ratings. The collection of the email address and the information about the use of our service serves to deliver the message with the request for rating.

The purpose of linking your submitted reviews with personal data stored in the customer account is to give you an overview of reviews already submitted and to document them. In addition, we process this data in order to take action against the infringement of third party rights or the publication of illegal content, if necessary.

  1. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Regarding cookies for surveys, our notes above "Use of cookies" also apply.

  1. revocation, objection and removal possibility

By unsubscribing from the newsletter, you will also no longer receive any e-mails from us asking you to rate. You also have the option to revoke your granted consent at any time. If the processing of your personal data is based on a legitimate interest on our part, you have the right to object to the processing at any time. For this purpose, please address your revocation/objection to the above-mentioned e-mail address.

In case of objections in connection with evaluation requests to Customer Support, you can also use the offered online form of our order processor Google LLC.

For cookies in surveys, our notes above "Use of cookies" also apply.


  1. Advertising mail
  2. description and scope of data processing

If you buy or sell goods on our website and provide your postal address, this may subsequently be used by us to send advertising mail. In such a case, only direct advertising for our own similar goods or services will be sent. You will be informed about this regulation when registering or buying and selling.

We use the services of Optimizely GmbH, Wallstraße 16, 10179 Berlin, Germany, for the management of our customers' address data for the sending of postal advertising as well as the documentation of possible advertising objections. We have concluded an order processing agreement with the service provider in which we oblige it to protect our customers' data and not to pass it on to third parties.

We use Deutsche Post Dialog Solutions GmbH, Koblenzer Str. 67, 53177 Bonn, Germany to send advertising mail. This company receives your postal address for the sending of advertising mail within the scope of order processing.

If you no longer wish to receive our information and offers in the future, you can object to the use of your data for advertising purposes. Please notify us in writing, enclosing the advertising material and stating your name and address to: momox SE, Schreiberhauer Straße 30, 10317 Berlin, Germany or at [email protected].

  1. legal basis for data processing

The legal basis for sending promotional mail as a result of the sale of goods or services is Art. 6 (1)(f) of the GDPR.

  1. purpose of data processing

The purpose of collecting the postal address is to deliver the advertising mail.

  1. duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Accordingly, the user's postal address will be stored until registration (see below) no longer exists.

  1. possibility of objection and elimination

You may object to receiving advertising mail in the future pursuant to Art. 21 (2), (3) of the GDPR.


  1. Registration
  2. description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The following data is collected during the registration process:

  1. Salutation, first and last name
  2. E-mail address
  3. Password self selected
  4. Address (street, house number, postal code, city)
  5. Optional consent to newsletter
  6. Optional specification of telephone number
  7. Optional indication date of birth
  8. Your account data (if you buy from momox, after registration)

The following data is also stored at the time of registration:

  1. Date and time of registration
  2. Entry source of registration: web, iOS app, Android app

After registration, the customer has, among other things, the possibility to submit comments (reviews) of offered products on the website. In this case, the first name of the customer specified during registration is published accordingly with the comment under the product.

We also use your e-mail address and information on purchases and sales made (OrderID) to display interest-based information and advertising to you on the platforms of our advertising partners (e.g. Google Search or YouTube). For this purpose, we transmit your e-mail address and OrderIDs via file upload to our advertising partners, whereby the transmission of the e-mail address does not take place in plain text, but as a so-called "hash value", i.e. by means of a mathematical mapping of the data. This makes it possible to recognize you as a user of our web services when you visit the platforms of our advertising partners, in order to display customized information/advertising to you. We use the following services for this purpose:

  • Google Customer Match: Provider: Google Inc, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, email: [email protected]; for more information about Google's use of data and Google Customer Match, see the following link: https://support.google.com/googleads/answer/6379332?hl=de

Since the use of the above-mentioned service providers may result in a transfer of personal data to countries outside the EU and the EEA (e.g., the USA), further safeguards are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through a contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the third country.

  1. legal basis for data processing

The legal basis for the processing of data for registration and provision of the customer account is Art. 6 (1)(b) of the GDPR.

  1. purpose of data processing

A registration of the user is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures. This concerns our purchase and sale of goods by or to the user.

