Data protec­tion


General inform­a­tion on the hand­ling of your data


This privacy policy provides you with inform­a­tion on the type, scope and purposes of the processing of personal data on our website www.advaneo-datamarketplace.de.
(The presen­ted privacy policy is a trans­la­tion for an improved ease of use. However, in the event of a dispute, the German version of these terms shall be exclus­ively author­it­at­ive.)


1. Responsible office, contact


1.1 Responsible body within the mean­ing of the Data Protection Act


The respons­ible body within the mean­ing of Article 4 Paragraph 7 of the EU Data Protection Basic Regulation (DSGVO) is:
Advaneo GmbH
repres­en­ted by the Managing Director Jürgen Bretfeld
Neuer Zollhof 2
240221 Düsseldorf


Phone: +49 (0) 221 – 87 66 91 0
E‑Mail: datamarketplace@advaneo.de
Contact person: Jürgen Bretfeld


Data protec­tion officer:


reach­able through: datenschutzbeauftragter@advaneo.de


 


1.2 Contact


a) If you have ques­tions regard­ing data protec­tion, or if you wish to exer­cise rights or claims regard­ing your personal data, you can contact us using the contact details given above (under point 1.1.).


b) In our contact form, you must provide mandat­ory inform­a­tion to answer your inquiry, which is marked with an aster­isk (your e‑mail address, your name and tele­phone number if applic­able). We need this inform­a­tion in order to be able to process your inquiry and contact you. You can fill in the other fields volun­tar­ily.


c) When you contact us (for example by tele­phone or e‑mail), your details will be stored in accord­ance with Art. 6 Para. 1 lit. b) DSGVO for the purpose of processing your enquiry and in the event that follow-up ques­tions arise. We delete the data arising in this connec­tion after stor­age is no longer required or restrict processing if there are legal stor­age oblig­a­tions (see item 14).


2 Data processed by us


2.1 Legal bases


a) Personal data may be processed during each visit to our website. Your personal data will only be processed if it is legally permit­ted (legal basis). This is the case in accord­ance with Art. 6 Para. 1 DSGVO, if you have given us your consent, or the processing is neces­sary for the perform­ance of our contract with you, or, in the event of an enquiry by you, pre-contrac­tual meas­ures are neces­sary, or the processing is neces­sary to protect your vital interests or those of another natural person, or the processing is neces­sary to protect our legit­im­ate interests or those of a third party, unless your interests or funda­mental rights and freedoms, which require the protec­tion of personal data, outweigh these (balan­cing of interests)


b) The personal data collec­ted from you will be deleted as soon as the purpose of the collec­tion has ceased to apply (see item 14).


2.2 What are personal data?


a) What ‘personal data’ are, is derived from Article 4 of the Basic Data Protection Regulation (DSGVO). According to this article, personal data is inform­a­tion that can be assigned to your person by reas­on­able means. Personal data are divided into four groups. These include invent­ory data (e.g. names and addresses of custom­ers), contract data (e.g. services used, names of employ­ees, payment inform­a­tion), usage data (e.g. the web pages visited by our online offer, interest in our products) and content data (e.g. entries in the contact form). Information that cannot be attrib­uted to a specific or iden­ti­fi­able person, or only with a dispro­por­tion­ate expendit­ure of time, cost and labour, is not personal data as anonym­ous data.


b) In addi­tion, when you visit our website, further data is also processed for tech­nical reas­ons. This is mainly tech­nical inform­a­tion such as the IP address that your Internet access provider assigns to your computer when you connect to the Internet, or inform­a­tion about the Internet page from which you accessed our website or about the type and version of the Internet browser you are using. However, this also includes login data, your oper­at­ing system, down­load errors, the length of visits to certain pages, and all tele­phone numbers from which you call our customer service number. This tech­nical inform­a­tion may be personal data in indi­vidual cases. As a rule, however, we only use tech­nical inform­a­tion if this is neces­sary for tech­nical reas­ons for the oper­a­tion and protec­tion of our website against attacks and misuse in accord­ance with Art. 6 Para. 1 lit. f. DSGVO is required.


2.3 What is meant by “processing?


What is meant by “processing” also follows from Article 4 of the Basic Data Protection Regulation (DSGVO). This includes all processes that are part of the hand­ling of the data. The term “processing” covers not only the collec­tion or record­ing, but also the organ­isa­tion or organ­isa­tion, stor­age, adapt­a­tion or modi­fic­a­tion. But also other ways of hand­ling, such as the actual use, or the trans­mis­sion or also the passing on, fall under the generic term of “processing”. Ultimately, this also includes the restric­tion, dele­tion or destruc­tion of data.


