1. Preface
Data protection is of a particularly high priority for Psycho.This privacy policy clarifies the nature, scope and purpose of the processing of personal data within our online offer and the websites, functions and content associated with it (hereinafter collectively referred to as the "online offer" or "website"). The privacy policy applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offer is performed.
2. Responsible person
The controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member States of the European Union and other provisions related to data protection is:PsychoRilkestrasse 2364668 RimbachGermanyPhone: +49 1573 3984723Email: kontakt.psycho@gmail.comWebsite: psycho-lifestyle.de3. Data Protection OfficerThe Data Protection Officer of the controller shall be:PsychoRilkestrasse 2364668 RimbachGermanyPhone: +49 1577 9873393E-mail: travis.stockert@gmail. comAny data subject may, at any time, contact our data protection officer directly with all questions and suggestions concerning data protection.
4. Definition
Our data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners.To ensure this, we would like to explain in advance the terms used. The terms used, such as “personal data” or “processing” thereof, are defined in Art. 4 of the General Data Protection Regulation (GDPR).We use, inter alia, the following terms in this Privacy Policy:
Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more features specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.Person concernedData subject is any identified or identifiable natural person whose personal data are processed by the controller.
Processing
Processing means any operation or series of operations carried out with or without the aid of automated means in connection with personal data, such as the collection, collection, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, comparison or linking, restriction, erasure or destruction.Restriction of processingRestriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling
Profiling is any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller
Controller or controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processors
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Consig Recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a particular inquiry in accordance with Union or Member State law shall not be considered recipients.
Third
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.
5. General information on data processing
Scope of processing of personal data
We collect and use personal data of our users only insofar as this is necessary for the provision of a functioning website as well as our content and services. The collection and use of personal data of our users regularly takes place only with the consent of the user. An exception applies in cases where prior consent is not possible for factual reasons and the processing of the data is permitted by law.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures.Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.If processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.
Data erasure and storage period
The personal data of the data subject shall be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject.The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
Technical and organisational measures
In order to ensure that personal data cannot be read, copied, altered or removed without authorization during electronic transmission, transport or storage on data carriers, we use an encryption procedure based on the state of the art in accordance with Art. 9 GDPR.This site uses Transport Layer Security (TLS) encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to our system. Data you transmit to our system cannot be read by third parties without further ado.You can recognise an encrypted connection by changing the address line of your browser from "http://" to "https://" and by the lock symbol in your browser line.
6. Provision of the website and creation of log files
Description and scope of data processingEach time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.The following data is collected:Information about the browser type and version usedthe user's operating systemthe user’s Internet service providerthe IP address of the userthe date and time of accessWebsites from which the user's system reaches our websiteWebsites accessed by the user's system through our websiteThe data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.Purpose of data processingTemporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f DSGVO.
Duration of storage
The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of collection of data for the provision of the website, this is the case when the respective session has ended.If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or altered so that an assignment to the calling client is no longer possible.Opportunity for appeal and eliminationThe collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
7. Use of cookies
Description and scope of data processingWe use so-called cookies on the basis of our legitimate interests on this website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is called up again.
Technically necessary cookies
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.The following data may be stored and transmitted in the cookies:Session cookies that store certain settings of the user, e.g.:- Cart contents- Language settings- Remembering search terms- Log-in dataOpt-out cookies, indicating whether the user has actively consented to the setting of technically necessary and non-essential cookies.Test cookies, indicating whether the user allows the setting of cookies in his browserCookies, for analysis, advertising and marketing purposes.
When accessing our website, users are informed by an information banner about the use of technically necessary cookies and referred to this privacy policy. In this context, an indication is also given as to how the storage of cookies can be prevented in the browser settings.
Technically unnecessary cookies
If we use additional cookies in addition to technically necessary cookies, you will be informed about this on the website.Legal basis for data processingThe legal basis for the processing of personal data using cookies for analysis, marketing and/or tracking purposes is Art. 6 para. 1 sentence 1 lit. a DSGVO if the user has given his consent.The legal basis for processing personal data using technically necessary cookies is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given his consent to this. If the user has not given his consent, the legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO.
