4. Recording of data on this website

Cookies

Our websites and pages use what the industry refers to as “cookies.” Cookies are small data packages that do

not cause any damage to your device. They are either stored temporarily for the duration of a session

(session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are

automatically deleted once you terminate your visit. Permanent cookies remain archived on your device

until you actively delete them, or they are automatically eradicated by your web browser.

Cookies can be issued by us (first-party cookies) or by third-party companies (so-called third-party cookies).

Third-party cookies enable the integration of certain services of third-party companies into websites (e.g.,

cookies for handling payment services).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions

would not work in the absence of these cookies (e.g., the shopping cart function or the display of videos).

Other cookies may be used to analyze user behavior or for promotional purposes.

Cookies, which are required for the performance of electronic communication transactions, for the provision

of certain functions you want to use (e.g., for the shopping cart function) or those that are necessary for the

optimization (required cookies) of the website (e.g., cookies that provide measurable insights into the web

audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The

operator of the website has a legitimate interest in the storage of required cookies to ensure the technically

error-free and optimized provision of the operator’s services. If your consent to the storage of the cookies

and similar recognition technologies has been requested, the processing occurs exclusively on the basis of

the consent obtained (Art. 6(1)(a) GDPR and § 25 (1) TDDDG); this consent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are

placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of

cookies in certain cases or in general or activate the delete-function for the automatic eradication of cookies

when the browser closes. If cookies are deactivated, the functions of this website may be limited.

If other cookies and services are used on this website, you can find this information in this privacy policy.

Consent with Usercentrics

This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain

cookies on your device or for the use of specific technologies, and to document the former in a data

protection compliant manner. The party offering this technology is Usercentrics GmbH, Sendlinger Straße 7,

80331 München, Germany, website:

https://usercentrics.com/ (hereinafter referred to as “Usercentrics”).

Whenever you visit our website, the following personal data will be transferred to Usercentrics:

Your declaration(s) of consent or your revocation of your declaration(s) of consent

Your IP address

Information about your browser

Information about your device

The date and time you visited our website

Geolocation

Moreover, Usercentrics shall store a cookie in your browser to be able to allocate your declaration(s) of

consent or any revocations of the former. The data that are recorded in this manner shall be stored until you

ask us to eradicate them, delete the Usercentrics cookie or until the purpose for archiving the data no longer

exists. This shall be without prejudice to any mandatory legal retention periods.

Usercentrics uses cookies to obtain the declarations of consent mandated by law. The legal basis for the use

of specific technologies is Art. 6(1)(c) GDPR.

Server log files

The provider of this website and its pages automatically collects and stores information in so-called server

log files, which your browser communicates to us automatically. The information comprises:

The type and version of browser used

The used operating system

Referrer URL

The hostname of the accessing computer

The time of the server inquiry

The IP address

This data is not merged with other data sources.

This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest

in the technically error free depiction and the optimization of the operator’s website. In order to achieve this,

server log files must be recorded.

Contact form

If you submit inquiries to us via our contact form, the information provided in the contact form as well as any

contact information provided therein will be stored by us in order to handle your inquiry and in the event

that we have further questions. We will not share this information without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR, if your request is related to the execution of a

contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based

on our legitimate interest in the effective processing of the requests addressed to us (Art. 6(1)(f) GDPR) or

on your agreement (Art. 6(1)(a) GDPR) if this has been requested; the consent can be revoked at any time.

The information you have entered into the contact form shall remain with us until you ask us to eradicate the

data, revoke your consent to the archiving of data or if the purpose for which the information is being

archived no longer exists (e.g., after we have concluded our response to your inquiry). This shall be without

prejudice to any mandatory legal provisions, in particular retention periods.

Request by e-mail, telephone, or fax

If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name,

request) will be stored and processed by us for the purpose of processing your request. We do not pass these

data on without your consent.

These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a

contract or is required for the performance of pre-contractual measures. In all other cases, the data are

processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art.

6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consent can be

revoked at any time.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your

consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request).

Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Communication via WhatsApp

For communication with our customers and other third parties, one of the services we use is the instant

messaging service WhatsApp. The provider is WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04

X2K5, Ireland.

The communication is encrypted end-to-end (peer-to-peer), which prevents WhatsApp or other third parties

from gaining access to the communication content. However, WhatsApp does gain access to metadata

created during the communication process (for example, sender, recipient, and time). We would also like to

point out that WhatsApp has stated that it shares personal data of its users with its U.S.-based parent

company Meta. Further details on data processing can be found in the WhatsApp privacy policy at:

https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in communicating as quickly and effectively as

possible with customers, interested parties and other business and contractual partners (Art. 6(1)(f) GDPR).

If a corresponding consent has been requested, data processing is carried out exclusively on the basis of the

consent; this consent may be revoked at any time with effect for the future.

The communication content exchanged between you and us on WhatsApp remains with us until you request

us to delete it, revoke your consent to storage or the purpose for which the data is stored ceases to apply

(e.g. after your request has been processed). Mandatory legal provisions, in particular retention periods,

remain unaffected.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an

agreement between the European Union and the US, which is intended to ensure compliance with European

data protection standards for data processing in the US. Every company certified under the DPF is obliged to

comply with these data protection standards. For more information, please contact the provider under the

following link:

https://www.dataprivacyframework.gov/participant/7735.

We use WhatsApp in the “WhatsApp Business” variant.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European

Commission. Details can be found here:

https://www.whatsapp.com/legal/business-data-transfer-addendum?lang=en.

Registration on this website

You have the option to register on this website to be able to use additional website functions. We shall use

the data you enter only for the purpose of using the respective offer or service you have registered for. The

required information we request at the time of registration must be entered in full. Otherwise, we shall

reject the registration.

To notify you of any important changes to the scope of our portfolio or in the event of technical

modifications, we shall use the e-mail address provided during the registration process.

The data entered during registration is processed for the purpose of implementing the user relationship

established by the registration and, if necessary, for the initiation of further contracts (Art. 6 (1)(b) GDPR).

The data recorded during the registration process shall be stored by us as long as you are registered on this

website. Subsequently, such data shall be deleted. This shall be without prejudice to mandatory statutory

retention obligations.

Registration with Facebook Connect

Instead of registering directly on this website, you also have the option to register using Facebook Connect.

The provider of this service is Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5,

Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other thirdparty

countries too.

If you decide to register via Facebook Connect and click on the “Login with Facebook”/„Connect with

Facebook” button, you will be automatically connected to the Facebook platform. There, you can log in using

your username and password. As a result, your Facebook profile will be linked to this website or our services.

This link gives us access to the data you have archived with Facebook. These data comprise primarily the

following:

Facebook name

Facebook profile photo and cover photo

Facebook cover photo

E-mail address archived with Facebook

Facebook-ID

Facebook friends lists

Facebook Likes (“Likes” information)

Date of birth

Gender

Country

Language

This information will be used to set up, provide and customize your account.

The registration via Facebook Connect and the affiliated data processing transactions are implemented on

the basis of your consent (Art. 6(1)(a) GDPR). You may revoke this consent at any time, which shall affect all

future transactions thereafter.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to

Facebook, we and Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5, Ireland are

jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to

the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after

the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been

set out in a joint processing agreement. The wording of the agreement can be found under:

https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for

providing the privacy information when using the Facebook tool and for the privacy-secure implementation

of the tool on our website. Facebook is responsible for the data security of Facebook products. You can

assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with

Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European

Commission. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum,

https://de-de.facebook.com/help/566994660333381 and

https://www.facebook.com/policy.php.

For more information, please consult the Facebook Terms of Use and the Facebook Data Privacy Policies.

Use these links to access this information:

https://www.facebook.com/about/privacy/ and

https://www.facebook.com/legal/terms/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an

agreement between the European Union and the US, which is intended to ensure compliance with European

data protection standards for data processing in the US. Every company certified under the DPF is obliged to

comply with these data protection standards. For more information, please contact the provider under the

following link:

https://www.dataprivacyframework.gov/participant/4452.

