Any collection, use, storage, deletion, or other processing (hereinafter “processing”) of data is intended solely for the purpose of providing our services. Our services have been designed with the goal of using as little personal data as possible. In this context, “personal data” (hereinafter also referred to as “data”) refers to all specific information regarding the personal or factual circumstances of an identified or identifiable natural person (the so-called “data subject”).
The following information on data protection describes what types of personal data are processed when you visit our website, what happens to this personal data, and how you can object to the processing of your data, if applicable.
1 General Information on Data Processing on This Website
1.1 Data Controller
The data controller within the meaning of the EU General Data Protection Regulation (GDPR) is:
KPM Royal Porcelain Manufactory GmbH
Address: Wegelystraße 1, 10623 Berlin
Phone: 030 390090
Email: info@kpm-berlin.com
1.2 Data Protection Officer
The Data Protection Officer is:
Christina Webersohn of WS Datenschutz GmbH
If you have any questions regarding data protection, you can contact WS Datenschutz GmbH at the following email address: kpm-berlin@ws-datenschutz.de
WS Datenschutz GmbH
51 Dircksenstraße
D-10178 Berlin
https://webersohnundscholtz.de
1.3 Protection of Your Data
We have implemented technical and organizational measures to ensure that the provisions of the GDPR are complied with by both us and the third-party service providers working on our behalf.
When we collaborate with other companies—such as email and server providers—to provide our services, we do so only after a comprehensive selection process. During this selection process, each individual service provider is carefully evaluated for its suitability in terms of technical and organizational capabilities related to data protection. This selection process is documented in writing, and a contract pursuant to Article 28(3) of the GDPR regarding the processing of personal data on our behalf (Data Processing Agreement) is concluded only if it meets the requirements of Article 28 of the GDPR.
Your information is stored on specially secured servers. Access to this information is restricted to a small number of specially authorized individuals. Our website is SSL/TLS-encrypted, as indicated by “https://” at the beginning of the URL.
1.4 Deletion of Personal Data
We process personal data only for as long as necessary. Once the purpose of the data processing has been fulfilled, the data is blocked and deleted in accordance with our data retention policy, unless legal requirements prevent its deletion.
2 Data Processing on This Website and the Creation of Log Files
2.1 Description and Scope of Data Processing
When you visit our website, our web servers temporarily store each visit in a log file. The following personal data is collected and stored until it is automatically deleted:
· IP address of the requesting computer
· Date and time of access
· Name and URL of the retrieved file
· Amount of data transferred
· Notification indicating whether the retrieval was successful
· Identifying information about the browser and operating system used
· Website from which the access is made
· Name of your Internet service provider
In addition to this personal data, we and our partners may collect additional personal data; see below for more information.
2.2 Legal Basis for Data Processing
This data is processed on the basis of Article 6(1), first sentence, subparagraph (f) of the GDPR. Our legitimate interest is based on making our website available to you.
2.3 Purpose of Data Processing
Data processing is carried out for the purpose of enabling the use of the website (establishing a connection). It serves to ensure system security, facilitate the technical administration of the network infrastructure, and optimize the website. The IP address is analyzed only in the event of attacks on our network infrastructure or that of our Internet service provider.
2.4 Duration of Data Storage
Personal data will be deleted as soon as it is no longer needed for the purposes mentioned above. This occurs when you close the website. Our hosting provider may use the data for statistical analysis. However, the data is anonymized for this purpose. Shopify typically stores server and log data for a period of approximately 14 days. For more detailed information, please contact us as the data controller or contact Shopify directly.
2.5 Option for the data subject to delete the data
The website can only be displayed if the data described is processed. Please submit any objection to the continued processing of your data to our Data Protection Officer or to the hosting provider.
2.6 Hosting Provider - Shopify
We use the following service provider to operate our website and provide hosting services Shopify International Limited. Data processing is carried out by:
Shopify International Limited
2nd Floor, Victoria Buildings
1-2 Haddington Road
Dublin 4, D04 XN32
Ireland
As part of its services, Shopify may also involve affiliated companies outside the EU/EEA, in particular Shopify Inc., 151 O’Connor Street, Ground Floor, Ottawa, Ontario K2P 2L8, Canada, as well as other locations worldwide. Shopify ensures an adequate level of data protection in accordance with the requirements of the GDPR. For more information on data protection at Shopify, please visit:
https://www.shopify.com/legal/privacy
3 Use of Cookies
3.1 Description and Scope of Data Processing
Our website uses cookies. These are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and associated with the browser you are using, and through which certain information is transmitted to us or to the entity that sets the cookie. Cookies cannot run programs or transfer viruses to your computer. We use cookies to personalize content and ads, to offer social media features, and to analyze traffic to our website. We also share information about your use of our website with our social media, advertising, and analytics partners. Our partners may combine this information with other data you have provided to them or that they have collected through your use of their services. In this way, various types of data may be transmitted:
· Frequency of website visits
· Which features of the website you use
· Your cookie settings
· Your language setting
· Your shopping cart contents
When you visit the website, a consent banner informs you about the use of cookies and refers you to the privacy policy.
3.2 Legal Basis for Data Processing
The legal basis for the processing of data through cookies that do not serve solely to ensure the functionality of our website is Article 6(1), first sentence, subparagraph (a) of the GDPR.
The legal basis for processing data from cookies used solely to ensure the functionality of this website is Article 6(1), first sentence, subparagraph (f) of the GDPR.
3.3 Purpose of Data Processing
Our legitimate interest stems from the need to ensure a smooth connection and a user-friendly experience on our website, as well as from the need to evaluate system security and stability. Data processing also takes place to enable statistical analysis of website usage.
3.4 Data Retention Period
There are two types of cookies. Both are used on this website:
· Transient cookies (see a)
· Persistent cookies (see b)
a) Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These cookies store a so-called session ID, which allows various requests from your browser to be associated with the same session. This enables your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
b) Persistent cookies, which are automatically deleted after a specified period of time that may vary depending on the cookie.
3.5 Option for the affected person to resolve the issue
You may revoke your consent to data processing via cookies—other than those used solely for the website’s functionality—at any time. In addition, we do not set cookies until you have consented to their use when you visit the site. This allows you to prevent data processing via cookies on our website.
