Privacy policy and data protection

MaRiva nekretnine doo za usluge,
Put Svetog Jurja 12, 21217 Kaštel Novi

Commercial register: Tt-24/4230-2
Registration court: Commercial Court Split

Presented by: Marina Rohland

Contact

Phone: +385 95 8893 999
E-mail: mariva.realestate@gmail.com

VAT ID

Sales tax identification number by section 27a of the Sales Tax Act: HR91756757415

Supervisory body

Ministry of Economy and Sustainable Development, Directorate for Trade and Public Procurement Policy
Ulica Grada Vukovara 78, 10000 Zagreb; https://mingo.gov.hr

Job Title and Professional Regulations

Job Title: Licensed Real Estate Agent

Responsible Chamber: Croatian Chamber of Commerce, Rooseveltov trg 2, 10000 Zagreb

Information on professional liability insurance

Name and registered office of the insurer: Generali osiguranje dd, Slavonska avenija 1b, 10000 Zagreb

Area of insurance validity: Croatia

Responsible editor: Marina Rohland

EU rješavanje sporova

The European Commission provides a platform for online dispute resolution (OS): https://ec.europa.eu/consumers/odr/ .
You can find our email address in the legal notice above.

Consumer Dispute Resolution/Universal Arbitration Council

We are neither willing nor obligated to participate in consumer arbitration proceedings.

Data Protection

1. Data Protection at a Glance General Information

General Information

The following information provides a simple overview of what happens to your data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on data protection can be found in our data protection declaration below this text.

Data collection on this website

Who is responsible for the data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the "Note on the responsible body" section of this data protection declaration.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter in the contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. B. Internet browser, operating system, or time of access to the page). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure that the website functions error-free. Other data can be used to analyze your user behavior.

What rights do you have to your data?

You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given consent to the processing of your data, you can revoke this consent at any time in the future.

You also have the right to request that the processing of your data be restricted in certain circumstances. You also have the right to complain to the competent supervisory authority.

You can contact us at any time in this regard or if you have further questions about data protection.

Analytics and third-party tools

When you visit this website, your surfing behavior can be statistically evaluated. This primarily happens with so-called analysis programs.

Detailed information about these analysis programs can be found in the following data protection statement.

2. Hosting

We host the content of our website with the following service providers:

IONOS

The service provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter referred to as IONOS). When you visit our website, IONOS collects various log files, including your IP address. Details can be found in the IONOS data protection declaration: https://www.ionos.de/terms-gtc/terms-privacy .

The use of IONOS is based on Article 6, Paragraph 1, Point f of the GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If appropriate consent is requested, the processing is carried out exclusively based on Art. 6th st. GDPR. B. Device fingerprinting) in terms of TDDDG. Consent can be revoked at any time.

Order Processing

For the use of the above service, we have concluded an Order Processing Agreement (AVV). This is an agreement required by data protection law, which ensures that we only process the personal data of visitors to our website by our instructions and in compliance with the GDPR.

WIX

The provider is Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (hereinafter referred to as "WIX").

WIX is a website creation and hosting tool. When you visit our website, WIX analyzes user behavior, traffic sources, the region of the website visitors, and the number of visitors. WIX stores cookies on your browser that are necessary for the website to function and to ensure security (necessary cookies).

The data collected through WIX may be stored on various servers around the world. WIX servers are located. a. in the USA.

Details can be found in WIX's privacy policy: https://de.wix.com/about/privacy .

According to WIX, data transfers to the USA and other third countries are based on the EU Commission's standard contractual clauses or comparable safeguards by Art. 46 GDPR. Details can be found here:: https://de.wix.com/about/privacy-dpa-users .

The use of WIX is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6(1)(f) GDPR. B. Device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company with a DPF certificate is obliged to comply with these data protection standards. Further information on this can be obtained from the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnbGAAS&status=Active .

Order Processing

For the use of the above service, we have concluded an Order Processing Agreement (AVV). This is a contract required by data protection law, which ensures that we only process the personal data of visitors to our website by our instructions and in compliance with the GDPR.

3. General information and mandatory information

Data protection

The operators of this website take the protection of your data very seriously. We treat your data confidentially and by the data protection regulations and this Data Protection Statement.

When you use this website, various personal data are collected. Personal data is data that can be used to identify you personally. This data protection statement explains which data we collect and what we use it for. It also explains how and for what purpose this happens.

We would like to point out that data transmission over the Internet (e.g., when communicating by e-mail) may have security gaps. Complete protection of data against access by third parties is not possible.

Note on the responsible body

The data controller on these pages is:

MaRiva nekretnine doo za usluge, Put Svetog Jurja 12, 21217 Kaštel Novi

Phone: +385 95 8893 999; E-mail: mariva.realestate@gmail.com

The responsible body is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g., names, e-mail addresses, etc.).

Storage period

Unless a specific storage period is specified in this data protection declaration, your data will remain with us until the purpose of the data processing is no longer applicable. If you submit a legitimate request for deletion or revoke your consent to the data processing, your data will be deleted unless we have other legally permissible reasons for storing your data (e.g. B. tax retention periods or commercial law); In the latter case, deletion takes place after these reasons no longer apply.

