Privacy Policy
1. Information on the collection of personal data and contact details of the controller
2. Data collection when visiting our website
3. Contacting us
4. Cookies
5. Data processing for order handling
6. Data processing when opening a customer account and for contract processing
7. Use of your data for direct advertising
8. Use of social media: social plugins
9. Online marketing
10. Retargeting / remarketing / referral advertising
11. Tools and miscellaneous
12. Rights of the data subject
13. Duration of storage of personal data
1. Information on the collection of personal data and contact details of the controller
1.1.
Thank you for visiting our website. Below we would like to inform you about how we handle your personal data when you use our website. Personal data generally means all data by which you can be personally identified.
1.2.
The controller responsible for data processing on our website within the meaning of the General Data Protection Regulation (GDPR) is:
Lnail.de
Wilmersdorfer Straße 128, C/O ArP
10627 Berlin
Germany
Tel.: +4915163615900
E-mail: info@lnail.de
1.3.
To protect the security of your data during transmission, we use encryption methods in line with the current state of the art (e.g. SSL or TLS) via HTTPS.
2. Data collection when visiting our website
Each time our website is accessed, our system automatically collects data and information transmitted by your browser to our server (so-called “server log files”). The following data, which is technically necessary for us, is collected:
- Website visited
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Operating system used
- Browser used
- IP address used (if applicable: in anonymized form)
The legal basis for processing is Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and maintaining the functionality of our website. The data is not passed on or used in any other way.
The temporary storage of the IP address by the system is necessary in order to deliver the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
We reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.
The data is deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the users’ IP addresses are deleted or altered so that the calling client can no longer be assigned.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.
3. Contacting us
If you contact us via contact form, the data entered in the input form is transmitted to us and stored. The data collected can be seen from the respective input form.
When contacting us by e-mail, only the data entered by you there is transmitted to us.
The data is used exclusively for processing the conversation and your request.
The legal basis for processing the data is Art. 6(1)(a) GDPR if the user has given consent.
The legal basis for processing data transmitted in the course of sending an e-mail is Art. 6(1)(f) GDPR.
If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.
The data will be deleted as soon as it is no longer required for the purpose for which it was collected and insofar as there are no statutory retention obligations to the contrary.
For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The user has the option at any time to revoke consent to the processing of personal data. If the user contacts us by e-mail, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
4. Cookies
Our website uses cookies. Cookies are text files stored on the user’s device. If a user accesses a website, a cookie can be stored on the user’s operating system.
Some functions of our website cannot be offered without the use of cookies. For this purpose, it is necessary that the browser is recognized even after a page change.
The user data collected through technically necessary cookies is not used to create user profiles.
The purposes mentioned above also constitute our legitimate interest in processing personal data in accordance with Art. 6(1)(f) GDPR.
In addition, our website may use cookies that enable an analysis of users’ surfing behavior (so-called third-party cookies). Further information on scope, purpose, legal basis and objection options can be found in the respective sections of this privacy policy.
As a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate, restrict or delete the transmission of cookies. If you deactivate cookies for our website, not all website functions may be fully usable.
You can prevent the transmission of Flash cookies by changing the Flash Player settings. Help on settings can be found in your browser’s help menu or via the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Some of the cookies used here are deleted after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies).
If cookies are set, they collect and process certain user information individually, such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
5. Data processing for order handling
Further information on Google’s privacy can be found here:
https://business.safety.google/privacy/
Klarna
When paying using the following payment methods (if offered):
- Klarna invoice purchase
- Klarna installment purchase
- Klarna direct debit
- Klarna credit card payment
- Klarna “pay now”
payment processing is carried out via Klarna AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (“Klarna”).
We transmit your personal data (first and last name, street, house number, postal code, city, gender, e-mail address, phone number and IP address) and data related to the order (e.g. invoice amount, items, delivery type) to Klarna for identity and creditworthiness checks, provided that you have expressly consented to such transfer in accordance with Art. 6(1)(a) GDPR.
Klarna may pass your data on to one of the following credit agencies:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values.
You may revoke your consent at any time by sending a message to the controller responsible for processing your data or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.
For data subjects residing in Germany, the following Klarna data protection provisions apply:
https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf
For data subjects residing in Austria, the following Klarna data protection provisions apply:
https://cdn.klarna.com/1.0/shared/content/policy/data/de_at/data_protection.pdf
5.7. mybank
When paying via “mybank” through PayPal Checkout, payment is processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”). Further information on PayPal Checkout can be found in the relevant section below.