You can also delete cookies at any time in your browser's security settings. Please note that you may not be able to use all features of this website. You can also prevent cookies from being set at any time by adjusting the settings in your web browser.
4 Contact
4.1 Description and Scope of Data Processing
You can contact us via ourwebsite using a contact form. To do so, various pieces of information are required to respond to your inquiry, and these are automatically stored for processing purposes. At a minimum, the following information (marked as required fields) is collected through the contact form:
· Email address
· First Name
· Last Name
You may also provide the following information on a voluntary basis:
· Phone number
· Title
The data will not be disclosed to third parties.
4.2 Legal Basis for Data Processing
The legal basis used here is Article 6(1), first sentence, subparagraph (b) of the GDPR. If you voluntarily provide us with additional information beyond this, the processing is based on your consent in accordance with Article 6(1), sentence 1, subparagraph (a) of the GDPR.
4.3 Purpose of Data Processing
We process your data solely for the purpose of handling your contact request.
4.4 Data Retention Period
We will delete your data as soon as the purpose of data processing has been fulfilled, which is usually immediately after we have responded to your inquiry. In rare cases, however, we may retain your data for a longer period of time. This may be required by law, regulatory obligations, or contractual obligations.
4.5 Option for the data subject to delete the data
You may contact us at any time and object to the further processing of your data. In that case, we will unfortunately be unable to continue communicating with you. All personal data that we processed in the course of your contact with us will be deleted in this case, unless legal obligations requiring us to retain your data prevent us from deleting it.
4.6 LiveChat
4.6.1 Description and Scope of Data Processing
Our website uses LiveChat, a live chat software, to communicate with you. This involves collecting the data you voluntarily provide in the chat, as well as your IP address by default. LiveChat also uses “cookies,” which are text files stored on your computer that enable a personalized conversation with you in the form of a real-time chat on the website. The data you transmit via LiveChat is stored on servers operated by LiveChat, Inc. in the United States. Data processing is carried out by: LiveChat, Inc., 101 Arch Street, 8th Floor, Boston, MA 02110, USA.
LiveChat collects at least the following data:
· Your IP address
· Date and time of access
· Name and URL of the retrieved file
· Amount of data transferred
· Notification indicating whether the retrieval was successful
· Identifying information about the browser and operating system used
· Website from which the access is made
· Name
· Email address
· Your inquiry
For more information, please refer to LiveChat's Privacy Policy: https://www.livechat.com/legal/privacy-policy
Note on Data Processing in the United States
By consenting to data processing by LiveChat, you consent, pursuant to Art. 6(1), sentence 1, lit. a) of the GDPR, to your data being processed in the United States. According to the European Court of Justice, data protection standards in the United States are inadequate, and there is a risk that your data may be processed by U.S. authorities for monitoring and surveillance purposes, possibly without any legal recourse. If you consent only to the use of essential cookies, your data will not be transferred. You may withdraw your consent at any time.
4.6.2 Legal Basis for Data Processing
Contacting us via LiveChat and the associated disclosure of your data are voluntary. Data processing is therefore based on Article 6(1), sentence 1, subparagraph (a) of the GDPR.
4.6.3 Purpose of Data Processing
The purpose of data processing is to provide users of our website with a direct and quick means of communication and to allow them to send us questions and comments immediately via the website chat.
4.6.4 Duration of Data Storage
The collected data will be deleted as soon as the purpose of the data processing has been fulfilled and there are no legal, contractual, or regulatory provisions preventing its deletion.
4.6.5 Options for Removal by the Affected Person
You may withdraw your consent to data processing at any time; see Art. 7 of the GDPR. Withdrawal takes effect from the moment it is made and applies going forward. Please contact our Data Protection Officer regarding this matter. Deletion can only be performed manually.
5 Registration on the website
5.1 Description and Scope of Data Processing
You can register on our website. To do so, you must enter your personal data into the registration form. At a minimum, the following data will be collected:
· Email address
· Title
· First Name
· Last Name
You may optionally provide the following information:
· Title (academic title or title of nobility)
The information you provide in the registration form will be used solely for processing purposes and will not be disclosed to third parties under any circumstances.
5.2 Legal Basis for Data Processing
If you provide personal data in the required fields, the data processing is based on Article 6(1), sentence 1, subparagraph (b) of the GDPR. If you also enter personal data in the remaining (optional) fields, the data processing is based on Article 6(1), sentence 1, subparagraph (a) of the GDPR.
5.3 Purpose of Data Processing
We process your data solely for the purpose of completing your registration and maintaining your website account with us.
5.4 Data Retention Period
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case when you close your account with us and there are no legal or regulatory retention periods that prevent deletion.
5.5 Option for the affected person to resolve the issue
Both during and after registration, you are free to change, correct, or delete your personal information. To delete your account, please contact us by email at kundenservice@kpm-berlin.com.
6 Data Processing in Connection with Job Applications
6.1 Description and Scope of Data Processing
Through our website, you can contact us via email (jobs@kpm-berlin.com). To do so, personal data is processed and stored for further processing as part of the respective application process.
6.2 Legal Basis for Data Processing
The legal basis for data processing is Article 88 of the GDPR and Section 26 of the BDSG.
6.3 Purpose of Data Processing
We process your data solely for the purpose of conducting the application process.
6.4 Data Retention Period
If the application results in an employment relationship, the personal data will be stored in accordance with applicable legal requirements. If the application is not considered in the selection of a potential candidate, it will be deleted in accordance with the rules of our data deletion policy, taking into account the provisions of the AGG, in particular the existing burden of proof under § 22 AGG.
This does not apply if statutory provisions prevent deletion or if you have given your consent to longer-term storage. In this case, the continued storage of your personal data is based on Article 6(1), sentence 1, subparagraph (c) or (a) of the GDPR.
6.5 Option for the data subject to delete the data
You may contact us at any time to object to the further processing of your data. In this case, all personal data processed by us during the application process will be deleted, unless mandatory legal provisions prevent such deletion.
