Data Privacy

Privacy Policy

This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “Data”) within our online offering and related websites, functions, and content, as well as external online presences such as our social media profiles (collectively referred to as the “Online Offering”). With regard to the terminology used (e.g. “processing” or “controller”), we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller:

Name/Company: Stefan Mueller Sole Proprietorship
Address: Niederwindhagener Str. 56, 53578 Windhagen, Germany
Owner: Stefan Mueller
Phone number: +49 1525 3963817
Email: mueller@leenway.com

Data Protection Officer:

Name/Company: Stefan Mueller Sole Proprietorship
Address: Niederwindhagener Str. 56, 53578 Windhagen, Germany
Owner: Stefan Mueller
Phone number: +49 1525 3963817
Email: mueller@leenway.com

Types of data processed:

• Personal data (e.g. names, addresses)

• Contact data (e.g. email, phone numbers)

• Content data (e.g. text entries, photographs, videos)

• Contract data (e.g. subject matter, duration, customer category)

• Payment data (e.g. bank details, payment history)

• Usage data (e.g. websites visited, interest in content, access times)

• Meta/communication data (e.g. device information, IP addresses)

Processing of special categories of data (Art. 9 (1) GDPR):
We do not process special categories of data.

Categories of data subjects:

• Customers, prospective customers, visitors and users of the online offering, business partners

• Visitors and users of the online offering (hereinafter collectively referred to as “Users”)

Purpose of processing:

• Provision of the online offering, its content, and shop functions

• Performance of contractual services, customer service, and support

• Responding to contact requests and communication with users

• Marketing, advertising, and market research

• Security measures

Last updated: November 2020

1. Terminology

1.1 “Personal data” means any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.2 “Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data.

1.3 “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data.

2. Legal bases

In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. Unless otherwise specified in this Privacy Policy, the following applies:

• Consent: Art. 6 (1) (a) and Art. 7 GDPR

• Performance of contractual obligations and responding to inquiries: Art. 6 (1) (b) GDPR

• Compliance with legal obligations: Art. 6 (1) (c) GDPR

• Protection of our legitimate interests: Art. 6 (1) (f) GDPR

• Protection of vital interests of the data subject or another natural person: Art. 6 (1) (d) GDPR

3. Changes and updates to the Privacy Policy

We ask you to regularly review the content of this Privacy Policy. We will update it whenever changes in our data processing activities make this necessary. We will inform you if such changes require your participation (e.g. consent) or any other individual notification.

4. Security measures

4.1 In accordance with Article 32 GDPR, we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, implementation costs, and the nature, scope, context and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons. These measures in particular include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, transfer, availability and separation of the data. We also have procedures in place to ensure the exercise of data subject rights, data deletion, and responses to data threats. Furthermore, we take into account the protection of personal data in the development or selection of hardware, software, and processes, in line with the principle of data protection by design and by default (Article 25 GDPR).

4.2 A key security measure is the encrypted transmission of data between your browser and our server.

5. Disclosure and transfer of data

5.1 We disclose, transmit, or otherwise grant access to data to other persons or companies (processors or third parties) only on the basis of a legal permission (e.g. if transmission of data to third parties such as payment service providers is necessary for contract fulfilment under Art. 6 (1) (b) GDPR), if you have given consent, if we are legally obliged to do so, or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, legal or business advisors, customer management, accounting, invoicing and similar services that enable us to efficiently and effectively fulfil our contractual and administrative duties).

5.2 If we commission third parties with data processing on the basis of a so-called “data processing agreement,” this is done in accordance with Article 28 GDPR.

6. Transfer of data to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the context of using services of third parties, disclosure or transfer of data to third parties, this will only take place if it is necessary for fulfilling our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or based on our legitimate interests.
Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Articles 44 et seq. GDPR are met. This means, for example, processing on the basis of officially recognized guarantees of a data protection level equivalent to that of the EU (e.g. an adequacy decision / “Privacy Shield”-type framework) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

7. Rights of data subjects

7.1 You have the right to request confirmation as to whether data concerning you is being processed, and to request information about this data as well as further details and a copy of the data, pursuant to Article 15 GDPR.

