The following information provides a brief overview of what happens to your personal data when you visit this website. Personal data refers to any information that can be used to identify you personally. For detailed information on data protection, please refer to our privacy policy, which is provided below.
The data controller for this website is:
Deutsches Spionage Museum DSM GmbH
Leipziger Platz 9
10117 Berlin
Telephone: +49 30 39 8200 45-0
Email: info@deutsches-spionagemuseum.de
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).
Designation of a data protection officer:
HC Plus Datenschutz GmbH
Geneststraße 5 10829 Berlin https://www.hc-plus.de
Telephone: +49 (30) 959 984 57 -0
Email: privacy@hc-plus.de
Your data is collected, firstly, when you provide it to us. This may include, for example, data that you enter into a contact form.
Other data is collected automatically or with your consent when you visit the website via our IT systems. This consists primarily of technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you access this website.
Some of the data is collected to ensure the website functions correctly. Other data may be used to analyse your user behaviour. Where contracts can be concluded or initiated via the website, the data provided will also be processed for the purposes of contractual offers, orders or other enquiries.
You have the right at any time to obtain, free of charge, information regarding the source, recipients and purpose of your stored personal data. You also have the right to request the rectification or erasure of this data. If you have given your consent to the processing of your data, you may withdraw this consent at any time with effect for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority.
Please feel free to contact us at any time regarding this matter or any other questions you may have about data protection.
When you visit this website, your browsing behaviour may be analysed for statistical purposes. This is primarily done using so-called analytics tools.
You can find detailed information about these analytics programmes in the following privacy policy.
This website is hosted externally. The personal data collected on this website is stored on the host’s servers. This may include, in particular, IP addresses, contact enquiries, metadata and communication data, contractual data, contact details, names, website visits and other data generated via a website.
External hosting is carried out for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Article 6(1)(b) of the GDPR) and in the interests of ensuring the secure, fast and efficient provision of our online services by a professional provider (Article 6(1)(f) of the GDPR).
Where consent has been sought, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
Our hosting provider(s) will only process your data to the extent necessary to fulfil their contractual obligations and will comply with our instructions regarding this data.
We use the following hosting provider(s):
Heinlein Support GmbH
Schwedter Straße 8/9B
10119 Berlin
Deutschland
Email: mail@heinlein-support.de
Website: www.heinlein-support.de
We use the “Cloudflare” service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).
Cloudflare offers a globally distributed content delivery network with DNS. Technically, this means that the transfer of information between your browser and our website is routed via Cloudflare’s network. This enables Cloudflare to analyse the data traffic between your browser and our website and to act as a filter between our servers and potentially malicious data traffic from the internet. In doing so, Cloudflare may also use cookies or other technologies to recognise internet users; however, these are used solely for the purpose described here.
The use of Cloudflare is based on our legitimate interest in ensuring that our website is delivered as error-free and secure as possible (Article 6(1)(f) of the GDPR).
Data transfers to the US are based on the European Commission’s Standard Contractual Clauses. Details and further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.
The company is certified under the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when data is processed in the United States. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link:
https://www.dataprivacyframework.gov/participant/5666.
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected.
Personal data is information that can be used to identify you personally. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this is done.
Please note that data transmission over the internet (e.g. when communicating by email) may be vulnerable to security breaches. It is not possible to guarantee complete protection of data against access by third parties.
Unless a more specific retention period is stated in this privacy policy, we will retain your personal data until the purpose for which it is processed no longer applies. If you submit a valid request for erasure or withdraw your consent to data processing, your data will be erased unless we have other legally permissible grounds for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, erasure will take place once these grounds no longer apply.
General information on the legal basis for data processing on this website
Where you have consented to the processing of your data, we process your personal data on the basis of Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, where special categories of data as defined in Article 9(1) of the GDPR are processed. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49(1)(a) of the GDPR. Where you have consented to the storage of cookies or to access to information on your device (e.g. via device fingerprinting), data processing is additionally carried out on the basis of Section 25(1) of the TDDDG. Consent may be withdrawn at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Article 6(1)(b) of the GDPR. Furthermore, we process your data where this is necessary to comply with a legal obligation on the basis of Article 6(1)(c) of the GDPR.
Data processing may also be carried out on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR. The relevant legal basis for each specific case is set out in the following sections of this privacy policy.