PayPal
If you select the payment method PayPal, credit card via PayPal, direct debit via PayPal or — if offered — “purchase on account” via PayPal, payment is processed by PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”).
We transmit your personal data to PayPal to the extent necessary in accordance with Art. 6(1)(b) GDPR.
PayPal reserves the right to perform a credit check for the payment methods credit card via PayPal, direct debit via PayPal or — if offered — “purchase on account” via PayPal. For this purpose, your payment data may be transmitted to credit agencies in accordance with Art. 6(1)(f) GDPR on the basis of PayPal’s legitimate interest in determining your ability to pay.
PayPal uses the result of the credit check regarding the statistical probability of payment default for the purpose of deciding on the provision of the respective payment method.
The credit report may contain probability values (score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values.
What other data PayPal collects can be found in PayPal’s respective privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
5.8. PayPal Checkout
We use PayPal Checkout on this website (PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg).
PayPal Checkout is an online payment solution from PayPal that supports both PayPal payment methods and local payment methods from third-party providers.
If you select the payment methods PayPal, credit card via PayPal, direct debit via PayPal or “Pay Later” via PayPal (if offered), we transmit your necessary payment data to PayPal for payment processing. This transfer is permitted under Art. 6(1)(b) GDPR.
For the payment methods credit card via PayPal, direct debit via PayPal or “Pay Later” via PayPal, PayPal reserves the right to carry out a credit check. For this purpose, PayPal may transfer your necessary payment data to credit agencies. Processing takes place on the legal basis of Art. 6(1)(f) GDPR. PayPal has a legitimate interest in determining your solvency.
You may object to this processing of your data at any time by sending a message to PayPal, although PayPal may still be entitled to continue processing your personal data if this is necessary for contractual payment processing.
If you select the PayPal invoice purchase payment method, we initially transmit your payment data to PayPal in accordance with Art. 6(1)(b) GDPR. PayPal then forwards your data to Ratepay GmbH, Ritterstr. 12-14, 10969 Berlin for payment processing. RatePay then carries out an identity and credit check in its own name. The legal basis for this is Art. 6(1)(f) GDPR, the legitimate interest in determining solvency. For this purpose, RatePay transmits your payment data to credit agencies in accordance with Art. 6(1)(f) GDPR. RatePay may access the following credit agencies:
https://www.ratepay.com/legal-payment-creditagencies/
If you choose a payment method from a local third-party provider, we initially transmit your payment data to PayPal in accordance with Art. 6(1)(b) GDPR. PayPal then forwards your payment data for processing the payment to the provider you selected:
- iDeal
- giropay
- Sofort
- bancontact
- eps
- blik
- Przelewy24
- MyBank
Further information can be found in PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Stripe
If you choose a payment method of the payment service provider Stripe, payment processing is carried out by Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (“Stripe”).
We transmit your personal data together with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) to Stripe exclusively for the purpose of payment processing and only to the extent necessary in accordance with Art. 6(1)(b) GDPR.
Klarna “Pay Now”
If payment is made by “pay now”, payment processing is carried out via Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (“Klarna”).
We transmit your personal data (first and last name, street, house number, postal code, city, gender, e-mail address, phone number and IP address) and data related to the order (e.g. invoice amount, items, delivery type) to Klarna for identity and creditworthiness checks, provided that you have expressly consented to such transfer in accordance with Art. 6(1)(a) GDPR.
Klarna may pass your data on to one of the following credit agencies:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies
The credit report may contain probability values (score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values.
You may revoke your consent at any time by sending a message to the controller responsible for processing your data or to Klarna. However, Klarna may still be entitled to process your personal data if this is necessary for contractual payment processing.
For data subjects residing in Germany, the following Klarna data protection provisions apply:
https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf
For data subjects residing in Austria, the following Klarna data protection provisions apply:
https://cdn.klarna.com/1.0/shared/content/policy/data/de_at/data_protection.pdf
6. Data processing when opening a customer account and for contract processing
If you open a customer account with us, personal data will be collected and processed in accordance with Art. 6(1)(b) GDPR. The scope of the data can be seen from the input form.
The data you enter will be stored and used by us for contract processing.
You can delete your customer account at any time. This can be done by sending a message to the controller’s address or, if offered, directly in the customer account.