3. Data secur­ity


The secur­ity of your personal data has a very high prior­ity for us. We there­fore protect your data stored with us through tech­nical and organ­isa­tional meas­ures. This ensures that the regu­la­tions of the data protec­tion laws are observed and loss or misuse by third parties is effect­ively preven­ted. In partic­u­lar, our employ­ees who process personal data are obliged to main­tain data secrecy and must comply with it.


4. SSL encryp­tion


Our website uses secure SSL encryp­tion when trans­mit­ting personal data or personal content of our users. Please make sure that SSL encryp­tion is activ­ated for corres­pond­ing activ­it­ies from your side. The use of encryp­tion is easy to recog­nize: The display in your browser line changes from “http://” to “https://”. Data encryp­ted via SSL cannot be read by third parties. Therefore, please only trans­mit your confid­en­tial inform­a­tion if SSL encryp­tion is activ­ated and contact us if in doubt.


5. Collection of personal data when visit­ing our website


a) If you use the website for inform­a­tional purposes only, i.e. if you do not register or other­wise provide us with inform­a­tion, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the follow­ing data, which is tech­nic­ally neces­sary for us to display our website and to ensure its stabil­ity and secur­ity (legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO):

  • the IP address of the request­ing device (your computer or smart­phone)
  • Date and time of access
  • Time zone differ­ence to Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/ http status code
  • as well as the used browser and the oper­at­ing system of your computer

b) For secur­ity reas­ons (e.g. to clarify acts of abuse or fraud), the inform­a­tion mentioned under a) is stored for a maximum of 7 days and then deleted. Data whose further stor­age is required for evid­ence purposes will be retained until the matter has been finally clari­fied.


c) In addi­tion to the data mentioned above, cook­ies are stored on your computer when you use our website. You will find more detailed inform­a­tion on cook­ies under point 9.


d) The data will be processed by us on the basis of our legit­im­ate interests as defined in Art. 6 Par. 1 letter f. DSGVO. Under no circum­stances will we use the data collec­ted for the purpose of draw­ing conclu­sions about your person. The purposes pursued by us include in partic­u­lar

  • ensur­ing the smooth connec­tion of the website,
  • the guar­an­tee of a comfort­able use of our website,
  • the clari­fic­a­tion of acts of abuse or fraud,
  • the eval­u­ation of system secur­ity and stabil­ity, and
  • other admin­is­trat­ive purposes.

6. Further func­tions and offers of our website


In addi­tion to the purely inform­at­ive use of our website, we offer vari­ous services which you can use if you are inter­ested. To do so, you will usually have to provide addi­tional personal data which we use to provide the respect­ive service and to which the afore­men­tioned data processing prin­ciples apply.


6.1 Establishing contact (contact form or email)


When you contact us (via contact form or e‑mail), your details will be processed for the purpose of processing the contact request and its hand­ling in accord­ance with Art. 6 Para. 1 lit. b) DSGVO (neces­sary details within the frame­work of pre-contrac­tual meas­ures) or in accord­ance with Art. 6 Para. 1 lit. a) DSGVO (volun­tary details within the frame­work of your consent). If you contact us by email, we will also save the contents that you have sent us by email. As far as we ask for entries via our contact form which are not neces­sary for contact­ing you, we have always marked these as optional by means of an aster­isk. This inform­a­tion serves us to concret­ise your request and to improve the processing of your request. Any commu­nic­a­tion of this optional inform­a­tion is volun­tary and with your express consent. As far as it concerns inform­a­tion on commu­nic­a­tion chan­nels (e.g. tele­phone number, e‑mail), you also agree that we may contact you via this commu­nic­a­tion chan­nel in order to answer your request. The personal data you provide will be used exclus­ively for the purpose for which you provided us with the data when you contac­ted us. You can of course revoke your declar­a­tions of consent at any time for the future. To do so, please contact our data protec­tion officer, whose contact details you will find under point 1 of this data protec­tion declar­a­tion. Your data will then be deleted.