Purpose of data processing
The technically necessary cookies are used for the purpose of simplifying the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognised even after a page change. The user data collected by technically necessary cookies are not used to create user profiles.Duration of storage, possibility of objection and disposalCookies are stored on the user's computer and transmitted from there to our site. Therefore, you as the user also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transfer of cookies. Already stored cookies can be deleted at any time.
When accessing our website, users are informed by an information banner about the use of cookies and the user is asked whether he/she agrees to the setting of the named cookies. The user is free to decide whether to make a selection and whether to give his/her consent. If the user does not give his/her consent, no / only technically necessary cookies are set and no further storage of cookies takes place.
8 Newsletter
Description and scope of data processing
Based on our legitimate interests, we offer our users the opportunity to subscribe to a free newsletter on this website.
We only send newsletters, emails and other electronic notifications with advertising information (hereinafter "newsletter") with the consent of the recipient or with legal permission. When registering for the newsletter, the data from the input screen is transmitted to us.
If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the user's consent. Our newsletters also contain information about our products, offers, promotions and our company.
The following user data is collected:
the e-mail address
the first name and surname
the selected language
In addition, the following data is collected during registration and when data is changed
IP address of the accessing computer
Date and time
Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy.
Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people's e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored with the mailing service provider are also logged.
If you purchase goods or services on our website and enter your e-mail address, this may subsequently be used by us to send you a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter.
No data will be passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.
The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from the server of the mailing service provider when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the mailing service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Legal basis for data processing
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a DSGVO if the user has given consent.
The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.
The legal basis for statistical surveys and analyses is Art. 6 para. 1 lit. f DSGVO.
Purpose of the data processing
To subscribe to the newsletter, you must provide your email address, your name and the desired language of the newsletter. The purpose of collecting the user's email address is to send the newsletter. The name is used to address you personally in the newsletter. The language must be selected as we offer our newsletter in several languages.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
The purpose of the statistical surveys is to use a user-friendly and secure newsletter system that serves both our business interests and the expectations of the users.
Duration of storage
The data is deleted as soon as it is no longer required for the purpose for which it was collected. The user's e-mail address is therefore stored for as long as the subscription to the newsletter is active.
The other personal data collected during the registration process is generally deleted after a period of seven days.
Right of objection and removal
The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter.
This also makes it possible to withdraw consent to the storage of personal data collected during the registration process.
At the same time, your consent to the statistical analyses expires. Unfortunately, it is not possible to separately revoke the sending by the sending service provider or the statistical analysis.
If users have only registered for the newsletter and have canceled this registration, their personal data will be deleted.
9. registration
Description and scope of data processing
On the basis of our legitimate interests, we offer users the opportunity to register on this website by providing personal data. The data is entered into an input mask and transmitted to us and stored. The data is not passed on to third parties.
The following data is collected as part of the registration process
the e-mail address
First name and surname
the date of birth
the billing address and, if applicable, a different delivery address
telephone number
The following data is also stored at the time of registration:
Date and time of registration
As part of the registration process, the user's consent to the processing of this data is obtained.
Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.
If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.
Purpose of the data processing
User registration is required for the provision of certain content and services on our website.
Orders in the web shop
User registration is required to fulfill a contract with the user or to carry out pre-contractual measures.
Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
This is the case for the data collected during the registration process if the registration on our website is canceled or modified.
This is the case for the data collected during the registration process to fulfill a contract or to carry out pre-contractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfill contractual or legal obligations.
[Continuing obligations require the storage of personal data during the term of the contract. In addition, warranty periods must be observed and data must be stored for tax purposes. The storage periods to be observed here cannot be determined across the board, but must be determined on a case-by-case basis for the respective contracts and contracting parties].
Right of objection and removal
As a user, you have the option of canceling your registration at any time. You can have the data stored about you amended at any time.
You can change your data yourself in the customer area of the web store or via our customer service. Our customer service can delete your account for you by telephone or email.