7.2 Pursuant to Article 16 GDPR, you have the right to request the correction of inaccurate data concerning you or to have incomplete data completed.

7.3 Pursuant to Article 17 GDPR, you have the right to request the immediate erasure of data concerning you, or alternatively, pursuant to Article 18 GDPR, to request restriction of processing.

7.4 You have the right to receive the data you have provided to us pursuant to Article 20 GDPR and to request its transmission to other controllers.

7.5 Additionally, pursuant to Article 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.

8. Right of withdrawal (consent)

You have the right to withdraw consent you have given pursuant to Article 7(3) GDPR with effect for the future.

9. Right to object

You have the right to object at any time to the future processing of your personal data pursuant to Article 21 GDPR. This applies in particular to processing for direct marketing purposes.

10. Cookies and the right to object to direct marketing

10.1 “Cookies” are small files stored on the users’ devices. Different types of information can be stored in a cookie. Primarily, cookies are used to store information about a user (or the device on which the cookie is stored) during and/or after their visit to an online service. “Session cookies” or “transient cookies” are cookies that are deleted after a user leaves an online service and closes the browser. For example, a session cookie can store the contents of a shopping cart in an online shop or the login status. “Permanent” or “persistent” cookies remain stored even after the browser is closed. For example, the login status can be saved if the user returns after several days. Likewise, user interests can be stored in such a cookie and used for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the controller operating the online service (if they are only the controller’s own cookies, they are called “first-party cookies”).

10.2 We use both temporary and permanent cookies and explain this in this Privacy Policy.
If users do not want cookies stored on their device, they are asked to disable the corresponding option in their browser’s system settings. Cookies already stored can be deleted in the browser’s system settings. Blocking cookies may limit the functionality of this online service.

10.3 A general objection to the use of cookies for online marketing purposes (especially tracking) can be declared via various services, such as the US site aboutads.info/choices/ or the EU site youronlinechoices.com/. In addition, storing cookies can be disabled in the browser settings. Please note that in this case, some functions of this online service may not be fully usable.

11. Deletion of data

11.1 The data we process will be deleted or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated otherwise in this Privacy Policy, data we store will be deleted as soon as it is no longer required for its intended purpose and no legal retention obligations prevent deletion. If data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

11.2 In Germany, retention is in particular for six years pursuant to §257(1) of the German Commercial Code (HGB) (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting documents, etc.) and for ten years pursuant to §147(1) of the German Fiscal Code (AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

11.3 In Austria, retention is generally seven years pursuant to §132(1) of the BAO (accounting records, supporting documents/invoices, accounts, receipts, business documents, statements of income and expenses, etc.), 22 years in relation to real estate, and ten years for records relating to services provided electronically, telecommunications, radio, and television services provided to non-business customers in EU Member States for which the Mini-One-Stop-Shop (MOSS) is used.

12. Order processing in the online shop and customer account

12.1 We process our customers’ data in the context of ordering processes in our online shop in order to enable them to select and order chosen products and services, as well as to allow payment and delivery or execution.

12.2 Processed data includes inventory data, communication data, contract data, payment data. The data subjects are our customers, prospects, and other business partners. Processing is carried out to provide contractual services within the operation of an online shop, for billing, delivery, and customer service. For this we use session cookies to store cart content and permanent cookies to store login status.

12.3 Processing is based on Art. 6 (1) (b) GDPR (fulfilment of ordering transactions) and Art. 6 (1) (c) GDPR (legally required archiving). Required information is essential and necessary for contract conclusion and fulfilment. We disclose data to third parties only within the scope of delivery, payment, or where legally permitted and required — for example to legal advisors and authorities. Data is processed in third countries only if necessary for contract performance (e.g. at the customer's request for delivery or payment).