In this case, we will also block your data with regard to tax and commercial retention periods and delete it after these periods have expired. Only your consent to permanent storage or any further legally permissible use of data on our part may prevent this.
7. Use of your data for direct advertising
7.1. Newsletter
Our website offers the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. The only mandatory information is your e-mail address. If you provide any additional voluntary information, this will only be used for personal address.
The legal basis for processing your data after registration for the newsletter is Art. 6(1)(a) GDPR if the user has given consent. We obtain this by sending you a confirmation e-mail after registration for the newsletter containing a confirmation link. By clicking this link, you also give your consent to receiving the newsletter.
When you submit your registration for the newsletter, we store your IP address as well as the date and time of registration. This storage serves to trace possible misuse of your e-mail address.
We use the data collected during newsletter registration exclusively for sending the newsletter.
You can cancel the newsletter subscription at any time. A corresponding link can be found in every newsletter. This also enables revocation of consent to the storage of personal data collected during the registration process.
7.2. Sendinblue
We send our newsletters via Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (“Sendinblue”).
We transmit the data entered by you when registering for the newsletter to Sendinblue in accordance with Art. 6(1)(f) GDPR in order to safeguard our legitimate interest in using an effective, secure and user-friendly newsletter system.
The data entered for the newsletter order (e.g. e-mail address) is stored on Sendinblue servers in Germany.
Your data is used by Sendinblue on our behalf for sending and statistical evaluation of newsletters. For this purpose, newsletters contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This makes it possible to determine whether a newsletter e-mail has been opened and which links were clicked.
With the help of this conversion tracking, it can also be tracked whether an action (such as the purchase of an item from our shop) was carried out after clicking a link from the newsletter.
In addition, technical information is also collected (e.g. time of access, IP address, browser type and/or operating system). This data is collected exclusively in pseudonymized form and is not linked to your other personal data.
If you do not want the data analysis described here, you must unsubscribe from the newsletter.
A data processing agreement has been concluded with Sendinblue.
Details on Sendinblue’s privacy policy can be found at:
https://de.sendinblue.com/legal/privacypolicy/
7.3. Advertising by postal mail
If you have provided us with your first and last name, postal address and, where applicable, other personal data as part of an order, we reserve the right, in order to safeguard our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR, to store this data and send you our offers by postal mail.
You may object to the storage and use of your data for this purpose at any time by sending an appropriate message to the controller.
8. Use of social media: social plugins
8.1. Facebook as standard plugin
We use social plugins (“plugins”) of the social network Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) on our website.
You can usually recognize the plugins by the Facebook logo, usually a white “f” on a blue background. Other designs of the Facebook plugin can be viewed here:
https://developers.facebook.com/docs/plugins
When you access one of our webpages into which such a plugin is integrated, your browser establishes a direct connection to Facebook’s servers and Facebook transmits the content of the plugin directly to your browser, even if you do not have a Facebook profile or are not currently logged into Facebook.
This information (including your IP address) can be transmitted directly from your browser to a Facebook server in the USA and stored there.
If you are logged into Facebook at the relevant time, Facebook can assign your visit to our website directly to your Facebook profile. If you interact with a plugin (e.g. click the “Like” button or post a comment), this information is also transmitted directly to a Facebook server and stored there.
The actions may be published on your Facebook profile and displayed to your Facebook friends.
Our legitimate interest lies in displaying personalized advertising and in exploiting the full financial potential of our website. The legal basis is Art. 6(1)(f) GDPR.
If you do not want the data collected via our website to be assigned to your Facebook profile, you must log out of Facebook before visiting our website.
You can also prevent the loading of Facebook plugins with add-ons for your browser, e.g. the script blocker “NoScript” (http://noscript.net/).
Meta Platforms, Inc., based in the USA, is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the level of data protection applicable in the EU.
Further information can be found in Facebook’s privacy policy:
http://www.facebook.com/policy.php
https://www.facebook.com/legal/EU_data_transfer_addendum
8.2. Google+ as standard plugin
Our legitimate interest lies in displaying personalized advertising and in exploiting the full financial potential of our website. The legal basis is Art. 6(1)(f) GDPR.
If you do not want the data collected via our website to be assigned to your Google+ profile, you must log out of Google+ before visiting our website.
You can also prevent the loading of Google+ plugins with add-ons for your browser, e.g. the script blocker “NoScript” (http://noscript.net/).
Google LLC, based in the USA, is certified under the EU-U.S. Data Privacy Framework.