Note regarding the transfer of data to third countries that do not offer adequate levels of data protection, as well as the transfer of data to US companies that are not DPF-certified
Among other things, we use tools from companies based in third countries that do not offer adequate levels of data protection, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. Please note that third countries that do not offer adequate levels of data protection cannot guarantee a level of data protection comparable to that in the EU.
Please note that, as a safe third country, the USA generally maintains a level of data protection comparable to that of the EU. Data transfers to the USA are therefore permitted provided that the recipient holds certification under the ‘EU-US Data Privacy Framework’ (DPF) or has put in place appropriate additional safeguards. Information on transfers to third countries, including details of the data recipients, can be found in this privacy policy.
As part of our business operations, we work with various external parties. In some cases, this requires us to transfer personal data to these external parties. We only disclose personal data to external parties where this is necessary for the performance of a contract, where we are legally obliged to do so (e.g. disclosure of data to tax authorities), where we have a legitimate interest in the disclosure pursuant to Article 6(1)(f) of the GDPR, or where another legal basis permits the disclosure of data. When using data processors, we only pass on our customers’ personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.
Many data processing operations are only possible with your explicit consent. You may withdraw any consent you have already given at any time. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected by the withdrawal.
Where data processing is carried out on the basis of Article 6(1)(e) or (f) of the GDPR, you have the right at any time to object to the processing of your personal data on grounds relating to your particular situation; this also applies to profiling based on these provisions. The specific legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data in question, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims (objection under Article 21(1) of the GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will no longer be used for the purposes of direct marketing (objection pursuant to Article 21(2) of the GDPR).
In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place where the alleged infringement occurred. This right to lodge a complaint is without prejudice to any other administrative or judicial remedies.
You have the right to receive data that we process automatically on the basis of your consent or in fulfilment of a contract, either for yourself or for a third party, in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place to the extent that it is technically feasible.
In accordance with the applicable legal provisions, you have the right at any time to obtain, free of charge, information about your stored personal data, its source and recipients, and the purpose of the data processing, and, where applicable, the right to have this data corrected or erased. You may contact us at any time regarding this matter or any other questions you may have about personal data.
You have the right to request that the processing of your personal data be restricted. You may contact us at any time to do so. The right to restriction of processing applies in the following cases:
If you dispute the accuracy of your personal data held by us, we will generally need time to verify this. For the duration of this verification, you have the right to request that the processing of your personal data be restricted.
If your personal data has been or is being processed unlawfully, you may request that the processing of your data be restricted instead of it being erased.
If we no longer require your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted rather than deleted.
If you have lodged an objection under Article 21(1) of the GDPR, a balancing of interests between yours and ours must be carried out. Until it has been determined whose interests prevail, you have the right to request that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, such data may – apart from storage – only be processed with your consent, or for the purpose of establishing, exercising or defending legal claims, or for the protection of the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a Member State.
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and by the padlock symbol in your browser bar.
If SSL or TLS encryption is enabled, the data you send to us cannot be intercepted by third parties.
If, following the conclusion of a paid contract, you are required to provide us with your payment details (e.g. your account number for direct debit authorisation), these details are required for payment processing.
Payments made using standard payment methods (Visa/MasterCard, direct debit) are processed exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the padlock icon in your browser’s address bar.
With encrypted communication, the payment details you send to us cannot be read by third parties.
We hereby object to the use of contact details published in accordance with the legal requirement to provide an imprint for the purpose of sending unsolicited advertising and information materials. The operators of this website expressly reserve the right to take legal action in the event of unsolicited advertising being sent, for example via spam emails.
Our website uses so-called ‘cookies’. Cookies are small data packets that do not cause any harm to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.
Cookies may be set by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable certain third-party services to be integrated into websites (e.g. cookies used to process payment services).
Cookies serve various purposes. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies may be used to analyse user behaviour or for advertising purposes.
Cookies that are necessary for the electronic communication process, for providing specific functions you have requested (e.g. the shopping basket function) or for optimising the website (e.g. cookies for measuring website traffic) (essential cookies), are stored on the basis of Article 6(1)(f) of the GDPR, unless another legal basis is specified.
The website operator has a legitimate interest in storing necessary cookies to ensure the technically flawless and optimised provision of its services. Where consent has been sought for the storage of cookies and similar recognition technologies, processing takes place exclusively on the basis of this consent (Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG); consent may be withdrawn at any time.