General legal basis for data processing on this website

If you have consented to the data processing, we process it based on Art. 1 lit. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out based on Art. 49 para. GDPR. If you consent to the storage of cookies or access to information on your device (e.g. B. via the device fingerprint), data processing is also carried out based on Art. 25 para. 1 TDDDG. Consent can be revoked at any time.

If your data is necessary for the performance of a contract or for taking steps before entering into a contract, we process it based on Art. 6 para. b. Furthermore, we process your data if it is necessary to fulfil a legal obligation based on Art. 6 para. 1 lit. f GDPR. Data processing may also be carried out based on our legitimate interest under Art. 6 para. 1 lit. f GDPR. Information on the relevant legal basis in each case is provided in the following paragraphs of this data protection declaration.

Note on data transfers to third countries that are not secure in terms of data protection law and transfers to US companies that are not DPF certified

We use, among other things, tools from companies based in third countries that are not secure in terms of data protection law, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your data may be transferred to and processed in these countries. We would like to point out that a level of data protection comparable to the EU cannot be guaranteed in third countries with unclear data protection laws.

We point out that the USA, as a secure third country, generally has a level of data protection comparable to the EU. Data transfers to the USA are then permitted if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has appropriate additional guarantees. Information on transfers to third countries, including recipients of data, can be found in this data protection statement.

Recipients of personal data

As part of our business activities, we cooperate with various external bodies. In some cases, it is also necessary to transfer personal data to these external bodies. We only transfer personal data to external parties if this is necessary for the fulfillment of a contract and if we are legally obliged to do so (e.g. B. Transfer of data to tax authorities) if we have a legitimate interest in the transfer by Article 6(1)(f) GDPR or if another legal basis permits the transfer of data. When using order processors, we only transfer the personal data of our customers based on a valid order processing contract. In the case of joint processing, a joint processing contract is concluded.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. Revocation does not affect the lawfulness of data processing carried out until the revocation.

Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE TERMS.

THE APPLICABLE LEGAL BASIS ON WHICH THE PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR DATA UNLESS WE CAN DEMONSTRATE COMPETENT GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) GDPR).

IF YOUR DATA IS PROCESSED FOR THE PURPOSES OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION UNDER ARTICLE 21(2) GDPR).

Right to complain to a supervisory authority

In the event of a breach of the GDPR, affected persons have the right to complain to a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged breach. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have the data we automatically process based on your consent or in the performance of a contract transmitted to you or a third party in a commonly used, machine-readable format. If you request the transfer of data directly to another controller, this will only be done if technically feasible.

Information, correction, and deletion

Within the framework of the applicable legal provisions, you have the right to receive free information about your stored personal data, their origin and recipient, and the purpose of the data processing at any time and, if necessary, the right to have this data corrected or deleted. You can contact us at any time in this regard or if you have further questions about the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your data. You can contact us at any time in this regard. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of the personal data we hold about you, we will generally need time to verify this. During the review period, you have the right to request restriction of the processing of your data.
If the processing of your data was/is taking place unlawfully, you can request that the processing be restricted instead of deletion.
If we no longer need your data, but you need it for the exercise, defense, or establishment of legal claims, you have the right to request restriction of processing of your data instead of deletion.
If you have objected under Article 21(1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request restriction of processing of your data.
If you have restricted the processing of your data, these data - except for their storage - may only be used with your consent or for the establishment, exercise or defence of legal claims or the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator. You can recognize an encrypted connection by the change in the browser address line from “http://” to “https://” and by the padlock symbol in the browser line. If SSL or TLS encryption is activated, third parties cannot read the data you send to us.

Encrypted payment transactions on this website

After concluding a paid contract, you are obliged to provide us with your payment details (e.g., bank account number for direct debit authorization). This data is required for payment processing.

Payment transactions with common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection.

You can recognize an encrypted connection by the change in the browser address line from “http://” to “https://” and by the padlock symbol in the browser line. With encrypted communications, third parties cannot read the payment information you send us.

Objection to advertising e-mails

The use of contact information published as part of the imprint's obligation to send unsolicited advertising and informational materials is hereby denied. Site operators expressly reserve the right to take legal action in the event of sending unsolicited advertising information, such as spam e-mails.

4. Data collection on this website

Cookies

Our websites use so-called "cookies". Cookies are small data packets and do not damage your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies within websites (e.g., cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary because certain functions of the website would not work without them (e.g. B. shopping cart function or video display). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are used to carry out the electronic communication process and to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g., cookies for measuring web audience (necessary cookies) are stored based on Art. 6 Para. f GDPR.

The website operator has a legitimate interest in storing the necessary cookies for the technically flawless and optimized provision of its services. If consent has been requested for the storage of cookies and comparable recognition technologies, the processing is carried out exclusively based on this consent (Art. 6 Para. 1 lit. a GDPR and Art. 25 Para. 1 TDDDG); consent can be revoked at any time.

You can set your browser so that you are informed about cookie settings and allow cookies only in individual cases, to deactivate the acceptance of cookies for certain cases or generally and to activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be limited.

You can find out which cookies and services are used on this website in this data protection declaration.