We delete the data received in the course of contact­ing you as soon as they are no longer required for the purpose of your collec­tion. For personal data from the input mask of the contact form and those sent by e‑mail, this is the case when the respect­ive conver­sa­tion with the user has ended. The conver­sa­tion is termin­ated when it can be concluded from the circum­stances that the matter in ques­tion has been finally clari­fied, at the latest, however, after 1 month after the last contact.


The personal data addi­tion­ally collec­ted during the send­ing process, which are no longer required for further conver­sa­tion with you, will be deleted after a period of seven days at the latest.


6.2 Customer data


a) If you are a customer of ours, we will store your personal data for the dura­tion of the contrac­tual rela­tion­ship and beyond that for a further 10 years, unless legal reten­tion peri­ods force us to store the data for a longer period (see item 14). This stor­age is based on Art. 6 Para. 1 lit. f) DSGVO. Our legit­im­ate interest is based on the dura­tion of the limit­a­tion period for contrac­tual claims, which is a maximum of 10 years (from the time of know­ledge of the claim).


b) We process the data that you have made avail­able to us and which we receive from other publicly access­ible sources.


c) The processing of your personal data is carried out on the basis of Art. 6 para. 1 lit. b) DSGVO. We process your data to enable a smooth busi­ness rela­tion­ship.


6.3 Downloads


We offer open source soft­ware on our website. We link the down­load to the respect­ive website where the soft­ware is offered. If you click on the down­load link, you will be direc­ted to an external website. The respect­ive provider is respons­ible for the processing of your personal data on the external Internet pages. You can inform your­self there about the processing of your data in the respect­ive data protec­tion declar­a­tion.


7. Transfer of data to third parties and third party providers


a) Data will only be passed on to third parties within the frame­work of the legal require­ments. We there­fore only pass on user data to third parties if:

  • you have given your express consent in accord­ance with Art. 6 para. 1 sentence 1 lit. a DSGVO,
  • the disclos­ure pursu­ant to Art. 6 para. 1 sentence 1 lit. f DSGVO is neces­sary for the asser­tion, exer­cise or defence of legal claims and there is no reason to assume that you have an over­rid­ing interest worthy of protec­tion in not disclos­ing your data,
  • in the event that there is a legal oblig­a­tion to pass on the data in accord­ance with Art. 6 para. 1 sentence 1 lit. c DSGVO, and
  • this is legally permiss­ible and required for the processing of contrac­tual rela­tion­ships with you in accord­ance with Art. 6 Para. 1 S. 1 lit. b DSGVO.

b) When passing on your personal data, we always ensure the highest possible secur­ity level. For this reason, your data will only be passed on to service providers and part­ner compan­ies that have been care­fully selec­ted and contrac­tu­ally obliged to ensure that personal data is protec­ted in accord­ance with the relev­ant legal regu­la­tions. For this purpose, we will inform you at the respect­ive points of the data protec­tion declar­a­tion.


c) We draw your atten­tion to the fact that in addi­tion to this data protec­tion declar­a­tion, the data protec­tion guidelines and declar­a­tions of the locally respons­ible part­ners and their author­ised insti­tu­tions may also apply.


d) If we pass on your data to third parties, we will draw your atten­tion to this in a separ­ate data protec­tion declar­a­tion.


8. Cookies


We use so-called “cook­ies” to store settings such as the shop­ping cart or the current login (session cookie). The data processed by cook­ies is required to protect our legit­im­ate interests and those of third parties in accord­ance with Art. 6 Para. 1 S. 1 lit. f DSGVO (see Section 3.1.). Due to this basic func­tion­al­ity, you can only use the market­place if cook­ies are stored. In the case of cook­ies that are not required for the provi­sion of our website, we only use the cook­ies if you have given us your consent in accord­ance with Art. 6 Para. 1 S. 1 lit. a) DSGVO. We will ask you for your consent before using the cook­ies.


8.1 What are “cook­ies”?


Nearly all websites use differ­ent cook­ies today, so that the respect­ive pages func­tion as desired and the design and func­tions can be displayed optim­ally for you.


Cookies are inform­a­tion files that are trans­ferred from our web server or web serv­ers of third parties to your web browser and stored there. They are stored there for later retrieval. The inform­a­tion files are specific inform­a­tion relat­ing to your respect­ive device (PC, smart­phone and browser used). This does not mean, however, that we obtain direct know­ledge of your iden­tity. Cookies are primar­ily used for the user-friend­li­­ness of websites (e.g. they store login data or the language). Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware.