Registration with Google

Instead of registering directly on this website, you can register with Google. The provider of this service is

Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To register with Google, you must only enter your Google name and password. Google will identify you and

confirm your identity to our website.

When you sign in with Google, we may be able to use certain information in your account to complete your

profile with us. You decide whether you want this information to be used and if so, which information it is,

within the framework of your Google security settings, which you can find here:

https://myaccount.google.com/security and

https://myaccount.google.com/permissions.

The data processing associated with Google’s registration is based on our legitimate interest in making the

registration process as simple as possible for our users (Art. 6(1)(f) GDPR). Since the use of the registration

function is voluntary and the users themselves can decide on the respective access options, no conflicting

predominant rights of the data subjects are apparent.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an

agreement between the European Union and the US, which is intended to ensure compliance with European

data protection standards for data processing in the US. Every company certified under the DPF is obliged to

comply with these data protection standards. For more information, please contact the provider under the

following link:

https://www.dataprivacyframework.gov/participant/5780.

The comment function on this website

When you use the comment function on this website, information on the time the comment was generated

and your e-mail-address and, if you are not posting anonymously, the username you have selected will be

archived in addition to your comments.

Storage of the IP address

Our comment function stores the IP addresses of all users who enter comments. Given that we do not

review the comments prior to publishing them, we need this information in order to take action against the

author in the event of rights violations, such as defamation or propaganda.

Subscribing to comments

As a user of this website, you have the option to subscribe to comments after you have registered. You will

receive a confirmation e-mail, the purpose of which is to verify whether you are the actual holder of the

provided e-mail address. You can deactivate this function at any time by following a respective link in the

information e-mails. The data entered in conjunction with subscriptions to comments will be deleted in this

case. However, if you have communicated this information to us for other purposes and from a different

location (e.g., when subscribing to the newsletter), the data shall remain in our possession.

Storage period for comments

Comments and any affiliated information shall be stored by us and remain on this website until the content

the comment pertained to has been deleted in its entirety or if the comments had to be deleted for legal

reasons (e.g., insulting comments).

Legal basis

Comments are stored on the basis of your consent (Art. 6(1)(a) GDPR). You have the right to revoke at any

time any consent you have already given us. To do so, all you are required to do is sent us an informal

notification via e-mail. This shall be without prejudice to the lawfulness of any data collection that occurred

prior to your revocation.

5. Social media

Facebook

We have integrated elements of the social network Facebook on this website. The provider of this service is

Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook’s

statement the collected data will be transferred to the USA and other third-party countries too.

An overview of the Facebook social media elements is available under the following link:

https://developers.facebook.com/docs/plugins/.

If the social media element has been activated, a direct connection between your device and the Facebook

server will be established. As a result, Facebook will receive information confirming your visit to this website

with your IP address. If you click on the Facebook Like button while you are logged into your Facebook

account, you can link content of this website to your Facebook profile. Consequently, Facebook will be able

to allocate your visit to this website to your user account. We have to emphasize that we as the provider of

the website do not receive any information on the content of the transferred data and its use by Facebook.

For more information, please consult the Data Privacy Policy of Facebook at:

https://de-de.facebook.com/privacy/explanation.

The use of this service is based on your consent in accordance with Art. 6 (1)(a) GDPR and § 25 (1) TDDDG.

Consent can be revoked at any time.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to

Facebook, we and Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5, Ireland are

jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to

the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after

the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been

set out in a joint processing agreement. The wording of the agreement can be found under:

https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for

providing the privacy information when using the Facebook tool and for the privacy-secure implementation

of the tool on our website. Facebook is responsible for the data security of Facebook products. You can

assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with

Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European

Commission. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum,

https://de-de.facebook.com/help/566994660333381 and

https://www.facebook.com/policy.php.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an

agreement between the European Union and the US, which is intended to ensure compliance with European

data protection standards for data processing in the US. Every company certified under the DPF is obliged to

comply with these data protection standards. For more information, please contact the provider under the

following link:

https://www.dataprivacyframework.gov/participant/4452.