If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
10 Google Analytics
Scope of the processing of personal data
We use the web analysis service Google Anayltics from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google") on the basis of our legitimate interests. It is used to analyze the surfing behavior of our users.
Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.
By setting the cookie, Google is enabled to analyze the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. During the course of this technical procedure, Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website by the data subject. Each time our website is visited, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.
If individual pages of our website are accessed, the following data is stored:
The website accessed
The website from which the user came to the website accessed (referrer)
The subpages that are accessed from the website accessed
The time spent on the website
The frequency with which the website is accessed
Google has recognized the standard contractual clauses of the EU Commission for the transfer of personal data to third countries and thus offers a guarantee of compliance with European data protection law.
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. Pseudonymous user profiles can be created from the processed data.
The IP address transmitted by the user's browser is not merged with other Google data.
We use Google Analytics to display the ads placed by Google and its partners within advertising services only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Google (so-called "remarketing" or "Google Analytics audiences"). With the help of remarketing audiences, we also want to ensure that our ads correspond to the potential interest of users and are not annoying.
We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.
Purpose of the data processing
The processing of users' personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f GDPR.
By anonymizing the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.
Duration of storage
The data is deleted as soon as it is no longer required for our recording purposes.
In our case, this is the case after 50 months.
Possibility of objection and removal
Cookies are stored on the user's computer and transmitted by it to our website and Google. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
This browser plugin informs Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser plug-in is considered an objection by Google. If the data subject's information technology system is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser plug-in in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person who is attributable to their sphere of control, it is possible to reinstall or reactivate the browser plugin.
You can find more information on data use by Google, setting and objection options on the Google websites: https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use our partners' websites or apps"), http://www.google.com/policies/technologies/ads ("Data use for advertising purposes"), http://www.google.de/settings/ads ("Manage information that Google uses to show you advertising").
11 Google Fonts
Scope of the processing of personal data
We use the Google Fonts service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google") on the basis of our legitimate interests.
Google Fonts provides an intuitive and robust directory of open source designer web fonts. With an extensive catalog, typography can be seamlessly incorporated and integrated into any design project.
The service is used to integrate fonts (web fonts) on our websites. Google Fonts are integrated by calling up a Google server, regularly via the URL https://fonts.google.com. The fonts come from various designers and are open source.
When users access our website, a request is usually sent to a Google server in the USA, where it is stored and processed.
Technically, the fonts embedded in our website are stored on a Google server and then loaded from there when the page is accessed. By using Google Fonts, Google's servers send the corresponding file to each user based on the technologies supported by the user's browser.
Google has recognized the standard contractual clauses of the EU Commission for the transfer of personal data to third countries and thus offers a guarantee of compliance with European data protection law.
The connection to Google Fonts is not authenticated. When you visit our website, no cookies or login information are sent to Google via the Google Fonts service. Corresponding requests to the servers of the Google Fonts service are made to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com, so that requests for fonts are generally separate from login information that would otherwise be sent to Google domains, such as google.com or google.de, and may be authenticated.
Google Fonts logs data records of CSS and font file requests. For statistical purposes, Google assigns aggregated usage numbers as to how popular font families are and publishes these results on an analytics page (https://fonts.google.com/analytics).
Further information about the Google Fonts service can be found at https://developers.google.com/fonts/faq
Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. a GDPR.
Purpose of the data processing
Data processing is carried out in the interest of analyzing, optimizing and economically operating the online offer in order to integrate content or service offers from third-party providers or their content and services.
We use Google Fonts to design our website independently of the fonts installed by the user, the so-called system fonts, and to ensure a consistent display image on different systems.
The purpose and scope of the data collection and the further processing and use of the data by Google can be found in Google's privacy policy at https://policies.google.com/privacy?hl=de.
Duration of storage
The data is deleted as soon as it is no longer required for our recording purposes.
Possibility of objection and removal
Further information on data use by Google, setting and objection options can be found on the Google websites https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use our partners' websites or apps"), http://www.google.com/policies/technologies/ads ("Data use for advertising purposes"), http://www.google.de/settings/ads ("Manage information that Google uses to show you advertising").