You can configure your browser to notify you when cookies are set and to allow cookies only on a case-by-case basis, to block cookies in specific cases or generally, and to enable the automatic deletion of cookies when you close your browser. If you disable cookies, the functionality of this website may be limited.
If any other cookies or services are used on this website, you can find details in this privacy policy.
Our website uses Cookiebot’s consent technology to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies, and to document this in accordance with data protection regulations. This technology is provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).
When you visit our website, a connection is established with Cookiebot’s servers to obtain your consent and other declarations regarding the use of cookies. Cookiebot then stores a cookie in your browser to be able to associate the consents you have given or their withdrawal with you. The data collected in this way is stored until you request its deletion, delete the Cookiebot cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.
Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) of the GDPR.
The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
Browser type and version, operating system used
This data is not combined with other data sources.
This data is collected on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in ensuring that the website functions correctly and is optimised – to this end, server log files must be collected.
If you send us enquiries via the contact form, we will store the information you provide in the form, including your contact details, for the purpose of processing your enquiry and in case we need to follow up with further questions. We will not pass on this data without your consent.
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) where this has been requested; consent may be withdrawn at any time.
The data you enter in the contact form will be retained by us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.
If you contact us by email, telephone or fax, your enquiry, including all personal data contained therein (name, enquiry), will be stored and processed by us for the purpose of dealing with your request. We will not pass on this data without your consent.
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) where this has been requested; consent may be withdrawn at any time.
The data you send us via contact enquiries will be retained by us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been dealt with). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.
This website incorporates features from the social network Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
You can find an overview of Facebook’s social media features here:https://developers.facebook.com/docs/plugins/?locale=de_DE.
When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thereby receives the information that you have visited this website using your IP address. If you click the Facebook ‘Like’ button whilst logged into your Facebook account, you can link the content of this website to your Facebook profile. This enables Facebook to associate your visit to this website with your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it is used by Facebook. Further information on this can be found in Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.
Use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.
Where personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, are jointly responsible for this data processing (Article 26 of the GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook following the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in a joint processing agreement. The text of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum
Under this agreement, we are responsible for providing privacy information regarding the use of the Facebook tool and for ensuring that the tool is implemented on our website in a manner that complies with data protection regulations. Facebook is responsible for the data security of Facebook products. You may exercise your data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you exercise your data subject rights with us, we are obliged to forward these to Facebook.
Data transfers to the US are based on the European Commission’s standard contractual clauses.
You can find more details here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://de-de.facebook.com/help/566994660333381
https://www.facebook.com/policy.php
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when data is processed in the United States. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/4452
This website incorporates features of the X service (formerly Twitter). These features are provided by the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The branch Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible for the processing of data relating to individuals residing outside the USA.
When the social media feature is active, a direct connection is established between your device and the X server. X (formerly Twitter) thereby receives information that you have visited this website. By using X (formerly Twitter) and the ‘Retweet’ or ‘Repost’ function, the websites you visit are linked to your X (formerly Twitter) account and made known to other users. Please note that, as the provider of these pages, we have no knowledge of the content of the data transmitted or its use by X (formerly Twitter). Further information on this can be found in X’s (formerly Twitter’s) privacy policy at: https://x.com/de/privacy
Use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.
Data transfers to the US are based on the European Commission’s standard contractual clauses.
You can find more details here: https://gdpr.x.com/en/controller-to-controller-transfers.html
You can change your privacy settings on X (formerly Twitter) in your account settings https://x.com/settings/account
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when data is processed in the United States. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/2710
This website incorporates features from the Instagram service. These features are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
When the social media feature is active, a direct connection is established between your device and the Instagram server. This means that Instagram receives information about your visit to this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that, as the provider of this website, we have no knowledge of the content of the data transmitted or how it is used by Instagram.
Use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.
Where personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, Merrion
Road Dublin 4, Dublin, D04 X2K5, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram after the data has been transferred is not part of the joint responsibility. The obligations incumbent upon us jointly have been set forth in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum
Under this agreement, we are responsible for providing privacy information when using the Facebook or Instagram tool and for ensuring that the tool is implemented on our website in a manner that complies with data protection laws. Facebook is responsible for the data security of the Facebook and Instagram products. You may exercise your data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you exercise your data subject rights with us, we are obliged to forward these to Facebook.
Data transfers to the US are based on the European Commission’s standard contractual clauses.