12.4 Users may optionally create a user account, which allows them to view their orders. Required mandatory information is communicated to users during registration. User accounts are not public and cannot be indexed by search engines. If users terminate their account, the account data will be deleted unless retention is required for commercial or tax reasons in accordance with Art. 6 (1) (c) GDPR. Information in the customer account remains until deletion and will be archived if legally required. It is the user’s responsibility to back up their data before the end of the contract if they cancel.

12.5 When registering, logging in, and using our online services, we store the IP address and the time of each user action. Storage is based on our legitimate interests and those of the user in protection against misuse and other unauthorized use. In principle, these data are not transferred to third parties unless required to pursue claims or there is a legal obligation under Art. 6 (1) (c) GDPR.

12.6 Data is deleted after expiry of statutory warranty obligations and similar obligations; the necessity of retaining the data is reviewed every three years. In the case of legal archiving obligations, deletion occurs after those obligations expire (end of commercial retention periods (6 years) and tax retention periods (10 years)). Information in the customer account remains until it is deleted.

13. Business analysis and market research

13.1 To operate our business economically, recognize market trends, and understand customer and user preferences, we analyze the data available from business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, and metadata on the basis of Art. 6 (1) (f) GDPR. Data subjects include customers, prospects, business partners, visitors, and users of the online service. The analyses are carried out for business evaluations, marketing, and market research. We may take into account profiles of registered users with details such as purchase transactions. These analyses help us improve usability, optimize our offering, and ensure economic efficiency. Analyses are for our internal use only and are not disclosed externally unless they are anonymous and aggregated.

13.2 If these analyses or profiles are personal, they will be deleted or anonymized upon user termination, or otherwise after two years following contract termination. Overall economic analyses and general trend assessments are created anonymously whenever possible.

Credit check for customers
A credit check is permitted if there is a risk of payment default, e.g. if goods are delivered without advance payment (e.g. “purchase on invoice”). There is no payment risk if the customer chooses prepayment or a third-party payment service like PayPal.

Obtaining an automated credit check is considered an “automated decision” under Article 22 GDPR, i.e. a legal decision without human involvement. This is allowed if the customer consents or if the decision is necessary for contract conclusion. To reduce legal risk, you should obtain consent.

Consent is also necessary if the credit check is used to decide whether to offer “purchase on invoice.” If the customer chose prepayment or PayPal, the credit check would otherwise not be necessary.

Sample consent text:
“I consent to a credit check being carried out in order to make an automated decision (Art. 22 GDPR) about whether the ‘purchase on invoice’ option will be offered. More information on the credit check, credit agencies used, the process, and objection options can be found in our [Link]Privacy Policy[/Link].”

14. Credit check

14.1 If we provide services in advance (e.g. purchase on invoice), we reserve the right to obtain a credit report from specialized service providers (credit agencies) in order to assess the credit risk, based on mathematical and statistical methods, to protect our legitimate interests.

14.2 As part of the credit check, we will transmit the following personal data of the customer (name, postal address, date of birth, contract details, bank details [specify any other relevant data]) to the following credit agencies: e.g. SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany. Privacy notice: https://www.schufa.de/de/ueber-uns/daten-scoring/

14.3 We will evaluate the information received from the credit agencies regarding the statistical probability of default using reasonable discretion in order to decide on the establishment, performance, and termination of the contractual relationship. In the event of a negative credit report, we may refuse payment by invoice or any other form of advance service.

14.4 The decision whether we provide services in advance is made solely on the basis of an automated individual decision as defined by Article 22 GDPR, carried out by our software on the basis of information provided by the credit agency.

14.5 If we obtain your explicit consent, the legal basis for the credit report and the transfer of customer data to the credit agencies is consent according to Art. 6 (1) (a) and Art. 7 GDPR. If no consent is obtained, the legal basis is our legitimate interest in securing our claims pursuant to Art. 6 (1) (f) GDPR.