If personal data are entered in the free text field provided for publication when submitting reviews of purchased products on our website, this is done for the purpose of publishing the review.

The processing and forwarding of the above-mentioned data to our advertising partners takes place in order to display interest-based information and advertising about our products to you on platforms of our advertising partners (e.g. Google search or YouTube).

  1. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for data collected during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations. If there is no activity in the customer account for a period of 6 years, the customer account will be deleted.

  1. possibility of objection, revocation and elimination

As a user, you have the option to cancel the registration at any time by sending an email to our support or our contact form. You can have the data stored about you changed at any time. For more information, see "Rights of the data subject" below.

If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. You also have the option of revoking any consent you have given at any time. For this purpose, please contact the above-mentioned e-mail address of the person responsible.

If the processing of your personal data is based on a legitimate interest on our part, you have the right to object to the processing at any time. You may object to the processing of your personal data for the purpose of targeted and interest-based advertising of our products on platforms of our advertising partners by contacting the respective advertising partner or by contacting the above-mentioned e-mail address of the controller. Information on how to exercise your right of objection with our advertising partners can be found in the privacy notices of the respective advertising partner linked above.

 

  1. Purchase and sale of goods
  2. description and scope of data processing

On our website, we offer users the opportunity to sell goods to us or buy goods from us.  

The data is transmitted to us and stored in accordance with the user's registration data in connection with goods, means of payment and shipping details selected by the user. The following data of the user are collected in the context of the buying and selling process and transmitted to the service providers mentioned here:

  1. Email address
  2. Salutation, first and last name, address
  3. Goods
  4. Payment information: Your payment information will be transmitted to the appropriate payment service provider depending on the payment method you select.

The payment service provider is responsible for your payment data. When selecting certain means of payment, the payment service providers may carry out an assessment of the credit risk on the basis of mathematical-statistical procedures (so-called scoring) at a credit agency. We have no influence on the assessment and do not receive any audit results. Information in particular about the responsible body of the payment service providers, the contact details of the data protection officers of the payment service providers and the categories of personal data processed by the payment service providers can be obtained from the service providers:

    1. Klarna: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden, is the responsible party. Information on data protection and also on the possible credit check, among others, on the part of BillPay GmbH, Zinnowitzer Str. 1, 10115 Berlin, Germany, can be found here: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
    2. Paypal: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg, is the responsible party. Information on data protection and also on the possible credit check on the part of other service providers can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
    3. PayOne: BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany, is the responsible party (credit card and direct debit). Information on data protection and also on possible credit checks by other service providers can be found here: https://www.bs-card-service.com/de/datenschutz/
    4. Amazon Payments: Any personal data you provide to Amazon Payments or collected by them in the payment process is controlled primarily by Amazon Payments s.c.a. (as controller) and secondarily by Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three located at 5, Rue Plaetis L 2338, Luxembourg. You acknowledge the Privacy Policy when you sign up for Amazon: https://pay.amazon.com/de/help/201751600
    5. In order to enforce claims, we use Inkasso Becker Wuppertal GmbH & CO KG, Friedrich-Engels-Allee 32, 42103 Wuppertal, if necessary for certain means of payment. If you are unable to settle outstanding invoices despite repeated reminders, we will transmit the data required for debt collection to this service provider. The following data will be transmitted:
  • First and last name
  • Address
  • Further contact details (e-mail address and/or telephone number)
  • Reason for the request
  • Amount of the receivable and due date
  1. Shipping information: If we have goods shipped, we pass on data to the shipping company commissioned, insofar as this is required for the delivery or status of the shipment. Service providers are specified in each case with the order. These are currently:
    1. Deutsche Post AG and DHL Paket GmbH
    2. PIN Mail AG
    3. Asendia Management SAS
  2. Integration of the Trusted Shops seal of approval: To display our Trusted Shops seal of approval and the collected ratings as well as to offer Trusted Shops products to buyers after an order, the Trusted Shops trust badge is integrated on this website. This serves to protect our legitimate interests in an optimal marketing of our offer, which prevail in the context of a balancing of interests. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. When the Trustbadge is called up, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and documents the call-up. This access data is not evaluated and is automatically overwritten no later than seven days after the end of your visit to the website. Further personal data is only transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. In this case, the contractual agreement between you and Trusted Shops applies.
  3. Integration of the Shopauskunft badge: The widget of Shopauskunft Händlerbund Management AG, Torgauer Str. 233, 04347 Leipzig, Germany is integrated on our website. This serves the purpose of displaying the number and result of our ratings received so far via Shopauskunft and to advertise with it. To display the widget, it is technically necessary to transmit usage data through your Internet browser to the Shopauskunft server and to store it in log data (so-called server log files) for 7 days. This stored data includes the name and URL of the retrieved file, date and time of the retrieval, the IP address of the requesting computer, website from which the access is made (referrer URL), the browser used and, if applicable, the operating system of your computer and the name of your access provider.
  4. If you purchase books as new goods on our websites, we use the distributor Libri GmbH, Friedensallee 273, 22763 Hamburg, Germany, for the distribution of the goods. Libri GmbH therefore receives the information about the ordered book as well as the delivery address.
  5. Customer contact center providers (e.g., call centers): In the context of customer support, data is shared with our service providers Yoummday GmbH, Belgradstraße 68, 80804 Munich, Germany, M Plus Serbia d.o.o., Tosin Bunar 272, 11070 Novi Beograd, Serbia, and CMX Solutions GmbH, Rosenstr. 2, 10178 Berlin, Germany, as part of order processing.
  1. legal basis for data processing