You can find more details here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://privacycenter.instagram.com/policy/
https://de-de.facebook.com/help/566994660333381
Further information on this can be found in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when data is processed in the United States. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link:
https://www.dataprivacyframework.gov/participant/4452
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that helps us integrate tracking and analytics tools and other
integrate technologies into our website. Google Tag Manager itself does not create user profiles, store cookies or carry out any independent analysis. It is used solely to manage and deploy the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The use of Google Tag Manager is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when data is processed in the United States. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780
This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables website operators to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, time spent on the site, operating systems used and the user’s location. This data is associated with the user’s respective device. It is not linked to a user ID.
Furthermore, we can use Google Analytics to track your mouse and scroll movements and clicks, amongst other things. Google Analytics also uses various modelling techniques to supplement the collected data and employs machine learning technologies in its data analysis.
Google Analytics uses technologies that enable the identification of users for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google regarding the use of this website is generally transmitted to a Google server in the USA and stored there.
Use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.
Data transfers to the USA are based on the European Commission’s standard contractual clauses. Further details can be found here: https://business.safety.google/adscontrollerterms/sccs/
The company is certified under the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when data is processed in the United States. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780
As part of Consent Mode V2, we use the enhanced consent mode of Google Analytics. This involves Google tags being loaded when a user visits the website or opens the app, and before the consent dialogue box appears; these tags transmit technical signals without the use of cookies, which, according to Google, are not used to identify individual users. As part of standard HTTP/browser communication, pings without cookies may contain the following information: user agent, screen resolution and IP address. In Google Analytics 4, no IP addresses are stored or logged in this context.
This website uses the “E-commerce Tracking” feature of Google Analytics. With the help of E-commerce Tracking, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. This involves collecting information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product. Google may aggregate this data under a transaction ID that is assigned to the respective user or their device.
Google Analytics IP anonymization is enabled. This means that Google will truncate your IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before transmitting it to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For more information on how Google Analytics handles user data, please refer to Google’s Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=de
We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, and YouTube history, as well as demographic data (visitor data). This data may be used for personalized advertising via Google Signals. If you have a Google account, the visitor data from Google Signals will be linked to your Google account and used for personalized advertising. The data is also used to create anonymized statistics on our users’ behavior.
We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities regarding the use of Google Analytics.
This website uses the “E-commerce Tracking” feature of Google Analytics. With the help of E-commerce Tracking, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. This involves collecting information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product. Google may aggregate this data under a transaction ID that is assigned to the respective user or their device.
This website uses Microsoft Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://learn.microsoft.com/en-us/clarity/faq (im Folgenden „Microsoft Clarity“).
Microsoft Clarity is a tool used to analyze user behavior on this website. Specifically, Microsoft Clarity tracks mouse movements and creates visual representations of the areas of the website that users scroll to most frequently (heat maps). Microsoft Clarity can also record sessions, allowing us to view page usage in the form of videos. Additionally, we receive information about general user behavior on our website.
Microsoft Clarity uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). Your personal data is stored on Microsoft’s servers (Microsoft Azure Cloud Service) in the United States.
Where consent has been obtained, the use of the aforementioned service is based exclusively on Article 6(1)(a) of the GDPR and Section 25 of the TDDDG. Consent may be withdrawn at any time. Where consent has not been obtained, the use of this service is based on Article 6(1)(f) of the GDPR; the website operator has a legitimate interest in effective user analysis.
For more details on Microsoft Clarity’s privacy policy, click here: https://docs.microsoft.com/en-us/clarity/faq
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/6474
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
The website operator uses Google Ads. Google Ads is an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display ads in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted ads can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our ads and how many ads resulted in corresponding clicks.
Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please click here:
https://policies.google.com/privacy/frameworks
https://business.safety.google/controllerterms/
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780
This website uses Google Ads Remarketing features. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Ads Remarketing, we can assign people who interact with our online content to specific target groups so that we can subsequently show them interest-based ads on the Google Display Network (remarketing or retargeting).
In addition, the advertising audiences created with Google Ads Remarketing can be linked to Google’s cross-device features. This allows interest-based, personalized ads—tailored to you based on your previous usage and browsing behavior on one device (e.g., a smartphone)—to also be displayed on another of your devices (e.g., a tablet or PC).
