Privacy Policy

Data privacy statement

of BERG & KRAFT GMBH

Last updated: 01 August 2019

INTRODUCTION

This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the associated websites, functions and content as well as external online presences, such as our social media profile. (hereinafter jointly referred to as "online offer")

- In the first section of the data protection declaration you will find information on the person responsible for processing as well as an overview of our processing procedures.

- In the second section you will find information on your rights, the relevant legal norms and general information on our processing of data.

- The third section contains information on the individual processing operations. This section is divided into further areas, such as core services, range measurement or marketing.

- The fourth and last section contains a glossary within the framework of the provision of our services with explanations and descriptions of the terms used within the framework of the data protection declaration. This means that if the terms used (such as "personal reference" or "cookie") are unknown to you, please refer to the last section. Otherwise, all terms used (e.g. "responsible person" or "user") are to be understood gender-neutrally.

Section I - Responsible person and overview of data processing person in charge

- Contact data protection officer

- Types of data processed

- Processing of special categories of data (Art. 9 para. 1 DSGVO

- Categories of data subjects involved in the processing

- Purpose of processing

- Automated decision in individual cases (Art. 22 DSGVO)

Section II - Data subjects' rights, legal bases and general remarks

- Rights of data subjects

- right of withdrawal

- right of objection

- Cookies and right of objection in direct marketing

- Deletion of data and archiving obligations

- Changes and Updates to the Privacy Policy

- Applicable legal bases

- Data processing security

- Disclosure and transmission of data

- Transfers to third countries

Section III - Processing operations

- Core area of data processing

- Order processing in the online shop

- client account

- credit assessment

- Responding to inquiries and customer care

- Economic analyses and market research

- External online presences

- Online presences in social media

- Web server and security

- server logs

- Own global single sign-on process

- Embedded content and functions

- Google services and content

- Facebook features and content

- Instagram Features and Contents

- Functions and contents of Pinterest

- marketing

- Newsletter dispatch and performance measurement

- Communication by post, e-mail, fax or telephone

- Sweepstakes and competitions

- Reach measurement, online marketing and technology partners

- Google Tag Manager

- Google Analytics

- Google AdWords

- Google Double Click

- Facebook pixels

Section IV - Definitions of terms

SECTION I - RESPONSIBLE AND OVERVIEW OF THE DATA PROCESSING OPERATIONS

Responsible:

BERG & KRAFT GMBH

Bahnhofstrasse 10, 6056 Kägiswil, Switzerland

Management: Alois Britschgi

Phone: + 41 41 662 89 89

E-mail: info@bergundkraft.com

Contact data protection officer:

E-Mail: ab@bergundkraft.com

Types of data processed:

- Inventory data (for example, names, addresses).

- Contact data (e.g., e-mail, telephone numbers).

- Content data (e.g., text input, photographs, videos).

- Contract data (e.g., subject matter of contract, duration, customer category).

- Payment data (e.g., bank details, payment history).

- Usage data (e.g., websites visited, interest in content, access times).

- Meta/contact data (e.g., device information, IP addresses).

Processing of special categories of data (Art. 9 para. 1 DSGVO):

No special categories of data are processed.

Categories of data subjects involved in the processing:

- Customers / interested parties / business partners.

- Visitors and users of the online offer.

In the following, we will refer to the data subjects collectively as "users".

Purpose of the processing:

- Provision of the online offer, its contents and functions.

- Provision of contractual services, service and customer care.

- Answering contact enquiries and communicating with users.

- Marketing, analysis of purchasing behaviour, usage behaviour, advertising and market research.

- Security measures.

Automated decision in individual cases (Art. 22 DSGVO):

- Credit assessment in the event of advance payment in accordance with Art. 22 DSGVO.

Status: August 2019

SECTION II - RIGHTS OF ACTION, LEGAL BASES AND GENERAL INFORMATION

Rights of data subjects

You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with Art. 15 DSGVO. You have accordingly. In accordance with Art. 16 DSGVO, you have the right to request the completion of data concerning you or the rectification of incorrect data concerning you.

Pursuant to Art. 17 DSGVO, you have the right to demand that the data concerned be deleted immediately or, alternatively, to demand that the processing of the data be restricted pursuant to Art. 18 DSGVO.

You have the right to demand that the data concerning you which you have provided to us be received in accordance with Art. 20 DSGVO and that it be transferred to other responsible parties.

Pursuant to Art. 77 DSGVO, you also have the right to file a complaint with the competent supervisory authority.

Right of withdrawal

They have the right to revoke consents granted pursuant to Art. 7 para. 3 DSGVO with effect for the future.

Right of objection

You may object at any time to the future processing of the data concerning you in accordance with Art. 21 DSGVO. In particular, you may object to the processing of your data for the purposes of direct marketing.

Cookies and right of objection in direct marketing

We use temporary and permanent cookies, i.e. small files that are stored on users' devices (explanation of the term and function, see last section of this privacy policy). In some cases, the cookies serve security purposes or are necessary for the operation of our online offer (e.g. for the presentation of the website) or to save the user's decision when confirming the cookie banner. In addition, we or our technology partners use cookies for range measurement and marketing purposes, about which users are informed in the course of the data protection declaration.

A general objection to the use of cookies for online marketing purposes can be raised for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/ . In addition, cookies can be saved by deactivating them in the browser settings. Please note that in this case not all functions of this online offer can be used.

Deletion of data and archiving obligations

The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 DSGVO. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.

According to legal requirements in Germany, data is stored for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (German Commercial Code) (books, records, management reports, accounting records, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 nos. 2 and 3, para. 4 HGB (German Commercial Code) (commercial letters).