12. Google Maps
Scope of processing of personal dataBased on our legitimate interests, we use the Google Maps service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").Google Maps is an online map service provided by Google. The Earth's surface can be viewed as a road map or as an aerial or satellite image.The use of the service takes place to integrate map data on our Internet pages. Google Maps is integrated by calling up a server at Google via an interface, the Google Maps API.When a page of our online offer is called up, in which a corresponding map section has been integrated, a request is transmitted to a Google server in the USA and stored and processed there. By using Google Maps, the Google servers send the corresponding data to the user's browser to display the map material.
Google has recognised the European Commission's standard contractual clauses for the transfer of personal data to third countries, thereby guaranteeing compliance with European data protection law.Further information on the Google Maps service is available at https://support.google.com/maps/
Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 (1) (f) GDPR.Purpose of data processingData processing is carried out in the interest of analysing, optimising and economically operating the online offer in order to integrate content or services from third-party providers or their content and services.We use Google Maps to integrate verified map data into our online presence.The purpose and scope of the data collection and the further processing and use of the data by Google can be found in Google's privacy policy at https://policies.google.com/privacy?hl=de.
Duration of storage
The data will be deleted as soon as it is no longer needed for our recording purposes.Opportunity for appeal and eliminationFurther information on Google's use of data, settings and objection options can be obtained from Google's websites https://www.google.com/intl/de/policies/privacy/partners ("Use of data by Google when you use our partners' websites or apps"), http://www.google.com/policies/technologies/ads ("Use of data for advertising purposes"), http://www.google.de/settings/ads ("Manage information Google uses to show you advertisements").
13. Facebook
Description and scope of data processing
Based on our legitimate interests, we use social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
The plugins can display interaction elements or content (e.g. videos, graphics or text posts) and can be recognized by one of the Facebook logos (white “f” on a blue tile, the terms “Like”, “Like” or a “thumbs up” sign ) or are marked with the addition “Facebook Social Plugin”. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook has recognized the EU Commission's standard contractual clauses for the transfer of personal data to third countries and thereby offers a guarantee that it will comply with European data protection law.
When a user accesses a function of this online offering that contains such a plugin, their device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offering. User usage profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offering. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. When users interact with the plugins, for example by clicking the Like button or leaving a comment, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.
Legal basis for data processing
The legal basis for the processing of users' personal data is Article 6 (1) (f) GDPR.
Purpose of data processing
The data processing is carried out in the interest of the analysis, optimization and economic operation of the online offering.
The purpose and scope of data collection and the further processing and use of the data by Facebook as well as the related rights and setting options to protect the privacy of users can be found in Facebook's data protection information: https://www.facebook.com/about/privacy/ .
Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
Possibility of objection and removal
If a user is a Facebook member and does not want Facebook to collect data about them via this online offering and link it to their member data stored on Facebook, they must log out of Facebook and delete their cookies before using our online offering.
Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info /choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices
Duration of storageThe data will be deleted as soon as it is no longer needed for our recording purposes.Opportunity for appeal and eliminationFurther information on Google's use of data, settings and objection options can be obtained from Google's websites https://www.google.com/intl/de/policies/privacy/partners ("Use of data by Google when you use our partners' websites or apps"), http://www.google.com/policies/technologies/ads ("Use of data for advertising purposes"), http://www.google.de/settings/ads ("Manage information Google uses to show you advertisements").
14. Facebook, Custom Audiences and Facebook Marketing Services
Description and scope of data processing
Within our online offering, due to our legitimate interests in the analysis, optimization and economic operation of our online offering and for these purposes, the so-called “Facebook pixel” from the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 , USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) is used.
Facebook has recognized the EU Commission's standard contractual clauses for the transfer of personal data to third countries and thereby offers a guarantee that it will comply with European data protection law.
With the help of the Facebook pixel, Facebook is able to determine the visitors to our online offering as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to only show the Facebook ads we place to those Facebook users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products) based on the information they visit websites) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not appear annoying. With the help of the Facebook pixel, we can also understand the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion”).