If you have a Google account, you can opt out of personalized ads by clicking the following link: https://adssettings.google.com/anonymous?hl=de
Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time. For further information and the privacy policy, please refer to Google’s Privacy Policy at: https://policies.google.com/technologies/ads?hl=de
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780
To create target audiences, we use, among other things, Google Ads Remarketing’s customer matching feature, also known as Google Ads Customer Match. In this process, we transfer certain customer data (e.g., email addresses) from our customer lists to Google in a pseudonymized form (using hashing). If the customers in question are Google users and are logged into their Google account, relevant advertising messages are displayed to them within the Google network (e.g., on YouTube, Gmail, or in the search engine).
Google is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection. Customer matching is based on your voluntary consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDD, which may be revoked at any time.
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google Conversion Tracking, Google and we can determine whether a user has performed certain actions. For example, we can analyze which buttons on our website are clicked and how often, as well as which products are viewed or purchased particularly frequently. This information is used to generate conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification purposes.
Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.
For more information about Google Conversion Tracking, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=de
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780.
This website uses Meta’s visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. However, according to Meta, the collected data is also transferred to the United States and other third countries.
This allows the behavior of website visitors to be tracked after they have been redirected to the provider’s website by clicking on a meta-ad. This enables the effectiveness of the meta-ads to be evaluated for statistical and market research purposes and helps optimize future advertising campaigns.
The data collected is anonymous to us as the operator of this website; we cannot identify individual users. However, the data is stored and processed by Meta, allowing a link to the respective user profile on Facebook or Instagram, and enabling Meta to use the data for its own advertising purposes in accordance with the Meta Data Use Policy. This allows Meta to display advertisements on Facebook or Instagram pages and other advertising channels. As the site operator, we have no influence over this use of the data (https://de-de.facebook.com/about/privacy/).
Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.
We use the advanced alignment feature within Meta-Pixel.
Extended matching allows us to send various types of data (e.g., city, state, ZIP code, hashed email addresses, names, gender, date of birth, or phone number) about our customers and prospects—which we collect through our website—to Meta. This enables us to tailor our advertising campaigns on Facebook and Instagram even more precisely to people who are interested in our offerings. In addition, extended matching improves the attribution of website conversions and expands Custom Audiences.
To the extent that personal data is collected on our website using the tool described here and transmitted to Meta, we and Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Meta. The processing carried out by Meta after the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set forth in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum
Under this agreement, we are responsible for providing privacy notices when the Meta tool is used and for ensuring that the tool is implemented on our website in compliance with data protection laws. Meta is responsible for the data security of Meta products. You can exercise your data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Meta. If you exercise your data subject rights with us, we are obligated to forward them to Meta.
Data transfers to the United States are based on the European Commission’s standard contractual clauses.
You can find more details here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://de-de.facebook.com/help/566994660333381
You can find more information about protecting your privacy in Meta’s privacy policy: https://de-de.facebook.com/about/privacy/
You can also disable the “Custom Audiences” remarketing feature in the Ad Settings section https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.
If you do not have a Facebook or Instagram account, you can opt out of Meta’s interest-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/4452
We use Meta Custom Audiences. This service is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
When you visit or use our websites and apps, take advantage of our free or paid services, submit data to us, or interact with our company’s Facebook or Instagram content, we collect your personal data. If you give us your consent to use Meta Custom Audiences, we will share this data with Meta, which Meta can then use to show you relevant advertisements. Furthermore, your data can be used to define target groups (Lookalike Audiences).
Meta processes this data as our data processor. For details, please refer to Meta’s Terms of Service: https://www.facebook.com/legal/terms/customaudience
Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.
Data transfers to the United States are based on the European Commission’s standard contractual clauses.
You can find more details here:
https://www.facebook.com/legal/terms/customaudience
https://www.facebook.com/legal/terms/dataprocessing
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/4452
We have integrated the TikTok Pixel into this website. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter “TikTok”).
Using TikTok Pixel, we can display targeted ads on TikTok (TikTok Ads) to website visitors who have viewed our content. At the same time, TikTok Pixel allows us to determine how effective our TikTok ads are. This enables us to evaluate the effectiveness of TikTok ads for statistical and market research purposes and to optimize them for future advertising campaigns. In this process, various usage data are processed, such as IP address, page views, time spent on the site, operating systems used, and the user’s location, as well as information about the ad a person clicked on TikTok or an event that was triggered (timestamp). This data is aggregated into a user ID and assigned to the website visitor’s respective device.
Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time.
Data transfers to third countries are based on the European Commission’s standard contractual clauses.