15. Contact and Customer Support

15.1 When contacting us (via contact form or email), the user’s details are processed in order to handle the request and its resolution pursuant to Art. 6 (1) (b) GDPR.

15.2 User information may be stored in our Customer Relationship Management (CRM) system or comparable request management systems.

15.3 We delete the inquiries when they are no longer necessary. We review necessity every two years. Inquiries from customers with a user account are stored permanently; deletion depends on what is stated in the customer account section. In addition, statutory archiving obligations apply.

16. Collection of access data and log files

16.1 On the basis of our legitimate interests under Art. 6 (1) (f) GDPR, we collect data on every access to the server on which this service is located (so-called server log files). Access data includes: name of the accessed webpage, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

16.2 Log file information is stored for security reasons (e.g. for investigating abuse or fraud) for a maximum period of seven days and then deleted. Data that must be retained as evidence is excluded from deletion until the incident has been fully resolved.

17. Online presence on social media

17.1 Based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR (i.e. interest in communication with active customers, interested parties, and users, and in informing them about our services), we maintain online presences within social networks and platforms. When accessing those networks and platforms, the terms and conditions and data processing policies of the respective operators apply.

17.2 Unless otherwise stated in this Privacy Policy, we process user data when they interact with us on social networks and platforms (e.g. by posting on our profiles or sending us messages).

18. Google Analytics

18.1 Based on our legitimate interests (i.e. the interest in analysis, optimization, and the efficient operation of our online offering within the meaning of Art. 6 (1) (f) GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie regarding users’ use of the online offering is generally transmitted to a Google server in the USA and stored there.

18.2 Google is certified under the Privacy Shield, which guarantees compliance with European data protection law.

18.3 Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on activities within this online offering, and to provide us with other services associated with the use of this online offering and the internet. For this purpose, pseudonymous usage profiles of the users may be created from the processed data.

18.4 We use Google Analytics only with IP anonymization enabled. This means that within EU Member States or other contracting states to the Agreement on the European Economic Area, Google shortens users’ IP addresses. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

18.5 The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by configuring their browser software accordingly. In addition, users can prevent Google from collecting the data generated by the cookie and related to their use of the online offering, as well as from processing this data, by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout

18.6 For more information on Google’s use of data, settings options, and opt-out possibilities, please see:
google.com/intl/de/policies/privacy/partners (Use of data by Google when you use sites or apps of our partners),
policies.google.com/technologies/ads (Use of data for advertising purposes),
adssettings.google.com/authenticated (Manage information Google uses to show you ads).

19. Google Marketing Services

19.1 Based on our legitimate interests (i.e. analysis, optimization, and economic operation of our online offering pursuant to Art. 6 (1) (f) GDPR), we use the marketing and remarketing services of Google LLC (“Google”).

19.2 Google is certified under the Privacy Shield.

19.3 Google’s marketing services allow us to display ads for and on our website in a more targeted manner so that users are only shown ads that potentially match their interests (“remarketing”). To achieve this, a code is executed by Google when our website and other websites that use Google’s marketing services are accessed, and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are embedded in the website. With their help, a unique cookie is stored on the user’s device (comparable technologies may also be used instead of cookies). The cookie records which websites the user visits, which content they are interested in, and which offers they have clicked on. Technical information about the browser and operating system, referring websites, visit time, and other details about the use of the online offering are also stored. The user’s IP address is also recorded, but IP addresses are shortened within EU Member States or other EEA countries. Only in exceptional cases is the full IP transferred to a Google server in the USA and shortened there. The IP address is not merged with the user's other data within other Google services. The information mentioned may also be combined by Google with such information from other sources. If the user later visits other websites, they may see ads tailored to their interests.