Cookiebot consent

Our website uses Cookiebot consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document this by data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as "Cookiebot").

When you access our website, a connection will be established to Cookiebot's servers to obtain your consent and other statements regarding the use of cookies. Cookiebot then stores a cookie in your browser so that it can assign the given consent to you or revoke it.

The data collected in this way will be stored until you request deletion, delete the Cookiebot cookie yourself, or the purpose for storing the data no longer exists. The statutory retention obligations remain unaffected.

Cookiebot is used to obtain legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) of the GDPR.

Order Processing

Consent with Compliance

Our website uses Complianz's consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Complianz BV, Kalmarweg 14-5, 9723 JG Groningen, the Netherlands (hereinafter referred to as "Complianz").

Complianz is located on our servers, so it has no connection to the servers of the provider Complianz. Complianz stores a cookie in your browser to be able to grant the consent you have given or revoke it. The data collected in this way will be stored until you request that we delete it, you delete the compliance cookie yourself, or there is no longer a purpose for storing the data. The statutory retention obligations remain unchanged.

Complianz serves to obtain legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

Contact form

If you send us inquiries via the contact form, we will store your data from the inquiry form, including the contact details you provided there, for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass this data on without your consent.

This data is processed based on Article 6 lit. In all other cases, the processing is based on our legitimate interest in the efficient processing of inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this is the question asked; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to the storage, or the purpose of the data storage no longer applies (e.g. B. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Enquiries by e-mail, telephone, or fax

If you contact us by e-mail, telephone or fax, we will store and process your request, including all resulting personal data (name, request), to process your request. We will not pass on this data without your consent.

This data is processed on the basis of Article 6 lit. In all other cases, the processing is based on our legitimate interest in the efficient processing of inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this is the question asked; consent can be revoked at any time.

The data you send us via a contact request will remain with us until you request us to delete it, revoke your consent to the storage or the purpose of the data storage no longer applies (e.g. B. after your request has been processed). Mandatory legal provisions - in particular, legally prescribed retention periods - remain unaffected.

Communication via WhatsApp

We use the instant messaging service WhatsApp, among others, to communicate with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The communication takes place using end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp does gain access to the metadata that is generated during the communication process (e.g. sender, recipient, and time). We would also like to point out that WhatsApp says that it shares the personal data of its users with its US parent company Meta.

Further details on data processing can be found in WhatsApp's privacy policy at:

https://www.whatsapp.com/legal/#privacy-policy .

The use of WhatsApp is based on our legitimate interest in communicating with customers, interested parties, and other business and contractual partners as quickly and efficiently as possible (Art. 6 Para. 1 lit. f GDPR). If the corresponding consent has been requested, the data processing is carried out exclusively on the basis of consent; this can be revoked at any time with effect for the future.

The communication content exchanged between you and us on WhatsApp will remain with us until you request its deletion, revoke your consent to the storage or the purpose of the data storage no longer applies (e.g. B. after your request has been processed). The mandatory legal provisions – in particular the retention periods – remain unchanged.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Any company with a DPF certificate undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt00000011sfnAAA&status=Active .

We use WhatsApp in the "WhatsApp Business" version.

Data transfers to the USA are based on the European Commission's Standard Contractual Clauses. Details can be found here:

https://www.whatsapp.com/legal/business-data-transfer-addendum .

Calendly

You can make an appointment with us on our website. We use the “Calendly” tool to book an appointment. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter referred to as “Calendly”).

To book an appointment, please enter the requested information and the desired appointment in the form provided. The information you enter will be used to plan, implement and, if necessary, monitor the appointment. The appointment data is stored for us on the servers of Calendly, whose privacy policy can be viewed here: https://calendly.com/privacy .

The data you enter will remain with us until you request deletion, revoke your consent to the storage, or until the purpose of the data storage no longer applies. Mandatory legal provisions – in particular retention periods – remain unchanged.

The legal basis for data processing is Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in making it as easy as possible to schedule meetings with interested parties and customers. If the appropriate consent has been requested, the processing is carried out exclusively based on Art. 6 para. GDPR. B. Device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The transfer of data to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://calendly.com/pages/dpa .

Every company with a DPF certificate is obliged to adhere to these data protection standards. Further information on this can be obtained from the provider at the following link: :https://www.dataprivacyframework.gov/participant/6050 .

Order Processing

Google Calendar

You can make appointments with us on our website. We use Google Calendar for planning. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").

To book an appointment, please enter the requested data and the desired date in the provided form. The data entered will be used to plan, implement, and, if necessary, monitor the appointment.

The data is stored for us on the Google Calendar servers, whose privacy policy can be viewed here: https://policies.google.com/privacy.

The data you enter will remain with us until you request deletion, revoke your consent for storage, or until the purpose of data storage no longer applies. Mandatory legal provisions - in particular retention periods - remain unchanged.

The legal basis for data processing is Article 6(1)(f) GDPR. The website operator has a legitimate interest in making it as easy as possible to schedule meetings with interested parties and customers. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6(1)(f) GDPR. GDPR. B. for a fingerprint device) within the meaning of the TDDDG. Consent can be revoked at any time.

