Privacy Poliy

1. Overview of Data Protection

General Information

The following information provides an overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on data protection can be found in the privacy policy below.

Data Collection on This Website

Who is responsible or data collection on this website?

Data processing on this website is conducted by the website operator, whose contact details are provided in the “Information on the Responsible Party” section of this privacy policy.

How do we collect your data?

Some data is collected when you provide it to us, such as data entered into a contact form.

Other data is collected automatically or after your consent when you visit the website. This mainly includes technical data (e.g., internet browser, operating system, or the time of page access), collected automatically as soon as you enter this website.

For what purpose do we use your data?

Some of the data is collected to ensure the error-free provision of the website, while other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right at any time to obtain information about the origin, recipients, and purpose of your stored personal data free of charge. You also have the right to request the correction or deletion of these data. If you have consented to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data in certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For questions about data protection, you can contact us at any time.

Analysis Tools and Third-Party Tools

Your browsing behavior may be statistically analyzed when you visit this website. This mainly occurs through analytics programs.

Detailed information is provided in this privacy policy.

2. Hosting

Wir hosten die Inhalte unserer Website bei folgendem Anbieter:

Mittwald

The provider is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany.

Details can be found in Mittwald’s privacy policy: https://www.mittwald.de/datenschutz.

The use of Mittwald is based on Art. 6(1)(f) GDPR, with a legitimate interest in the reliable representation of our website. If consent has been requested, processing is exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, provided consent includes the storage of cookies or access to information on the user’s device. Consent can be revoked at any time.

Contract Data Processing

We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a data protection requirement that ensures the service processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection

The operators of this site take the protection of your personal data very seriously and treat it confidentially and according to the legal data protection regulations as well as this privacy policy.

When you use this website, various personal data will be collected. This privacy policy explains what data we collect and what we use it for, as well as how and for what purpose it is done.

Please note that data transmission on the Internet (e.g., communication by email) can have security vulnerabilities. Complete protection of data against third-party access is not possible.

Information on the Responsible Party

The responsible party for data processing on this website is:

Modern Nomad Design Apartments GmbH

Postwiesenstr. 5a
70327 Stuttgart

Phone: +49 711 134 6615
Email: benjamin@dolde.de

The responsible party is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

Storage Duration

Unless a specific storage period is stated in this privacy policy, your personal data will remain with us until the purpose for the data processing ceases. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storage (e.g., tax or commercial retention periods).

General Information on the Legal Basis of Data Processing on This Website

If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPR and Art. 9(2)(a) GDPR, where special categories of data are processed under Art. 9(1) GDPR. If you have consented to the transfer of personal data to third countries, data processing is based on Art. 49(1)(a) GDPR. If you have agreed to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing is additionally based on § 25(1) TTDSG. You can revoke your consent at any time. If your data is required for the performance of a contract or pre-contractual measures, it is processed on the basis of Art. 6(1)(b) GDPR. Additionally, we process your data if required to fulfill a legal obligation on the basis of Art. 6(1)(c) GDPR. Further data processing may occur based on our legitimate interest according to Art. 6(1)(f) GDPR, as outlined in the sections below.

Notice Regarding Data Transfer to the USA and Other Third Countries

We use tools from companies located in the USA or other countries outside the EU that do not have secure data protection standards. When these tools are active, your personal data may be transferred to and processed in these third countries, where data protection comparable to EU standards may not be guaranteed. For example, US companies may be obligated to disclose personal data to security authorities, and you may not have legal recourse. We have no control over such processing activities.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent, which you can revoke at any time. The legality of the data processing up to the point of revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. PLEASE REFER TO THIS PRIVACY POLICY FOR THE SPECIFIC LEGAL BASIS FOR PROCESSING. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of GDPR violations, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, your workplace, or the location of the alleged infringement. This right is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to request that data processed by automated means on the basis of your consent or in the performance of a contract be transferred to you or to a third party in a commonly used, machine-readable format. If you request direct transfer of the data to another controller, it will only be done where technically feasible.

Access, Correction, and Deletion

Under applicable law, you have the right to request free information about your stored personal data, its origin and recipients, and the purpose of the data processing, as well as the right to correct or delete this data. You may contact us at any time for this purpose and for further questions on the subject of personal data.

Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing exists in the following cases:

If you contest the accuracy of your personal data, we generally need time to verify this. For the duration of the review, you have the right to request the restriction of processing of your personal data.
If the processing of your personal data was unlawful, you may request restriction instead of deletion.
If we no longer need your personal data but you require it to establish, exercise, or defend legal claims, you have the right to request the restriction of processing instead of deletion.
If you have objected under Art. 21(1) GDPR, a balance must be struck between your and our interests. Until it is clear whose interests prevail, you have the right to request the restriction of processing of your personal data.

If you have restricted processing of your personal data, these data may only be processed with your consent, for the establishment, exercise, or defense of legal claims, to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the browser's address line changing from "http://" to "https://" and the lock icon in your browser line.

If SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Encrypted Payment Transactions on This Website

If, after entering into a contract involving payment, you are required to provide us with your payment data (e.g., account number for direct debit), these data are needed for payment processing.

Payment transactions via the usual means (Visa/MasterCard, direct debit) are conducted exclusively over encrypted SSL or TLS connections. An encrypted connection is indicated by the browser’s address bar switching from “http://” to “https://” and the lock symbol in your browser line.

When communication is encrypted, the payment data you transmit cannot be read by third parties.

Objection to Advertising Emails

The use of contact details published as part of the legal notice obligation to send unsolicited advertisements and information materials is hereby rejected. The site operators reserve the right to take legal action in case of unsolicited advertising, such as spam emails.

4. Data Collection on This Website

Cookies

Our website uses "cookies." Cookies are small data packets that do not harm your device. They may be stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain on your device until you delete them or until they are automatically removed by your web browser.

Cookies may be first-party (from us) or third-party cookies (from external providers). Third-party cookies allow for specific third-party services (e.g., payment processing) to be integrated into websites.

Cookies serve various purposes. Some are technically necessary for certain website functions (e.g., shopping cart functionality or video display), while others are used to analyze user behavior or for advertising purposes.

Cookies necessary for electronic communication, providing specific functionalities you desire (e.g., for the shopping cart), or optimizing the website (e.g., cookies for audience measurement) are stored based on Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing essential cookies for the technically sound and optimized provision of its services. If consent for cookies and similar recognition technologies has been requested, data processing is based solely on this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG), which can be revoked at any time.

You can configure your browser to notify you when cookies are set, only allow cookies in individual cases, exclude cookies in certain cases, or generally, and enable the automatic deletion of cookies when closing your browser. The functionality of this website may be limited when cookies are disabled.

For information on the cookies and services used on this website, please refer to this privacy policy.

Consent with Borlabs Cookie

Our website uses Borlabs Cookie consent technology to request your consent for storing certain cookies in your browser and to document this consent in a data-protective manner. This service is provided by Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany.

Upon entering our website, a Borlabs cookie is stored in your browser, saving your consent or revocation of consent. This data is not shared with Borlabs.

The collected data remains stored until you request deletion, delete the Borlabs cookie, or the data storage purpose no longer applies. Legal retention requirements remain unaffected. For details on Borlabs Cookie’s data processing, see https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/..

The use of Borlabs Cookie consent technology is legally required to obtain the necessary consents for cookie usage (Art. 6(1)(c) GDPR).

Contact Form

If you contact us via the contact form, your data from the inquiry form, including any contact details provided, will be stored for processing and for follow-up questions. This data will not be shared without your consent.

Data processing is based on Art. 6(1)(b) GDPR if your inquiry is related to contract performance or pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if obtained; consent may be revoked at any time.

The data entered into the contact form will remain with us until you request deletion, withdraw your consent, or the data storage purpose no longer applies (e.g., after completing your request). Mandatory legal provisions, especially retention periods, remain unaffected.

Inquiries via Email, Phone, or Fax

If you contact us via email, phone, or fax, your inquiry, including any personal data (name, request), will be stored and processed to handle your request. This data will not be shared without your consent.

Data you transmit through contact inquiries will remain with us until you request deletion, withdraw your consent, or the data storage purpose no longer applies (e.g., after completing your inquiry). Mandatory legal provisions, especially statutory retention periods, remain unaffected.