19.4 User data is processed pseudonymously within Google marketing services. That means Google does not store and process the name or email address of the user but processes the relevant data in relation to cookies within pseudonymous user profiles. From Google’s point of view, ads are managed for the cookie owner, not a specifically identified person. This does not apply if the user has expressly allowed Google to process data without pseudonymization. The information collected about users is transmitted to Google and stored on Google servers in the USA.

19.5 One of the Google marketing services we use is “Google AdWords.” In connection with Google AdWords, each AdWords customer receives a different “conversion cookie.” Cookies cannot, therefore, be tracked across the websites of different AdWords customers. The information collected using the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked their ad and were redirected to a page featuring a conversion tracking tag. However, they do not receive any information that personally identifies users.

19.6 We may integrate third-party ads using Google’s “DoubleClick” marketing service. DoubleClick uses cookies that enable Google and its partner websites to serve ads based on users’ visits to our website or other websites.

19.7 We may also use the “AdSense” service, which allows us to display third-party ads. AdSense uses cookies to enable Google and its partners to display ads based on users’ visits to our site or other sites.

19.8 We may also use “Google Optimizer,” which allows us to track the effects of various website changes (e.g. changes to input fields or design) via A/B testing. Cookies may be stored on users’ devices for these testing purposes, with only pseudonymous user data being processed.

19.9 In addition, we may use “Google Tag Manager” to integrate and manage Google analytics and marketing services on our website.

19.10 For more information about Google’s use of data for marketing purposes, please visit policies.google.com/technologies/ads and Google’s privacy policy at adssettings.google.com/authenticated.

Facebook Advanced Matching / Custom Audiences note:
We may also use Facebook’s “Advanced Matching” and “Custom Audiences” / “Lookalike Audiences,” where hashed data such as emails or phone numbers are transmitted to Facebook to create or expand target groups for advertising. Data is transmitted in encrypted form.
If you use this, you must also provide an opt-out mechanism.

20. Facebook, Custom Audiences, and Facebook Marketing Services

20.1 Within our online offering and based on our legitimate interests in analysis, optimization, and economic operation (Art. 6 (1) (f) GDPR), we use the “Facebook Pixel” from Facebook Inc. (or Facebook Ireland Ltd. for EU users).

20.2 Facebook is certified under the Privacy Shield.

20.3 The Facebook Pixel allows Facebook to identify the visitors of our online offering as a target group for displaying ads (“Facebook Ads”). We use the Facebook Pixel to display Facebook Ads to users who have shown interest in our offering or who have certain characteristics (e.g. interests in certain topics or products determined by the websites visited) that we transmit to Facebook (“Custom Audiences”). We also use the Facebook Pixel to ensure that our Facebook Ads match users’ potential interests and are not perceived as annoying. The Facebook Pixel also helps us measure the effectiveness of Facebook Ads for statistical and market research purposes (so-called “conversion tracking”).

20.4 Facebook processes data in accordance with Facebook’s Data Policy. General information on how Facebook Ads work can be found in Facebook’s Data Policy. More specific information on the Facebook Pixel can be found in Facebook’s Help Center.

20.5 You can object to the collection of your data via the Facebook Pixel and the use of your data to display Facebook Ads. You can adjust your ad preferences on Facebook. These settings apply across devices.

20.6 You can also refuse the use of cookies for reach measurement and advertising via the Network Advertising Initiative opt-out page (optout.networkadvertising.org/) and via the US site aboutads.info/choices or the EU site youronlinechoices.com/uk/your-ad-choices/.

21. Facebook Social Plugins

21.1 Based on our legitimate interests under Art. 6 (1) (f) GDPR (analysis, optimization, and efficient operation of our online offering), we use social plugins (“Plugins”) from the social network Facebook, operated by Facebook Ireland Ltd. The plugins can display interactive elements or content (e.g. videos, graphics, or text posts) and are identifiable by Facebook logos (e.g. white “f” on blue background, “Like” or a thumbs-up symbol) or marked “Facebook Social Plugin.”