7 Newsletter
7.1 Description and Scope of Data Processing
On our website, we offer the option to subscribe to our newsletter. When you subscribe to the newsletter, you will be asked to provide your email address for processing purposes. This is necessary so that we can send you the newsletter.
The newsletter is sent via email. You will only receive the newsletter after you have subscribed to it. To comply with the requirements of the GDPR, we use the so-called DOI procedure (“Double Opt-In”). If you subscribe to our newsletter, you will receive a confirmation email at the email address you provided in the input field. This email contains a confirmation link that you must click. Once you have completed this process, you will be successfully subscribed to the newsletter. To carry out this process, your IP address, as well as the date and time of your registration, will be stored. This is done to prevent misuse. Under no circumstances will this data be shared with third parties.
7.2 Legal Basis for Data Processing
The legal basis for data processing is your consent pursuant to Article 6(1), first sentence, subparagraph (a) of the GDPR.
7.3 Purpose of Data Processing
The purpose of the newsletter is to keep you informed at regular intervals about our offers and news.
7.4 Duration of Data Storage
We process your data only for as long as is necessary to fulfill the purpose and provided that no legal or regulatory retention requirements prevent its deletion.
7.5 Option for the data subject to delete the data
You may revoke any consent you have given at any time. You may also use the “opt-out” link at the bottom of every email at any time; doing so will cause us to delete your email address from our mailing list, and Klaviyo will then cease to process your personal data. However, this does not affect mailing lists that Klaviyo manages on behalf of other clients. If you have any questions regarding data protection at Klaviyo or wish to exercise your rights with respect to Klaviyo, you can contact Klaviyo at this address: privacy@klaviyo.com.
7.6 Klaviyo, a newsletter service provider
We use Klaviyo as our newsletter service provider. Data processing is carried out by: Klaviyo, Inc., 60 South Street, Suite 910, Boston, Massachusetts 02111, USA.
For additional information on data processing, please visit: https://www.klaviyo.com/privacy/policy
8 Shopping in the Online Store
8.1 Description and Scope of Data Processing
When you shop with us and a delivery is arranged, we process your name, address, phone number, and email address. For package deliveries, we also share your name, address, phone number, and email address with our contractually bound processors and service providers.
For the online store mailbox: onlineshop@kpm-berlin.com we use the email service provider Microsoft Outlook. The data is processed in data centers in Germany. The data processor for this data processing is Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich.
For more information on data processing, please visit the data processor's website at: https://www.microsoft.com/de-de/trust-center/privacy/gdpr-overview?msockid=1e7faf8e5078673128c7ba3d51b4668f
8.2 Legal Basis for Data Processing
The legal basis for the data processing involved here is Article 6(1), first sentence, subparagraph (b) of the GDPR; that is, the processing of your data is necessary for the performance of the sales contracts and delivery agreements.
8.3 Purpose of Data Processing
We process your data to enter into the purchase agreement with you, including the delivery arrangement; to fulfill the purchase agreement, including invoicing via email or mail and processing payment; to ensure on-time delivery; and to inform you of delivery dates and/or changes to the delivery.
We share your information with our service providers so that they can process your order and, if necessary, contact you to notify you of and coordinate the delivery of the items you ordered.
8.4 Data Retention Period
Your data will be stored only for as long as necessary to fulfill the purpose for which it was collected and for as long as we are required by law, contract, or regulatory obligations to retain your data.
8.5 Option for the data subject to delete the data
Data processing is absolutely necessary to fulfill your purchase agreement, which is why it cannot be waived. Therefore, there is no option to opt out.
8.6 Credit Card
8.6.1 Description and Scope of Data Processing
If you would like to pay for your order through our online store using your credit card, we will need some information to process the payment. Specifically, we will ask for
· Names,
· Address,
· Email address,
· Credit card number,
· Card Verification Code (CVC)
· Name of the credit cardholder and
· the credit card's expiration date.
We will verify the information you entered against the details of your order.
8.6.2 Legal Basis for Data Processing
The legal basis for the data processing involved here is Article 6(1)(b) of the GDPR; in other words, the processing of your data is necessary for the performance of the agreement regarding payment by credit card.
8.6.3 Purpose of Data Processing
We process this data to detect fraudulent use of the credit card or the credit card payment option at an early stage, and we use the data after a successful verification to process the agreed-upon credit card payment.
8.6.4 Data Retention Period
Your data will be stored only as long as necessary to process your purchase and issue an invoice, unless statutory or contractual retention periods prevent the deletion of your data.
8.6.5 Option for the data subject to delete the data
Data processing is absolutely necessary to process your credit card payment, which is why it cannot be waived if you have selected this payment method. Therefore, there is no way to opt out.
8.7 PayPal
8.7.1 Description and Scope of Data Processing
We offer PayPal as a payment option. PayPal is a virtual account system and payment method. To use PayPal as a payment method, you must first register with PayPal. Data processing is carried out by PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If you use PayPal as a payment method, your personal data will be transmitted to PayPal. The personal data in question is
- · Name,
· Last name,
· Address,
· Email address,
· IP address,
· Phone number,
· f. Cell phone number, and
· other information required to complete the payment process.
In addition to sharing data with credit bureaus, PayPal may also transfer personal data to affiliated companies, including subcontractors, to the extent necessary to fulfill its contractual obligations. The same applies to data processing on behalf of PayPal. PayPal uses Binding Corporate Rules (BCR): https://www.paypal.com/de/webapps/mpp/ua/bcr to ensure the security of data processing. ForPayPal’s privacy policy, please refer to the following link: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
8.7.2 Legal Basis for Data Processing
The legal basis is Article 6(1), first sentence, subparagraph (b) of the GDPR.
8.7.3 Purpose of Data Processing
The transmission of this data is necessary to prevent any potential misuse. Please be advised that PayPal may share your personal data with credit bureaus. This is because PayPal reserves the right to verify your identity and creditworthiness.
8.7.4 Data Retention Period
Your data will be stored only as long as necessary to process your purchase and issue an invoice, unless statutory or contractual retention periods prevent the deletion of your data.