The legal basis is Art. 6 (b) or (f) of the GDPR.

  1. purpose of data processing

The processing and transfer of data for customer support, logistics, payment and shipping is necessary for the performance of the contract according to Art. 6 (1)(b) of the GDPR. This concerns our purchase and sale of goods by or to the user.

Processing and data transfer for the enforcement of claims is also necessary for the fulfillment of the contract with us and is based on Art. 6 (1)(b) of the GDPR.

With regard to the processing through the integration of the Trusted Shops seal of approval and the activity of LIBRI GmbH, there is a legitimate interest pursuant to Art. 6 (1)(f) of the GDPR. Our legitimate interest is the provision of the buyer protection linked to the specific order and the transactional evaluation services.

The transmission of the e-mail address to the shipping service provider commissioned with the delivery of the respective order serves the customer-friendly arrangement of the time and place of delivery. This and the avoidance of incorrect deliveries (among other things, to avoid costs in connection with undeliverable packages and, from the perspective of the shipping service provider, also to protect postal secrecy) is also both our and the shipping service provider's legitimate interest pursuant to Art. 6 (1)(f) of the GDPR.

  1. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

This is the case for the data stored during the purchase and sale contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.

  1. possibility of objection and elimination

If the data is required for the performance of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 (1)(f) of the GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 of the GDPR. You can send your objection by e-mail to [email protected].

 

XII. contact form and e-mail contact

  1. description and scope of data processing

Our website contains a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. The message and an e-mail address of the user are required. Further data are optional:

  1. Salutation, first and last name
  2. Order number
  3. Phone number

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored.

  1. We use software from the company Leafworks GmbH, Travestieg 2, 22851 Norderstedt, Germany, to respond to your inquiries about the shipment status of orders via Zendesk. Leafworks processes the name, content and technical information of the communication for us. This is done in the context of an order processing. For more information on data processing by Leafworks, please see the privacy policy at https://leafworks.de/datenschutzerklaerung/.
  2. We use software from the company Zendesk Inc, 1019 Market St San Francisco, CA 94103, USA ("Zendesk"), to process customer inquiries. Zendesk is used to manage customer emails and organize their processing. Zendesk processes the name, content and technical information of the communication on our behalf. As there is a transfer of personal data to the USA, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA. For more information on data processing by Zendesk, please see Zendesk's privacy policy at http://www.zendesk.com/company/privacy.
  3. We send e-mails in connection with the purchase and sale of goods (so-called transaction e-mails) via the following service providers:
  1. a) Mandrill Inc., 512 Means Street, Sweet, 404, Atlanta, GA 30318, USA, a Rocket Science Group, LLC company d/b/a MailChimp LLC.. Using Mandrill to manage customer emails and organize processing. Mandrill processes the content and technology of the communication for us. This is done within the framework of order processing. Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA. For more information on data processing by Mandrill, please see the privacy policy at https://mailchimp.com/legal/privacy.
  2. b) SendGrid Inc. 1801 California St., Suite 500, Denver, Colorado 80202, USA. SendGrid processes the content and technology of the communication for us. This takes place within the framework of order processing. Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2)(c) of the These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA. For more information on data processing by SendGrid, please see the privacy policy at https://sendgrid.com/resource/general-data-protection-regulation/.
  3. legal basis for data processing