The transfer of data to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:

https://workspace.google.com/terms/dpa_terms.html and there https://cloud.google.com/terms/sccs .

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company with a DPF certificate is obliged to adhere to these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 .

Registration on this website

You can register on this website to use additional functions on the website. We use the data entered only for the purpose of using the individual offer or service for which you have registered. Mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

For important changes, such as the scope of the offer or technically necessary changes, we use the e-mail address provided during registration to inform you in this way.

The data entered during registration is processed to implement the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6 Para. 1 lit. b GDPR).

We will store the data collected during registration as long as you are registered on this website and then delete it. The statutory retention periods remain unchanged.

Registration via Facebook Connect

Instead of registering directly on this website, you can register via Facebook Connect. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected will also be transferred to the USA and other third countries.

If you decide to register with Facebook Connect and click on the “Log in with Facebook”/“Connect with Facebook” button, you will automatically be redirected to the Facebook platform. There you can log in with your usage data. This will link your Facebook profile to this website or our services. This link gives us access to your data stored on Facebook. These are mainly:

Facebook name
Facebook profile and cover photo
Facebook cover photo
Email address stored on Facebook
Facebook ID
Facebook friend lists
Facebook likes
Birthday
Gender
Country
Language

This data is used to set up, provide, and personalize your account.

Registration for Facebook Connect and the related data processing operations are based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time with future effect.

To the extent that personal data are collected on our website using the tool described here and transmitted to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR).

The joint responsibility is limited exclusively to the collection of the data and its transmission to Facebook. The processing carried out by Facebook after the transmission is not part of the joint responsibility. Our joint obligations are set out in the joint processing agreement. The text of the agreement can be found at:

https://www.facebook.com/legal/controller_addendum . According to this agreement, we are responsible for providing information on data protection when using Facebook tools and for implementing tools on our website that are secure for data protection. Facebook is responsible for the data security of the Facebook products. Rights of affected persons (e.g., B. Requests for information) in relation to data processed by Facebook can be addressed directly to Facebook. If you exercise your data subject rights with us, we are obliged to forward them to Facebook.

The transfer of data to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum , https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php .For more information, see Facebook's terms of use and Facebook's privacy policy. You can find them at:

https://de-de.facebook.com/about/privacy/ i https://de-de.facebook.com/legal/terms/ .

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company with a DPF certificate is obliged to adhere to these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active .

5. Social Media

Facebook

Elements of the social network Facebook are integrated into this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the collected data will also be transferred to the USA and other third countries.

You can find an overview of the Facebook social media elements here: https://developers.facebook.com/docs/plugins/?locale=de_DE .

If the social media element is activated, a direct connection is established between your device and the Facebook server. Facebook thereby receives information that you have visited this website with your IP address. If you click on the Facebook “Like” button while you are logged in to your Facebook account, you can associate the content of this website with your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that as the provider of the pages, we do not know the content of the transmitted data or its use by Facebook. You can find further information in Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation .

The use of this service is based on your consent under Article 6(1)(a) GDPR and Article 25(1) GDPR. Consent can be revoked at any time. To the extent that personal data are collected on our website using the tool described here and transmitted to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Article 26 GDPR). The joint responsibility is limited solely to the collection of the data and its transmission to Facebook. The processing carried out by Facebook after the transmission is not part of the joint responsibility.

Our joint obligations are set out in the joint processing agreement. The text of the agreement can be found at:

https://www.facebook.com/legal/controller_addendum . According to this agreement, we are responsible for providing information on data protection when using Facebook tools and for implementing tools on our website that are secure for data protection. Facebook is responsible for the data security of the Facebook products. Rights of affected persons (e.g., requests for information) about data processed by Facebook can be addressed directly to Facebook. If you exercise your data subject rights with us, we are obliged to forward them to Facebook.

The transfer of data to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum , https://de-de.facebook.com/help/566994660333381 i https://www.facebook.com/policy.php . The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company with a DPF certificate is obliged to adhere to these data protection standards. Further information on this can be obtained from the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active .

Instagram

Instagram features are integrated into this website. These features are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

If the social media element is activated, a direct connection is established between your device and the Instagram server. Instagram receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

The use of this service is based on your consent under Article 6(1)(a) GDPR and Article 25(1) GDPR. Consent can be revoked at any time.

To the extent that personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited solely to the collection of data and its forwarding to Facebook or Instagram.

The processing carried out by Facebook or Instagram after the forwarding is not part of the joint responsibility. Our joint obligations are set out in the joint processing agreement. The text of the agreement can be found at:

https://www.facebook.com/legal/controller_addendum .

According to this agreement, we are responsible for providing information on data protection when using the Facebook or Instagram tools and for implementing tools on our website that are secure for data protection. Facebook is responsible for the data security of the Facebook and Instagram products. Rights of affected persons (e.g., B. Requests for information) about data processed by Facebook or Instagram can be addressed directly to Facebook. If you exercise your data subject rights with us, we are obliged to forward them to Facebook.

The transfer of data to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum , https://privacycenter.instagram.com/policy/ i https://de-de.facebook.com/help/566994660333381 .

You can find more information in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/ .