8.7.5 Option for the affected person to resolve the issue
Data processing is absolutely necessary to process your payment via PayPal, which is why it cannot be waived if you have selected this payment method. Therefore, there is no way to opt out.
8.8 Instant Bank Transfer - sofort.com / Klarna
8.8.1 Description and Scope of Data Processing
We use the payment service “Sofortüberweisung - sofort.com” provided by Klarna (hereinafter “Sofortüberweisung”). To this end, we have integrated components of “Sofortüberweisung” into our website. To process payments, “Sofortüberweisung” uses a technical procedure that allows us to receive immediate confirmation of payment. This enables us to determine right away whether a payment has been received, after which the investment can be made. Data processing is carried out by:
Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany ,as a member of Klarna Bank AB (publ), , Sveavägen 46, 111 34 Stockholm, Sweden.
If you wish to use the “Sofortüberweisung” payment option to process your payment, your personal data will be transmitted to “Sofortüberweisung.” The following personal data will be processed in this process:
· PIN and TAN
· Technical verification of the account balance or sufficient funds
· Transmission of the transaction confirmation to us
· First name,
· Last name,
· Address,
· Email address,
· IP address,
· Phone number,
· Cell phone number
· other information necessary for payment processing.
It is possible that “Sofortüberweisung” may also disclose personal data to credit bureaus in order to verify the identity and creditworthiness of the data subject. Furthermore, it is possible that “Sofortüberweisung” may disclose personal data to affiliated companies and/or subcontractors if this is necessary to fulfill contractual obligations. For more information, please visit: https://www.sofort.de/datenschutz.html and https://www.klarna.com/de/datenschutz/.
8.8.2 Legal Basis for Data Processing
The legal basis for data processing is Article 6(1), first sentence, subparagraph (b) of the GDPR.
8.8.3 Purpose of Data Processing
We use Sofortüberweisung to make the payment process quick and easy for you.
8.8.4 Data Retention Period
Your data will be stored only as long as necessary to process your purchase and issue an invoice, unless statutory or contractual retention periods prevent the deletion of your data.
8.8.5 Option for the affected person to resolve the issue
Data processing is absolutely necessary to process your payment via Sofortüberweisung through sofort.com, which is why it cannot be waived if you have selected this payment method. Therefore, there is no way to opt out.
8.9 Purchase on Account - Klarna
8.9.1 Description and Scope of Data Processing
We use Klarna’s “Buy Now, Pay Later” payment service (hereinafter “Buy Now, Pay Later”). To this end, we have integrated Klarna components into our website. Data processing is carried out by Klarna Bank AB (publ), , Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”).
If you wish to use the “Buy Now, Pay Later” payment option, your personal data will be transmitted to Klarna. This includes the following categories of personal data:
- · Contact and identification information,
· Information about goods/services,
· Payment information,
· other data that may be necessary for payment processing.
In the case of a “purchase on account,” Klarna also shares personal data with credit bureaus to verify the identity and creditworthiness of the individual concerned. Furthermore, Klarna may share personal data with affiliated companies and/or subcontractors if this is necessary to fulfill contractual obligations. For more information, please visit https://www.klarna.com/de/datenschutz/ and https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/invoice.
8.9.2 Legal Basis for Data Processing
The legal basis for data processing is Article 6(1), first sentence, subparagraph (f) of the GDPR. It is in our interest to transfer the risk arising from a “purchase on account” to a service provider.
8.9.3 Purpose of Data Processing
We use Klarna to make the payment process for “purchase on account” quick and easy.
8.9.4 Data Retention Period
We store your data only for as long as is necessary to process your purchase and issue an invoice, unless statutory or contractual retention periods prevent us from deleting your data. For billing purposes with the online provider and to comply with legal retention requirements, Klarna stores your name, account number, bank routing number, transaction description, date, and transfer amount within the statutory retention periods. For SEPA transfers, and if—depending on your bank—the BIC and IBAN are required to set up the transfer in your online banking account, Klarna also stores the BIC and IBAN within the statutory retention periods. The statutory retention periods range from three to ten years.
8.9.5 Option for the affected person to resolve the issue
Data processing is absolutely necessary to process your payment if you have selected “Purchase on Account,” which is why it cannot be waived.
8.10 Shopify
8.10.1 Description and Scope of Data Processing
To process our customer orders and manage payments, we use Shopify, an e-commerce software platform. Data processing is carried out by: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, DO4 XN32, Ireland
Shopify transfers the data to Canada and the United States of America, among other countries. We have entered into a data processing agreement with Shopify to ensure that the necessary data security safeguards are in place in accordance with Article 46(2) of the GDPR.
We use Shopify to set up our online store and process customer orders and transactions. In doing so, Shopify collects the following data from you, which you provide yourself:
- · First and Last Name
· Company
· Billing address
· Shipping Address and Date
· Email address
· Phone number
· Payment information
· Order information (bin size, rental period, collection frequency)
· Industry information
· Browser and device information
· IP address
· User behavior on the Shopify platform
For detailed information about this data collection, please visit: https://www.shopify.de/legal/datenschutz
8.10.2 Legal Basis for Data Processing
The legal basis for data processing is the performance of a contract pursuant to Article 6(1), first sentence, subparagraph (b) of the GDPR.
8.10.3 Purpose of Data Processing
Data processing is necessary for the organized handling of our customer orders.
8.10.4 Data Retention Period
We store your data only for as long as is necessary to fulfill the purpose of processing, provided that no legal retention requirements prevent the deletion of the data.
8.10.5 Option for the affected person to resolve the issue
Data processing is absolutely necessary to process your order online, which is why it cannot be waived if you wish to place an order with us online. Therefore, there is no way to opt out.
If you have any questions about data processing at Shopify, you can submit a request to Shopify: via the form at https://legal.shopify.com/Shopify-lawEnfForm/en or by email at: privacy-team@shopify.com or send your request by mail to: Data Protection Officer c/o Intertrust Ireland, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.
9 Social Media Links
We have integrated social media platforms into our services via links, which may result in the social media providers receiving data from you. If you click on a social media link, you will be redirected to the website of the respective social media provider. When you access the website of the respective social media provider through our services, the relevant reference data is transmitted to that provider. This informs the social media provider that you have visited our site.