Instagram

We have integrated functions of the public media platform Instagram into this website. These functions are

being offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

If the social media element has been activated, a direct connection between your device and Instagram’s

server will be established. As a result, Instagram will receive information on your visit to this website.

If you are logged into your Instagram account, you may click the Instagram button to link contents from this

website to your Instagram profile. This enables Instagram to allocate your visit to this website to your user

account. We have to point out that we as the provider of the website and its pages do not have any

knowledge of the content of the data transferred and its use by Instagram.

The use of this service is based on your consent in accordance with Art. 6 (1)(a) GDPR and § 25 (1) TDDDG.

Consent can be revoked at any time.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to

Facebook or Instagram, we and Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5,

Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited

exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by

Facebook or Instagram that takes place after the onward transfer is not part of the joint responsibility. The

obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the

agreement can be found under:

https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for

providing the privacy information when using the Facebook or Instagram tool and for the privacy-secure

implementation of the tool on our website. Facebook is responsible for the data security of Facebook or

Instagram products. You can assert data subject rights (e.g., requests for information) regarding data

processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we

are obliged to forward them to Facebook.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European

Commission. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum,

https://privacycenter.instagram.com/policy/ and

https://de-de.facebook.com/help/566994660333381.

For more information on this subject, please consult Instagram’s Data Privacy Declaration at:

https://privacycenter.instagram.com/policy/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an

agreement between the European Union and the US, which is intended to ensure compliance with European

data protection standards for data processing in the US. Every company certified under the DPF is obliged to

comply with these data protection standards. For more information, please contact the provider under the

following link:

https://www.dataprivacyframework.gov/participant/4452.

LinkedIn

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company,

Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Any time you access a page of this website that contains elements of LinkedIn, a connection to LinkedIn’s

servers is established. LinkedIn is notified that you have visited this website with your IP address. If you click

on LinkedIn’s “Recommend” button and are logged into your LinkedIn account at the time, LinkedIn will be in

a position to allocate your visit to this website to your user account. We have to point out that we as the

provider of the websites do not have any knowledge of the content of the transferred data and its use by

LinkedIn.

The use of this service is based on your consent in accordance with Art. 6 (1)(a) GDPR and § 25 (1) TDDDG.

Consent can be revoked at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European

Commission. Details can be found here:

https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-undder-

schweiz?lang=de.

For further information on this subject, please consult LinkedIn’s Data Privacy Declaration at:

https://www.linkedin.com/legal/privacy-policy.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an

agreement between the European Union and the US, which is intended to ensure compliance with European

data protection standards for data processing in the US. Every company certified under the DPF is obliged to

comply with these data protection standards. For more information, please contact the provider under the

following link:

https://www.dataprivacyframework.gov/participant/5448.

6. Newsletter

Newsletter data

If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail

address as well as information that allow us to verify that you are the owner of the e-mail address provided

and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a

voluntary basis. We shall use such data only for the sending of the requested information and shall not share

such data with any third parties.

The processing of the information entered into the newsletter subscription form shall occur exclusively on

the basis of your consent (Art. 6(1)(a) GDPR). You may revoke the consent you have given to the archiving of

data, the e-mail address, and the use of this information for the sending of the newsletter at any time, for

instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the

lawfulness of any data processing transactions that have taken place to date.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you

unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter

distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We

reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own

discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR.

Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the

newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data

from the blacklist is used only for this purpose and not merged with other data. This serves both your

interest and our interest in complying with the legal requirements when sending newsletters (legitimate

interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to

the storage if your interests outweigh our legitimate interest.

7. Plug-ins and Tools

Google Fonts (local embedding)

This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site.

These Google fonts are locally installed so that a connection to Google’s servers will not be established in

conjunction with this application.

For more information on Google Fonts, please follow this link:

https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under:

https://policies.google.com/privacy?hl=en.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is

Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered

into a contact form) is being provided by a human user or by an automated program. To determine this,

reCAPTCHA analyzes the behavior of the website visitors based on a variety of parameters. This analysis is

triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA

evaluates a variety of data (e.g., IP address, time the website visitor spent on the site or cursor movements

initiated by the user). The data tracked during such analyses are forwarded to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is

underway.