Communication via WhatsApp

We use WhatsApp for customer and third-party communication. The service provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication occurs with end-to-end encryption to prevent WhatsApp or third parties from accessing the content. However, WhatsApp does have access to metadata generated during the communication process (e.g., sender, recipient, and time of communication). WhatsApp has also stated that it shares personal data with its US-based parent company, Meta. More details can be found in WhatsApp’s privacy policy: https://www.whatsapp.com/legal/#privacy-policy..

Using WhatsApp is based on our legitimate interest in fast and efficient communication with customers, prospective clients, and other business partners (Art. 6(1)(f) GDPR). If consent is obtained, data processing is solely based on your consent, which can be revoked at any time.

Messages exchanged via WhatsApp are retained until you request deletion, withdraw your consent, or the data storage purpose no longer applies. Legal retention obligations remain unaffected.

We use the “WhatsApp Business” version of WhatsApp.

Data transfer to the USA is based on the European Commission's Standard Contractual Clauses. You can find details here: https://www.whatsapp.com/legal/business-data-transfer-addendum..

Our WhatsApp accounts are configured to prevent automatic data synchronization with the address book on the smartphones in use.

5. Social Media

Facebook

This website integrates elements of the social network Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.

An overview of Facebook's social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

If the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thereby receives information that you have visited this website with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate the visit to this website with your user account. We would like to point out that, as the provider of this website, we have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook’s Privacy Policy at: https://de-de.facebook.com/privacy/explanation.

Where consent has been obtained, the use of the aforementioned service is based on Art. 6 (1) (a) GDPR and § 25 TTDSG. Consent can be withdrawn at any time. If no consent has been obtained, the service is used based on our legitimate interest in achieving the widest possible visibility on social media.

Insofar as personal data is collected on our website with the help of the tool described here and transmitted to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is strictly limited to the collection of data and its transmission to Facebook. The processing that occurs after the data has been transmitted to Facebook is not part of the joint responsibility. Our shared obligations have been outlined in an agreement on joint processing. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for ensuring the legally compliant implementation of the tool on our website. Facebook is responsible for the data security of its products. You may assert data subject rights (e.g., requests for information) directly with Facebook regarding the data processed by Facebook. If you assert data subject rights with us, we are obliged to forward these requests to Facebook.

Data transfer to the USA is based on the European Commission's Standard Contractual Clauses. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

Twitter

This website includes functions of the Twitter service. These functions are provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

If the social media element is active, a direct connection is established between your device and the Twitter server. Twitter thereby receives information about your visit to this website. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and shared with other users. We would like to point out that, as the provider of this website, we have no knowledge of the content of the transmitted data or its use by Twitter. For more information, please refer to Twitter's Privacy Policy at: https://twitter.com/de/privacy.

Data transfer to the USA is based on the European Commission's Standard Contractual Clauses. You can find details here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

You can adjust your privacy settings on Twitter in your account settings under https://twitter.com/account/settings .

Instagram

This website includes functions of the Instagram service. These functions are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If the social media element is active, a direct connection is established between your device and the Instagram server. This allows Instagram to receive information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of this website, we have no knowledge of the content of the transmitted data or its use by Instagram.

Insofar as personal data is collected on our website with the help of the tool described here and transmitted to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is strictly limited to the collection of data and its transmission to Facebook or Instagram. The processing that occurs after the data has been transmitted to Facebook or Instagram is not part of the joint responsibility. Our shared obligations have been outlined in an agreement on joint processing. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for ensuring the legally compliant implementation of the tool on our website. Facebook is responsible for the data security of its Facebook and Instagram products. You may assert data subject rights (e.g., requests for information) directly with Facebook regarding the data processed by Facebook or Instagram. If you assert data subject rights with us, we are obliged to forward these requests to Facebook.

Data transfer to the USA is based on the European Commission's Standard Contractual Clauses. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

For more information, please refer to Instagram's Privacy Policy: https://instagram.com/about/legal/privacy/.

Tumblr

This website uses buttons and other elements from the Tumblr service. The provider is Tumblr, Inc., 35 East 21st St, 10th Floor, New York, NY 10010, USA.

If the social media element is active, a direct connection is established between your device and the Tumblr server. This allows Tumblr to receive information about your visit to this website.

The Tumblr buttons allow you to share a post or page on Tumblr or follow the provider on Tumblr. When you visit one of our websites with a Tumblr button, the browser establishes a direct connection to Tumblr’s servers. We have no control over the scope of data that Tumblr collects and transmits through this plugin. According to current information, the user's IP address and the URL of the respective website are transmitted.