Changes and updates of the data protection declaration

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

Applicable legal bases

In accordance with Art. 13 DSGVO we inform you about the legal basis of our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing in order to fulfil our services and carry out contractual measures as well as answer inquiries is Art. 6 para. 1 lit. b DSGVO, the legal basis for processing in order to fulfil our legal obligations is Art. 6 para. 1 lit. c DSGVO, and the legal basis for processing in order to safeguard our legitimate interests is Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.

The principles for commercial communication outside business relationships, in particular by post, telephone, fax and e-mail, are contained in § 7 UWG.

Security of data processing

We take appropriate technical and organisational measures in accordance with Art. 32 DSGVO, taking into account the state of the art, the implementation costs and the nature, extent, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk; these measures include in particular safeguarding the confidentiality, integrity and availability of data by controlling the physical access to the data as well as the access to, inputting, passing on, safeguarding the availability and separation of the data concerning them. In addition, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data and the response to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 DSGVO).

The security measures include in particular the encrypted transmission of data between your browser and our server.

With regard to data protection, employees are bound to secrecy, instructed and instructed, and possible liability consequences are pointed out.

Disclosure and transmission of data

If we disclose data to other persons and companies (contract processors or third parties) in the context of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, pursuant to Art. 6 Para. 1 lit. b DSGVO is necessary for the performance of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 DSGVO.

If we disclose, transfer or otherwise grant access to data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and beyond that on the basis of an order processing contract.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only occur if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Art. 44 ff. of the German Data Protection Act are met. DSGVO. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

SECTION III - PROCESSING

In the following you will find an overview of our processing activities, which we have subdivided into further areas of activity. Please note that the areas of activity are for orientation only and that the processing activities may overlap (e.g. the same data may be processed in several processes).

For reasons of clarity and comprehensibility, you will find the frequently repeated terms in Section IV of this Privacy Policy.

Core area of data processing

In this section you will find information on our core services and tasks, such as answering questions and providing our contractual services as well as the associated secondary tasks.

Order processing in the online shop

We process the data of our customers within the framework of the order processes in our online shop, in order to enable them to select and order the selected products and services, as well as their payment and delivery, or execution.

- Processed data: Stock data, contact data, contract data, payment data.

- Affected parties: customers, interested parties, business partners.

- Purpose of processing: Provision of contractual services within the framework of the operation of an online shop, billing, delivery, customer service.

- Type, scope, functionality of processing: Persistent cookies for shopping cart and login status.

- Legal basis: Art. 6 para. 1 lit. b (execution of order processes) and c (legally required archiving). DSGVO.

- Necessity / interest in processing: The data are necessary for the justification and fulfilment of the contract.

- Processing in third countries: No, only on customer request upon delivery or payment.

- Deletion of data: The deletion takes place after expiration of legal warranty and comparable obligations, the necessity of the retention of data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiration (end of commercial (6 years) and tax (10 years) retention obligation). Information in the customer account remains until its deletion.

Customer account

A customer account (which also includes the wish list) requires registration. Users can then track their orders in particular after entering their login data and use other functions of the customer account.

- Processed data: Stock data (first name, last name; email address; password (is stored in encrypted form)), contact data, contract data, payment data, product data/product preference, usage data, referrer data.

- Affected parties: customers, interested parties.

- Purpose of processing: Creation and operation of a customer account for the administration of the contractual relationship.

- Type, scope, functionality of processing: registration process, termination option.

- Legal basis: Art. 6 para. 1 lit. b. DSGVO.

- Protective measures: The users' public account information cannot be viewed or searched by external parties such as search engines or other users. Users are responsible for the secure storage of their access data.

- Necessity / interest in processing: The customer account is optional, data required for its operation. Mandatory fields are marked as such. In addition, each user decides for himself on further details.

- External disclosure and purpose: No.

- Processing in third countries: No.

- Deletion of data: Data remain in the customer account until its deletion with subsequent archiving in the case of a legal obligation (end of commercial (6 years) and tax (10 years) retention obligation).

Credit assessment

If we make advance payment (e.g. in the case of purchase on account), we reserve the right to obtain identity and creditworthiness information for the purpose of assessing the credit risk on the basis of mathematical-statistical procedures from specialised service companies (credit agencies) in order to safeguard legitimate interests. We process the information on the statistical probability of non-payment received from the credit agencies within the framework of an appropriate discretionary decision on the establishment, execution and termination of the contractual relationship. In the event of a negative result of the credit assessment, we reserve the right to refuse payment on account or any other advance payment.

- Processed data: Name, postal address, date of birth, details of the type of contract, bank details.

- Special categories of personal data: no.

- Legal basis: Art. 6 para. 1 lit. f. DSGVO; If based on the consent of the user, customers: Art. 6 para. 1 lit. a., Art. 7 DSGVO.

- Affected parties: customers, interested parties.

- Purpose of processing: Assessment of the probability of default of claims.

- Type, scope, functioning of the processing: We process the information received from the credit agencies on the statistical probability of non-payment within the framework of an appropriate discretionary decision on the establishment, performance and termination of the contractual relationship. In the event of a negative result of the credit assessment, we reserve the right to refuse payment on account or any other advance payment.

- Necessity / interest in processing: Business interests.

- Processing in third countries: no.

- Automated decision in individual cases pursuant to Art. 22 DSGVO: The decision as to whether we shall make advance payment shall be made in accordance with Art. 22 DSGVO solely on the basis of an automated decision in the individual case, which our software makes on the basis of the information provided by the credit agency without the cooperation of employees.