The Facebook pixel is integrated directly by Facebook when you access our website and can store a so-called cookie, i.e. a small file, on your device. If you then log in to Facebook or visit Facebook while logged in, your visit to our online offering will be noted in your profile. The data collected about you is anonymous to us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes. If we transmit data to Facebook for comparison purposes, it will be encrypted locally in the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of comparing data with the same data encrypted by Facebook.
Furthermore, when using the Facebook pixel, we use the additional function “extended matching” (here data such as telephone numbers, email addresses or Facebook IDs of the users) are used to form target groups (“Custom Audiences” or “Look Alike Audiences”) Facebook (encrypted) transmitted. Further information on “extended comparison”: https://www.facebook.com/business/help/611774685654668).
Also based on our legitimate interests, we use the “Custom Audiences from File” procedure of the social network Facebook, Inc. In this case, the email addresses of the newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used solely to determine recipients of our Facebook ads. We want to ensure that the ads are only shown to users who are interested in our information and services.
The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, general information on the display of Facebook ads can be found in Facebook's data usage policy: https://www.facebook.com/policy.php. You can find specific information and details about the Facebook Pixel and how it works in the Facebook help section: https://www.facebook.com/business/help/651294705016616.
Legal basis for data processing
The legal basis for the processing of users' personal data is Article 6 (1) (a) GDPR.
Purpose of data processing
The data processing is carried out in the interest of the analysis, optimization and economic operation of the online offering.
The purpose and scope of data collection and the further processing and use of the data by Facebook as well as the related rights and setting options to protect the privacy of users can be found in Facebook's data protection information: https://www.facebook.com/about/privacy/ .
Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
Possibility of objection and removal
You can object to the collection by the Facebook pixel and the use of your data to display Facebook ads. To set which types of advertisements are shown to you within Facebook, you can go to the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: You can also use the Deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/ uk/your-ad-choices/).
15. Instagram
Description and scope of data processing
Based on our legitimate interests, we use components of the Instagram service, which is operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA (“Instagram”).
Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also disseminate such data on other social networks.
Each time you access one of the individual pages of this website, which is operated by the controller and on which an Instagram component (Insta button) has been integrated, the Internet browser on the information technology system of the data subject is automatically activated by the respective Instagram component prompted to download a representation of the corresponding component from Instagram. As part of this technical process, Instagram gains knowledge of which specific subpage of our website is visited by the data subject.
If the data subject is logged in to Instagram at the same time, Instagram recognizes which specific subpage the data subject visits each time the data subject visits our website and for the entire duration of their stay on our website. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, the data and information transmitted will be assigned to the data subject's personal Instagram user account and stored and processed by Instagram.
Instagram always receives information via the Instagram component that the data subject has visited our website if the data subject is logged in to Instagram at the same time as accessing our website; This takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, they can prevent the transmission by logging out of their Instagram account before accessing our website.
Legal basis for data processing
The legal basis for the processing of users' personal data is Article 6 (1) (f) GDPR.
Purpose of data processing
The data processing is carried out in the interest of the analysis, optimization and economic operation of the online offering.
The purpose and scope of data collection and the further processing and use of the data by Instagram can be found in Instagram's data protection declaration at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/ become.
Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
Possibility of objection and removal
If a user is also a user of Instagram's services and does not want Instagram to collect data about them via this online offering and link it to their user data stored on Instagram, they must log out of Instagram and delete their cookies before using our online offering.
20. PayPal
Description and scope of data processing
Based on our legitimate interests, we use components of the PayPal service from the provider PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg (“PayPal”).
PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no traditional account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also assumes trustee functions and offers buyer protection services.
If the data subject selects “PayPal” as a payment option during the ordering process in our online shop, the data of the data subject is automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing.
The personal data transmitted to PayPal is usually:
the first and last name
the E-Mail adress
the IP address
the telephone number and/or mobile phone number
Order no
Amount
Articles in shopping cart
or other data necessary for payment processing. In order to process the purchase contract, personal data that is related to the respective order is also necessary.