For more information, please refer to Tumblr's Privacy Policy at: https://www.tumblr.com/privacy/de.

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time a page on this website containing LinkedIn elements is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website using your IP address. If you click the LinkedIn "Recommend Button" while logged into your LinkedIn account, LinkedIn can associate your visit to this website with you and your user account. We would like to point out that, as the provider of this website, we have no knowledge of the content of the transmitted data or how LinkedIn uses it.

Data transfer to the USA is based on the European Commission's Standard Contractual Clauses. You can find details here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de

Further information can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

XING

This website uses elements of the XING network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Each time one of our pages containing XING elements is accessed, a connection to XING servers is established. To the best of our knowledge, no personal data is stored in this process. In particular, no IP addresses are stored, nor is user behavior analyzed.

Further information about data protection and the XING Share Button can be found in XING's privacy policy at: https://www.xing.com/app/share?op=data_protection.

On this website, we use elements of the social network Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

When you access a page that contains such an element, your browser establishes a direct connection to Pinterest's servers. This social media element transmits log data to Pinterest's server in the USA. This log data may include your IP address, the address of the visited websites that also contain Pinterest features, the type and settings of your browser, the date and time of the request, your usage of Pinterest, and cookies.

Further information on the purpose, scope, and further processing and use of data by Pinterest, as well as your rights and options to protect your privacy, can be found in Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy.

6. Analytics Tools and Advertising

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, duration of visits, operating systems used, and the user's origin. This data is aggregated under a user ID and assigned to the respective device of the website visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements as well as clicks. Additionally, Google Analytics employs various modeling approaches to supplement the collected datasets and utilizes machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of users for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is typically transmitted to a Google server in the United States and stored there.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the European Commission's Standard Contractual Clauses. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

For more information on how user data is handled by Google Analytics, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects information such as your location, search history, YouTube history, and demographic data (visitor data). This data can be used with Google Signals for personalized advertising. If you have a Google account, the visitor data collected by Google Signals is linked to your Google account and used for personalized advertising messages. Additionally, the data is utilized to create anonymized statistics about the behavior of our users.

Contract Data Processing

We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

WP Statistics

This website uses the analytics tool WP Statistics to statistically evaluate visitor access. The provider is Veronalabs, Tatari 64, 10134, Tallinn, Estonia.https://veronalabs.com/).

With WP Statistics, we can analyze the usage of our website. WP Statistics collects, among other things, log files (IP address, referrer, browser used, user origin, search engine used) and actions performed by website visitors on the site (e.g., clicks and views).

The data collected with WP Statistics is stored exclusively on our own server.

The use of this analytics tool is based on Article 6(1)(f) GDPR. We have a legitimate interest in the anonymized analysis of user behavior to optimize both our website offering and our advertising. If corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

IP Anonymization

We use WP Statistics with anonymized IP. Your IP address is shortened, making it no longer directly attributable to you.

Meta Pixel (formerly Facebook Pixel)

This website uses the Facebook/Meta Visitor Action Pixel for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

So kann das Verhalten der Seitenbesucher nachverfolgt werden, nachdem diese durch Klick auf eine Facebook-Werbeanzeige auf die Website des Anbieters weitergeleitet wurden. Dadurch können die Wirksamkeit der Facebook-Werbeanzeigen für statistische und Marktforschungszwecke ausgewertet werden und zukünftige Werbemaßnahmen optimiert werden.

The data collected is anonymous to us as the operators of this website, meaning we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, making it possible to establish a connection to the respective user profile. Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://de-de.facebook.com/about/privacy/). This enables Facebook to display advertisements on both Facebook's own pages and external websites. We, as the website operators, have no influence over this use of the data.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. Consent can be withdrawn at any time.

We use the advanced matching feature within the Meta Pixel.

Advanced matching allows us to transmit various types of data (e.g., place of residence, state, postal code, hashed email addresses, names, gender, date of birth, or phone numbers) of our customers and prospects, which we collect via our website, to Meta (Facebook). By enabling this feature, we can tailor our advertising campaigns on Facebook more precisely to individuals who are interested in our offerings. Additionally, advanced matching improves the attribution of website conversions and enhances Custom Audiences.