You can find more details here:
https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE
https://ads.tiktok.com/i18n/official/policy/controller-to-controller
We use the “Reddit Pixel” on our website, a tracking tool provided by Reddit Inc., 1455 Market Street, Suite 1600, San Francisco, CA 94103, USA, or its respective European subsidiary. The tool is used to measure the effectiveness of our ads on Reddit (conversion tracking), create target groups for future ads (retargeting), and statistically optimize our campaigns.
The Reddit Pixel is a JavaScript code that tracks interactions on our website and sends this data to Reddit. In particular, the following data may be processed: information about actions on our website (e.g., visits to specific pages, orders, or completed purchases), technical information (e.g., IP address, device and browser parameters, referrer URL), timestamps, and, if necessary, other identifiers required to attribute and measure the effectiveness of advertising.
This use is subject exclusively to your consent to the use of marketing and tracking technologies. The legal basis is Article 6(1)(a) of the GDPR; the placement and retrieval of information on your device also requires your consent pursuant to Section 25(1) of the TDDDG. You may revoke or modify your consent at any time with future effect via our consent management tool (“Cookie Settings”).
Reddit uses the event data collected via the pixel to provide advertising and analytics features and processes the data under its own responsibility as the data controller within the meaning of the GDPR. To the extent that Reddit acts as a data processor in individual cases, the processing is governed by the applicable contractual agreements.
It cannot be ruled out that personal data may be transferred to countries outside the European Union or the European Economic Area (in particular to the United States). In such cases, any transfer will only take place in accordance with the provisions of Articles 44 et seq. of the GDPR (e.g., on the basis of EU Standard Contractual Clauses or an adequacy decision).
For more information about Reddit’s data processing practices, please visit: https://www.redditinc.com/policies/privacy-policy
If you would like to subscribe to the newsletter offered on the website, we need your email address as well as information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. No other data is collected, or is collected only on a voluntary basis. We use newsletter service providers, described below, to manage the newsletter.
This website uses Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Brevo is a service that can be used, among other things, to organize and analyze the distribution of newsletters. The data you provide to subscribe to the newsletter is stored on the servers of Sendinblue GmbH in Germany.
With the help of Brevo, we can analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked, if any. This allows us to determine, among other things, which links were clicked on particularly often.
We can also track whether certain predefined actions were taken after the newsletter was opened or clicked (conversion rate). For example, we can see whether you made a purchase after clicking on the newsletter.
Brevo also allows us to segment newsletter recipients into different categories (“cluster” them). For example, recipients can be grouped by age, gender, or location. This makes it easier to tailor newsletters to specific target audiences.
If you do not want Brevo to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter.
For detailed information about Brevo’s features, please visit the following link: https://www.brevo.com/de/newsletter-software/
Data processing is based on your consent (Art. 6(1)(a) GDPR). You may withdraw this consent at any time. The lawfulness of any data processing that has already taken place remains unaffected by the withdrawal.
The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, at which point it will be deleted from the newsletter distribution list. Data stored by us for other purposes remains unaffected by this.
After you unsubscribe from the newsletter mailing list, your email address may be stored in a blacklist by us or the newsletter service provider, if necessary, to prevent future mailings. The data from the blacklist is used solely for this purpose and is not combined with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage on the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.
For more information, please refer to Brevo’s Privacy Policy at:
https://www.brevo.com/de/datenschutz-uebersicht/
https://www.brevo.com/de/legal/privacypolicy/
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
On our website, we use the WonderPush service to provide web push notifications. Web push notifications allow us to inform you about content, offers, or technical updates even when you are not actively visiting our website.
WonderPush SAS
19, avenue d’Italie
75013 Paris
Frankreich
Website: https://www.wonderpush.com
Web push notifications will only be enabled with your express consent.
This involves two steps:
Push notifications will be enabled only after both steps have been completed.
When using WonderPush, the following personal data in particular is processed:
Cookies and similar storage technologies (e.g., local storage) may be used for technical purposes.
The processing is carried out exclusively on the basis of your voluntary consent in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TTDSG.
The service will not be activated without your consent.
The data will be stored for as long as your push notification subscription is active.
Once you have withdrawn your consent or disabled push notifications, the data will be deleted, provided there are no legal retention requirements to the contrary.
You may withdraw your consent at any time with future effect by:
The lawfulness of the processing carried out prior to revocation remains unaffected.
WonderPush processes personal data as a data processor in accordance with Article 28 of the GDPR, based on a corresponding contract.
To the best of our current knowledge, the processing takes place within the European Union.