Data are stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate

interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If

appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a)

GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information

in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be

revoked at any time.

For more information about Google reCAPTCHA please refer to the Google Data Privacy Declaration and

Terms Of Use under the following links:

https://policies.google.com/privacy?hl=en and

https://policies.google.com/terms?hl=en.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an

agreement between the European Union and the US, which is intended to ensure compliance with European

data protection standards for data processing in the US. Every company certified under the DPF is obliged to

comply with these data protection standards. For more information, please contact the provider under the

following link:

https://www.dataprivacyframework.gov/participant/5780.

8. eCommerce and payment service providers

Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data for the establishment, content

arrangement and modification of our contractual relationships. Data with personal references to the use of

this website (usage data) will be collected, processed, and used only if this is necessary to enable the user to

use our services or required for billing purposes. The legal basis for these processes is Art. 6(1)(b) GDPR.

The collected customer data shall be deleted upon completion of the order or termination of the business

relationship and upon expiration of any existing statutory archiving periods. This shall be without prejudice

to any statutory archiving periods.

Data transfer upon closing of contracts for online stores, retailers, and the shipment of

merchandise

Whenever you order merchandise from us, we will share your personal data with the transportation

company entrusted with the delivery as well as the payment service commissioned to handle the payment

transactions. Only the data these respective service providers require to meet their obligations will be

shared. The legal basis for this sharing is Art. 6 (1)(b) GDPR, which permits the processing of data for the

fulfillment of contractual or pre-contractual obligations. If you give us your respective consent pursuant to

Art. 6 (1)(a) GDPR, we will share your email address with the transportation company entrusted with the

delivery so that this company can notify you on the shipping status for your order via email. You have the

option to revoke your consent at any time.

Data transfer upon closing of contracts for services and digital content

We share personal data with third parties only if this is necessary in conjunction with the handling of the

contract; for instance, with the financial institution tasked with the processing of payments.

Any further transfer of data shall not occur or shall only occur if you have expressly consented to the

transfer. Any sharing of your data with third parties in the absence of your express consent, for instance for

advertising purposes, shall not occur.

The basis for the processing of data is Art. 6(1)(b) GDPR, which permits the processing of data for the

fulfilment of a contract or for pre-contractual actions.

Credit checks

We may conduct a credit check in the event that purchases are made on account or based on other payment

terms that require us to extend credit (scoring). For this purpose, we transmit the data you have entered

(e.g., name, address, age, or banking information) to a credit information agency. Based on this data, the

probability of non-payment is determined. If the likelihood of non-payment is excessive, we may reject the

respective payment term.

The credit check is performed on the basis of contractual fulfillment (Art. 6(1)(b) GDPR) and to avert nonpayment

(justified interest pursuant to Art. 6(1)(f) GDPR). If consent has been obtained, the credit check

shall be performed on the basis of this consent (Art. 6(1)(a) GDPR); the consent may be revoked at any time.

Payment services

We integrate payment services of third-party companies on our website. When you make a purchase from

us, your payment data (e.g. name, payment amount, bank account details, credit card number) are processed

by the payment service provider for the purpose of payment processing. For these transactions, the

respective contractual and data protection provisions of the respective providers apply. The use of the

payment service providers is based on Art. 6(1)(b) GDPR (contract processing) and in the interest of a

smooth, convenient, and secure payment transaction (Art. 6(1)(f) GDPR). Insofar as your consent is

requested for certain actions, Art. 6(1)(a) GDPR is the legal basis for data processing; consent may be

revoked at any time for the future.

We use the following payment services / payment service providers within the scope of this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449

Luxembourg (hereinafter “PayPal”).

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European

Commission. Details can be found here:

https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

Details can be found in PayPal’s privacy policy:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Apple Pay

The payment service provider is Apple Inc, Infinite Loop, Cupertino, CA 95014, USA. The Apple privacy

policy can be found at:

https://www.apple.com/legal/privacy/de-ww/.