If personal data is collected on our website using the tool described here and transmitted to Facebook, both we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 GDPR). Joint responsibility is limited solely to the collection of the data and its transmission to Facebook. The subsequent processing by Facebook is not part of the joint responsibility. Our shared obligations have been defined in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and ensuring the tool's privacy-compliant implementation on our website. Facebook is responsible for the data security of its products. Data subject rights (e.g., requests for information) concerning data processed by Facebook can be exercised directly with Facebook. If you assert your data subject rights with us, we are obligated to forward them to Facebook.

Data transfer to the USA is based on the European Commission's Standard Contractual Clauses. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find more information about protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.

You can also disable the remarketing function "Custom Audiences" in the ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you need to be logged into Facebook.

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the http://www.youronlinechoices.com/de/praferenzmanagement/.

7. Newsletter

Newsletter Data

If you would like to subscribe to the newsletter offered on this website, we require your email address as well as information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. Additional data is either not collected or collected only on a voluntary basis. We use newsletter service providers to manage the newsletter process, as described below.

Sendinblue

This website uses Sendinblue for sending newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Sendinblue is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on Sendinblue's servers in Germany.

Data Analysis by Sendinblue

With the help of Sendinblue, we can analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links, if any, were clicked. This allows us to determine, among other things, which links were clicked particularly often.

Additionally, we can identify whether certain predefined actions (conversion rate) were carried out after opening or clicking the newsletter. For instance, we can determine whether you made a purchase after clicking on the newsletter.

Sendinblue also enables us to categorize (“cluster”) newsletter recipients into different groups. For example, newsletter recipients can be divided based on age, gender, or location. This allows us to better tailor newsletters to specific target audiences.

If you do not want your data to be analyzed by Sendinblue, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

For detailed information about the functions of Sendinblue, please refer to the following link: https://de.sendinblue.com/newsletter-software/.

Legal Basis

Data processing is carried out based on your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time. The legality of the data processing carried out before the withdrawal remains unaffected by the withdrawal.

Storage Duration

The data you provide to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you cancel your subscription. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data in the blacklist is used solely for this purpose and is not merged with other data. This serves both your interest and ours in complying with legal requirements for sending newsletters (legitimate interest under Art. 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You can object to this storage if your interests outweigh our legitimate interest.

For more details, please refer to Sendinblue's privacy policy at: https://de.sendinblue.com/datenschutz-uebersicht/.

Contract Data Processing

8. Plugins and tools

YouTube

This website integrates videos from the YouTube platform. The operator of the platform is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our webpages that includes YouTube content, a connection to YouTube's servers is established. In the process, the YouTube server is informed about which of our pages you have visited.

Furthermore, YouTube may store various cookies on your device or use similar technologies for recognition (e.g., device fingerprinting). This allows YouTube to collect information about visitors to this website. This information is used, among other things, to compile video statistics, improve user experience, and prevent fraud attempts.

If you are logged into your YouTube account, YouTube can associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of providing an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) as defined by the TTDSG. Consent can be revoked at any time.

Further information on the handling of user data can be found in YouTube's privacy policy at: https://policies.google.com/privacy?hl=de.

Vimeo

This website uses plugins from the video platform Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages featuring a Vimeo video, a connection is established with Vimeo's servers. The Vimeo server is informed about which of our pages you have visited. Vimeo also obtains your IP address. This applies even if you are not logged into Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to Vimeo's server in the United States.

If you are logged into your Vimeo account, Vimeo can associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.

To recognize website visitors, Vimeo uses cookies or similar recognition technologies (e.g., device fingerprinting).

The use of Vimeo is in the interest of providing an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) as defined by the TTDSG. Consent can be revoked at any time.

The data transfer to the USA is based on the European Commission's Standard Contractual Clauses and, according to Vimeo, on "legitimate business interests." Details can be found here: https://vimeo.com/privacy.

Further information on the handling of user data can be found in Vimeo's privacy policy at: https://vimeo.com/privacy.

Google Fonts

This site uses so-called Google Fonts, provided by Google, to ensure a consistent display of fonts. When you access a page, your browser loads the required fonts into its cache to display texts and fonts correctly.

To achieve this, the browser you use must establish a connection to Google's servers. As a result, Google becomes aware that this website was accessed via your IP address. The use of Google Fonts is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in ensuring a uniform presentation of the website’s fonts. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by the TTDSG. Consent can be revoked at any time.