Responding to inquiries and customer care

We process the information in the enquiries we receive via our contact form and other means, e.g. via e-mail, in order to answer the enquiries. For these purposes, the inquiries may be stored in our Customer Relationship Management (CRM) system or in similar procedures that serve the administration of inquiries. We use so-called CRM software for customer relationship management (CRM system) purposes. With the help of this software, we can respond to inquiries more effectively and quickly.

- Processed data: Stock data, contact data, contract data, payment data, usage data, metadata; e.g.

- Affected parties: customers, interested parties, business partners, website visitors.

- Purpose of processing: Answering inquiries.

- Type, scope, functionality of processing: registration process, cancellation option.

- Legal basis: Art. 6 para. 1 lit. a./ b. DSGVO.

- Necessity / interest in processing: Necessary to answer queries, optimisation, user-friendliness, economic interests.

- Protective measures: Contract processing agreement.

- Processing in third countries: USA.

- Guarantee for processing in third countries: www.privacyshield.gov.

- Deletion of data: We delete the inquiries, if these are no longer necessary. We check the necessity every two years; requests from customers who have a customer account are stored permanently and refer to the customer account details for deletion. In the case of legal archiving obligations, deletion takes place after their expiration (end of commercial law (6 years) and tax law (10 years) retention obligation).

Economic analyses and market research

In order to operate our business economically, to identify market trends, customer and user wishes, we analyse the data available to us on business transactions, contracts, enquiries, etc., in order to identify the most suitable and appropriate solutions. For this purpose, we combine the personal data of the customers from registrations and orders with the behavioural data of the customers.

In the context of the economic evaluation we combine the data of the users independently of the used devices (e.g. if users use our on-line offer on a mobile or on a stationary device).

- Processed data: Inventory data, contact data, contract data, payment data, usage data and metadata, e.g. activity data emanating from e-mails via our online channels, e.g. data on the page accessed, page history, the device used, geo data and data for pseudonymised identification of the user profile).

- Legal basis: Art. 6 para. 1 lit. f. DSGVO.

- Affected parties: Customers, interested parties, business partners, visitors and users of the online offer.

- Purpose of processing: Business analysis, marketing, advertising, market research.

- Creation and operation of a customer account for the administration of orders.

- Type, scope, functionality of processing: profiling, interest-based advertising, first-party cookies.

- Necessity / interest in processing: Increase user friendliness, optimization of the offer, business efficiency.

- Protective measures: Order processing contract.

- Processing in third countries: USA.

- Guarantee for processing in third countries: Privacy Shield www.privacyshield.gov.

- Deletion of data: If a customer account has been created, with its termination, otherwise after two years from conclusion of contract. For the rest, the macroeconomic analyses and general trend provisions are prepared anonymously wherever possible.

Online presences in social media

We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services.

We would like to point out that user data may be processed outside the European Union. This can result in risks for users, as it could, for example, make it more difficult to enforce the rights of users. With regard to US providers that are certified under the Privacy Shield, we would like to point out that by doing so they commit themselves to comply with EU data protection standards.

In addition, user data is usually processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behavior and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, permanent cookies are usually stored on the user's computer, in which the user's usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

The processing of the personal data of the users takes place on the basis of our legitimate interests in effective information of the users and communication with the users in accordance with Art. 6 Para. 1 letter f. DSGVO. If the users are asked by the respective providers for their consent to data processing (i.e. declare their consent e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO.

For a detailed description of the respective processing operations and the opt-out options, please refer to the following linked information provided by the providers.

Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and give information. Should you nevertheless need help, you can contact us.

The links/buttons to social networks and platforms (hereinafter referred to as "social media") used within our online offer only establish contact between social networks and users when users click on the links/buttons and the respective networks or their websites are called up. This function corresponds to the mode of operation of a regular online link.

- Processed data: Inventory data, contact data, content data, usage data, metadata.

- Special categories of personal data: Basically no, except as stated by users.

- Legal basis: Art. 6 para. 1 lit a / Art. 6 para. 1 lit f. DSGVO.

- Affected parties: Users of social media presences (this may include customers and interested parties).

- Purpose of processing: Information and communication.

- Type, scope, mode of operation of the processing: By operators of the respective platforms as a rule: permanent cookies, tracking, targeting, remarketing, content-related and behavioural advertising.

- Necessity / interest in processing: Expectations of the users who are active on the platforms, business interests.

- External disclosure and purpose: vis-à-vis social networks/platforms.

- Deletion of data: The deletion rules of the respective platforms apply.

- Services used:

- Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or for users within the European Union: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

- Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) - Privacy Statement: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) - Privacy Statement / Opt-Out: http://instagram.com/about/legal/privacy/.

- Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) - Privacy Statement: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.

- Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) - Privacy Statement / Opt-Out: https://about.pinterest.com/de/privacy-policy.

Web Server and Security

server logs

The server on which this online offer is located collects so-called log files each time the online offer is accessed, in which user data is stored. The data serve on the one hand for statistical analysis to maintain and optimise server operation and on the other hand for security purposes, e.g. to identify potential unauthorised access attempts.

- Processed data: Usage data and metadata (name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, user's operating system, referrer URL (the previously visited page), IP address and the requesting provider).

- Special categories of personal data: no.

- Legal basis: Art. 6 para. 1 lit. f DSGVO.

- Affected parties: Customers, interested parties, visitors to the online offer.

- Purpose of processing: Optimisation of server operation and security monitoring.

- Necessity / interest in processing: security, business interests.

- Processing in third countries: no.

- Deletion of data: After 30 days from collection.

Own Global Single-Sign-On-Procedure

We use our own "Single Sign-On" procedure, which allows our users to log in with a user account within the online presences of our group of companies.

- Processed data: Inventory data (name, e-mail address, password (only processed by Facebook), user ID, user handle);

- External disclosure: Companies of the Nature's Design Group.

