Data protection


Depending on which tools & plugins you use, the data protection declaration must be adapted. Please
speak to your data protection officer and it is imperative that you replace the red fields before going live.

1. Data protection at a glance
General information

The following information provides a simple overview of what happens to your personal data when you
visit our website. Personal data are all data with which you can be personally identified. Detailed
information on the subject of data protection can be found in our data protection declaration listed below
this text.

Data collection on our website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact
details in the legal notice of this website.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This can be, for example, data that
you enter in a contact form.

Other data are automatically recorded by our IT systems when you visit the website. This is mainly
technical data (e.g. internet browser, operating system or time of the page was viewed). This data is
collected automatically as soon as you enter our website.

What do we use your data for?

Some of the data is collected in order to ensure that the website is error-free. Other data can be used to
analyze your user behavior.

What rights do you have with regard to your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal
data free of charge at any time. You also have the right to request the correction, blocking or deletion of
this data. You can contact us at any time at the address given in the legal notice if you have any further
questions on the subject of data protection. You also have the right to lodge a complaint with the
competent supervisory authority.

Analysis tools and third party tools

When you visit our website, your surfing behavior can be statistically evaluated. This is done primarily
with cookies and so-called analysis programs. Your surfing behavior is usually analyzed anonymously;
surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using
certain tools. You can find detailed information on this in the following data protection declaration.

You can object to this analysis. We will inform you about the possibilities of objection in this data
protection declaration.

2. General information and mandatory information
privacy

The operators of this website take the protection of your personal data very seriously. We treat your
personal data confidentially and in accordance with the statutory data protection regulations and this
data protection declaration.

When you use this website, various personal data are collected. Personal data are data with which you
can be personally identified. This data protection declaration explains which data we collect and what we
use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail)
can have security gaps. A complete protection of the data against access by third parties is not possible.

Note on the responsible body

The responsible body for data processing on this website is

Your contact details are here

Telephone:
Fax:
E-Mail:

The responsible body is the natural or legal person who, alone or jointly with others, decides on the
purposes and means of processing personal data (e.g. names, email addresses, etc.).

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your
consent at any time. An informal e-mail to us is sufficient. The legality of the data processing carried out
before the revocation remains unaffected by the revocation.

Right of appeal to the competent supervisory authority

In the event of violations of data protection law, the person concerned has the right to lodge a complaint
with the competent supervisory authority. The competent supervisory authority for data protection issues
is the state data protection officer of the federal state in which our company is based. A list of data
protection officers and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html .

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries
that you send to us as the website operator, this site uses an SSL or. TLS encryption. You can recognize
an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https:
//” and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If there is an obligation to provide us with your payment data (e.g. account number for direct debit
authorization) after the conclusion of a fee-based contract, this data is required for payment processing.

Payment transactions using common means of payment (Visa / MasterCard, direct debit) are made
exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the
fact that the address line of the browser changes from "http: //" to "https: //" and by the lock symbol in
your browser line.

With encrypted communication, your payment data that you transmit to us cannot be read by third
parties.

Information, blocking, deletion

Within the framework of the applicable statutory provisions, you have the right to free information about
your stored personal data, their origin and recipient and the purpose of the data processing and, if
necessary, a right to correct, block or delete this data. You can contact us at any time at the address
given in the legal notice if you have any further questions on the subject of personal data.

Objection to advertising mail

We hereby object to the use of the contact data published in the context of the imprint obligation for
sending unsolicited advertising and information materials. The operators of the pages expressly reserve
the right to take legal action in the event of unsolicited sending of advertising information, such as spam
e-mails.

3. Data protection officer
Legally required data protection officer

We have appointed a data protection officer for our company.

zH data protection officer

Your data protection officer can be found here if required

Telephone:
Fax:
E-Mail:

4. Data collection on our website
Cookies

Some of the websites use so-called cookies. Cookies do not damage your computer and do not contain
viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small
text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your
visit. Other cookies remain stored on your device until you delete them. These cookies enable us to
recognize your browser the next time you visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in
individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the
automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of
this website may be restricted.

Cookies that are required to carry out the electronic communication process or to provide certain
functions you require (e.g. shopping cart function) are stored on the basis of Art. 6 Para. 1 lit. f GDPR.
The website operator has a legitimate interest in the storage of cookies for the technically error-free and
optimized provision of its services. If other cookies (e.g. cookies for analyzing your surfing behavior) are
stored, these will be treated separately in this data protection declaration.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files,
which your browser automatically transmits to us. These are:

Browser type and browser version
operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address
This data will not be merged with other data sources.

The basis for data processing is Article 6 (1) (f) GDPR, which allows the processing of data for the
fulfillment of a contract or pre-contractual measures.

contact form

If you send us inquiries using the contact form, your details from the inquiry form, including the contact
details you provided there, will be stored by us for the purpose of processing the inquiry and in case of
follow-up questions. We do not pass on this data without your consent.

