Privacy policy

Contents

Personal data Processing data About this privacy Responsible body Rights of the data subjects Specific processing activities Third-party services Data protection and security Data protection your rights
Personal data

We process personal information (hereinafter often referred to as “information”) only if this is necessary and to make our online presence and the associated content and services available in a user-friendly manner.

Processing data

The definition of “processing” pursuant to Article 4(1) of the General Data Protection Regulation (hereinafter referred to as “GDPR”) includes any operation which is performed on personal data, whether by collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

About this Privacy

In our privacy policy, we provide you with detailed information about the type, scope, purpose, duration and legal basis of the processing of personal data. This concerns cases in which we decide alone or jointly with others on the purposes and means of processing. We also inform you about the third-party components we use for optimization and quality improvement purposes that process data independently.

Responsible body

Responsible for our online presence within the meaning of data protection law is:

Name: Jonathan Schödl
Phone: +49 7021 939 746
Mail: [email protected]

Rights of the data subjects

Data subjects have the following rights regarding the processing of their data:

  1. The right to confirmation of data processing, information about your data, further information on data processing and copies of the data (see Art. 15 GDPR).
  2. The right to rectification or completion of inaccurate or incomplete data (see Art. 16 GDPR).
  3. The right to erasure of your data or, if further processing is necessary and pursuant to Art. 17 (3) GDPR, to restriction of processing pursuant to Art. 18 GDPR.
  4. The right to transfer your data to other controllers (see Art. 20 GDPR).
  5. The right to lodge a complaint with a supervisory authority if they believe that the processing of their data violates the GDPR (see Art. 77 GDPR).
  6. The right to object to future data processing, in particular to data processing for the purpose of direct marketing (see Art. 21 GDPR).
  7. We are obliged to keep all recipients informed about the rectification, erasure, or restriction of processing, unless this is impossible or involves disproportionate effort. Users have a right to information about these recipients.
Specific processing activities

We delete or block data that is processed when using our online presence as soon as the storage purpose no longer applies, and no statutory retention obligations prevent the deletion. Details on specific processing procedures can be found below.

  1. Server data: For technical reasons, such as ensuring a secure and stable online presence, your Internet browser transmits data to us, more precisely to our webspace provider. These server log files include your browser type and version, the operating system, the referrer URL, the pages visited on our website, the date, and time of access and the IP address.
  2. This data is stored temporarily, but not together with other of your data.
  3. This storage is based on Art. 6 para. 1 lit. f) GDPR and serves our legitimate interest in the improvement, stability, functionality, and security of our online presence.
  4. The data will be deleted after seven days at the latest, unless further storage is necessary for evidence purposes. In such cases, the data is exempt from deletion until the incident has been finally clarified.
  5. Cookies:
    • Session cookies: Our website uses cookies. These are small files that your browser stores on your device. They contain data such as your browser data, location data or IP address.
    • This data helps to make our website more user-friendly, effective and secure by enabling functions such as multilingual presentation or a shopping basket.
    • The use of these cookies for contract preparation or processing is based on Art. 6 para. 1 lit. b) GDPR. If the use does not serve these purposes, our interest is the improvement of our website, based on Art. 6 para. 1 lit. f) GDPR.
    • Session cookies are deleted after the browser is closed.
    • Cookies from third-party providers: We may also use cookies from partners for advertising, analyses or website functions. Details, in particular the purposes and basis for processing these cookies, can be found below.
    • Deactivation of cookies: You can set your browser so that no cookies are saved or cookies that have already been saved are deleted. The procedure varies depending on the browser. Therefore, please consider using the help function of your browser. Flash cookies cannot be deactivated via browser settings. To achieve this, change the settings of your Flash player. You can also find information on this in the help or documentation for your Flash player.
      • Blocking or restricting cookies may mean that you cannot use all the functions of our website to their full extent.
  6. Customer account / Registration: If you create a customer account on our website, we only use your registration data — such as name, address or email — for pre-contractual services, contract fulfillment or customer care, such as to provide an overview of your orders or the wish list function. We also store your IP address and the date and time of your registration without passing this data on to third parties. During the registration process, we obtain your consent to data processing and refer you to our privacy policy. The data will only be used to provide the customer account. The legal basis for the processing is Art. 6 para. 1 lit. a) GDPR in the case of consent and Art. 6 para. 1 lit. b) GDPR if the account opening also serves pre-contractual measures or the fulfillment of the contract. You can revoke your consent at any time in the future in accordance with Art. 7 para. 3 GDPR by informing us of your revocation. The data will be deleted as soon as its processing is no longer necessary, considering retention periods under tax and commercial law.
  7. Newsletter: When you register for our newsletter, your e-mail address and optionally your name and address are recorded. We also store the IP address and the time of your registration. We obtain your consent to send you the newsletter, explain the content and refer you to the privacy policy. The data will be used exclusively for sending the newsletter and will not be passed on to third parties. You can revoke your consent to receive the newsletter at any time, as provided for in Art. 7 para. 3 GDPR. All you need to do is send us a message or click on the unsubscribe link in each newsletter.
  8. Contact inquiries / contact options: If you contact us via form or e-mail, we will only use your data to process your inquiry. Without this data, we cannot process your inquiry or can only process it to a limited extent. This processing is based on Art. 6 para. 1 lit. b) GDPR. Once your inquiry has been processed, the data will be deleted, provided there are no legal retention periods to the contrary.
Third-party services