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when data is processed in the US. Any company with a DPF certificate is obliged to comply with these data protection standards. Further information on this can be obtained from the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active .

6. Analytics and advertising tools

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out any independent analysis. It is only used to manage and display the tools integrated through it. However, Google Tag Manager collects your IP address, which may also be transmitted to Google's parent company in the United States.

The use of Google Tag Manager is based on Art. 6 lit. The website operator has a legitimate interest in the quick and easy integration and management of various tools on its website. If appropriate consent has been requested, the processing is carried out exclusively based on Art. 6 para. GDPR. B. Device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when data is processed in the US. Any company with a DPF certificate is committed to adhering to these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 .

Google Analytics

This website uses the functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as: E.g. page views, length of stay, operating systems used and the origin of the user. This data is summarized in a user ID and assigned to the respective device of the website visitor.

We may also use Google Analytics, etc., a. Record mouse movements and scrolling, and clicks. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in the data analysis.

Google Analytics uses technologies that enable user recognition to analyze user behavior (e.g. B. Cookies or device fingerprinting). The data that Google collects about the use of this website is usually transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Article 6(1)(a) GDPR and Article 25(1) GDPR. Consent can be revoked at any time.

The transfer of data to the USA is based on the European Commission's standard contractual clauses. Details can be found here:

https://privacy.google.com/businesses/controllerterms/mccs/ . The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company with a DPF certificate is obliged to adhere to these data protection standards. Further information on this can be obtained from the provider at the following link:

https://www.dataprivacyframework.gov/participant/5780 .

IP anonymization

Google Analytics IP anonymization is activated. This means that Google will shorten your IP address within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be combined with other Google data.

Browser add-on

You can prevent Google from collecting and processing your data by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de .

More information about how Google Analytics processes user data can be found in Google's privacy policy:

https://support.google.com/analytics/answer/6004245?hl=de .

Google signals

We use Google signals. When you visit our website, Google Analytics collects, among other things: a. Your location, search history and YouTube history as well as demographic data (visitor data). This data can be used for personalized advertising using Google Signals. If you have a Google account, Google Signal visitor data will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics about the user behavior of our users.

Demographic characteristics in Google Analytics

This website uses the "demographic characteristics" function of Google Analytics to show website visitors relevant ads within the Google advertising network. This allows reports to be created containing information about the age, gender and interests of website visitors. This data comes from interest-based advertising from Google and visitor data from third parties. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ads settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the "Objection to data collection" section.

Order processing

We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics E-commerce Measurement

This website uses the "E-commerce Measurement" feature of Google Analytics. With the help of E-commerce Measurement, the website operator can analyze the purchasing behavior of website visitors in order to improve their online marketing campaigns. Data such as orders placed, average order values, shipping costs, and the time from product viewing to purchase are recorded. This data can be summarized by Google under a transaction ID that is assigned to the user or their device.

IONOS WebAnalytics

This website uses the analysis service IONOS WebAnalytics (hereinafter referred to as IONOS). The provider is 1&1 IONOS SE, Elgendorfer Straße 57, D – 56410 Montabaur. As part of the analysis with IONOS, you can: a. The number of visitors and their behavior (e.g. B. number of page views, duration of the website visit, bounce rates), visitor sources (i.e. from which website the visitor comes), visitor locations and technical data (browser and operating system versions).

For this purpose, IONOS specifically stores the following data:

Referrer (previously visited website)
Requested website or file
Browser type and browser version
Operating system used
Device type used
Access time
IP address in anonymized form (only used to determine the access location)

According to IONOS, the collection of data is completely anonymized so that it cannot be traced back to individual persons. Cookies are not stored by IONOS WebAnalytics.

The storage and analysis of the data is based on Art. 6 lit. The website operator has a legitimate interest in the statistical analysis of user behavior in order to optimize its website and advertising. If the corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. GDPR. B. Device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further information on the collection and processing of data by IONOS WebAnalytics can be found in the IONOS data protection declaration at the following link:

https://www.ionos.de/terms-gtc/datenschutzerklaerung/

Order Processing

For the use of the above service, we have concluded an Order Processing Agreement (AVV). This is an agreement required by data protection law, which ensures that we process the personal data of visitors to our website only in accordance with our instructions and in accordance with the GDPR.

WP Statistics

This website uses the WP Statistics analysis tool to statistically evaluate visitor access. The provider is Veronalabs, Tatari 64, 10134, Tallinn, Estonia ( https://veronalabs.com ).

With WP Statistics we can analyze the use of our website. WP Statistics records, among other things: a. Log files (IP address, referral, browser used, origin of the user, search engine used) and actions taken by website visitors on the website (e.g. clicks and views). The data collected with WP Statistics is stored exclusively on our server.

The use of this analysis tool is based on Art. 6 lit. We have a legitimate interest in anonymized analysis of user behavior in order to optimize both our website and our advertising. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. GDPR. B. Device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display ads in the Google search engine or on third-party websites when a user enters certain search terms on Google (keyword targeting).

Furthermore, targeted advertisements can be created based on user data available on Google (e.g. location data and interests) can be played with (target group targeting). As website operators, we can quantitatively evaluate this data, for example by analyzing which search terms led to the display of our ads and how many ads led to the corresponding clicks.