The legal basis for the processing of the data is Art. 6 (1)(f) of the GDPR if the user has given his consent.

If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1)(b) of the GDPR.

  1. purpose of data processing

The processing of personal data from the input mask serves us to process the contact.

  1. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

  1. possibility of objection and elimination

If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. For more information, see "Rights of the data subject" below.

 

XIII. contacting via chatbot ("Dixa")

  1. description and scope of data processing

Our website uses a chatbot from Dixa GmbH, Friedrichstraße 123, 10117 Berlin, Germany, which can be used to answer questions about our services. To answer your questions, we collect the following personal data from you

  • UserID
  • Conversation ID
  • Data entered by the user, if applicable (name/email address)

 

The first time you use the chatbot, you are assigned a randomly generated UserID. The UserID remains stored in your browser until you delete your browsing history. If you want to use the bot again after deleting your browsing history, a new randomly generated UserID is generated. In this case, you may have to re-enter any previously clicked answers or asked questions or inputs. If you use the bot again, the UserID will be transmitted to it by your browser. This allows you to continue a previously interrupted conversation, search or input in the bot at any time (similar to setting cookies on websites). The conversations, searches or inputs you started are also generated and stored in the events on your browser. To continuously improve the bot, we record events such as "bot was displayed" and click events such as "user clicked on answer X". For this purpose we use ConversationIDs, which are generated analogously to the UserID within the bot's database. They serve as object identifier and are required for the construction of the bot, since database entries need a unique identifier.

Functional cookies are also used for the operation of the chat function. The cookies make it possible to recognize the Internet browser of the site visitor in order to distinguish individual users of the chat function of our website. The information generated by the cookies about your use of this website is transmitted to a server of the chat service provider and stored there.

  1. legal basis of the data processing

The legal basis for the processing of your personal data is, on the one hand, our legitimate interest pursuant to Art. 6 (1)(f) of the GDPR in providing a smooth customer service and answering inquiries from website visitors and customers. If the request aims at the conclusion of a contract or serves to answer requests from customers, Art. 6 (1)(b) of the GDPR is also the legal basis for the processing of your personal data. We have concluded an order processing agreement with the provider of the chatbot, Dixa GmbH, in accordance with Art. 28 of the GDPR, which obligates Dixa GmbH to process your data on our behalf only in accordance with instructions.

  1. purpose of data processing

The purpose of processing your personal data in the context of using the chatbot is to provide you with a functional way to contact us and to respond to your inquiries about our services and contracts with us.

  1. duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

  1. possibilities of objection and removal

You can object to the storage of your personal data at any time. In such a case, however, the conversation cannot be continued. For more information, see "Rights of the data subject" below.

 

XIV. Social Media Plug-ins

  1. description and scope of data processing

In the following, you will find information on the handling of your data that is collected through your use of our social media presences on social networks and platforms. Your data will be processed in accordance with the statutory regulations.

  1. supplier

1.1 Facebook Fan Page

1.1.1 Responsible entity

In the event that the data you provide to us is also or exclusively processed by Facebook, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, is the controller for data processing within the meaning of the GDPR in addition to us or in our place. For this purpose, we have concluded an agreement with Facebook pursuant to Art. 26 of the GDPR on joint responsibility for the processing of data (Controller Addendum). The agreement specifies the data processing operations for which we or Facebook are responsible when you visit our Facebook fan page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum

Since a transfer of personal data by Meta Platforms Ireland Ltd. in the USA takes place to Facebook Inc. among others, further protection mechanisms are required to ensure the data protection level of the GDPR. For this purpose, the provider uses standard data protection clauses in accordance with Art. 46 (2)(c) of the GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. If you as a visitor to the site would like to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both Facebook and us. You can independently adjust your advertising settings in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com

For further details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/

1.1.2 Facebook Privacy Officer

To contact Facebook's data protection officer, you can use the online contact form provided by Facebook under the following link https://www.facebook.com/help/contact/540977946302970.