If, in individual cases, data is transferred to third countries (e.g., through the use of subcontractors), such transfers will only be made in compliance with the legal requirements (in particular, appropriate safeguards such as EU Standard Contractual Clauses).
This website embeds videos from YouTube. The website is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our webpages that includes YouTube, a connection is established with YouTube’s servers. In the process, the YouTube server is informed which of our pages you have visited.
In addition, YouTube may store various cookies on your device or use similar technologies for recognition purposes (e.g., device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user experience, and prevent fraud. Additionally, the collected data is processed within the Google advertising network.
If you are logged into your YouTube account, you are allowing YouTube to associate your browsing activity directly with your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube to ensure that our online content is presented in an engaging way.
This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
For more information on how user data is handled, please see YouTube’s Privacy Policy at: https://policies.google.com/privacy?hl=de
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780
This site uses Google Fonts, provided by Google, to ensure consistent font display. The Google Fonts are installed locally. No connection is made to Google’s servers.
This site uses the Google Maps service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This service allows us to embed maps on our website.
To use the features of Google Maps, it is necessary to store your IP address. This information is typically transmitted to a Google server in the United States and stored there. The provider of this site has no influence over this data transfer. When Google Maps is enabled, Google may use Google Fonts to ensure consistent font display. When you access Google Maps, your browser loads the required web fonts into its cache to display text and fonts correctly.
We use Google Maps to ensure an appealing presentation of our online offerings and to make it easy for users to locate the places listed on our website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Data transfers to the United States are based on the European Commission’s standard contractual clauses.
You can find more details here:
https://privacy.google.com/businesses/gdprcontrollerterms/
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/
For more information on how user data is handled, please see Google’s Privacy Policy: https://policies.google.com/privacy?hl=de
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF commits to adhering to these data protection standards. For more information, please visit the provider’s website at the following link: https://www.dataprivacyframework.gov/participant/5780
We participate in affiliate partner programs. In affiliate partner programs, a company’s advertisements are placed on websites or other media owned by other companies in the affiliate partner network. If you click on one of these affiliate ads, you will be redirected to the advertised offer. If you subsequently complete a specific transaction (conversion), the affiliate and, where applicable, the owner of the medium on which the advertisement was placed receive compensation for this. To calculate this compensation, the affiliate network operator must be able to track which advertisement led you to the respective offer and prompted you to complete the predefined transaction. Cookies or similar tracking technologies (e.g., device fingerprinting) are used for this purpose.
The storage and analysis of data are based on Article 6(1)(f) of the GDPR. Participants in the affiliate program have a legitimate interest in the accurate calculation of affiliate compensation. If consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
The operator of the affiliate network is AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter “AWIN”).
AWIN and the publisher are jointly responsible for data processing in connection with the affiliate program. Their shared obligations have been set forth in a joint processing agreement. Under this agreement, you may contact either controller with your data protection concerns. The controller contacted first will respond to your inquiry. Each controller independently maintains privacy notices in accordance with Articles 13, 14, and 26 of the GDPR and takes the necessary measures to protect personal data and comply with the remaining GDPR provisions within their organization. The joint processing agreement is available in AWIN’s Terms and Conditions at the following link: https://s3.amazonaws.com/docs.awin.com/Legal/Publisher+Terms/2020/DE+Publisher+Terms+GDPR+Annex.pdf
We collect, process, and use personal customer and contract data to establish, define the terms of, and modify our contractual relationships. We collect, process, and use personal data regarding the use of this website (usage data) only to the extent necessary to enable the user to access the service or to bill for it. The legal basis for this is Article 6(1)(b) of the GDPR.
The customer data collected will be deleted once the order has been completed or the business relationship has ended, and any applicable statutory retention periods have expired. Statutory retention periods remain unaffected.
When you order goods from us, we share your personal data with the shipping company responsible for delivery and with the payment service provider handling the payment transaction. We only disclose the data that the respective service provider needs to fulfill its task. The legal basis for this is Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. If you have given your consent in accordance with Article 6(1)(a) of the GDPR, we will provide your email address to the shipping company responsible for delivery so that it can inform you via email about the shipping status of your order; you may revoke your consent at any time.
We only disclose personal data to third parties when necessary for the fulfillment of the contract, such as to the financial institution responsible for processing payments.
Your data will not be disclosed to third parties, or only if you have expressly consented to such disclosure. Your data will not be disclosed to third parties without your express consent, for example for advertising purposes.