The use of this service is based on your consent in accordance with Article 6(1)(a) GDPR and Article 25(1) GDPR. Consent can be revoked at any time.

The transfer of data to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:

https://policies.google.com/privacy/frameworks i https://business.safety.google/controllerterms/ .The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company with a DPF certificate is obliged to adhere to these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 .

Google Ads remarketing

This website uses Google Ads remarketing functions. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offer to specific target groups in order to then show them interest-based advertising in the Google advertising network (remarketing or retargeting).

Furthermore, advertising audiences created using Google Ads remarketing can be linked to Google's cross-device functions. In this way, interest-based personalized advertising messages can be sent, depending on your previous usage and surfing behavior on the device (e.g. B. mobile phone) tailored to you on your other device (e.g. B. Tablet or computer).

If you have a Google account, you can object to customized advertising via the following link: https://adssettings.google.com/anonymous?hl=de .

The use of this service is based on your consent in accordance with Article 6(1)(a) GDPR and Article 25(1) TDDDG. Consent can be revoked at any time.

Further information and data protection regulations can be found in Google's data protection declaration at:

https://policies.google.com/technologies/ads?hl=de .

Formation of a target group with comparison of customers

To create target groups, we use, among other things, client matching from Google Ads remarketing. This is where we pass certain customer information (eg e-mail addresses) from our customer lists to Google. If the respective customers are Google users and are logged in to their Google account, they will be sent relevant advertising messages within the Google network (e.g. B. shown on YouTube, Gmail or in a search engine).

Google conversion tracking

This website uses Google conversion tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can estimate which buttons on our website are clicked how often and which products are particularly frequently viewed or purchased.

This information is used to generate conversion statistics. We find out the total number of users who clicked on our ads and what actions they took. We do not receive any information that could personally identify the user. Google itself uses cookies or similar recognition technologies for identification.

The use of this service is based on your consent in accordance with Article 6(1)(a) GDPR and Article 25(1) GDPR. Consent can be revoked at any time.

More information about Google Conversion Tracking can be found in Google's data protection regulations:

https://policies.google.com/privacy?hl=de .

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company with a DPF certificate is obliged to adhere to these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 .

Meta Pixel (ex Facebook Pixel)

This website uses visitor action pixels from Facebook/Meta for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data will also be transferred to the USA and other third countries.

This allows the behavior of visitors to the website to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and the optimization of future advertising measures.

The collected data is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a link to the respective user profile is possible and Facebook uses the data for its own advertising purposes in accordance with Facebook's data usage guidelines.

( https://de-de.facebook. com/about/privacy/ ).

This enables Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. As the operator of the page, we have no influence on this use of data.

The use of this service is based on your consent in accordance with Article 6(1)(a) GDPR and Article 25(1) GDPR. Consent can be revoked at any time.

The processing carried out by Facebook after the transmission is not part of the joint responsibility. Our joint obligations are set out in the joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum . According to this agreement, we are responsible for providing information on data protection when using Facebook tools and for implementing the tools on our website in a data-safe manner. Facebook is responsible for the data security of the Facebook products. Rights of affected persons (e.g. B. Requests for information) regarding data processed by Facebook can be submitted directly to Facebook. If you exercise your data subject rights with us, we are obliged to forward them to Facebook.

The transfer of data to the USA is based on the European Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381 .

Further information on the protection of your privacy can be found in Facebook's data protection information: https://de-de.facebook.com/about/privacy/ .

You can also deactivate the remarketing function "Custom Audiences" in the ad settings area at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . To do this you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate Facebook-based advertising on the European Interactive Digital Advertising Alliance website:

http://www.youronlinechoices.com/de/praferenzmanagement/ .

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company with a DPF certificate is obliged to adhere to these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 .

Facebook Custom Audiences

We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites and apps, use our free or paid offers, transmit data to us or interact with our company's Facebook content, we collect your personal data. If you give us your consent to use Facebook Custom Audiences, we will transfer this data to Facebook, which Facebook can use to show you relevant advertising. Furthermore, target groups can be defined with your data (lookalike audiences).

Facebook processes this data as our processor. Details can be found in the Facebook User Agreement: https://www.facebook.com/legal/terms/customaudience .

The use of this service is based on your consent in accordance with Article 6(1)(a) GDPR and Article 25(1) GDPR. Consent can be revoked at any time.

Data transfers to the USA are based on the European Commission's standard contractual clauses. Details can be found here:

https://www.facebook.com/legal/terms/customaudience i https://www.facebook.com/legal/terms/dataprocessing .

7. Newsletters

Newsletter information

If you wish to receive the newsletter offered on the website, we need your e-mail address as well as information that allows us to confirm that you are the owner of the specified e-mail address and that you agree to receive the newsletter. No further data is collected or collected only on a voluntary basis. To process the newsletter, we use the newsletter service providers described below.

Active campaign

This website uses ActiveCampaign to send newsletters. The provider is ActiveCampaign, Inc., 1 N Dearborn, 5th Floor Chicago, Illinois 60602, USA. ActiveCampaign is a service that, among other things, can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of signing up for the newsletter will be stored on ActiveCampaign's servers in the USA.