8.2 What types of “cook­ies” do we use?


This website uses tran­si­ent and persist­ent cook­ies, the scope and func­tion of which are explained below:


a) Transient cook­ies are auto­mat­ic­ally deleted when you close the browser. This includes in partic­u­lar the session cook­ies. These store a so-called session ID, with which vari­ous requests from your browser can be assigned to the common session. This enables your computer to be recog­nised when you return to our website. We there­fore use these cook­ies to identify you for subsequent visits, if you have an account with us. Otherwise you would have to log in again for each visit. The session cook­ies are deleted when you log out or close the browser. These are often neces­sary cook­ies, but it is also possible to use non-essen­­tial cook­ies, the use of which you can object to.


b) Persistent cook­ies are auto­mat­ic­ally deleted after a specified period of time, which may vary depend­ing on the cookie. You can delete the cook­ies in the secur­ity settings of your browser at any time. These cook­ies include, for example, those that save the login data and status or the respect­ive subpage that you viewed last when leav­ing the website. However, market­ing cook­ies also belong to the persist­ent cook­ies. You are there­fore free to choose which cook­ies you want to allow and which not.


8.3 What can I do against the use of cook­ies?


Most browsers auto­mat­ic­ally accept cook­ies. If you do not want cook­ies to be stored on your computer, you can deac­tiv­ate the corres­pond­ing option in the system settings of your browser. This applies to those cook­ies that are processed neither for contrac­tual reas­ons nor within the scope of our legit­im­ate interest, provided that the legit­im­ate interest in processing the data prevails (for more details, please refer to section 14 Right of objec­tion). Stored cook­ies can also be deleted in the system settings of the browser. However, the exclu­sion of cook­ies can lead to func­tional limit­a­tions of this online offer. Information on how to deac­tiv­ate cook­ies in the most common browsers can be found under the follow­ing links:

If we use cook­ies, the use of which is not neces­sary for our offer or our web pres­ence, we need your consent. These cook­ies are then only used for market­ing or stat­ist­ical purposes or to person­al­ize the offers for you. For this purpose your user data is processed (e.g. the respect­ive pages you have visited, access times, device inform­a­tion, IP address and, if applic­able, the respect­ive products or pages you have clicked on). The legal basis is Art. 6 para. 1 sentence 1 lit. a) DSGVO.


9. Integration of third party services and content


a) We do not pass on your personal data, which you have made avail­able to us, to third parties, unless the data is required for the processing of your contract, there are justi­fied interests or you have expressly consen­ted to the passing on of the data. Insofar as we are legally obliged to do so, we will pass on your data to govern­ment agen­cies and author­it­ies entitled to receive inform­a­tion. Our legit­im­ate interests include, for example, the interest in the analysis, optim­isa­tion and economic oper­a­tion of our online offer within the mean­ing of Art. 6 para. 1 lit. f. DSGVO.


b) When passing on your personal data, we always ensure the highest possible secur­ity level. Therefore, your data will only be passed on to service providers and part­ner compan­ies that have been care­fully selec­ted and contrac­tu­ally obliged to ensure that personal data is protec­ted in accord­ance with the relev­ant legal regu­la­tions.


c) Insofar as our service providers or part­ners have their registered office in a state outside the European Economic Area (EEA), we will inform you of the consequences of this circum­stance in the descrip­tion of the offer.


d) We analyse your beha­viour, interests or demo­graphic inform­a­tion such as your gender or age as part of our online pres­ence. For this purpose, we use your IP address, which, however, we pseud­onym­ize before­hand, i.e. we shorten your IP address so that it cannot easily be traced back to you when it is passed on to third parties.


10. Integration of other third party content


Why do we use the analysis tools?


For example, we can use the reach analysis to see which of our offers arouse the most interest at what time and which of our web offers are called up again. This enables us to optim­ise our offer and remove other less inter­est­ing offers. With these analysis meth­ods we can see, for example, whether a browser is used less frequently and whether this is due, for example, to the display of our offers in this browser, or whether in general, the call by means of a mobile phone occurs more frequently than with other devices. In the follow­ing you will find out which analysis tools and services of third parties we use.