For more information on data processing by social media providers, click here:
Meta: https://de-de.facebook.com/help/pages/insights,
https://de-de.facebook.com/about/privacy,
https://de-de.facebook.com/full_data_use_policy
Instagram: https://help.instagram.com/155833707900388 https://www.instagram.com/about/legal/privacy/
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Pinterest: https://policy.pinterest.com/de/privacy-policy
YouTube: https://www.google.de/intl/de/policies/privacy/
10 Trackers and Analytics Tools
To continuously improve our website, we use the following analytics tools. The information below explains what data is processed in each case and how you can contact the respective service providers:
10.1 Facebook Custom Audience / Facebook Pixel
10.1.1 Description and Scope of Data Processing
Our website uses Meta's visitor action pixel ("Facebook Pixel") to track conversions. Data processing is carried out by Meta Platforms Ireland Limited, 1 Hacker Way, Menlo Park, CA 94025, USA.
The Facebook Pixel allows us to track the behavior of website visitors after they have visited our website. This enables us to evaluate the effectiveness of Meta ads for statistical and market research purposes and to optimize future advertising campaigns. Meta receives the following categories of data: the referral URL, browser information, and the person’s Facebook user ID, if they have a Facebook account and are logged into Facebook.
The data is stored and processed by Meta so that it can be linked to the respective user profile and so that Meta can use the data for its own advertising purposes, in accordance with Meta’s Data Use Policy. This enables Meta to display advertisements on Meta’s sites as well as on sites outside of Meta. As the site operator, we have no control over this use of the data.
You can find Meta's privacy policy at https://www.facebook.com/about/privacy/.
10.1.2 Legal Basis for Data Processing
The legal basis for using the application is your consent, in accordance with Article 6(1), first sentence, subparagraph (a) of the GDPR.
10.1.3 Purpose of Data Processing
We process your data for the purpose of continuously optimizing our website to meet your needs. This also constitutes our legitimate interest in data processing.
10.1.4 Duration of Data Storage
The data will be deleted as soon as it is no longer needed for our record-keeping purposes and there are no legal, regulatory, or contractual provisions preventing its deletion.
10.1.5 Option for the affected person to resolve the issue
You may revoke your consent to data processing at any time. To do so, please contact our Data Protection Officer. You can disable the “Custom Audiences” remarketing feature in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen, provided you have a Facebook account. If you do not have a Facebook account, you can disable usage-based advertising from Meta on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/
10.2 Google Analytics 4.0
10.2.1 Description and Scope of Data Processing
Our website uses Google Analytics 4.0. This is a service provided by Google LLC (“Google”) that analyzes website traffic and enables us to improve our website. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The information collected includes, among other things:
· IP address
· Time of access
· Duration of access
· Which website you came to our website from
· Interaction on the website
· Demographic characteristics, provided the website visitor is logged into their Google Account
· Device categories, browser type, operating system, screen resolution
and are transmitted to a Google server in the United States and stored there. The analysis of your activities on our website is provided to us in the form of reports. Google may disclose the collected information to third parties if required by law or if such third parties process the data on Google’s behalf. IP anonymization is enabled by default by Google and cannot be disabled; thus, IP addresses are processed in truncated form to prevent any direct association with you.
At https://www.google.de/intl/de/policies/, https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631#zippy=%2Ccookies-und-kennzeichnungen-von-google-analytics as well as at https://support.google.com/analytics/answer/9019185?hl=de#zippy=%2Cthemen-in-diesem-artikel you can find more detailed information about the terms of use and privacy policy of Google Analytics.
10.2.2 Legal Basis for Data Processing
The legal basis for the processing of personal data is your consent pursuant to Article 6(1), first sentence, subparagraph (a) of the GDPR.
10.2.3 Purpose of Data Processing
Processing your personal data allows us to analyze your browsing behavior. By evaluating the data collected, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. Anonymizing the IP address adequately safeguards users’ interests regarding the protection of their personal data.
10.2.4 Data Retention Period
The data will be deleted 14 months after your last visit to our website.
10.2.5 Option for the data subject to delete the data
You may revoke your consent to data processing at any time. To do so, please contact our Data Protection Officer. You can also prevent Google Analytics cookies from being installed by adjusting your browser settings accordingly. However, in this case, you may not be able to use all features of our website to their full extent. Google Analytics can also be disabled and managed using browser extensions, such as http://tools.google.com/dlpage/gaoptout?hl=de.
10.3 Google Tag Manager
10.3.1 Description and Scope of Data Processing
Google Tag Manager is a solution that allows us to manage so-called website tags via a user interface (and thus, for example, integrate Google marketing services into our online offering). Tag Manager serves as an “administrator” for the implemented tags. This allows us to centrally manage integrated Google products or other analytics tools on our website. The tags embedded on the website are referred to as code snippets that enable the tracking of your activities on our website. When you use our website, Google Tag Manager is downloaded, which automatically results in the user’s IP address being forwarded to Google. With regard to the processing of personal data, please refer to the information provided by Google regarding its services. Data processing for the European Economic Area and Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
You can view the Google Tag Manager Terms of Service here: https://www.google.com/intl/de/tagmanager/use-policy.html
10.3.2 Legal Basis for Data Processing
The legal basis for the processing of personal data is your consent pursuant to Article 6(1), first sentence, subparagraph (a) of the GDPR.
10.3.3 Purpose of Data Processing
Google Tag Manager simplifies the management and organization of the analytics tools used on the website. To integrate an analytics tool, JavaScript code must be embedded in the website. By using Google Tag Manager, we can manage this embedded code from a single location.
10.3.4 Duration of Data Storage
Since Google Tag Manager does not store data directly but instead forwards it to the tracking tools, you must check the individual tracking tools that are integrated to determine how long the data is stored.
10.3.5 Option for the affected person to resolve the issue
You may revoke your consent to data processing at any time, effective for the future. To do so, you must contact the respective data protection officers for the tools in question. For more information regarding the management of your data, please refer to the privacy policies of the tools used.