Data analysis by ActiveCampaign

With the help of ActiveCampaign, we can analyze our newsletter campaigns. This way, we can, for example, see whether a newsletter message has been opened and which links, if any, have been clicked on. This way, we can determine, among other things, which links have been clicked on particularly often.

We can also see whether certain predefined actions have been performed after opening/clicking (conversion rate). We can, for example, recognize whether you have made a purchase after clicking on the newsletter.

ActiveCampaign also allows us to divide ("group") newsletter recipients based on different categories. Newsletter recipients can be, for example, divided by age, gender or place of residence. In this way, newsletters can be better tailored to the respective target groups. If you do not want ActiveCampaign to analyze you, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message.

Detailed information about ActiveCampaign's features can be found at the following link: https://www.activecampaign.com/email-marketing .

ActiveCampaign's privacy policy can be found at: https://www.activecampaign.com/privacy-policy .

Legal basis

The data processing is based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time. Revocation does not affect the lawfulness of data processing operations that have already taken place.

The transfer of data to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:

https://www.activecampaign.com/legal/newscc i https://www.activecampaign.com/de/legal/gdpr-updates/privacy-shield .

Storage period

The data you provide to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that we store for other purposes remains unchanged.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored on a blacklist by us or the newsletter provider if this is necessary to prevent future sending. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your and our interests in accordance with the legal requirements when sending the newsletter (legitimate interest within the meaning of Article 6(1)(f) GDPR). Storage on the blacklist is not limited in time. You can object to storage if your interests outweigh our legitimate interests.

Brevo

This website uses Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Brevo is a service that, among other things, is used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter will be stored on Sendinblue GmbH's servers in Germany.

Brevo data analysis

With the help of Brevo, we are able to analyze our newsletter campaigns. This allows us, for example, to see whether a newsletter message has been opened and which links, if any, have been clicked on. This allows us, among other things, to determine which links have been clicked on particularly frequently.

Brevo also allows us to divide ("group") newsletter recipients based on different categories. Newsletter recipients can be, for example, divided by age, gender or place of residence. This way, the newsletters can be better tailored to the respective target groups.

If you do not want Brevo to analyze them, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message.

Detailed information about the Brevo functions can be found at the following link: https://www.brevo.com/de/newsletter-software/ .

Legal basis

The data processing is based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time. The revocation does not affect the lawfulness of data processing operations that have already taken place.

Storage period

The data you provide to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. The data we store for other purposes remains unchanged.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored on a blacklist by us or the newsletter service provider if this is necessary to prevent future sending. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your and our interests in accordance with the legal requirements for sending the newsletter (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage on the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interests.

For more information, see Brevo's data protection regulations at:

https://www.brevo.com/de/datenschutz-uebersicht/ i https://www.brevo.com/de/legal/privacypolicy/ .

Sending newsletters to existing customers

If you order goods or services from us and provide your e-mail address, we may subsequently use this e-mail address to send you the newsletter, provided that we inform you in advance. In this case, the newsletter will only be used to send direct advertising for your similar products or services. You can unsubscribe from this newsletter at any time.

There is a corresponding link in each newsletter for this purpose. The legal basis for sending the newsletter in this case is Article 6 (1) (f) GDPR in conjunction with Section 7 (3) UWG.

After you unsubscribe from the newsletter distribution list, we may store your e-mail address on a blacklist in order to prevent future e-mails from being sent to you. The data from the blacklist will only be used for this purpose and will not be merged with other data.

This serves both your and our interests in accordance with the legal requirements when sending the newsletter (legitimate interest within the meaning of Article 6 (1) (f) GDPR). Storage on the blacklist is not limited in time. You can object to storage if your interests outweigh our legitimate interests.

8. Add-ons and tools

YouTube with extended data protection

This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of these websites in which YouTube is integrated, a connection is established to the YouTube servers. The YouTube server is informed which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in extended data protection mode. According to YouTube, videos played in extended data protection mode are not used to personalize your browsing experience on YouTube. Ads displayed in extended data protection mode are also not personalized. Cookies are not set in extended data protection mode. Instead, so-called local storage elements are stored in the user's browser, which, like cookies, contain personal data and can be used for recognition. Details on extended data protection mode can be found here:

https://support.google.com/youtube/answer/171780 .

If necessary, further data processing operations may be initiated after the activation of the YouTube video, over which we have no influence.

The use of YouTube is in the interest of an attractive presentation of our online offer. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. B (Device fingerprinting) in the sense of the TDDDG. Consent can be revoked at any time.

Further information on data protection at YouTube can be found in their data protection declaration at: https://policies.google.com/privacy?hl=de .

Google Fonts (local hosting)

This page uses so-called Google Fonts, provided by Google, for a unique display of fonts. Google Fonts are installed locally. It has nothing to do with Google's servers.

Additional information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy:

https://policies.google.com/privacy?hl=de .

Google Maps

This website uses the Google Maps mapping service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of this service, we can integrate maps into our website.