The processing of the data entered in the contact form takes place exclusively on the basis of your
consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time. An informal e-mail to us is
sufficient. The legality of the data processing operations carried out before the revocation remains
unaffected by the revocation.

The data you enter in the contact form will remain with us until you ask us to delete it, revoke your
consent to storage or the purpose for data storage no longer applies (e.g. after your request has been
processed). Mandatory legal provisions - in particular retention periods - remain unaffected.

Data transfer when concluding a contract for online shops, dealers and dispatch of goods

We only transmit personal data to third parties if this is necessary in the context of contract processing,
for example to the company entrusted with the delivery of the goods or the credit institution
commissioned with the payment processing. A further transmission of the data does not take place or
only if you have expressly consented to the transmission. Your data will not be passed on to third parties
without your express consent, e.g. for advertising purposes.

The basis for data processing is Article 6 (1) (b) GDPR, which allows data to be processed to fulfill a
contract or to take steps prior to entering into a contract.

Data transfer when concluding a contract for services and digital content

We only transmit personal data to third parties if this is necessary in the context of contract processing,
for example to the credit institute commissioned with the processing of payments.

A further transmission of the data does not take place or only if you have expressly consented to the
transmission. Your data will not be passed on to third parties without your express consent, e.g. for
advertising purposes.

The basis for data processing is Article 6 (1) (b) GDPR, which allows data to be processed to fulfill a
contract or to take steps prior to entering into a contract.

5. Newsletter
Newsletter data

If you would like to receive the newsletter offered on the website, we need an e-mail address from you as
well as information that allows us to verify that you are the owner of the e-mail address provided and that
you agree to receive the newsletter . Further data is not collected or is only collected on a voluntary
basis. We use this data exclusively for sending the requested information and do not pass it on to third
parties.

The processing of the data entered in the newsletter registration form takes place exclusively on the
basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent to the storage of the
data, the e-mail address and their use for sending the newsletter at any time, for example via the
"Unsubscribe" link in the newsletter. The legality of the data processing operations that have already
taken place remains unaffected by the revocation.

The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us
until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter.
This does not affect data that we have stored for other purposes (e.g. e-mail addresses for the members'
area).

Mailing work

We use mailing work to send newsletters. The provider is Mailingwork GmbH, Birkenweg 7, 09569
Oederan, Germany.

Mailingwork is a service with which, among other things, the dispatch of newsletters can be organized
and analyzed. The data you enter for the purpose of subscribing to the newsletter will be stored on
Mailingwork's servers in Germany. If you do not want an analysis by mailing work, you have to
unsubscribe from the newsletter. We provide a link for this in every newsletter message. You can also
unsubscribe from the newsletter directly on the website.

Data analysis through mailing work

With the help of mailing work it is possible for us to analyze our newsletter campaigns. So we can z. B.
see whether a newsletter message has been opened and which links have been clicked. In this way we
can determine, among other things, which links have been clicked particularly often. We can also see
whether certain previously defined actions were carried out after opening / clicking (conversion rate). We
can z. B. recognize whether you have made a purchase after clicking on the newsletter.

Mailingwork also enables us to subdivide the newsletter recipients into different categories and to assign
additional profile data to the recipients. The newsletter recipients can be z. B. subdivide according to
age, gender or place of residence. In this way, the newsletters can be better adapted to the respective
target groups.

Legal basis

The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can
revoke this consent at any time. The legality of the data processing operations that have already taken
place remains unaffected by the revocation.

Storage period

The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us
until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers
of Mailingwork after you unsubscribe from the newsletter. This does not affect data that we have stored
for other purposes (e.g. e-mail addresses for the member / customer areas).

For more information, see the privacy policy of Mailingwork: https://mailingwork.de/datenschutz

Conclusion of a contract for order data processing

We have concluded an order processing contract with Mailingwork in accordance with Art. 28 Paragraph
3 GDPR. This contract ensures that your personal data, which we pass on to Mailingwork for processing,
are protected in accordance with the provisions of the GDPR.

6. Plugins and Tools
YouTube

Our website uses plugins from YouTube, operated by Google. The operator of the website is YouTube,
LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages equipped with a YouTube plug-in, a connection to the YouTube servers will
be established. The YouTube server is informed which of our pages you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior
directly to your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a
legitimate interest within the meaning of Art. 6 Para. 1 lit.f GDPR.

You can find more information on handling user data in YouTube's data protection declaration at:
https://www.google.de/intl/de/policies/privacy .

Vimeo

Our website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street,
New York, New York 10011, USA.

If you visit one of our pages equipped with a Vimeo plug-in, a connection to the Vimeo servers will be
established. The Vimeo server is informed which of our pages you have visited. Vimeo also obtains your
IP address. This also applies if you are not logged in to Vimeo or do not have a Vimeo account. The
information recorded by Vimeo is transmitted to the Vimeo server in the USA.

If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to
your personal profile. You can prevent this by logging out of your Vimeo account.

Further information on handling user data can be found in Vimeo's data protection declaration at:
https://vimeo.com/privacy .