We use various services to improve the user-friendliness of our website, to design our online services effectively and to offer you interactive experiences. These include Google Analytics, Google Tag Manager, Google reCAPTCHA, Social Login, as well as cloud services and other technologies from OneSignal, Agora, Coconut, Amazon, DigitalOcean, Wasabi, Backblaze B2 and Vultr.

  1. Google Analytics and Google Tag Manager: We use Google Analytics and Google Tag Manager to analyze user behavior on our website. These tools use cookies that enable your use of the website to be analyzed. The information generated by cookies about your use of our website is usually transferred to a Google server in the USA and stored there. We use Google Analytics with activated IP anonymization, so that Google shortens your IP address beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
  2. Google reCAPTCHA: We use the reCAPTCHA service from Google to protect your inquiries via the Internet form. This is used to differentiate whether the input is made by a natural person or abusively by machine and automated processing. The IP address and any other data required by Google for the reCAPTCHA service are sent to Google.
  3. Social media (Twitter, Facebook): Our website integrates plugins and buttons for social networks to share content on social networks. When you visit one of our websites that contains such a plug-in, your browser establishes a direct connection to the servers of the social network, which allows this network to receive information about your visit, even if you are not actively using their services or are not logged into your account.
  4. OneSignal: We use OneSignal, a service for sending push notifications. Users can voluntarily subscribe to our push notifications. OneSignal collects data to optimize the sending of notifications. You can deactivate the subscription to push notifications at any time in your browser settings.
  5. Agora, Coconut: We use Agora and Coconut for real-time communication and video processing. These services process data to provide the corresponding functions and improve the quality of these services.
  6. Cloud services: The use of cloud services such as Amazon Web Services (AWS), DigitalOcean, Wasabi, Backblaze B2 and Vultr enables us to store and process data and content faster, more securely and more efficiently. These services provide us with a scalable infrastructure on the internet that allows us to run our website and applications smoothly. Here is a detailed overview of the role of these cloud services in our data processing:
    • Amazon Web Services (AWS): AWS is a comprehensive and widely used cloud platform that offers various services, including computing power, database storage and content delivery services. We use AWS for hosting our website, databases, content storage and other backend services. AWS has high security standards to ensure the security and protection of the data stored on its servers.
    • DigitalOcean: DigitalOcean offers cloud infrastructure services with a focus on simplicity and scalability. We use DigitalOcean for hosting applications, databases and as a storage solution. DigitalOcean allows us to quickly adapt our server resources to meet the needs of our users.
    • Wasabi: Wasabi is a cloud storage service known for its cost-effective storage solution. We use Wasabi to securely store large amounts of data and backups. Wasabi offers high transfer speeds and data security, making it an ideal solution for long-term storage.
    • Backblaze B2: Backblaze B2 is another cloud storage service that offers a simple and cost-effective solution for storing data. We use Backblaze B2 to store backups and archived data. With Backblaze B2, we can ensure that our data is stored securely and can be retrieved quickly when required.
    • Vultr: Vultr offers cloud computing solutions designed to provide powerful, scalable infrastructure for developers and businesses. We use Vultr for specific hosting and server requirements that include specialized configurations or high-performance requirements. Vultr allows us to have dedicated resources for our applications to ensure optimal performance and availability.
Data protection and security

The security of your data is important to us. That is why we have chosen cloud service providers that comply with recognized security standards and data protection practices. All of these services have extensive security measures in place to ensure the protection and integrity of the stored data. We have concluded a data processing agreement with each cloud service provider that ensures the protection of your personal data in accordance with the General Data Protection Regulation (GDPR) and other relevant data protection regulations. For more information about our privacy practices or if you require any further assistance about the use of these cloud services, please do not hesitate to contact us.

Data protection

The legal basis for the processing of your data by the aforementioned services is Art. 6 para. 1 lit. a) (consent) and lit. f) (legitimate interest) of the GDPR. You are entitled to withdraw your consent at any time. For services based on legitimate interest, you are entitled to object to the processing of your data at any time. Where necessary, we have concluded data processing agreements with all providers whose services we use to ensure the protection of your data. Where data is transferred to countries outside the EU/EEA, we ensure that an adequate level of data protection is provided in accordance with EU data protection standards through appropriate safeguards, such as standard contractual clauses

Your rights

You are entitled to information, rectification, erasure, restriction of processing of your personal data, a right to object to processing and the right to data portability. If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. For further information on the processing of your data and your rights, please contact us at the address given in the legal notice.

Last updated: April 2024