11 Advertising and Marketing Tools
Our website also incorporates tools that ensure our website is displayed to you during an Internet search, either as a relevant search result or as an advertisement. Below is a breakdown of the programs used in connection with our website:
11.1 Bing Ads
11.1.1 Description and Scope of Data Processing
We have integrated Bing Ads services into this website. Bing Ads is an online advertising service. Data processing is carried out by: Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA; and Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
If you arrived at our website via a Bing ad, Microsoft will set a so-called conversion cookie on your system. For more information about cookies, please refer to the section on cookies. The conversion cookie is used to compile and analyze visitor statistics. The conversion cookie stores your IP address when you visit the website. This data is stored in the United States. Microsoft may also share this data with third parties. For further information on Microsoft’s privacy policy, please visit: https://privacy.microsoft.com/de-de/privacystatement
11.1.2 Legal Basis for Data Processing
The legal basis for data processing is your consent pursuant to Article 6(1), first sentence, subparagraph (a) of the GDPR.
11.1.3 Purpose of Data Processing
The purpose of this processing is to enable user-specific advertisements. We use Bing Ads to place targeted advertisements for our company in Bing’s search results and on Microsoft websites. This type of advertising allows us to reach a larger audience of users and prospective customers. It also helps us increase our brand awareness.
11.1.4 Duration of Data Storage
One year after the conversion cookie is set, it expires. This means that you can no longer be identified. Within that one-year period, both we and Microsoft can use the conversion cookie to track which subpages have been visited.
11.1.5 Option for the affected person to resolve the issue
You may revoke your consent to data processing at any time. To do so, please use our Consent Manager or the link in our Privacy Policy.
You can prevent cookies from being set at any time by adjusting the settings in your web browser. Cookies that have already been set can also be deleted in your web browser settings.
You can opt out of Microsoft's personalized advertising at any time. If you have a Microsoft account, please visit: https://choice.microsoft.com/de-de/opt-out.You can also disable behavioral targeting on third-party websites, for example, via https://www.networkadvertising.org/choices/ and https://www.aboutads.info/.
11.2 Criteo
11.2.1 Description and Scope of Data Processing
We use the Criteo service to display ads on our website and third-party sites to previous visitors to our website. Data processing is carried out by Criteo SA, Rue Blanche, 75009, Paris, France.
Criteo places a cookie on your computer, which is used to gather information for the purpose of displaying advertisements. These cookie text files contain information about your visits to our website—specifically, the products you have viewed—so that we can provide you with specific product recommendations during subsequent visits to our website or third-party websites. The cookie contains an alias assigned by a random number generator. If you visit our website again within a certain period of time, Criteo recognizes you through this alias. However, this information cannot be linked to you personally. Neither we nor Criteo combine this information with your personal data, nor do we share any personal data with third parties.
11.2.2 Legal Basis for Data Processing
Data processing is based on your consent pursuant to Article 6(1), first sentence, subparagraph (a) of the GDPR.
11.2.3 Purpose of Data Processing
It is in our interest to make our website clear and user-friendly for you.
11.2.4 Duration of Data Storage
The data will be deleted as soon as it is no longer needed for our record-keeping purposes and there are no legal, contractual, or regulatory requirements that prevent its deletion.
11.2.5 Option for the affected person to resolve the issue
You may withdraw your consent at any time. To do so, please contact our Data Protection Officer. You can also prevent the processing of your data by clicking the link http://www.criteo.com/de/privacy-policy and set the sliders in the “Opt-Out” field to “ON.” If you select this option, a new cookie (opt-out cookie) will be set in your browser, informing Criteo that no data regarding your browsing behavior may be stored. You can re-enable Criteo ads at any time by setting the sliders to “OFF.” Please note that this setting must be applied to all browsers you use. If you delete all cookies in a browser, this will also affect Criteo’s opt-out cookie.
11.3 Google Ad Manager (formerly DoubleClick)
11.3.1 Description and Scope of Data Processing
Our website uses Google Ad Manager. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ad Manager is used to display ads when you visit our website. Google Ad Manager uses information about your visits to this and other websites to display ads for products and services that may interest you. If you would like to learn more about these methods or find out how you can prevent Google Ad Manager from using this information, click here: https://www.google.de/policies/technologies/ads/.
11.3.2 Legal Basis for Data Processing
Data processing is based on your consent pursuant to Article 6(1), first sentence, subparagraph (a) of the GDPR.
11.3.3 Purpose of Data Processing
Our goal is to enter into partnerships with other companies in order to benefit financially from these collaborations.
11.3.4 Duration of Data Storage
The data will be deleted as soon as it is no longer needed for our record-keeping purposes and there are no legal, regulatory, or contractual provisions preventing its deletion.
11.3.5 Option for the affected person to resolve the issue
You may revoke your consent to data processing at any time. To do so, please contact our Data Protection Officer.
You can prevent cookies from being set at any time by adjusting the settings in your web browser. Cookies that have already been set can also be deleted in your web browser settings. Please note that preventing cookies from being set may result in some features not being fully available.
11.4 Google Ads and Google Conversion Tracking
11.4.1 Description and Scope of Data Processing
We have integrated Google Ads (formerly Google AdWords) into this website. Google Ads is an online advertising service. Data processing for the European Economic Area and Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
If you arrived at our website via a Google ad, Google will place a so-called conversion cookie on your system. For more information about cookies, please refer to the section on cookies. The conversion cookie is used to compile and analyze visitor statistics. When you visit the website, the conversion cookie stores your IP address. This data is stored in the United States. Google may also share this data with third parties. For further information on Google’s privacy policy, please visit: https://www.google.de/intl/de/policies/privacy/
11.4.2 Legal Basis for Data Processing
The legal basis for data processing is your consent pursuant to Article 6(1), first sentence, subparagraph (a) of the GDPR.
11.4.3 Purpose of Data Processing
We use Google Ads to place targeted ads for our company in Google's search results.
11.4.4 Duration of Data Storage
The conversion cookie expires 30 days after it is set. This means that you can no longer be identified. Within these 30 days, both we and Google can use the conversion cookie to track which subpages have been visited.
11.4.5 Option for the affected person to resolve the issue
You may revoke your consent to data processing at any time. To do so, please contact our Data Protection Officer.