1.1.3. data processing for statistical purposes by means of page insights

Facebook provides so-called page insights for our Facebook fan page: https://www.facebook.com/business/a/page/page-insights. These are aggregated data that provide information about how people interact with our site. Page Insights may be based on personally identifiable information collected in connection with a person's visit to or interaction with our Page and in connection with content provided. Please be aware of what personal data you share with us through Facebook. Your data may be processed for market research and advertising purposes even if you are not logged into Facebook or do not have a Facebook account. For example, user profiles can be created from the usage behavior and resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. This data collection takes place via cookies that are stored on your terminal device. Furthermore, data that is independent of the devices used by the users may also be stored in the user profiles; in particular, if the users are members of the respective platforms and logged in to them. The legal basis for the processing is Art- 6 (1)(f) of the GDPR. Our legitimate interest lies in the optimized presentation of our offer, effective information and communication with customers and interested parties, as well as the targeted placement of advertisements. Please note that we have no influence on the data collection and further processing by Facebook. As a result, we cannot provide any information about the extent to which, where and for how long the data is stored by Facebook. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing deletion obligations, which evaluations and links are made with the data on the part of Facebook and to whom the data is passed on by Facebook. If you wish to avoid the processing of your personal data by Facebook, please contact us by other means.

1.2 Other social media providers

1.2.1 Responsible entity

If your personal data is processed by a provider listed below, this provider is the data controller within the meaning of the GDPR. For the assertion of your data subject rights, we point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected by them. Should you still require assistance, please feel free to contact us at any time. We have online presences on the social media platforms of the following providers:

  • Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland
  • Instagram Inc., Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland
  • YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 2, Ireland
  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
  • XING SE, Dammtorstraße 29-32, 20354 Hamburg Germany
  • Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA

 

1.2.2 Data protection officer

Instructions on how to contact the data protection officer of the other social media providers can be found here:

  1. general information on social media platforms

2.1 Responsible entity

The responsible party for data processing within the meaning of the GDPR is the entity named at the beginning of this privacy policy, insofar as data transmitted to you via one of the social media platforms is processed by us ourselves.

2.2 Our data protection officer

If you have any concerns about data processing carried out by us as the data controller, you can contact our data protection officer using the contact details provided at the beginning of this privacy policy.

  1. general data processing on the social media platforms

3.1 Data processing for market research and advertising

As a rule, personal data is processed on the company website for market research and advertising purposes. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. By means of the collected data, usage profiles can be created. These are used to display advertisements within and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the usage profiles regardless of the devices you use. This is regularly the case if you are a member of the respective platforms and logged in to them.

3.2 Data processing and contact

We ourselves collect personal data when you contact us, for example, via a contact form or through a messenger service, such as Facebook Messenger. Which data is collected depends on the information you provide and the contact data you have provided or released. These are stored by us for the purpose of processing the request and in case of follow-up questions. Under no circumstances will we pass on the data to third parties without your consent. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 (1)(f) of the GDPR and, if applicable, Art. 6 (1)(b) of the GDPR if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal retention periods to the contrary. We assume that processing is complete if the circumstances indicate that the matter in question has been conclusively clarified.

3.3 Data processing for contract execution

If your contact via a social network or other platform aims at the conclusion of a contract for the delivery of goods or the provision of services with us, we process your data for the performance of the contract or for the implementation of pre-contractual measures or for the provision of the requested services. The legal basis for the processing of your data in this case is Art. 6 (1)(b) of the GDPR. Your data will be deleted if it is no longer required for the performance of the contract or if it is determined that the pre-contractual measures do not lead to the conclusion of a contract corresponding to the purpose of the contact. Please note, however, that it may be necessary to store personal data of our contractual partners even after the conclusion of the contract in order to comply with contractual or legal obligations.