- Privacy policy: Please note this privacy policy.

- Processing in third countries: USA.

- Guarantee for processing in third countries: Privacy Shield www.privacyshield.gov.

Embedded content and functions

In this section we inform you which contents, software or functions (in short "contents") of other providers we embed within the scope of our online offer on the basis of Art. 6 Para. 1 lit. f DSGVO (so-called "embedding"). Embedding takes place in order to make our online offer more interesting for our users or for legal reasons, e.g. to be able to present videos or social media contributions within our online offer at all. Embedding can also serve to improve the speed or security of the online offer, e.g. if software elements or fonts are obtained from other sources. In all cases, the processed data includes the user and metadata of the users and also the IP address necessarily transmitted to the provider for embedding the content, and the affected persons include the visitors to our online service. The categories affected include the users of our online service, customers and interested parties. Further explanations can be found in the definitions of terms, in particular with regard to functionalities and protective measures, at the end of this data protection declaration. The deletion of the data is determined by the data protection conditions of the providers of the embedded content.

Google services and content

We use the following services and contents of the provider Google: YouTube - Videos; Google Maps - Maps; Google Fonts - Fonts; Google - Recaptcha (detection of bots when entering forms).

- Processed data: Usage data, metadata.

- Type, scope, functionality of processing: permanent cookies, third party cookies, interest marketing, tracking.

- Special protective measures: Pseudonymisation, opt-out.

- Opt-out: http://tools.google.com/dlpage/gaoptout?hl=de, https://adssettings.google.com/.

- External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

- Privacy Policy: https://www.google.com/policies/privacy.

- Processing in third countries: USA.

- Guarantee for processing in third countries: Privacy Shield www.privacyshield.gov.

. - Deletion of data: The data will be deleted in accordance with the provisions of Google.

Functions and contents of Facebook

Functions and contents of the Facebook service can be integrated within our online offer. This may include, for example, content such as images, videos or texts and buttons with which users can express their interest in the content, the authors of the content or subscribe to our contributions.

- Processed data: Usage data, metadata; if users are registered with the service, the above data can be linked with their profiles and with the data stored with the service (in particular inventory data).

- Type, scope, functionality of processing: social plug-ins, permanent cookies, third-party cookies, interest based marketing, tracking, remarketing.

- Opt-Out: https://www.facebook.com/settings?tab=ads, http://www.youronlinechoices.com/uk/your-ad-choices/ (EU), http://www.aboutads.info/choices (US).

- Normal 0 21 false false false false DE X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name: "Normal Table"; mso-tstyle-rowband-size:0; mso-tyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family: "Times New Roman",serif;}

- Privacy policy: https://www.facebook.com/policy.

- External disclosure: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or for users within the European Union: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

- Processing in third countries: USA.

- Guarantee for processing in third countries: Privacy Shield www.privacyshield.gov.

- Deletion of data: The data will be deleted according to the Facebook regulations.

Instagram Features and Contents

The functions and content of the Instagram service can be integrated into our online offering. This may include, for example, content such as images, videos or text and buttons with which users can express their favor about the content, the authors of the content or subscribe to our contributions.

- Processed data: Usage data, metadata; if users are registered with the Service, the above data can be linked to their profiles and to the data stored with the Service (in particular inventory data).

- Type, scope, functionality of processing: social plug-ins, permanent cookies, third-party cookies, interest based marketing, tracking, remarketing.

- External disclosure: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

- Privacy Statement: https://help.instagram.com/155833707900388.

- Processing in third countries: USA.

- Guarantee for processing in third countries: Privacy Shield www.privacyshield.gov.

- Deletion of data: The data will be deleted in accordance with the provisions of Instagram.

Functions and contents of Pinterest

Functions and contents of the Pinterest service can be integrated within our online offer. This may include, for example, content such as images, videos or texts and buttons with which users can express their interest in the content, the authors of the content or subscribe to our contributions.

- Type, scope, functionality of processing: social plug-ins, permanent cookies, third-party cookies, interest based marketing, tracking, remarketing.

- External disclosure: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA.

- Privacy Policy: https://about.pinterest.com/de/privacy-policy.

- Processing in third countries: USA.

- Deletion of data: The data will be deleted in accordance with the provisions of Pinterest.

Marketing

In this section you will find information on the data processing we carry out for the purpose of optimising our marketing and market research services.

Newsletter dispatch and performance measurement

We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as "newsletters") only with the consent of the recipient or a legal permission. The data of the subscribers are logged, since we are obliged to prove registrations. We also track whether newsletters have been opened and whether links have been clicked. For technical reasons, this information is stored on a personal basis for each user, but is not used to monitor individual users, but rather, for example, to adapt content and offers to users. Information which we should collect in addition to the e-mail address (e.g. name) is used to address the users personally or to adapt the contents of the newsletter to the users.

- Content of the newsletter: As stated in the registration form or in the e-mail preferences, otherwise information about our services and our company.

- Processed data: Inventory data (e-mail address), usage data (registration time, confirmation time double opt-in, IP address, opening of the e-mail, time and place, time and click on a link in the newsletter, referrer data, use of the online shop, thematic preferences).

- Special categories of personal data: no.

- Legal basis: Art. 6 Para. 1 lit. a, Art. 7 DSGVO and § 7 Para. 2 No. 3 UWG, Para. 3 (dispatch), Art. 6 Para. 1 lit. c in connection with Art. 7 para. 1 DSGVO (recording), Art. 6 para. 1 lit. f DSGVO (performance measurement).

- Affected parties: E-mail recipient

- Purpose of processing: newsletter dispatch, optimisation, proof of consent.

- Type, scope, functionality of processing: web beacon.