10.1 Hotjar


We use the Hotjar web analyt­ics service provided by Hotjar Ltd, a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, Tel.: +1 (855) 464‑6788) to better under­stand the needs of our users and to optim­ise the services offered on this website.  Hotjar’s tech­no­logy gives us a better under­stand­ing of our users’ exper­i­ences (e.g. how much time users spend on which pages, which links they click, what they like and what they don’t like, etc.) and this helps us to tailor our offer­ing to our users’ feed­back. Areas of the websites in which personal data from you or third parties are displayed are auto­mat­ic­ally hidden by Hotjar and can there­fore not be traced at any time. Hotjar uses cook­ies and other tech­no­lo­gies to collect inform­a­tion about the beha­vior of our users and about their end devices (in partic­u­lar the IP address of the device (is only collec­ted and stored in anonym­ous form by setting the last octet of the IPv4 address to 0. For example, if the IP address is 1.2.3.4., it is stored as 1.2.3.0.), screen size, device type (Unique Device Identifiers), inform­a­tion about the browser used, loca­tion (coun­try only: the inform­a­tion is determ­ined by the first three octets of the IP address), preferred language for view­ing our website). This IP address is passed to Hotjar via the Identifiy API.  Hotjar stores this inform­a­tion in a pseud­onym­ous user profile. This inform­a­tion is not used by Hotjar or by us to identify indi­vidual users, nor is it merged with other data about indi­vidual users. For more inform­a­tion, please see Hotjar’s privacy policy here and here.


Due to the nature of the Internet, data is inev­it­ably processed on a large number of third party serv­ers until your request arrives on our web server or our provider; there­fore, processing is also possible in “third coun­tries” outside the EU/EEA. We have no influ­ence on this process. Apart from these tech­nical neces­sit­ies, we do not trans­mit any personal data to coun­tries outside the scope of the EU data protec­tion regu­la­tion or without an adequate level of data protec­tion. Hotjar stores your data for a maximum of 365 days.


Hotjar offers each user the option of prevent­ing the use of the Hotjar tool by means of a “Do Not Track” header, so that no data about the visit to the respect­ive website is recor­ded. This is a setting that is suppor­ted by all common browsers in current versions. To do this, your browser sends a request to Hotjar to disable track­ing for that user. If you use our websites with differ­ent browsers/computers, you must set up the “Do Not Track Header” separ­ately for each of these browsers/computers.


You can object to Hotjar stor­ing a user profile and inform­a­tion about your visit to our website and to Hotjar track­ing cook­ies on other websites if you click on this opt-out link.


10.2 Google Analytics


If you have given your consent, this website uses Google Analytics, a web analysis service provided by Google Ireland Limited (“Google”). The use includes the oper­at­ing mode “Universal Analytics”. This makes it possible to assign data, sessions and inter­ac­tions across multiple devices to a pseud­onym­ous user ID and thus to analyse the activ­it­ies of a user across devices.


Google Analytics uses so-called “cook­ies”, text files which are stored on your computer and which enable an analysis of your use of the website. The inform­a­tion gener­ated by the cookie about your use of this website is usually trans­ferred to a Google server in the USA and stored there. However, in the event that IP anonymisa­tion is activ­ated on this website, your IP address will be shortened by Google within member states of the European Union or in other contract­ing states of the Agreement on the European Economic Area. We would like to point out that on this website Google Analytics has been exten­ded to include IP anonymisa­tion in order to ensure anonym­ous record­ing of IP addresses (so-called IP mask­ing). The IP address trans­mit­ted by your browser within the scope of Google Analytics is not merged with other Google data. Further inform­a­tion on terms of use and data protec­tion can be found at https://www.google.com/analytics/terms/de.html or https://policies.google.com/.


Purposes of the processing


On behalf of the oper­ator (within the frame­work of Google’s processing regu­la­tions: https://policies.google.com/technologies/partner-sites?hl=en) of this website, Google will use this inform­a­tion to eval­u­ate your use of the website, to compile reports on website activ­it­ies and to provide further services to the website oper­ator in connec­tion with website and Internet use.


Legal basis


The legal basis for the use of Google Analytics is your consent in accord­ance with Art. 6 para. 1 sentence 1 lit. a DSGVO.


Recipients / categor­ies of recip­i­ents


The recip­i­ent of the collec­ted data is Google.


Transfer to third coun­tries


The personal data will be trans­ferred to the US under the EU-US Privacy Shield on the basis of the adequacy find­ing of the European Commission. You can down­load the certi­fic­ate here.


Duration of data stor­age


The data sent by us and linked to cook­ies, user IDs (e.g. user ID) or advert­ising IDs are auto­mat­ic­ally deleted after 14 months. Data whose reten­tion period has been reached is auto­mat­ic­ally deleted once a month.