21.2 Facebook is certified under the Privacy Shield.

21.3 When a user accesses a function of our online offering that includes such a plugin, their device establishes a direct connection with Facebook’s servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offering. This allows usage profiles to be created from the processed data. We have no influence on the scope of data that Facebook collects using this plugin.

21.4 Through the integration of the plugin, Facebook receives information that a user has accessed the corresponding page of our online offering. If the user is logged into Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plugins (e.g. click “Like” or comment), this information is transmitted directly from their device to Facebook and stored there. Even if a user is not a Facebook member, Facebook may still collect and store their IP address. According to Facebook, in Germany only anonymized IPs are stored.

21.5 For information on the purpose and scope of data collection, further processing and use of the data by Facebook, as well as related rights and privacy settings, please refer to Facebook’s Privacy Policy.

21.6 If a user is a Facebook member and does not want Facebook to collect data about them via our online offering and link it with their account, they must log out of Facebook and delete their cookies before using our online offering. Further settings and objections to the use of data for advertising purposes are possible in the Facebook profile settings, via aboutads.info/choices, or via youronlinechoices.com/. These settings apply across devices.

22. Reach Measurement with Matomo

22.1 As part of reach measurement with Matomo and based on our legitimate interests (i.e. the analysis, optimization, and economic operation of our online offering under Art. 6 (1) (f) GDPR), we process the following data: browser type and version, operating system used, country of origin, date and time of the server request, number of visits, time spent on the website, and external links clicked. The user’s IP address is anonymized before storage.

22.2 Matomo uses cookies stored on the user’s computer to enable analysis of how our online offering is used. Pseudonymous user profiles may be created from the processed data. Cookies are stored for one week. The information generated by the cookie regarding your use of this website is stored only on our server and is not transmitted to third parties.

22.3 Users may object to the anonymous collection of their data by Matomo at any time with effect for the future. In this case, an opt-out cookie will be stored in your browser, preventing Matomo from collecting any session data. If users delete their cookies, this opt-out cookie will also be deleted and must be reactivated.

22.4 [Insert Matomo opt-out iFrame and ensure IP anonymization is enabled.]

23. Jetpack (WordPress Stats)

23.1 Based on our legitimate interests (i.e. analysis, optimization, and economic operation of our online offering pursuant to Art. 6 (1) (f) GDPR), we use the Jetpack plugin (specifically the “WordPress Stats” module), an analytics tool provided by Automattic Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA. Jetpack uses cookies that are stored on your computer and allow us to analyze your use of the website.

23.2 Automattic is certified under the Privacy Shield.

23.3 The information generated by the cookie about your use of this online offering is stored on a server in the USA. The processed data may be used to create user profiles, but these are only used for analysis and not for advertising purposes. More information can be found in Automattic’s Privacy Policy and in Jetpack’s Cookie Policy.

24. etracker

24.1 Based on our legitimate interests (i.e. analysis, optimization, and economic operation of our online offering pursuant to Art. 6 (1) (f) GDPR), we use the analytics service “etracker,” provided by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.

24.2 Pseudonymous user profiles can be created from the processed data. Cookies may be used for this purpose to enable recognition of your browser. The data collected using etracker technologies is not used to personally identify visitors to our website without the explicit consent of the data subjects and is not merged with personal data about the holder of the pseudonym. Personal data is processed only for us and is not merged with data collected via other online offerings.

24.3 You can object to the collection and storage of data by etracker at any time with effect for the future. When you opt out, an opt-out cookie named “cntcookie” will be set by etracker. Please do not delete this cookie as long as you wish to maintain your objection. For more information, see etracker’s Privacy Policy.

25. Criteo

25.1 Based on our legitimate interests (i.e. analysis, optimization, and economic operation of our online offering pursuant to Art. 6 (1) (f) GDPR), we use the services of Criteo GmbH, Gewürzmühlstr. 11, 80538 Munich, Germany.