Further information can be found in Google’s privacy policy:
https://www.google.de/intl/de/policies/privacy/
Further information on Google privacy:
https://business.safety.google/privacy/
8.3. Instagram as standard plugin
We use social plugins (“plugins”) of the social network Instagram (operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland) on our website.
You can usually recognize the plugins by the Instagram camera. Other designs of the Instagram plugin can be viewed here:
http://blog.instagram.com/post/36222022872/introducing-instagram-badges
When you access one of our webpages into which such a plugin is integrated, your browser establishes a direct connection to Instagram’s servers and Instagram transmits the content of the plugin directly to your browser, even if you do not have an Instagram profile or are not logged into Instagram.
This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there.
If you are logged into Instagram at the relevant time, Instagram can assign your visit to our website directly to your Instagram profile. If you interact with a plugin, this information is also transmitted directly to an Instagram server and stored there.
The actions may be published on your Instagram profile and displayed to your Instagram friends.
Our legitimate interest lies in displaying personalized advertising and in exploiting the full financial potential of our website. The legal basis is Art. 6(1)(f) GDPR.
If you do not want the data collected via our website to be assigned to your Instagram profile, you must log out of Instagram before visiting our website.
You can also prevent the loading of Instagram plugins with add-ons for your browser, e.g. the script blocker “NoScript” (http://noscript.net/).
Meta Platforms, Inc., based in the USA, is certified under the EU-U.S. Data Privacy Framework.
Further information can be found in Instagram’s privacy policy:
https://instagram.com/about/legal/privacy/
8.4. Pinterest as standard plugin
We use social plugins (“plugins”) of the social network Pinterest (Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA) on our website.
You can usually recognize the plugins by the “Pin it” button. Further plugin variants can be found here:
https://developers.pinterest.com/docs/getting-started/introduction/
When you access one of our webpages into which such a plugin is integrated, your browser establishes a direct connection to Pinterest’s servers and transmits the content of the plugin directly to your browser, even if you do not have a Pinterest profile or are not logged into Pinterest.
This information (including your IP address) is transmitted directly from your browser to a Pinterest server in the USA and stored there.
If you are logged into Pinterest at the relevant time, Pinterest can assign your visit to our website directly to your Pinterest profile. If you interact with a plugin, this information is also transmitted directly to a Pinterest server and stored there.
The actions may be published on your Pinterest profile and displayed to your Pinterest friends.
Our legitimate interest lies in displaying personalized advertising and in exploiting the full financial potential of our website. The legal basis is Art. 6(1)(f) GDPR.
If you do not want the data collected via our website to be assigned to your Pinterest profile, you must log out of Pinterest before visiting our website.
You can also prevent the loading of Pinterest plugins with add-ons for your browser, e.g. the script blocker “NoScript” (http://noscript.net/).
The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea
Pinterest privacy policy:
https://about.pinterest.com/de/privacy-policy
8.5. X (formerly Twitter) as standard plugin
This information (including your IP address) is transmitted directly from your browser to an X server in the USA and stored there.
If you are logged into X at the relevant time, X can assign your visit to our website directly to your X profile. If you interact with a plugin, this information is also transmitted directly to an X server and stored there.
The actions may be published on your X profile and displayed to your X friends.
Our legitimate interest lies in displaying personalized advertising and in exploiting the full financial potential of our website. The legal basis is Art. 6(1)(f) GDPR.
If you do not want the data collected via our website to be assigned to your X profile, you must log out of X before visiting our website.
You can also prevent the loading of Twitter plugins with add-ons for your browser, e.g. the script blocker “NoScript” (http://noscript.net/).
X participates in the EU-U.S. Data Privacy Framework, which guarantees adequate protection of your data even when processed on servers in the USA. Details can be found here:
X privacy policy:
9. Online marketing
9.1. Google AdSense
We use Google AdSense on our website, a web advertising service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google AdSense uses so-called “DoubleClick DART Cookies” (“cookies”), text files that are stored on your computer and enable analysis of your use of the website. In addition, so-called web beacons (small invisible graphics) are also used to record visitor traffic on the website.
The information generated by the cookie and/or web beacon about your use of this website (including your IP address) is usually transmitted to a Google server and stored there, and transmission to the USA is also possible.
The information thus obtained is used by Google to evaluate your usage behavior with regard to AdSense advertisements. The IP address transmitted by your browser within the framework of Google AdSense is not merged with other data from Google.