The personal data exchanged between PayPal and the person responsible for processing may be transmitted by PayPal to credit reporting agencies. A list of third parties to which personal data could be released by PayPal can be viewed at https://www.paypal.com/de/webapps/mpp/ua/third-parties-list?locale.x=de_DE.
PayPal may pass on the personal data to affiliated companies and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or the data is to be processed in the order.
Legal basis for data processing
The legal basis for the processing of users' personal data is Article 6 (1) (f) GDPR.
Purpose of data processing
The data processing is carried out in the interest of the analysis, optimization and economic operation of the online offering.
The purpose of transmitting the data to PayPal is to process payments and prevent fraud. The person responsible for processing will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission.
The purpose of transmitting data to credit reporting agencies is to check identity and creditworthiness.
The purpose and scope of data collection and the further processing and use of the data by PayPal can be found in PayPal's data protection declaration at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
Possibility of objection and removal
The data subject has the option to revoke their consent to the handling of personal data at any time from PayPal.
A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.
21. Rights of the data subject
If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following rights towards the person responsible:
right of providing information
You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.
If such processing occurs, you can request information from the person responsible about the following information:
the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
the planned duration of storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period;
the existence of a right to rectification or deletion of personal data concerning you, a right to restrict processing by the controller or a right to object to this processing;
the existence of a right to lodge a complaint with a supervisory authority;
all available information about the origin of the data if the personal data is not collected from the data subject;
the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
Right to rectification
You have the right to request correction and/or completion from the person responsible if the personal data processed concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
Right to restriction of processing
You can request the restriction of the processing of personal data concerning you under the following conditions:
if you contest the accuracy of the personal data relating to you for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;
the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
if you have lodged an objection to the processing in accordance with Article 21 Para. 1 DSGVO and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.
Right to deletion
You can request that the person responsible delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:
The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You revoke your consent on which the processing was based in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a DSGVO and there is no other legal basis for the processing.
You object to the processing in accordance with Article 21 Paragraph 1 of the DSGVO and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 Paragraph 2 of the DSGVO.
Your personal data has been processed unlawfully.
The deletion of personal data concerning you is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 Para. 1 DSGVO.
Information to third parties
If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 Para. 1 DSGVO, he will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to ensure that the person responsible for data processing to inform those processing the personal data that you, as the data subject, have requested them to delete all links to that personal data or copies or replications of that personal data.
Exceptions
There is no right to deletion if processing is necessary
to exercise the right to freedom of expression and information;
to fulfill a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 Letters h and i and Article 9 Paragraph 3 GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 Para. 1 GDPR, insofar as the law mentioned under section a) is likely to make the achievement of the objectives of this processing impossible or seriously impair it, or
to assert, exercise or defend legal claims.
Right to information
If you have asserted the right to rectification, deletion or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion of the data or restriction of processing, unless: this turns out to be impossible or involves disproportionate effort.
You have the right to be informed about these recipients by the person responsible.
Right to data portability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that
the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and
the processing takes place using automated procedures.
In exercising this right, you also have the right to have personal data concerning you transmitted directly from one controller to another controller, to the extent that this is technically feasible. The freedoms and rights of other people must not be impaired by this.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 (1) (e) or (f) of the DSGVO; This also applies to profiling based on these provisions.
The person responsible will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
In connection with the use of information society services - regardless of Directive 2002/58/EC - you have the opportunity to exercise your right to object using automated procedures that use technical specifications.
Right to revoke the declaration of consent under data protection law
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.
Automated decision-making in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
is necessary for the conclusion or fulfillment of a contract between you and the person responsible(1),
is permitted by Union or Member State law to which the controller is subject and such law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests or
with your express consent(3).
However, these decisions may not be based on special categories of personal data according to Article 9 Paragraph 1 DSGVO, unless Article 9 Paragraph 2 Letters a or g DSGVO applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests .
With regard to the cases mentioned in (1) and (3), the controller shall take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express one's own point of view and heard to challenge the decision.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you is contrary to violates the DSGVO.
The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 DSGVO.