25.2 Criteo’s services allow us to display more targeted ads on and for our website, showing users ads that potentially match their interests (“remarketing”). For this purpose, when our website and other sites where Criteo is active are visited, Criteo executes code and (re)marketing tags (invisible graphics/code, also known as “web beacons”) are embedded. This allows Criteo to store a unique cookie on the user’s device (or similar technology). The file records which websites the user has visited, what content they were interested in, what offers they clicked on, as well as technical information about browser and operating system, referring websites, time of visit, and other data about the use of the online offering. This information may also be combined with information from other sources by Criteo so that users can be shown interest-based ads on other websites.

25.3 For more information, including opt-out options, please refer to Criteo’s Privacy Policy.

26. Amazon Affiliate Program

26.1 Based on our legitimate interests (i.e. the economic operation of our online offering pursuant to Art. 6 (1) (f) GDPR), we participate in the Amazon EU affiliate program, which is designed to provide a means for websites to earn advertising fees by placing advertisements and links to Amazon.de. Amazon uses cookies to track the origin of orders. Among other things, Amazon can recognize that you clicked an affiliate link on our website.

26.2 For more information on how Amazon uses your data, please refer to Amazon’s Privacy Policy.

27. Communication by post, email, fax, or telephone

27.1 We use remote communication methods such as post, telephone, or email for business and marketing purposes. In doing so, we process personal data of the recipients, including name, address, contact details, and contractual data of customers, participants, interested parties, and communication partners.

27.2 This processing is based on Art. 6 (1) (a) and Art. 7 GDPR, and Art. 6 (1) (f) GDPR in connection with legal requirements for marketing communications. We only contact individuals with their consent or as permitted by law. Data is deleted when it is no longer required or when consent is withdrawn, unless other legal retention obligations apply.

Note: You should include a disclaimer in the newsletter signup form about newsletter content and tracking of open/click behavior, for example:
“Our newsletter contains information about our products, offers, promotions, and our company. You can find more information about data protection, revocation, and logging of data in our [LINK]Privacy Policy[/LINK].”

If you use an external email service provider, you must name them and include their privacy policy (e.g. CleverReach in Germany or MailChimp in the USA).

28. Newsletter

28.1 The following section explains the content of our newsletter, the signup, sending, and statistical analysis processes, and your rights to object. By subscribing to our newsletter, you agree to receive it and to the procedures described.

28.2 Newsletter content: We send newsletters, emails, and other electronic notifications containing promotional information (“newsletter”) only with the recipient’s consent or as permitted by law. If the content of the newsletter is specifically described during signup, it is binding for your consent. Otherwise, newsletters contain information about our products, offers, promotions, and our company.

28.3 Double opt-in and logging: Newsletter signup uses a double opt-in process. After registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can sign up using someone else’s email address. Newsletter registrations are logged to prove that the signup process complies with legal requirements. This includes storing the signup and confirmation times as well as the IP address. Changes to your data stored by the sending service provider may also be logged.

28.4 Sending service provider: Our newsletter is sent via “MailChimp,” a US-based platform provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. MailChimp is certified under the Privacy Shield.

28.5 If we use a sending service provider, they may use this data in pseudonymized form (i.e. without assigning it to a specific user) to optimize or improve their own services (e.g. improve the technical delivery and display of the newsletter or for statistical purposes to determine from which countries recipients come). However, the sending service provider does not use the data of our newsletter recipients to contact them independently or pass it on to third parties.

28.6 Registration data: To sign up, you only need to provide your email address. Optionally, we ask for a name so we can address you personally.

28.7 Statistical analysis: We analyze user behavior in relation to the newsletter. This includes analyzing open rates and click behavior, i.e. how users interact with our newsletter. This analysis is done for statistical purposes and helps us understand our users’ interests so we can tailor future newsletters. Analysis also helps us test different layouts and content. The data collected in this way is deleted after statistical evaluation. Users can unsubscribe from the newsletter at any time.