If your browser does not support Google Fonts, a standard font from your computer will be used.

Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy at https://policies.google.com/privacy?hl=de.

Font Awesome

This site uses Font Awesome to ensure a consistent display of fonts and icons. The provider is Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.

When you access a page, your browser loads the required fonts into its cache to correctly display texts, fonts, and icons. To do this, the browser you are using must establish a connection to Font Awesome's servers. As a result, Font Awesome becomes aware that this website has been accessed via your IP address. The use of Font Awesome is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring a consistent presentation of the website's font style. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) as defined by the TTDSG. Consent can be revoked at any time.

If your browser does not support Font Awesome, a standard font from your computer will be used.

Further information about Font Awesome can be found in the privacy policy of Font Awesome at: https://fontawesome.com/privacy.

Google Maps

This site uses the mapping service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

In order to use the features of Google Maps, it is necessary to store your IP address. This information is typically transferred to a server in the USA and stored there. The provider of this site has no control over this data transfer. When Google Maps is activated, Google may use Google Fonts to ensure consistent font display. When accessing Google Maps, your browser loads the necessary web fonts into its cache to correctly display texts and fonts.

The use of Google Maps is carried out in the interest of providing an appealing presentation of our online offerings and facilitating easy access to the locations specified on our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the European Commission's Standard Contractual Clauses. You can find details here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on how user data is handled, please refer to Google's Privacy Policy: https://policies.google.com/privacy?hl=de.

9. eCommerce and Payment Service Providers

Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data for the establishment, content design, and modification of our contractual relationships. We collect, process, and use personal data regarding the use of this website (usage data) only to the extent necessary to enable the user to utilize the service or to bill for it. The legal basis for this is Art. 6 (1) (b) GDPR.

The collected customer data will be deleted upon completion of the order or termination of the business relationship and expiration of any applicable statutory retention periods. Statutory retention periods remain unaffected.

Credit Checks

When purchasing on account or using another payment method where we provide advance performance, we may conduct a credit check (scoring). For this purpose, we transmit the data you have entered (e.g., name, address, age, or bank details) to a credit agency. Based on this data, the probability of a payment default is calculated. If there is an excessively high risk of payment default, we may refuse the respective payment method.

The credit check is carried out based on the necessity for contract fulfillment (Art. 6 (1) (b) GDPR) and to prevent payment defaults (legitimate interest pursuant to Art. 6 (1) (f) GDPR). If consent has been obtained, the credit check is conducted based on this consent (Art. 6 (1) (a) GDPR); consent can be withdrawn at any time.

Payment Services

We integrate payment services provided by third-party companies on our website. If you make a purchase with us, your payment data (e.g., name, payment amount, bank account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6(1)(b) GDPR (performance of a contract) as well as on the interest in ensuring a payment process that is as smooth, convenient, and secure as possible (Art. 6(1)(f) GDPR). Insofar as your consent is requested for certain actions, Art. 6(1)(a) GDPR constitutes the legal basis for the processing of data; consent may be withdrawn at any time with effect for the future.

We use the following payment services / payment service providers within the framework of this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

Data transfer to the USA is based on the European Commission's Standard Contractual Clauses. You can find details here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

Please refer to PayPal’s privacy policy for further details: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Apple Pay

Anbieter des Zahlungsdienstes ist Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Die Datenschutzerklärung von Apple finden Sie unter: https://www.apple.com/legal/privacy/de-ww/.

Google Pay

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google’s privacy policy can be found here: https://policies.google.com/privacy.

Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).

Data transfer to the USA is based on the European Commission's Standard Contractual Clauses. You can find details here: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation.

Further details can be found in Stripe’s privacy policy at the following link: https://stripe.com/de/privacy.

Klarna

The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). Klarna offers various payment options (e.g., installment payments). If you choose to pay using Klarna (Klarna Checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna Checkout solution. Details regarding the use of Klarna cookies can be found at the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.

Further details can be found in Klarna’s privacy policy at the following link: https://www.klarna.com/de/datenschutz/.