- Necessity / interest in processing: Only the e-mail address is required for sending, the other details are voluntary and serve to personalise and optimise the content on the basis of the interests of the user; the obligation to provide proof of consent is the reason for the logging; the performance measurement is carried out on the basis of justified interests in optimising the content for the user and on the basis of business interests. - Opt-Out: A cancellation link is included in every newsletter.

- External disclosure and purpose: Newsletter2go GmbH, Köpenicker Str. 126, 10179 Berlin, Germany

- Privacy policy: https://www.newsletter2go.ch/datenschutz-uebersicht/

- Protective measures: Contract processing agreement.

- Processing in third countries: USA.

- Guarantee for processing in third countries: Privacy Shield www.privacyshield.gov

- Deletion of data: After unsubscribing from the newsletter, the e-mail addresses will be stored for two years for the purpose of proving the earlier registration including protocol data for registration (time, IP address) and then deleted.

Communication by post, e-mail, fax or telephone

Dispatch of information material, telephone contact.

- Processed data: Usage data, inventory data, address and contact data, contract data.

- Special categories of personal data: no.

- Legal basis: Art. 6 para. 1 lit. a, Art. 7 DSGVO, Art. 6 para. 1 lit. f DSGVO in connection with legal requirements for advertising communications.

- Affected parties: customers, participants, interested parties, communication partners.

- Purpose of processing: Advertising communication.

- Type, scope, mode of operation of processing: Contact is only established with the consent of the contact partners or within the scope of the legal permissions.

- Necessity / interest in processing: Information and business interests.

- External disclosure and purpose: No.

- Processing in third countries: No.

- Deletion of data: With objection/ revocation or discontinuation of the grounds for entitlement.

Prize draws and competitions

In the context of competitions and competitions (in short "sweepstakes") we process the data of the participants for the execution of the sweepstakes. The users receive further information on the processing of their data within the scope of the individual sweepstakes as well as possible consents to the publication of their names or sweepstake contributions within the conditions of participation of the respective sweepstakes.

- Processed data: Inventory data, contact data, content data (e.g. contributions to competitions).

- Special categories of personal data: no.

- Legal basis: 6 para. 1 lit. b DSGVO.

- Affected parties: Participants

- Purpose of the processing: Conduction of competitions, notification of winnings, dispatch of winnings, possibly presentation of winners.

- External disclosure and purpose: forwarding company for the purpose of sending prizes, possibly partners and sponsors of prizes.

- Processing in third countries: No, except shipping of prizes abroad.

- Deletion of data: As soon as the data is not required for the execution of the lottery (e.g. in the event of queries regarding winnings); when winners or contributions to the lottery are published, they remain permanently online; otherwise archiving in the event of a legal obligation (end of commercial law (6 years) and tax law (10 years) retention obligation).

Range measurement, online marketing and technology partners

In this section, we inform you which services of technology partners are used for range measurement and online marketing purposes. Their use is based on Art. 6 Para. 1 lit. f DSGVO and our interest in increasing user friendliness, optimising our services and their economic viability. In all cases, the processed data includes the usage data and the metadata. Special categories of data are not processed. Affected are customers, interested parties and other visitors of our online offer. Further explanations can be found in the definitions of terms, in particular with regard to functionalities and protective measures, at the end of this data protection declaration. Unless otherwise stated, the deletion of the data is determined in accordance with the data protection declarations of the technology partners.

Google Analytics

We use Google Analytics for the purposes of range measurement and target group formation.

- Processed data: Usage data, metadata, customer ID with us (Google only receives the customer ID as a pseudonymous date without the associated inventory data, such as name, address or e-mail of the customer).

- Type, scope, functionality of processing: permanent cookies, third-party cookies, tracking, interest based marketing, profiling, custom audiences, remarketing.

- Special protective measures: Pseudonymisation, IP masking, conclusion of order processing contract, opt-out.

- Opt-Out: http://tools.google.com/dlpage/gaoptout?hl=de(Browser-Add-On), https://adssettings.google.com/ (setting for advertisements) .

- External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

- Privacy Statement: https://www.google.com/policies/privacy.

- Processing in third countries: USA. - Guarantee for processing in third countries: Privacy Shield www.privacyshield.gov.

- Deletion of data: 26 months.

- Disable web tracking: Web Tracking

Google Adwords

We use Google AdWords to serve and measure the success of ads on Google's and its partners' websites.

- Data processed: Usage data (conversion data), metadata.

- Type, scope, functionality of processing: permanent cookies, third-party cookies, tracking, conversion measurement, interest marketing, profiling.

- Special protective measures: Pseudonymisation, IP masking, conclusion of order processing contract, opt-out.

- Opt-Out: https://adssettings.google.com/.

- External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. - Privacy Statement: https://www.google.com/policies/privacy.

- Processing in third countries: USA.

- Guarantee for processing in third countries: Privacy Shield www.privacyshield.gov.

- Deletion of data: The data will be deleted in accordance with the provisions of Google.

Google Display Network

Google's double-click technology allows us to target visitors to our website with targeted advertising as part of marketing campaigns about our products on the websites of our advertising partners.

- Data processed: Usage data, metadata.

- Type, scope, functionality of processing: permanent cookies, third-party cookies, tracking, conversion measurement, interest based marketing, remarketing, cross device tracking, profiling.

- Special protective measures: Pseudonymisation, IP masking, conclusion of order processing contract, opt-out.

- Opt-Out: https://adssettings.google.com/.

- External disclosure: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. - Privacy Statement: https://www.google.com/policies/privacy.

- Processing in third countries: USA.

- Guarantee for processing in third countries: Privacy Shield www.privacyshield.gov.

- Deletion of data: The data will be deleted in accordance with the provisions of Google.