Google Pay

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can find

Google’s privacy policy here:

https://policies.google.com/privacy.

Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd,1 Grand Canal Street Lower, Grand

Canal Dock, Dublin, Ireland (hereinafter “Stripe”).

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European

Commission. Details can be found here:

https://stripe.com/de/privacy and

https://stripe.com/de/guides/general-data-protection-regulation.

Details can be found in Stripe’s Privacy Policy at the following link:

https://stripe.com/de/privacy.

Klarna

The supplier is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna“). Klarna offers

various payment options (e.g., hire purchase). If you choose to pay with Klarna (Klarna checkout solution),

Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of Klarna

checkout solution. For details on the use of Klarna cookies, please see the following link:

https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.

Details can be found in Klarna’s privacy policy under the following link:

https://www.klarna.com/de/datenschutz/.

Paydirekt

The provider of this payment service is Paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main,

Germany (hereinafter referred to as “Paydirekt”). If you make payment via Paydirekt, Paydirekt collects

various transaction data and forwards them to the bank with which you are registered with Paydirekt. In

addition to the data required for payment, Paydirekt may also collect further data such as delivery address

or individual items in the shopping basket as part of the transaction processing. Paydirekt then authenticates

the transaction by means of the authentication procedure stored with the bank. The payment amount is then

transferred from your account to our account. Neither we nor third parties have access to your account data.

For details on payment with Paydirekt, please refer to the General Terms and Conditions and the Paydirekt

Privacy Policy at:

https://www.paydirekt.de/agb/index.html.

instant transfer Sofort

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany

(hereinafter “Sofort GmbH”). With the help of the “Sofortüberweisung” procedure, we receive a payment

confirmation from Sofort GmbH in real time and can immediately begin to fulfill our obligations. If you have

chosen the payment method “Sofortüberweisung”, please send the PIN and a valid TAN to Sofort GmbH, with

which it can log into your online banking account. Sofort GmbH automatically checks your account balance

after logging in and carries out the transfer to us with the help of the TAN you have transmitted. Afterwards,

it immediately sends us a transaction confirmation. After you log in, your turnover, the credit limit of the

overdraft facility and the existence of other accounts and their balances are also checked automatically. In

addition to the PIN and the TAN, the payment data entered by you as well as personal data will be

transmitted to Sofort GmbH. The data about your person are first and last name, address, telephone

number(s), email address, IP address and possibly other data required for payment processing. The

transmission of this data is necessary to determine your identity beyond doubt and to prevent fraud

attempts. For details on payment with immediate bank transfer, please refer to the following link:

https://www.klarna.com/sofort/.

Amazon Pay

The provider of this payment service is Amazon Payments Europe S.C.A., 38 avenue J.F. Kennedy, L-1855

Luxembourg.

Details regarding the use of your data can be found in Amazon Pay’s Privacy Policy at the following link:

https://pay.amazon.de/help/201212490?ld=APDELPADirect.

Mollie

The provider of this payment service is Mollie B.V, Keizersgracht 126, 1015CW Amsterdam, Netherlands

(hereinafter "Mollie"). With the help of Mollie, we can integrate various payment methods on our website.

Details can be found in Mollie's privacy policy:

https://www.mollie.com/de/privacy.

PayOne

Provider of this payment service is PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany

(hereinafter “PayOne”). Reference is made to PayOne’s privacy policy for details:

https://www.payone.com/DE-de/datenschutz.

giropay

The provider of this payment service is the paydirekt GmbH, Stephanstraße 14 – 16, 60313 Frankfurt am

Main (hereinafter referred to as “giropay”).

For details, please consult giropay’s Data Privacy Policy at:

https://www.paydirekt.de/agb/index.html.

Unzer

The provider of this payment service is the Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg

(hereinafter referred to as “Unzer”).

For details, please consult Unzer’s data privacy policy at:

https://www.unzer.com/de/datenschutz/.