Paydirekt

The provider of this payment service is Paydirekt GmbH, Hamburger Allee 26–28, 60486 Frankfurt am Main, Germany (hereinafter “Paydirekt”). If you make a payment using Paydirekt, Paydirekt collects various transaction data and forwards these to the bank with which you are registered for Paydirekt. In addition to the data required for the payment, Paydirekt may collect further data as part of the transaction processing, such as the delivery address or individual items in the shopping cart. Paydirekt then authenticates the transaction using the authentication procedure stored with your bank for this purpose. The payment amount is subsequently transferred from your account to our account. Neither we nor third parties have access to your account data. Details regarding payments with Paydirekt can be found in Paydirekt’s terms and conditions and privacy policy at: https://www.paydirekt.de/agb/index.html.

Sofort bank transfer (Sofortüberweisung)

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “Sofort GmbH”). By means of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin fulfilling our obligations. If you choose the payment method “Sofortüberweisung”, you transmit your PIN and a valid TAN to Sofort GmbH, which enables Sofort GmbH to log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and executes the transfer to us using the TAN you provided. It then immediately sends us a transaction confirmation. After logging in, your transactions, the credit limit of your overdraft facility, and the existence of other accounts as well as their balances are also automatically checked. In addition to the PIN and TAN, the payment data you entered and personal data are also transmitted to Sofort GmbH. The personal data transmitted includes your first and last name, address, telephone number(s), email address, IP address, and, where applicable, other data required for payment processing. The transmission of this data is necessary in order to establish your identity beyond doubt and to prevent fraud attempts. Details regarding payment with Sofortüberweisung can be found at the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

Amazon Pay

The provider of this payment service is Amazon Payments Europe S.C.A., 38 avenue J.F. Kennedy, L-1855 Luxembourg.

Details on how your data is handled can be found in the privacy policy of Amazon Pay at the following link: https://pay.amazon.de/help/201212490?ld=APDELPADirect.

Mollie

The provider of this payment service is Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands (hereinafter “Mollie”). With the help of Mollie, we can integrate various payment methods on our website. Details can be found in Mollie’s privacy policy: https://www.mollie.com/de/privacy.

PayOne

Anbieter dieses Zahlungsdienstes ist PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main (im Folgenden „PayOne“). Details entnehmen Sie der Datenschutzerklärung von PayOne: https://www.payone.com/DE-de/datenschutz.

giropay

The provider of this payment service is paydirekt GmbH, Stephanstraße 14–16, 60313 Frankfurt am Main (hereinafter “giropay”).

Details can be found in giropay’s privacy policy: https://www.paydirekt.de/agb/index.html.

Unzer

The provider of this payment service is Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg (hereinafter “Unzer”).

Details can be found in Unzer’s privacy policy: https://www.unzer.com/de/datenschutz/.

CopeCart

The provider of this payment service is CopeCart GmbH, Ufnaustraße 10, 10553 Berlin (hereinafter “CopeCart”). Details can be found in CopeCart’s privacy policy: https://www.copecart.com/de/datenschutz.

Shopify Payment

The provider of this payment service in the EU is Shopify International Limited, 2nd Floor Victoria Buildings, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter “Shopify Payment”).

Details can be found in Shopify Payment’s privacy policy: https://www.shopify.de/legal/datenschutz.

American Express

The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter “American Express”).

American Express may transfer data to its parent company in the USA. The transfer of data to the USA is based on Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/.

Further information can be found in the privacy policy of American Express: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).

Mastercard kann Daten an seine Muttergesellschaft in die USA übermitteln. Die Datenübertragung in die USA wird auf die Binding Corporate Rules von Mastercard gestützt. Details finden Sie hier: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

Anbieter dieses Zahlungsdienstes ist die Visa Europe Services Inc., Zweigniederlassung London, 1 Sheldon Square, London W2 6TT, Großbritannien (im Folgenden „VISA“).

Großbritannien gilt als datenschutzrechtlich sicherer Drittstaat. Das bedeutet, dass Großbritannien ein Datenschutzniveau aufweist, das dem Datenschutzniveau in der Europäischen Union entspricht.

VISA kann Daten an seine Muttergesellschaft in die USA übertragen. Die Datenübertragung in die USA wird auf die Standardvertragsklauseln der EU-Kommission gestützt. Details finden Sie hier: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

Further information can be found in the privacy policy of VISA: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Source: eRecht24 GmbH & Co. KG, Lietzenburger Str. 94, 10719 Berlin, www.e-recht24.de