Rights of data subjects


You can revoke your consent at any time with effect for the future by prevent­ing the stor­age of cook­ies through a corres­pond­ing setting in your browser soft­ware; however, we would like to point out that in this case you may not be able to use all func­tions of this website to their full extent.


You can also prevent the collec­tion of data gener­ated by the cookie and related to your use of the website (includ­ing your IP address) to Google and the processing of this data by Google by down­load­ing and installing the browser add-on. Opt-out cook­ies prevent the future collec­tion of your data when visit­ing this website. To prevent Universal Analytics from collect­ing data across multiple devices, you must opt-out on all systems in use. If you click here, the opt-out cookie will be set to disable Google Analytics.


10.3 Google Adwords Conversion Tracking


In order to stat­ist­ic­ally record the use of our website and eval­u­ate it for the purpose of optim­iz­ing our website for you, we also use Google Conversion Tracking. Google Adwords sets a cookie (see item 8) on your computer if you have reached our website via a Google advert­ise­ment.


Data provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com;


Data protec­tion terms of Google: https://policies.google.com/privacy; Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.


These cook­ies lose their valid­ity after 30 days and are not used for personal iden­ti­fic­a­tion. If the user visits certain pages on the Adwords client’s website and the cookie has not expired, Google and the client may recog­nize that the user clicked on the ad and was redir­ec­ted to that page.


Every Adwords customer receives a differ­ent cookie. Cookies can there­fore not be tracked through the websites of Adwords clients. The inform­a­tion collec­ted using the conver­sion cookie is used to compile conver­sion stat­ist­ics for Adwords custom­ers who have opted for conver­sion track­ing. Adwords advert­isers know the total number of users who have clicked on their ad and been redir­ec­ted to a page with a conver­sion track­ing tag. However, they do not receive any inform­a­tion that can be used to person­ally identify users.


If you do not wish to parti­cip­ate in the track­ing proced­ure, you can also refuse the neces­sary setting of a cookie – for example, by chan­ging your browser setting that gener­ally deac­tiv­ates the auto­matic setting of cook­ies. You can also disable cook­ies for conver­sion track­ing by setting your browser to block cook­ies from the domain “www.googleadservices.com” Google’s privacy policy on conver­sion track­ing can be found here (https://services.google.com/sitestats/de.html).


10.4 Cloudflare


On our website we use the web service CloudFlare, a CDN (Content Delivery Network) of the company Cloudflare Inc, 101 Townsend St, 94107 San Francisco (USA). We use this inform­a­tion to ensure the full func­tion­al­ity of our website. In this context your browser may trans­mit personal data, such as the IP address, to CloudFlare. Cloudflare uses cook­ies for this purpose, which are stored on your computer and which enable an increase in the perform­ance and secur­ity of the website. The legal basis for the data processing is there­fore Art. 6 para. 1 lit. f DSGVO. The legit­im­ate interest consists in an error-free func­tion of the website. CloudFlare has certi­fied itself within the frame­work of the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/list ). The data is deleted as soon as the purpose for which it was collec­ted has been fulfilled. According to Cloudflare, this is gener­ally done within 4 hours, but at the latest after 7 days. Further inform­a­tion on the hand­ling of the trans­ferred data can be found in the CloudFlare privacy policy: https://www.cloudflare.com/security-policy/?utm_referrer=https://www.google.de/. You can prevent the collec­tion as well as the processing of your data by CloudFlare by deac­tiv­at­ing the execu­tion of script code in your browser or by installing a script blocker in your browser (this can be found e.g. at www.noscript.net or www.ghostery.com).


10.5 Snipcart


We use Snipcart for online shop­ping. The provider of this service is Snipcart inc. 2018, Québec City, Canada.


Snipcart stores the personal inform­a­tion you provide during the order­ing process. For more detailed inform­a­tion about Snipcart’s data stor­age, please refer to Snipcart’s Data Processing Agreement at https://cdn.snipcart.com/legal/dpa.pdf and https://snipcart.com/terms-of-service.


10.6. Stripe


In order for you to make payments to us securely and reli­ably, we use the help of payment service compan­ies to provide our contrac­tual perform­ance and service. The legal basis for this is Art. 6 para. 1 b) and f) DSGVO. The terms and condi­tions of the payment service compan­ies concerned, such as the General Terms and Conditions (GTC) or their data protec­tion declar­a­tions, also apply.