Facebook Pixel and Facebook Customer Audience Pixel

We use the Facebook pixel to form target groups and measure the success of the ads we place on Facebook.

- Processed data: Usage data, metadata; if users are registered with Facebook, the data is linked to their Facebook profiles and data belonging to them (in particular inventory data).

- Type, scope, functionality of processing: permanent cookies, third-party cookies, tracking, conversion measurement, interest based marketing, profiling, cross-device tracking, remarketing, cross-device tracking, custom audiences from website, custom audiences from file, lookalike audiences.

- Special protective measures: Encrypted communication between Facebook and our online services.

- Opt-Out: https://www.facebook.com/settings?tab=ads, http://www.youronlinechoices.com/uk/your-ad-choices/ (EU),http:www.aboutads.info/choices (US).

- External disclosure: Facebook Inc, 1601 Willow Road, Menlo Road, CA, 94025, USA

- Privacy policy: https://www.facebook.com/policy.

- Processing in third countries: USA.

- Guarantee for processing in third countries: Privacy Shield www.privacyshield.gov.

- Deletion of data: The deletion of the data is carried out by Facebook and takes place when the data of the customers are deleted in the context of the termination.

- Deactivate Web Tracking: Web Tracking

SECTION IV - DEFINITIONS OF TERMS

This section provides an overview of the terms used in this privacy statement. Many of the terms are taken from the law and defined above all in Art. 4 DSGVO. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to help you understand them. The terms are sorted alphabetically.

A/B Tests

A/B tests are designed to improve the usability and performance of online services. For example, users are presented with different versions of a website or its elements, such as input forms, on which the placement of the contents or labels of the navigation elements can differ. The behaviour of users, e.g. lengthy visits to the website or more frequent interaction with the elements, can then be used to determine which of these websites or elements are more suited to the needs of users.

Affiliate links

Affiliate links" are links used by the linking websites to refer users to websites with product or other offers. The operators of the respective linked websites can receive a commission if users follow the affiliate links and then take advantage of the offers. For this purpose, it is necessary for the providers to be able to track whether users who are interested in certain offers subsequently perceive them at the instigation of the affiliate links. It is therefore necessary for the functionality of affiliate links that they are supplemented by certain values that become part of the link or are otherwise stored, e.g. in a cookie. The values include in particular the source website (referrer), time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking specific values such as advertising media ID, partner ID and categorizations.

After-Sales

After Sales" are marketing procedures in which, for example, customers of an online shop are presented with advertising offers from other providers (which are usually based on the services or products purchased in the online shop). Otherwise, the functionality of after-sales corresponds to that of affiliate links.

Aggregated data

Aggregated data is aggregated data that is not personally identifiable and therefore not personally identifiable. For example, the visiting times of a website can be stored as average values.

Anonymous data

Anonymity exists when a person cannot at least be identified on the basis of a date by the responsible person with the means at his disposal. In particular, aggregated data may be anonymous.

Order processing/order processor

Processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Special categories of personal data

Such data shall include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data revealing the unique identity of a natural person, health data or data relating to the sex life or sexual orientation of a natural person.

Data Subject / Data Subject

See "Personal date".

Click tracking

"Clicktracking" allows you to keep track of the movements of users within an entire online offering. Since the results of these tests are more accurate if the user's interaction can be followed over a certain period of time (e.g. if a user would like to return), cookies are usually stored on the user's computer for these test purposes.

Conversion

"Conversion ", or "Conversion Measurement" means a method by which the effectiveness of marketing measures can be determined. For this purpose, a cookie is usually stored on the devices of the users within the websites on which the marketing measures are carried out and then called up again on the target website (e.g. we can thus trace whether the ads we placed on other websites were successful).

Cookies

Cookies" are small files that are stored on the user's computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user's visit to an online service. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the content of a shopping cart in an online shop or a login status within a community can be stored. Cookies are referred to as "permanent" or "persistent" and remain stored even after the browser is closed. For example, the login status can be stored in a community if users visit it after several days. The interests of users who are used for range measurement or marketing purposes (see e.g. remarketing) can also be stored in such a cookie. As "third party cookies", cookies will be offered by providers other than the responsible person who operates the online service (otherwise, if they are only their cookies, this is referred to as "first party cookies").

Cross-Device Tracking

Cookies and fingerprints are device-related. Cross-device tracking is required in order to evaluate the interests of users when using smartphones for advertisements on desktop PCs. Logins in social networks such as Facebook can be used for this purpose. Alternatively, location data, IP addresses and user behavior can be used to achieve up to 98% more precise user containment. Cookies and web beacons are usually used for cross-device tracking purposes.

Custom Audiences

Custom Audiences" (or "user-defined target groups") are defined when target groups are determined for advertising purposes, e.g. insertion of advertisements. For example, a user's interest in certain products or topics on the Internet can be used to deduce that the user is interested in advertisements for similar products or the online shop in which the user viewed the products. Lookalike Audiences" (or similar target groups) is the term used to describe content that is viewed as suitable by users whose profiles or interests are believed to correspond to the users to whom the profiles were created. Cookies and web beacons are usually used to create custom audiences and lookalike audiences. "Custom Audiences from Website" means that the target groups are formed on the basis of the visitors of the own web page. "Custom Audiences from File" means, for example, that a list of e-mail addresses is uploaded to the respective advertising network or platform in order to form the target groups.

Demographic data

Demographic data are general information on groups of persons or persons, e.g. characteristics such as age, sex, place of residence and social characteristics such as occupation, marital status or income. Demographic data is collected as part of reach measurement and online marketing for purposes of interest-based marketing or for business analyses that are used, for example, to determine target groups.