You can prevent cookies from being set at any time by adjusting the settings in your web browser. Cookies that have already been set can also be deleted in your web browser settings. Please note that preventing cookies from being set may result in some features not being fully available.
You can permanently disable data processing in your browser by using this link : http://www.google.com/settings/ads/plugin. As a result, some features of our website may no longer be fully available.
In your browser settings, you can also choose to opt out of cookies used for conversation tracking and, consequently, user-targeted advertising by Google. To do so, please click on the following link: www.google.de/settings/ads. Please note that you will need to reconfigure this setting if you delete the cookies from your browser.
In addition, by clicking on the following link, you can disable user-targeted ads that are part of the “About Ads” self-regulatory campaign. Please note that you will need to reconfigure this setting if you clear the cookies in your browser.
11.5 Google AdSense
11.5.1 Description and Scope of Data Processing
We use Google AdSense on our website. This is an online service used for advertising purposes. Google AdSense enables the placement of advertisements on third-party websites. Data processing for the European Economic Area and Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When Google AdSense is used, a cookie is set on the user’s device. For information regarding cookies, please refer to the section on cookies. The information stored in the cookie may be recorded, collected, and analyzed by Google Inc. or third parties. In addition, Google AdSense also uses so-called “web beacons” (small, invisible graphics) to collect information; these can be used to track, collect, and analyze simple actions such as visitor traffic on the website.
The information generated by the cookie and/or web beacon regarding your use of this website is transmitted to a Google server in the United States and stored there. Google uses the information obtained in this way to analyze your usage behavior with regard to AdSense ads. Google may also transfer this information to third parties where required by law or where such third parties process the data on Google’s behalf. Google does not associate your IP address with any other data held by Google. For further information about Google AdSense, please refer to the following link: https://www.google.de/intl/de/adsense/start/
11.5.2 Legal Basis for Data Processing
The legal basis for data processing is your consent pursuant to Article 6(1), first sentence, subparagraph (a) of the GDPR.
11.5.3 Purpose of Data Processing
Our goal is to increase our brand awareness by enabling user-specific advertisements. Through advertising, we are reaching a larger audience of users and potential customers. This also helps us increase our brand awareness.
11.5.4 Duration of Data Storage
The data will be deleted as soon as it is no longer needed for our record-keeping purposes and there are no regulatory, legal, or contractual provisions preventing its deletion.
11.5.5 Option for the affected person to resolve the issue
You may revoke your consent to data processing at any time. To do so, please contact our Data Protection Officer. You can prevent cookies from being set and web beacons from being displayed at any time by adjusting the settings in your web browser. Cookies that have already been set can also be deleted in your web browser settings. Please note that preventing cookies from being set may result in some features not being fully available.
11.6 LinkedIn Ads and Conversion Tracking
11.6.1 Description and Scope of Data Processing
We place ads on LinkedIn. We also use LinkedIn’s analytics and conversion tracking technology to measure the effectiveness of these ads. Data processing is carried out by: LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
LinkedIn places a cookie on your computer that is used to gather information for the purpose of displaying advertisements. These cookie text files contain information about your visits to our website—specifically, the pages you have viewed—so that we can provide you with specific product recommendations during subsequent visits to our website or third-party websites. The cookie contains an alias assigned by a random number generator. If you visit our website or LinkedIn’s website again within a certain period of time, LinkedIn recognizes you through this alias. However, this information cannot be linked to you personally. Neither we nor LinkedIn combine this information with your personal data, nor do we disclose any personal data to third parties.
11.6.2 Legal Basis for Data Processing
Data processing is based on your consent pursuant to Article 6(1), first sentence, subparagraph (a) of the GDPR.
11.6.3 Purpose of Data Processing
It is in our interest to inform you about our offerings and to present them to you in a clear and user-friendly manner. This also constitutes the purpose of the data processing.
11.6.4 Duration of Data Storage
The data will be deleted as soon as it is no longer needed for our record-keeping purposes and there are no legal, contractual, or regulatory requirements that prevent its deletion.
11.6.5 Option for the affected person to resolve the issue
You may revoke your consent to data processing at any time. To do so, please contact our Data Protection Officer. You can prevent LinkedIn from storing and using data in a cookie by clicking the link https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out and selecting “Decline.” If you select this option, a new cookie (opt-out cookie) will be set in your browser, informing LinkedIn that no data regarding your browsing behavior may be stored. Please note that this setting must be applied to all browsers you use. If all cookies are deleted from a browser, this will also affect the LinkedIn opt-out cookie.
12 Other third-party tools
In addition, we use third-party providers who help us with the layout and functionality of the website. These are listed below:
12.1 Google Maps
12.1.1 Description and Scope of Data Processing
This website uses Google Maps, a product of Google LLC. Data processing for the European Economic Area and Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit a page, your browser loads the necessary geographic information into your browser cache to display the map correctly. To do this, the browser you are using must connect to Google’s servers. As a result, Google learns that our website was accessed via your IP address and which map was displayed. You can find the Google Maps Terms of Service at https://www.google.com/intl/de_de/help/terms_maps.html
12.1.2 Legal Basis for Data Processing
The legal basis is your consent pursuant to Article 6(1), first sentence, subparagraph (a) of the GDPR.
12.1.3 Purpose of Data Processing
Using Google Maps makes it easier for you to find our location and interact with it in various ways, such as by planning a route.
12.1.4 Duration of Data Storage
The data will be deleted as soon as it is no longer needed for the purpose of data processing, unless legal, regulatory, or contractual requirements prevent its deletion.
12.1.5 Option for the affected person to resolve the issue
You may revoke your consent to data processing at any time. To do so, please contact our Data Protection Officer.
If you choose not to use Google Maps, you will not be able to access certain parts of our website.
13 Data Transfer to a Third Country
To provide our services, we rely on the support of service providers located in Europe as well as in third countries. To ensure the protection of your personal data even in the event of data transfers to a third country, we enter into specific data processing agreements with each of our carefully selected service providers. All service providers we use have provided sufficient evidence that they ensure data security through appropriate technical and organizational measures. Our service providers in third countries are either located in countries that have an adequate level of data protection recognized by the European Commission (Art. 45 GDPR) or have put in place appropriate safeguards (Art. 46 GDPR).