The information collected by Google may be transferred to third parties if required by law and/or insofar as third parties process this data on Google’s behalf.
The legal basis is Art. 6(1)(a) GDPR, namely your express consent.
You can permanently deactivate cookies by setting your browser accordingly or download and install the browser plug-in available at the following link:
http://www.google.com/settings/ads/plugin?hl=de
Google LLC, based in the USA, is certified under the EU-U.S. Data Privacy Framework.
Further information on DoubleClick by Google’s privacy policy can be found at:
http://www.google.de/policies/privacy/
Further information on Google privacy can be found here:
https://business.safety.google/privacy/
Certain functions of this website may then not be available or only available to a limited extent.
9.2. Use of Google Ads conversion tracking
This website uses the online advertising program “Google Ads” and, as part of Google Ads, conversion tracking from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Advertising materials (so-called Google AdWords) are used to advertise our offers on external websites.
Our legitimate interest lies in displaying advertising that is of interest to you and in achieving a fair calculation of advertising costs. The legal basis is Art. 6(1)(a) GDPR, namely your express consent.
Google Ads uses conversion tracking cookies that are set when you click on an AdWords ad placed by Google. These cookies generally expire after 30 days and are not used for personal identification. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across Ads customers’ websites.
The information obtained in this way is used to compile conversion statistics for Ads customers regarding the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. You cannot be personally identified this way.
If you wish to prevent tracking, you can deactivate the Google Conversion Tracking cookie via your browser settings.
Google LLC, based in the USA, is certified under the EU-U.S. Data Privacy Framework.
Further information on Google privacy can be found at:
Further information on DoubleClick by Google’s privacy policy can be found at:
http://www.google.de/policies/privacy/
Further information on Google privacy can be found here:
https://business.safety.google/privacy/
ou can permanently deactivate conversion cookies by changing your browser settings accordingly or by downloading and installing the browser plug-in available at:
You can permanently deactivate cookies by setting your browser accordingly or download and install the browser plug-in available at the following link:
http://www.google.com/settings/ads/plugin?hl=de
In this case, certain functions of this website may not be usable or only usable to a limited extent.
10. Retargeting / remarketing / referral advertising
Meta Custom Audience using the pixel process
We use the “Meta Pixel” of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”) on this website.
If express consent has been given, it can be used to track the behavior of users after they have seen or clicked on a Facebook advertisement.
This procedure is used to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and may help optimize future advertising measures.
The data collected is anonymous for us, meaning we cannot draw conclusions about users’ identities. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with Facebook’s data usage policy:
https://www.facebook.com/about/privacy/
You can enable Meta and its partners to place advertisements on and outside Facebook. A cookie may be stored on your device for these purposes.
These processing operations are carried out exclusively upon granting express consent in accordance with Art. 6(1)(a) GDPR.
Consent to the use of the Meta Pixel may only be declared by users older than 13 years. If you are younger, please ask your legal guardians for permission.
You can deactivate the use of cookies on your computer by changing your browser settings. However, this may result in some functions of our website no longer being fully usable.
You can also deactivate the use of cookies by third parties such as Meta on the following Digital Advertising Alliance website:
http://www.aboutads.info/choices/
Meta Platforms Inc. is certified under the EU-U.S. Data Privacy Framework. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
11. Tools and miscellaneous
11.1. Google reCAPTCHA
We use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in preventing misuse and spam.
reCAPTCHA is a function intended to ensure that input is made by a natural person.
The service sends your IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google.
When using Google reCAPTCHA, your personal data may also be transmitted to the servers of Google LLC in the USA.
Google LLC, based in the USA, is certified under the EU-U.S. Data Privacy Framework.
Further information on Google privacy can be found at:
Further information on DoubleClick by Google’s privacy policy can be found at:
http://www.google.de/policies/privacy/
Further information on Google privacy can be found here:
https://business.safety.google/privacy/
11.2. Google Web Fonts
We use so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) for the uniform display of fonts.
When you call up our website, your browser loads the required web fonts into your browser cache. For this, your browser must establish a connection to Google’s servers, whereby Google is informed of your IP address. In this context, your personal data may also be transmitted to the servers of Google LLC in the USA.
The legal basis is Art. 6(1)(a) GDPR, namely your express consent.
If your browser does not support web fonts or you reject their use, a standard font from your computer will be used.
Details about Google Web Fonts can be found here:
https://developers.google.com/fonts/faq
Google LLC, based in the USA, is certified under the EU-U.S. Data Privacy Framework.