Third party

third party' means a natural or legal person, public authority, agency or any other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

Third country

Third countries are states in which the DSGVO is not a directly applicable law, i.e. in principle states which do not belong to the European Union (EU) or the European Economic Area (EEA).

Embedding

See "Embedding".

Consent

The data subject's 'consent' shall mean any voluntary, informed and unambiguous expression of his or her will in the particular case, in the form of a statement or other unambiguous affirmative act, by which the data subject indicates his or her consent to the processing of his or her personal data.

Embedding

With embedding (also "embedding"), external contents or software functions (see plugins) are integrated into the own online presence in such a way that they are displayed or executed on this online presence. No copy of the content is created because it is called from the original server (e.g. videos, pictures, contributions on social networks, widgets with ratings). When embedding, it is technically necessary for the content provider to collect the IP address of the user in order to display the embedded content in the user's browser. Furthermore, the content provider may, for example, store cookies on the user's devices.

Extended comparison

Advanced Matching" is a Facebook pixel option that means that users' inventory data such as phone numbers, email addresses, or Facebook IDs are transmitted to Facebook in encrypted form to form target groups for Facebook ads, and are used only for this purpose.

Error Tracking

Error tracking, for example, detects incorrectly executed program code in order to eliminate it and thus ensure the functionality and security of online services.

Fingerprints and other online identifiers

"Fingerprints" correspond in their function to cookies, whereby a file is not stored on the user's device. These digital fingerprints can, for example, be created individually as cross-sums from individual factors of devices, such as computing power or browser plug-ins for devices and thus used for range measurement, profiling, remarketing, interest and behavioral advertising.

First-Party Cookies

See "Cookies".

Heatmaps

"Heatmaps" are mouse movements of the users, which are combined to an overall picture, with the help of which it can be recognized, for example, which web page elements are preferred and which web page elements users prefer less.

IP address

The IP address ("IP" stands for Internet Protocol) is a sequence of numbers that can be used to identify devices connected to the Internet. When a user visits a Web site on a server, he or she tells the server his or her IP address. The server then knows that it must send the packets containing the content of the Web site to that address.

IP Masking

IP masking" is a method by which the last octet, i.e. the last two numbers of an IP address, are deleted so that the IP address can no longer be used for the unique identification of a person. IP masking is therefore a means of pseudonymizing processing methods, especially in online marketing.

Interest-based marketing or interest-related and/or behavioural advertising

Interest and/or behavioural advertising is when profiling is used to determine the potential interest of users in online behavioural advertising (OBA). Cookies and web beacons are generally used for these purposes.

Lookalike Audiences

See Custom Audiences.

Opt-in

Depending on the context, the term "opt-in" means as much as registration or consent. If a registration (e.g. by entering an e-mail address in an online form field) is confirmed by sending a confirmation e-mail to the owner of the e-mail address, this is referred to as a double opt-in (DOI).

Opt-Out

The term opt-out means as much as unsubscribe and can, for example, represent an objection (e.g. against tracking) or a cancellation (e.g. for newsletter subscriptions).

Opt-out cookie

An "Opt-Out-Cookie" is a small file (see "Cookies") which is stored in your browser and in which it is noted that a tracking service, for example, should not process your data. The "opt-out cookie" only applies to the browser in which it was saved, i.e. in which you clicked the opt-out link. If cookies are deleted in this browser, you must click the opt-out link again. Furthermore, an opt-out link can only be restricted to the domain on which the opt-out link was clicked.

Permanent Cookies

See "Cookies".

Personal date/ personal reference

Personal data - any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier (e.g. a cookie) or to one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Plugins/ Social Plugins

Plugins (or "social plugins" in the case of social functions) are third-party software functions that are integrated into the online offering. For example, they can be used to output interaction elements (e.g., a "Like" button) or content (e.g., external comment functions or contributions in social networks).

Profiling

Profiling" means any automated processing of personal data consisting of the use of such personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (including, depending on the type of profiling, information relating to age, gender, location and movement data, interaction with websites and their content, shopping behaviour, social interactions with other people) (e.g. interest in certain content or products, click behaviour on a website or location). Cookies and web beacons are often used for profiling purposes.

Privacy Shield

The EU-US Privacy Shield is an informal agreement in the field of data protection law negotiated between the European Union and the United States of America. It consists of a number of assurances from the US government and a decision by the EU Commission. Companies certified under the Privacy Shield are guaranteed to comply with European data protection legislation (https://www.privacyshield.gov).

Pseudonymisation/Pseudonyms

Pseudonymisation' means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that this additional information is kept separately and it is ensured that the personal data are not attributed to an identified or identifiable natural person; i.e. if a precise interest profile of the computer user is stored in a cookie (quasi a 'marketing avatar') but not the name of the user, then his data are processed pseudonymously. If his name is stored, e.g. as part of his e-mail address or his IP address, the processing is no longer pseudonymous.

Range measurement

The range measurement serves the evaluation of the visitor streams of an online offer and can include their behavior, interests or demographic information, such as age or gender. With the help of reach analysis, website owners, for example, can recognize which types of people visit their website at what time and what content they are interested in. This enables them, for example, to better optimize the content of the website to the needs of their visitors. Cookies and web beacons are often used for range analysis purposes.

Remarketing/ Retargeting

Remarketing" or "retargeting" is the term used, for example, to indicate for advertising purposes which products a user is interested in on a website in order to remind the user of these products on other websites, e.g. in advertisements. Cookies are usually used for profiling purposes.

Session Cookies

See "Cookies".