Among other things, we use Stripe to process payments. Stripe is a service of Stripe Payments Europe Ltd. in Ireland and Stripe Inc. 510 Townsend Street, San Francisco, CA 94103, USA. Name data, address data, payment data, usage data, meta/communication data, bank data and contract data are processed. This data is imme­di­ately trans­mit­ted to the payment service provider. We ourselves have no access to this data. It is possible that we receive a confirm­a­tion of payment or negat­ive inform­a­tion. We would like to point out that an iden­tity and cred­it­wor­thi­ness check may be carried out. Further inform­a­tion, such as the type, scope and purpose of data processing, can be found in the Stripe data protec­tion declar­a­tion.


11. Analysis


The legal basis for all the above analysis services is our legit­im­ate interests (Art. 6 (1) lit. f DSGVO), which are as follows: Monitoring and main­tain­ing the perform­ance, stabil­ity and secur­ity of the website, simpli­fy­ing the use and analysis of usage, trends and activ­it­ies in connec­tion with our website in order to make our inter­net offer as a whole more user-friendly and effect­ive.


12. Applicant data


You will find further inform­a­tion about our company, details of the persons author­ized to repres­ent us and also further contact possib­il­it­ies in our imprint.


If you send us your applic­a­tion docu­ments, we process your data in order to check your suit­ab­il­ity for an open posi­tion in our company and to carry out the applic­a­tion proced­ure. The legal basis for the processing of your personal data is § 26 BDSG n.F. According to this, the processing of data required in connec­tion with the decision on the estab­lish­ment of an employ­ment rela­tion­ship is permiss­ible.


We process or store your data for the dura­tion of the applic­a­tion proced­ure and store the data for a further six months after the applic­a­tion proced­ure is completed. This is done on the basis of our legit­im­ate interest in accord­ance with Art. 6 para. 1 lit. f) DSGVO for the purpose of assert­ing or defend­ing claims.


If you expressly request it, we will trans­fer your data to our pool of applic­ants. There the data will be deleted after two years. If you are accep­ted into our company as part of the applic­a­tion process, your data will be trans­ferred to our person­nel inform­a­tion system.


No data will be passed on to third parties or to a service provider. Suitable applic­a­tions will be forwar­ded intern­ally to the depart­ment managers respons­ible for the respect­ive open posi­tion. The further proced­ure is then agreed. Within the company, only those persons who need access to your data for the proper processing of our applic­a­tion proced­ure have access to your data.


The data is processed exclus­ively in computer centres in the Federal Republic of Germany.


In rela­tion to the processing of your personal data within the applic­a­tion proced­ure, you have the follow­ing rights:

  • You have the right to be informed about the personal data we process about you. If you only request inform­a­tion verbally/by tele­phone, we ask for your under­stand­ing that we may require you to provide evid­ence that proves that you are the person you claim to be.
  • Furthermore, you have the right to correc­tion or dele­tion or to restric­tion of processing, as far as you are legally entitled to do so.
  • Furthermore, you have the right to object to the processing within the scope of the stat­utory provi­sions. The same applies to a right to data trans­fer­ab­il­ity.
  • You have the right to complain about the processing of your personal data by us to a super­vis­ory author­ity for data protec­tion.

13. Your rights to your data


You have the follow­ing rights to the data processed by you:

  • According to art. 15 DSGVO you can request inform­a­tion about your personal data processed by us. In partic­u­lar, you may request inform­a­tion on the purposes of the processing, the category of personal data, the categor­ies of recip­i­ents to whom your data has been or will be disclosed, the planned stor­age period, the exist­ence of a right of recti­fic­a­tion, eras­ure, restric­tion of processing or oppos­i­tion, the exist­ence of a right of appeal, the origin of your data, if not collec­ted by us, as well as the exist­ence of auto­mated decision making includ­ing profil­ing and, if applic­able, mean­ing­ful inform­a­tion on the details thereof;
  • In accord­ance with Art. 16 DSGVO, you can imme­di­ately request the correc­tion of incor­rect or incom­plete personal data stored by us;
  • In accord­ance with Art. 17 DSGVO, you can request the dele­tion of your personal data stored with us, unless processing is neces­sary to exer­cise the right to free­dom of expres­sion and inform­a­tion, to fulfil a legal oblig­a­tion, for reas­ons of public interest or to assert, exer­cise or defend legal claims;
  • In accord­ance with Art. 18 DSGVO, you can demand the restric­tion of the processing of your personal data if the accur­acy of the data is disputed by you, if the processing is unlaw­ful but you refuse to delete it and we no longer require the data, but you require it for the asser­tion, exer­cise or defence of legal claims or if you have lodged an objec­tion to the processing in accord­ance with Art. 21 DSGVO;
  • In accord­ance with Art. 20 DSGVO, you have the right to receive data trans­mis­sion, i.e. your personal data that you have provided us with, in a struc­tured, common and machine-read­­able format, or you can request the trans­mis­sion to another person in charge, provided that the processing is based on your consent or a contract with us and that the processing was carried out with the help of auto­mated proced­ures. However, in the case of data trans­fer to another control­ler, you can only obtain the trans­fer inso­far as this is tech­nic­ally feas­ible;
  • In accord­ance with Art. 7 Para. 3 DSGVO, you can revoke your consent once you have given it to us at any time. As a result, we may no longer continue the data processing based on this consent for the future; and
  • According to Art. 77 DSGVO you have the right to complain to a super­vis­ory author­ity. As a rule, you can turn to the super­vis­ory author­ity of your usual place of resid­ence or work­place or our headquar­ters.

The quick­est, easi­est and most conveni­ent way to exer­cise your rights to correct or delete personal data is to log in to your account and directly edit the data stored there or delete your account alto­gether.


For your request for inform­a­tion, the revoc­a­tion of a consent or for an objec­tion, a simple message to us is suffi­cient. There are no costs for you to exer­cise your rights. You can contact us using the contact inform­a­tion provided in section 1 of this privacy policy.


14. Right of objec­tion


a) If you have given your consent to the processing of your data, you can revoke this consent at any time. Such revoc­a­tion will affect the permiss­ib­il­ity of processing your personal data after you have given it to us.


b) Insofar as we base the processing of your personal data on the balan­cing of interests in accord­ance with Art. 6 Para. 1 lit. f) DSGVO, you may object to the processing. This is the case if the processing is not neces­sary, in partic­u­lar, for the fulfil­ment of a contract with you, which is described by us in the follow­ing descrip­tion of the func­tions. In the event of such an objec­tion, we request that you explain the reas­ons why we should not process your personal data as we have done. In the event of your justi­fied objec­tion, we will exam­ine the situ­ation and either stop or adapt the data processing or show you our compel­ling reas­ons worthy of protec­tion on the basis of which we will continue the processing. We will inform you of such compel­ling reas­ons. You have the right to complain to a super­vis­ory author­ity at any time (e.g. the super­vis­ory author­ity at your place of resid­ence or at the registered office of our company).


c) Of course, you can object to the processing of your personal data for advert­ising and data analysis purposes at any time. You can inform us about your objec­tion to advert­ising by using the contact details given in section 1.1.


d) If you would like to exer­cise your right of revoc­a­tion or objec­tion, an e‑mail to the person named in section 1.1. is suffi­cient.


15. General inform­a­tion on the dele­tion and reten­tion peri­ods of your data


a) The data stored with us will be deleted as soon as they are no longer required for the inten­ded purpose. For details, please refer to the points of this declar­a­tion, which explain the nature and purpose of the respect­ive processing of personal data.


b) Data that we are required to store due to legal, stat­utory or contrac­tual reten­tion oblig­a­tions (e.g. for tax reas­ons) will be blocked instead of deleted to prevent use for other purposes. This includes, for example, stor­age for 6 years in accord­ance with § 257 para. 1 HGB (for trad­ing books, invent­or­ies, open­ing balance sheets, annual finan­cial state­ments, commer­cial letters, account­ing vouch­ers, etc.) or stor­age for 10 years in accord­ance with § 147 para. 1 AO (books, records, manage­ment reports, account­ing vouch­ers, commer­cial and busi­ness letters, docu­ments relev­ant for taxa­tion, etc.).


16. Changes to the privacy policy


a) This data protec­tion declar­a­tion is currently valid and is dated April 2019.


b) Updates of this data protec­tion inform­a­tion may become neces­sary due to changes in the law or adjust­ments in data processing. We there­fore recom­mend that you regu­larly check this page for changes. If the change affects your consent or the regu­la­tions of the contrac­tual rela­tion­ship, these will only be made with your consent. You will be contac­ted separ­ately for this purpose.