Further information on Google privacy can be found at:
Further information on DoubleClick by Google’s privacy policy can be found at:
http://www.google.de/policies/privacy/
Further information on Google privacy can be found here:
https://business.safety.google/privacy/
11.3. Fonts.net Web Fonts
We use so-called web fonts provided by Monotype GmbH, Werner-Reimers-Straße 2–4, 61352 Bad Homburg (“Fonts.net”) for the uniform display of fonts.
When you call up our website, your browser loads the required web fonts into your browser cache. For this, your browser must establish a connection to Fonts.net servers, whereby Monotype is informed of your IP address.
Our legitimate interest within the meaning of Art. 6(1)(f) GDPR lies in the uniform and appealing presentation of our online offerings.
If your browser does not support web fonts, a standard font from your computer will be used.
Details on privacy at Fonts.net can be found here:
https://www.fonts.com/info/legal
11.4. Google Tag Manager
We use Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
With the help of Google Tag Manager, we can integrate tracking or statistics tools and other technologies on our website via tags.
Tags are not code sections that record specific activities on the website. The tags mostly come from other Google programs, but can also be integrated by other companies. The tags can, for example, collect browser data, integrate buttons or set cookies.
However, Google Tag Manager itself does not create user profiles, store cookies or carry out independent analyses, but only serves to manage and display the tools integrated via it.
Your IP address is collected via Google Tag Manager and may also be transmitted to Google’s parent company in the United States.
The legal basis for the use of Google Tag Manager is Art. 6(1)(a) GDPR, namely your consent.
Google LLC, based in the USA, is certified under the EU-U.S. Data Privacy Framework.
Further information on DoubleClick by Google’s privacy policy can be found at:
http://www.google.de/policies/privacy/
Further information on Google privacy can be found here:
https://business.safety.google/privacy/
12. Rights of the data subject
12.1.
Applicable data protection law grants you comprehensive rights as a data subject vis-à-vis the controller regarding the processing of your personal data (rights of access and intervention), about which we inform you below:
- Right of access pursuant to Art. 15 GDPR: You may request confirmation as to whether personal data concerning you is being processed. You also have a right to information about the purpose, categories of personal data, recipients, planned storage period, the existence of further rights such as rectification of data or the right to lodge a complaint with a supervisory authority, the origin of your data if not collected by us, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the significance and intended consequences of such processing for you, as well as your right to be informed of what guarantees pursuant to Art. 46 GDPR exist when your data is transferred to third countries.
- Right to rectification pursuant to Art. 16 GDPR: You have the right to immediate rectification of inaccurate data concerning you and/or completion of incomplete data stored by us.
- Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request restriction of processing of your personal data while the accuracy of your data, which you contest, is verified; if you refuse deletion of your data due to unlawful processing and instead request restriction of the processing of your data; if you need your data to establish, exercise or defend legal claims after we no longer need it for the purpose; or if you have objected for reasons relating to your particular situation, as long as it has not yet been determined whether our legitimate grounds override yours.
If the processing of personal data concerning you has been restricted, this data may — apart from storage — only be processed with your consent or for the establishment, exercise or defense of legal claims or for protecting the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. You will be informed before the restriction is lifted.
- Right to erasure pursuant to Art. 17 GDPR: You have the right to request the immediate deletion of your personal data if the requirements of Art. 17(1) GDPR are met. However, this right to erasure does not exist in particular where processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
- Right to information pursuant to Art. 19 GDPR: If you have exercised your right to rectification, erasure or restriction of processing, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You also have the right to be informed about these recipients.
- Right to data portability pursuant to Art. 20 GDPR: You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller, insofar as this is technically feasible.
- Right to withdraw consent pursuant to Art. 7(3) GDPR: You have the right to object at any time to the processing of personal data concerning you based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. You also have the right to revoke your consent under data protection law at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint pursuant to Art. 77 GDPR: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
12.2. Right to object
You have the right to object at any time, with effect for the future, to the processing of your data if we process your data on the basis of our overriding legitimate interest after a balancing of interests.
If you make use of this right to object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or unless the processing serves the establishment, exercise or defense of legal claims.
13. Duration of storage of personal data
The duration of storage of personal data depends on the respective statutory retention periods. After these periods expire, we routinely delete the data if it is no longer required for the fulfillment or initiation of a contract and/or if we no longer have a legitimate interest in further storage.