The legal basis for data processing is Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures.
We integrate third-party payment services into our website. When you make a purchase from us, your payment information (e.g., name, payment amount, bank account details, credit card number) is processed by the payment service provider for the purpose of processing the payment. The respective terms and conditions and privacy policies of the relevant providers apply to these transactions. The use of payment service providers is based on Article 6(1)(b) of the GDPR (contract performance) as well as in the interest of ensuring a payment process that is as smooth, convenient, and secure as possible (Article 6(1)(f) of the GDPR). To the extent that your consent is requested for certain actions, Article 6(1)(a) of the GDPR serves as the legal basis for data processing; consent may be revoked at any time with future effect.
We use the following payment services / payment service providers on this website:
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please click here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full
For more details, please refer to PayPal’s Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
The payment service provider is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Apple’s privacy policy can be found at: https://www.apple.com/legal/privacy/de-ww/
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).
Mastercard may transfer data to its parent company in the United States. Data transfers to the United States are based on Mastercard’s Binding Corporate Rules. For more details, please click here:
https://www.mastercard.de/de-de/datenschutz.html
https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf
The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).
The United Kingdom is considered a safe third country in terms of data protection. This means that the United Kingdom maintains a level of data protection equivalent to that of the European Union.
VISA may transfer data to its parent company in the United States. The transfer of data to the United States is based on the European Commission’s Standard Contractual Clauses. For more details, please click here: https://www.visa.de/nutzungsbedingungen/visa-globale -datenschutzmitteilung/mitteilung-zuzustandigkeitsfragen-fur-den-ewr.html
For more information, please refer to VISA’s Privacy Policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html
We use the payment service provider Adyen N.V., Simon Carmiggeltstraat 6–50, 1011 DJ Amsterdam, Netherlands (“Adyen”), to process payments in our online store.
As part of the payment process, the personal data required to process the payment (e.g., name, invoice amount, payment information, and, if applicable, other identifying details) is transmitted to Adyen. This processing is carried out for the purposes of payment processing and contract fulfillment in accordance with Article 6(1)(b) of the GDPR.
Adyen offers various payment methods through its platform (e.g., credit card, SEPA direct debit, Sofortüberweisung, Apple Pay, or similar methods). Depending on the selected payment method, data may be shared with the respective payment service provider that operates that method. These service providers act independently as data controllers within the meaning of the GDPR. Their respective privacy policies also apply.
For more information about Adyen’s privacy policy, please visit: https://www.adyen.com/policies-and-disclaimer/privacy-policy
Personal data will only be transferred to third countries (outside the EU/EEA) to the extent necessary for payment processing and provided that the requirements of Articles 44 et seq. of the GDPR are met (e.g., through an adequacy decision or appropriate safeguards).
We offer you the opportunity to apply for a position with us (e.g., by email, mail, or via our online application form). Below, we provide information about the scope, purpose, and use of the personal data collected from you during the application process. We assure you that the collection, processing, and use of your data are carried out in accordance with applicable data protection laws and all other legal provisions, and that your data will be treated as strictly confidential.
When you submit an application to us, we process the associated personal data (e.g., contact and communication details, application documents, notes taken during interviews, etc.) to the extent necessary to decide whether to establish an employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation) and—provided you have given your consent—Art. 6(1)(a) GDPR. Consent may be revoked at any time. Your personal data will be shared within our company exclusively with those individuals involved in processing your application.
If your application is successful, the data you have submitted will be stored in our data processing systems in accordance with Section 26 of the German Federal Data Protection Act (BDSG) and Article 6(1)(b) of the General Data Protection Regulation (GDPR) for the purpose of administering the employment relationship.
If we are unable to offer you a position, if you decline a job offer, or if you withdraw your application, we reserve the right to retain the data you have provided for up to 6 months from the conclusion of the application process (rejection or withdrawal of the application) based on our legitimate interests (Art. 6(1)(f) GDPR).
The data will then be deleted and the physical application documents destroyed. The data is retained primarily for evidentiary purposes in the event of a legal dispute. If it becomes apparent that the data will be required after the 6-month period has expired (e.g., due to an impending or pending legal dispute), the data will not be deleted until the purpose for its continued retention no longer applies.
Data may also be retained for a longer period if you have provided your consent (Art. 6(1)(a) GDPR) or if statutory retention requirements prevent its deletion.