In order to use the Google Maps functions, your IP address must be stored. This information is usually transmitted to a Google server in the USA and stored there. The provider of this website has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of a uniform display of fonts. When you access Google Maps, your browser loads the necessary web fonts into the browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an attractive presentation of our online offer and to make it easier to find the places we mark on the website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. B. Device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The transfer of data to the USA is based on the standard contractual clauses of the European Commission. You can find details here:

https://privacy.google.com/businesses/gdprcontrollerterms/ i https://privacy.google.com/businesses/gdprcontrollerterms/sccs/ .

More information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de .

Google reCAPTCHA

We use “Google reCAPTCHA” on this website (hereinafter referred to as “reCAPTCHA”). The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA aims to check whether data entries on this website (e.g. in the contact form) are made by a human or an automated program. To do this, reCAPTCHA analyzes the behavior of website visitors based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, the time the website visitor stays on the website or the mouse movements made by the user). The data collected during the analysis is transmitted to Google.

The reCAPTCHA analyses work entirely in the background. Website visitors are not informed that an analysis is being carried out.

The storage and analysis of data is based on Art. 6 lit. The website operator has a legitimate interest in protecting its website from malicious automated spying and SPAM. If the appropriate consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. GDPR. B. Device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further information about Google reCAPTCHA can be found in Google's data protection regulations and Google's terms of use at the following links: https://policies.google.com/privacy?hl=de i https://policies.google.com /terms?hl=de .

ManageWP

We operate this website using the ManageWP tool. The provider is GoDaddy.com WP Europe, Trg Republike 5, 11000 Belgrade, Serbia (hereinafter referred to as ManageWP).

With ManageWP we can: a. monitor the security and performance of our website and create automatic backups. ManageWP therefore has access to all content on the website including our databases. ManageWP is located on the servers of the service provider.

The use of ManageWP is based on Art. 6 lit. The website operator has a legitimate interest in the most efficient and secure operation of its website. If appropriate consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. GDPR. B. Device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

9. E-commerce and payment service providers

Processing of customer and contract data

We collect, process and use personal data about customers and contracts to establish, structure and change our contractual relationships. We only collect, process and use personal data about the use of this website (usage data) to the extent that it is necessary to enable the user to use the service or to charge for it. The legal basis for this is Article 6(1)(b) GDPR.

The collected customer data will be deleted after the order has been completed or the business relationship has ended and all statutory retention periods have expired. The statutory retention periods remain unchanged.

Data transfer when concluding a service and digital content contract

We only transfer personal data to third parties if this is necessary for the processing of the contract, for example to the credit institution responsible for processing the payment.

The data will not be transferred further or will only be transferred if you have expressly consented to the transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Article 6(1)(b) GDPR, which allows data processing for the purpose of fulfilling a contract or taking pre-contractual measures.

Credit checks

If you make a purchase on account or another payment method for which we pay in advance, we may carry out a credit check (scoring). For this purpose, we transfer the data you have entered (e.g. name, address, age or bank details) to a credit agency. Based on this data, the likelihood of non-payment is determined. If there is an excessive risk of non-payment, we may refuse the corresponding payment method.

The credit check is carried out on the basis of the fulfillment of the contract (Art. 6 Para. 1 lit. b GDPR) and in order to avoid non-payment (legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR). If consent has been obtained, the credit check is carried out on the basis of this consent (Art. 6 Para. 1 lit. GDPR); consent can be revoked at any time.

10. Audio and video conferences

Data processing

We use online conferencing tools, among other things, to communicate with our customers. The specific tools we use are listed below. If you communicate with us via video or audio conferencing over the Internet, your personal data will be collected and processed by us and the provider of the respective conferencing tool.

The conferencing tools collect all the data that you provide/use to use the tool (e-mail address and/or your telephone number). The conferencing tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “contextual information” related to the communication process (metadata).

Furthermore, the tool provider processes all technical data that is necessary for the processing of the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, type of camera, microphone or speaker as well as the connection type.

If content is exchanged, uploaded or otherwise made available within the tool, it will also be stored on the tool provider's servers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, photos and videos uploaded to voicemail, files, whiteboards and other information shared during the use of the service.

Please note that we do not have full influence on the data processing operations of the tools used. Our options largely depend on the corporate policy of the respective service provider. You can find further information on data processing by the conferencing tools in the data protection statements of the tools used, which we have listed below.

Purpose and legal basis

The conference tools are used to communicate with potential or existing contractual partners or to offer certain services to our customers (Art. 6 Para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). If consent has been requested, the relevant tools will be used on the basis of this consent; consent can be revoked at any time with effect for the future.

Storage period

The data that we collect directly via the video and conference tools will be deleted from our systems as soon as you request us to delete them, revoke your consent to the storage or the purpose of the data storage no longer applies. The stored cookies remain on your device until you delete them. The mandatory statutory retention periods remain unchanged.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the conferencing tool operators directly.

Conference tools used

We use the following conferencing tools:

Google Meet

We use Google Meet. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details of data processing can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de .

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Any company with a DPF certificate is obliged to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 .

Order processing

In order to use the above service, we have concluded an Order Processing Agreement (AVV). This is an agreement required by data protection law, which ensures that we only process the personal data of visitors to our website in accordance with our instructions and in accordance with the GDPR.