Single Sign-On

Single Sign-On" or "Single Sign-On Authentication" is a procedure that allows users to log on to an online service, including other online services, with the help of a user account. The prerequisite for single sign-on authentication is that users are registered with the respective single sign-on provider and enter the necessary access data on the web form provided for this purpose. Authentication takes place directly with the respective single sign-on provider. Within the scope of such authentication we receive a user ID with the information that the user is logged in with the respective single sign-on provider under this user ID and an ID that cannot be used any further by us (so-called "user handle"). Whether we receive further data depends solely on the single sign-on procedure used, the data releases selected during authentication and also which data users have released in the privacy or other settings of the user account at the single sign-on provider. Depending on the single sign-on provider and the user's choice, it can be different data, usually the e-mail address and the user name. The password entered as part of the single sign-on procedure is neither visible to us nor is it stored by us. Users are requested to note that their details stored with us can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actual. If, for example, the e-mail addresses of users change, users must change these manually in their user account with us. Should users decide to no longer want to use the link of their user account with the Single Sign-On provider for the Single Sign-On procedure, they must remove this link within their user account with the Single Sign-On provider. If users wish to delete their data with us, they must cancel their registration with us.

Third-Party Cookies

See "Cookies".

Tracking

Tracking" is the term used when the behaviour of users can be traced across several online offers, e.g. for remarketing purposes. The behaviour and interest information collected with regard to the online offers used is stored as user profiles in cookies or on servers of marketing service providers (e.g. Google or Facebook).

Universal Analytics

"Universal Analytics" refers to a Google Analytics process in which user analysis is performed on the basis of a pseudonymous user ID, thereby creating a pseudonymous profile of the user with information from the use of various devices ("cross-device tracking").

Person in charge

"Person in charge" means any natural or legal person, public authority, agency or body which alone or jointly with others determines the purposes and means of the processing of personal data.

Processing

processing' means any operation or set of operations which is carried out with or without the aid of automated procedures and which involves personal data. The term is broad and covers practically every handling of data.

web beacons

Web beacons" (or "pixels", "measuring pixels" or "counting pixels") are small, pixel-sized graphics that are integrated into web pages or HTML e-mails. In this way they allow, for example, to determine whether an e-mail has been opened (at least if the image display in e-mails is activated) or how often a website is called up by a user.

Widgets

See Embedding.

Tracking pixels

See Web Beacons.

Privacy Policy Relating to the Implementation and Use of maatoo.io
We use the service maatoo.io on our channels so that we can ensure optimal communication with our customers. The maatoo servers of the provider 55 weeks ag, Busswilstrasse 16, 3250 Lyss, Switzerland, are located in Switzerland. maatoo.io places a permanent cookie on a home page if there is not already a maatoo cookie on your device. If you have previously accessed a website that utilizes maatoo, you may already have a maatoo cookie. If this cookie is placed on other websites, the information from the visit to our websites is visible solely to us and is shared neither with 55 weeks ag nor with other users of the maatoo system. In the same vein, it is not possible for us to use this cookie to record or view any information about your visits to other websites. Among other purposes, we use the maatoo cookie to analyze your use of our system so that we can continuously improve its operation. Emails that are sent with the aid of maatoo use tracking technologies. We use these data primarily to find out what subjects interest you by tracking whether our emails are opened and what links you click on. We use this information for the improvement of the emails that we send to you and of the services we provide and combine it with previously available tracking or profiling information. If you do not want us to be able to recognize your computer (hard-drive cookies), you can make the appropriate settings in your browser so that it either erases cookies from your computer hard drive, blocks all cookies, or warns you before a cookie is stored.

Data privacy statement

INTRODUCTION

TABLE OF CONTENTS

Section I - Responsible person and overview of data processing person in charge

Section II - Data subjects' rights, legal bases and general remarks

Section III - Processing operations

Section IV - Definitions of terms

SECTION I - RESPONSIBLE AND OVERVIEW OF THE DATA PROCESSING OPERATIONS

Responsible:

Contact data protection officer:

Types of data processed:

Processing of special categories of data (Art. 9 para. 1 DSGVO):

Categories of data subjects involved in the processing:

Purpose of the processing:

Automated decision in individual cases (Art. 22 DSGVO):

SECTION II - RIGHTS OF ACTION, LEGAL BASES AND GENERAL INFORMATION

Rights of data subjects

Right of withdrawal

Right of objection

Cookies and right of objection in direct marketing

Deletion of data and archiving obligations

Changes and updates of the data protection declaration

Applicable legal bases

Security of data processing

Disclosure and transmission of data

Transfers to third countries

SECTION III - PROCESSING

Core area of data processing

Order processing in the online shop

Customer account

Credit assessment

Responding to inquiries and customer care

Economic analyses and market research

Online presences in social media

Web Server and Security

server logs

Own Global Single-Sign-On-Procedure

Embedded content and functions

Google services and content

Functions and contents of Facebook

Instagram Features and Contents

Functions and contents of Pinterest

Marketing

Newsletter dispatch and performance measurement

Communication by post, e-mail, fax or telephone

Prize draws and competitions

Range measurement, online marketing and technology partners

Google Analytics

Google Adwords

Google Display Network

Facebook Pixel and Facebook Customer Audience Pixel

SECTION IV - DEFINITIONS OF TERMS

A/B Tests

Affiliate links

After-Sales

Aggregated data

Anonymous data

Order processing/order processor

Special categories of personal data

Data Subject / Data Subject

Click tracking

Conversion

Cookies

Cross-Device Tracking

Custom Audiences

Demographic data

Third party

Third country

Embedding

Consent

Embedding

Extended comparison

Error Tracking

Fingerprints and other online identifiers

First-Party Cookies

Heatmaps

IP address

IP Masking

Interest-based marketing or interest-related and/or behavioural advertising

Lookalike Audiences