American Express

The provider of this payment service is the American Express Europe S.A., Theodor-Heuss-Allee 112, 60486

Frankfurt am Main, Germany (hereinafter “American Express”).

American Express may transfer data to its parent company in the US. The data transfer to the US is based on

the Binding Corporate Rules. Details can be found here:

https://www.americanexpress.com/en-cz/company/legal/privacy-centre/binding-corporate-rules/.

For more information, please see the American Express privacy policy:

https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/.

Mastercard

The provider of this payment service is the Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410

Waterloo, Belgium (hereinafter “Mastercard”).

Mastercard may transfer data to its parent company in the US. The data transfer to the US is based on

Mastercard's Binding Corporate Rules. Details can be found here:

https://www.mastercard.de/de-de/datenschutz.html and

https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

The provider of this payment service is the Visa Europe Services Inc, London Branch, 1 Sheldon Square,

London W2 6TT, United Kingdom (hereinafter “VISA”).

Great Britain is considered a secure non-EU country as far as data protection legislation is concerned. This

means that the data protection level in Great Britain is equivalent to the data protection level of the

European Union.

VISA may transfer data to its parent company in the US. The data transfer to the US is based on the standard

contractual clauses of the EU Commission. Details can be found here:

https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zuzustandigkeitsfragen-

fur-den-ewr.html.

For more information, please refer to VISA’s privacy policy:

https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

9. Online-based Audio and Video Conferences (Conference tools)

Data processing

We use online conference tools, among other things, for communication with our customers. The tools we

use are listed in detail below. If you communicate with us by video or audio conference using the Internet,

your personal data will be collected and processed by the provider of the respective conference tool and by

us. The conferencing tools collect all information that you provide/access to use the tools (email address

and/or your phone number). Furthermore, the conference tools process the duration of the conference, start

and end (time) of participation in the conference, number of participants and other “context information”

related to the communication process (metadata).

Furthermore, the provider of the tool processes all the technical data required for the processing of the

online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type,

operating system type and version, client version, camera type, microphone or loudspeaker and the type of

connection.

Should content be exchanged, uploaded, or otherwise made available within the tool, it is also stored on the

servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/ instant

messages, voicemail uploaded photos and videos, files, whiteboards, and other information shared while

using the service.

Please note that we do not have complete influence on the data processing procedures of the tools used. Our

possibilities are largely determined by the corporate policy of the respective provider. Further information

on data processing by the conference tools can be found in the data protection declarations of the tools

used, and which we have listed below this text.

Purpose and legal bases

The conference tools are used to communicate with prospective or existing contractual partners or to offer

certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves to generally

simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art.

6(1)(f) GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this

consent; the consent may be revoked at any time with effect from that date.

Duration of storage

Data collected directly by us via the video and conference tools will be deleted from our systems

immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the

data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal

retention periods remain unaffected.

We have no influence on the duration of storage of your data that is stored by the operators of the

conference tools for their own purposes. For details, please directly contact the operators of the conference

tools.

Conference tools used

We employ the following conference tools:

Zoom

We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard,

6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom’s privacy policy:

https://www.zoom.com/de/trust/privacy/privacy-statement/.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European

Commission. Details can be found here:

https://www.zoom.com/de/trust/privacy/privacy-statement/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an

agreement between the European Union and the US, which is intended to ensure compliance with European

data protection standards for data processing in the US. Every company certified under the DPF is obliged to

comply with these data protection standards. For more information, please contact the provider under the

following link:

https://www.dataprivacyframework.gov/participant/5728.

Microsoft Teams

We use Microsoft Teams. The provider is the Microsoft Ireland Operations Limited, One Microsoft Place,

South County Business Park, Leopardstown, Dublin 18, Ireland. For details on data processing, please refer

to the Microsoft Teams privacy policy:

https://privacy.microsoft.com/en-us/privacystatement.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an

agreement between the European Union and the US, which is intended to ensure compliance with European

data protection standards for data processing in the US. Every company certified under the DPF is obliged to

comply with these data protection standards. For more information, please contact the provider under the

following link:

https://www.dataprivacyframework.gov/participant/6474.