Google Web Fonts

This page uses so-called web fonts, which are provided by Google, for the uniform display of fonts.
When you call up a page, your browser loads the required web fonts into your browser cache in order to
display texts and fonts correctly.

For this purpose, the browser you are using must connect to the Google servers. This gives Google
knowledge that our website has been accessed via your IP address. The use of Google Web Fonts takes
place in the interest of a uniform and appealing presentation of our online offers. This represents a
legitimate interest within the meaning of Art. 6 Para. 1 lit.f GDPR.

If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in
Google's data protection declaration: https://www.google.com/policies/privacy/ .

Google Maps

This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheater
Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually
transmitted to and stored by Google on servers in the United States. The provider of this site has no
influence on this data transfer.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy
findability of the places we have indicated on the website. This represents a legitimate interest within the
meaning of Art. 6 Para. 1 lit.f GDPR.

You can find more information on handling user data in Google's data protection declaration:
https://www.google.de/intl/de/policies/privacy/ .

7. Payment Providers
PayPal

On our website we offer payment via PayPal, among other things. The provider of this payment service
is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter
“PayPal”).

If you choose to pay via PayPal, the payment details you have entered will be transmitted to PayPal.

The transfer of your data to PayPal takes place on the basis of Art. 6 Paragraph 1 lit. a GDPR (consent)
and Art. 6 Paragraph 1 lit. b GDPR (processing to fulfill a contract). You have the option of withdrawing
your consent to data processing at any time. A revocation does not affect the effectiveness of data
processing operations in the past.

Klarna

On our website we offer, among other things, payment with Klarna's services. The provider is Klarna AB,
Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”).

Klarna offers various payment options (e.g. installment purchase). If you decide to pay with Klarna
(Klarna checkout solution), Klarna will collect various personal data from you. You can read details on
this in Klarna's data protection declaration under the following link:
https://www.klarna.com/de/datenschutz/ .

Klarna uses cookies to optimize the use of the Klarna checkout solution. The optimization of the
checkout solution represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Cookies
are small text files that are stored on your device and do not cause any damage. They remain on your
device until you delete them. Details on the use of Klarna cookies can be found at the following link:
https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf .

Your data is transmitted to Klarna on the basis of Art. 6 Paragraph 1 lit. a GDPR (consent) and Art. 6
Paragraph 1 lit. b GDPR (processing to fulfill a contract). You have the option of withdrawing your
consent to data processing at any time. A revocation does not affect the effectiveness of data processing
operations in the past.

Instant bank transfer

On our website we offer, among other things, payment by means of “instant transfer”. The provider of
this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter “Sofort GmbH”).

With the help of the “Sofortüberweisung” process, we receive a real-time payment confirmation from
Sofort GmbH and can immediately begin to meet our obligations.

If you have decided on the “Sofortüberweisung” payment method, send the PIN and a valid TAN to
Sofort GmbH, which can be used to log into your online banking account. Sofort GmbH automatically
checks your account balance after logging in and carries out the transfer to us with the help of the TAN
you transmitted. It then immediately sends us a transaction confirmation. After logging in, your sales, the
credit line of the overdraft facility and the existence of other accounts and their stocks are automatically
checked.

In addition to the PIN and TAN, the payment data you have entered and your personal data are also
transmitted to Sofort GmbH. Your personal data is your first and last name, address, telephone number
(s), email address, IP address and any other data required for payment processing. The transmission of
this data is necessary to establish your identity beyond doubt and to prevent attempted fraud.

The transfer of your data to Sofort GmbH takes place on the basis of Art. 6 Paragraph 1 lit. a GDPR
(consent) and Art. 6 Paragraph 1 lit. b GDPR (processing to fulfill a contract). You have the option of
withdrawing your consent to data processing at any time. A revocation does not affect the effectiveness
of data processing operations in the past.

You can find details on payment with immediate transfer from the following links:
https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/ .

Paydirect

On our website we offer, among other things, payment via Paydirekt. The provider of this payment
service is Paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany (hereinafter
“Paydirekt”).

If you make the payment using Paydirekt, Paydirekt collects various transaction data and forwards them
to the bank with which you are registered with Paydirekt. In addition to the data required for payment,
Paydirekt may collect additional data such as delivery address or individual items in the shopping cart as
part of the transaction processing.

Paydirect then authenticates the transaction using the authentication procedure stored at the bank for
this purpose. The payment amount will then be transferred from your account to our account. Neither we
nor third parties have access to your account details.

Details on payment with Paydirekt can be found in the terms and conditions and the data protection
provisions of Paydirekt at: https://www.paydirekt.de/agb/index.html .

iframes and offers from other service providers:

Applications and offers from third parties are shown in some of the windows on our website

shown. These serve to complete the offers to you and your wishes in relation to it

on travel bookings, hotel reservations, rental cars, price comparisons or similar.

These applications collect data that is not in our system but in the system of the respective provider

collected, processed and used. By using this window, you explicitly agree to this fact.