3.4 Data processing based on consent

If you are asked by the respective providers of the platforms for consent to processing for a specific purpose, the legal basis of the processing is Art. 6 (1)(a), Art. 7 of the GDPR. Consent given can be revoked at any time with effect for the future.

  1. data transfer and recipients

When visiting and using the platforms listed above, a transfer of personal data to the USA or other third countries outside the EU may occur, which is why further protection mechanisms are required in these cases to ensure the level of data protection of the GDPR. For more information on whether and which suitable guarantees the providers can demonstrate for this, please see the list below. We have no influence on the processing of your personal data by the provider and how it is handled. Likewise, we do not have any information on this. For more information, please check the privacy policy of the respective provider and, if necessary, use the opt-out / personalization options regarding data processing by the provider:

 

  1. Comments at our website
  2. description and scope of data processing

Personal data is collected when you submit a rating within the framework of our websites (e.g. the blog). In this context, we collect the data specified in the respective form and your IP address. Information on the name and e-mail address are voluntary.

  1. legal basis for data processing

The legal basis for the processing of the data is Art. 6 (1)(a) of the GDPR if the user has given his consent.

  1. purpose of data processing

The user gives his consent. The processing of personal data from the input mask serves us to process the comment.

  1. duration of storage

The data will be deleted if the author of the comment revokes his/her consent or if the purpose of the processing no longer applies.

  1. possibility of objection and elimination

The user has the option to revoke his consent to the processing of personal data at any time. He can also have information anonymized by us, e.g. by shortening previously mentioned name. For more information, see "Rights of the data subject" below.

 

XVI. rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

  1. right to information

You may request confirmation from the controller as to whether personal data concerning you is being processed by us.

If there is such processing, you can request information from the controller about the following:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data which are processed;
  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  4. the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage duration;
  5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. any available information on the origin of the data, if the personal data are not collected from the data subject;
  8. the existence of automated decision-making, including profiling pursuant to Art. 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
  9. You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer.
  1. right to rectification

You have a right to rectification and/or completion vis-à-vis the controller, insofar as the processed personal data concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

  1. right to restriction of processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

  1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
  3. the controller no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, or
  4. if you have objected to the processing pursuant to Art. 21 (1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh your grounds.

Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

  1. right to deletion
  2. a) Obligation to delete

You may request the controller to delete the personal data concerning you without undue delay, and the controller is obliged to delete such data without undue delay, if one of the following reasons applies:

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent on which the processing was based pursuant to Art. 6 (1)(a) or Art. 9 (2)(a) of the GDPR and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) of the GDPR.
  4. The personal data concerning you have been processed unlawfully.
  5. The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  6. The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 (1) of the GDPR.
  1. b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) of the GDPR, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

  1. c) Exceptions

The right to erasure does not exist insofar as the processing is necessary to

  1. to exercise the right to freedom of expression and information;
  2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (These are, for example, commercial and tax retention obligations.);
  3. for reasons of public interest in the area of public health pursuant to Art. 9 (2)(h) and (i) and Art. 9 (3) of the GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
  5. for the assertion, exercise or defense of legal claims.
  1. right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the data controller.

  1. right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

  1. the processing is based on consent pursuant to Art. 6 (1)(a) of the GDPR or Art. 9 (2)(a) of the GDPR or on a contract pursuant to Art. 6 (1)(b) of the GDPR and
  2. the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  1. right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right pursuant to Article 21 (2), (3) of the GDPR to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures using technical specifications.

  1. right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

  1. automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for the conclusion or fulfillment of a contract between you and the responsible party,
  2. is permitted by legislation of the Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
  3. is done with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9 (2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms of, and the legitimate interests of, the data subject, which shall include, at least, the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

  1. right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

XVII. Validity of this Privacy Policy

We reserve the right to change this privacy policy from time to time. The current version is available from our website. If a change significantly restricts the rights of registered users, we will notify them. Furthermore, the currently available privacy policy is valid for our website users.