Adequate Level of Protection: The provider is based in a country whose adequate level of data protection has been recognized by the European Commission. For moreinformation, see: Adequacy decisions (europa.eu)
EU Standard Contractual Clauses: Our provider has adopted the EU Standard Contractual Clauses to ensure secure data transfer. For more information, please visit: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en
Binding Corporate Rules: Article 47 of the GDPR provides for the possibility of ensuring data protection during data transfers to a third country through binding internal data protection rules. These are reviewed and approved by the competent supervisory authorities as part of the consistency procedure under Article 63 of the GDPR.
Consent: Furthermore, data will only be transferred to a third country that does not provide an adequate level of protection if you have given us your consent in accordance with Article 49(1)(a) of the GDPR or if another exception under Article 49 of the GDPR applies to the data transfer.
14 Your Rights
You have the following rights with respect to the personal data we hold about you:
14.1 Right to Withdraw Consent (see Art. 7 of the GDPR)
If you have given your consent to the processing of your data, you may revoke it at any time. Such a revocation affects the lawfulness of the processing of your personal data going forward, once you have notified us of it. You may revoke your consent verbally (including remotely) or in writing by mail or email.
14.2 Right of Access (see Art. 15 of the GDPR)
If you submit a request for information, you must provide sufficient details regarding your identity and prove that the information in question pertains to you. The request concerns the following information:
· the purposes for which the personal data is processed;
· the categories of personal data that are processed;
· the recipients or categories of recipients to whom your personal data has been or will be disclosed;
· the planned duration of the storage of your personal data or, if specific details cannot be provided, the criteria used to determine the storage period;
· the existence of a right to have personal data concerning you rectified or erased, a right to restrict processing by the controller, or a right to object to such processing;
· the existence of a right to lodge a complaint with a supervisory authority;
· all available information regarding the origin of the data, if the personal data is not collected from the data subject;
· the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR; and—at least in such cases—meaningful information regarding the logic involved, as well as the scope and intended effects of such processing on the data subject.
14.3 Right to Rectification or Erasure (see Articles 16 and 17 of the GDPR)
You have the right to request that we, as the data controller, correct and/or complete your personal data if the personal data we process about you is inaccurate or incomplete. The data controller must make the correction without delay.
In addition, you may request the erasure of your personal data if any of the following reasons apply to you:
· The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
· You withdraw your consent on which the processing was based pursuant to Art. 6(1), first sentence, (a) or Art. 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
· You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
· The personal data concerning you has been processed unlawfully.
· The erasure of your personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
· The personal data concerning you was collected in connection with information society services offered in accordance with Article 8(1) of the GDPR.
If we have made your personal data public and are required to erase it pursuant to Article 17(1) of the GDPR, we will take all reasonable steps to inform other data controllers that you have requested the removal of all links to this personal data or of copies or replicas of this personal data.
The right to erasure does not apply if the processing is necessary:
· to exercise the right to freedom of expression and information;
· to comply with a legal obligation that requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
· for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) of the GDPR;
· for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, to the extent that the aforementioned right is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
· to assert, exercise, or defend legal claims.
14.4 Right to Restriction of Processing (see Art. 18 of the GDPR)
Under the following conditions, you may request that we restrict the processing of your personal data:
· if you dispute the accuracy of your personal data for a period that allows us to verify the accuracy of your personal data;
· the processing is unlawful and you object to the erasure of the personal data and instead request the restriction of its use;
· we no longer need the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims, or
· if you have objected to the processing pursuant to Article 21(1) of the GDPR and it has not yet been determined whether our legitimate grounds override your interests.
If the processing of your personal data has been restricted, such data—with the exception of its storage—may be processed only with your consent, or for the purpose of asserting, exercising, or defending legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the Union or a Member State.
If the restriction on processing has been imposed in accordance with the above conditions, we will notify you before the restriction is lifted.
14.5 Right to Information (see Art. 19 of the GDPR)
If you have exercised your right to rectification, erasure, or restriction of data processing with us, we are obligated to notify all recipients of your personal data of the rectification, erasure, or restriction of data processing. This applies only to the extent that such notification is not impossible or would involve a disproportionate effort.
You have the right to know which recipients have received your data.
14.6 Right to Data Portability (see Art. 20 of the GDPR)
You have the right to receive your personal data from us in a commonly used, machine-readable format so that you can, if necessary, have it transferred to another data controller, provided that
· the processing is based on consent pursuant to Article 6(1), first sentence, letter a) of the GDPR or Article 9(2), letter a) of the GDPR, or on a contract pursuant to Article 6(1), first sentence, letter b) of the GDPR, and
· processing is carried out using automated means.
When exercising your right to data portability, you have the right to request that we transfer your personal data directly to another data controller, provided that this is technically feasible.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
14.7 Right to Object to Processing (see Art. 21 of the GDPR)
To the extent that we base the processing of your personal data on a legitimate interest on our part (pursuant to Article 6(1), first sentence, subparagraph (f) of the GDPR), you may object to such processing. The same applies if we base the data processing on Article 6(1), first sentence, subparagraph (e) of the GDPR.
If you exercise such a right to object, please explain the reasons why we should not process your personal data in the manner we have been doing. In the event of a justified objection, we will review the situation and either cease or adjust the data processing, or explain to you our compelling legitimate grounds for continuing the processing.
14.8 Right to lodge a complaint with the competent supervisory authority (see Art. 77 of the GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority—in particular, in the Member State where you reside, where you work, or where the alleged infringement occurred—if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint was submitted will inform you of the status and outcome of the complaint, including the possibility of seeking judicial remedy under Article 78 of the GDPR.
15 How to Exercise These Rights
To exercise these rights, please contact our Data Protection Officer:
Christina Webersohn of WS Datenschutz GmbH
or by mail:
WS Datenschutz GmbH
51 Dircksenstraße
D-10178 Berlin
16 Subject to Change
We reserve the right to amend this Privacy Policy in accordance with applicable laws.
As of April 2026