Privacy is a special concern of Open The Box GmbH. In particular, our efforts to meet the requirements of the European Data Protection Regulation (GDPR) and the Federal Data Protection Act in its new version are aimed at respecting your privacy and privacy.
For modern businesses like the Open The Box GmbH today the use of electronic data processing systems (EDP) is indispensable. In this case, of course, a maximum is laid out to observe the legal regulations.
Use of the internet pages of the Open The Box GmbH is basically possible without any indication of personal data. However, if a data subject wishes to use our company’s special services through our website, personal data processing may be required. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain the consent of the data subject.
1. General / Definitions
a) Personal data
Personal data is any information that relates to an identified or identifiable natural person (‘the person concerned’). A natural person is considered to be identifiable who, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.
b) Affected person / Affected
person Affected person is any identified or identifiable natural person whose personal data is from are the processes for the controller.
processing of each operation performed with or without the aid of automatic means or each such operation in the series connection with personal data such as collection, the collection, the Organization, organizing, storing, adapting or changing, reading out, there s Queries, use, disclosure through submission, distribution, or other form of provision, matching or linking, restriction, erasure, or destruction.
d) Limiting processing
Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
Profiling is any kind of automated processing of personal data, which consists in that personal data used to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to work performance, economic condition, health, personal preferences, interests, reliability, behavior, location or change of location of that natural person .
Pseudonymization is the processing personal data in a manner in which the personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data are not identified or identified be assigned to identifiable natural person.
Responsible is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal Data decides. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided for under Union or national law.
h) Contractor / Order Processor
Contractor / Orderis a natural or legal person, agency, body or body that processes personal data on behalf of the Responsible. legal entity
Recipient is a natural orlegal entity, public authority, agency or other body to which personal data are disclosed, whether or not it is a third party. However, authorities that may receive personal data under a specific investigation mandate under Union or national law are not considered to be recipients.
j) Third party
Third party is a natural or legal person, public authority , Institution or other entity other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data.
Consent is any expression of will voluntarily and unequivocally made by the data subject in an informed and unambiguous manner in the form of a statement or other unambiguous confirmatory act by which the data subject indicates that they are involved in the processing of their personal data Data agrees.
2. Information about the collection of personal data
(1) In the following we inform about the collection of personal data when using our website. Personal data is all data that is personally available to you, eg. Name, address, e-mail addresses, user behavior, etc.
(2) Responsible acc. Art. 4 para. 7 of the EUData Protection Regulation (DS-GVO) is the
Open The Box GmbH
Generaldd Managing Director Tobias Theel
Phone: 08456/9673 677
Fax: 08456/9673 679
(3) When you contact us by e-mail or through a contact form, we will automatically save the information you have provided (your e-mail address, your name and your telephone number if necessary) in order to answer your questions. Such personal information provided on a voluntary basis by an individual to the controller is stored solely for the purpose of processing or contacting the data subject. The data resulting in this connection, we delete after the storage is no longer required, or restrict the processing, if statutory storage requirements exist.
(4) If we use for some functions of our offer to contracted service providers or your data for advertising purposes, we will inform you in detail below about the respective transactions. In doing so, we also mention the criteria for storage duration.
(5) Aswe have implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed through this website. Nevertheless, Internet-based data transmissions can in principle have security gaps so that absolute protection can not be guaranteed. For this reason, every person concerned is free to submit personal data to us in alternative ways, for example by telephone.
(6) As a responsible company, we do not use automatic decision-making or profiling.
< h3> third Your rights
(1) You have the following rights with respect to the personal data relating to you:
same rights as the
– Right to information:
Each person affected by the processing of personal data has theperson concerned DS-GVO granted the right at any time to receive free information from the controller for the personal data stored about him and a copy of this information. Furthermore, the European Di- rective and Regulatorywith the following information:
Authority has provided
a) the processing purposes
the data subjectb) the categories of personal data being processed
c) the recipients or categories of recipients to whom the personal data have been disclosed or are yet to be disclosed, in particular to recipients in third countries or to international organizations.
d) if possible, the planned duration for which the personal data are stored, or if this is not possible, the criteria for determining this duration
e) the existence of a right of correction or deletion of the personal data concerning or limitation of processing by the controller or the right of appeal against this processing
f ) the existence of a right of appeal to a supervisory authority.
g) if the perso n) data collected from the data subject: all available information on the origin of the data
h) the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) DS-BER and – at least in these cases – meaningful Information on the logic involved and the implications and consequences of such processing for the
data subjectFurthermore, the data subject has the right to have his / her personal data transmitted to a third country or to an international organization. If this is the case, then the data subject has the right to obtain information about the appropriate guarantees in connection with the transfer.
If an affected person wishes to avail himself of this right to information, he may At any time, contact an employee of the controller.
– Right to revoke a data protection consent:
Any person affected by the processing of personal data has the right to consent to the processing of personal data at any time be revoked.
Want a data subject this right to revocation of consent to complete, it can this contact anytime and on any communication to an employee of the data controller.
– Right to rectification:
Thesubject has the right tofrom the person responsible without delay the correction of the information relating to the person concerned to demand correct personal data. In consideration of the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration. data subject
If awishes to avail himself of this right to information, he may do so at any time to an employee of the controller.
– Right to be deleted / right to be forgotten:
The data subject has the right to request that the data subject delete personal data concerned without delay the person responsible is obliged to delete personal data immediately if one of the following reasons applies:
a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) thesubject revokes their consent, to which the processing referred to in Article 6 (1) (a) or Article 9 (2) (a) and there is no other legal basis for processing.
data subject objects to the processing in
(c) theaccordance with Article 21 (1) and there are none prior legitimate grounds for processing, or theobjects to the processing in accordance with Article 21 (2.
data subject)d) the personal data has been improperly processed.
e) the personal data is deleted Fulfillment of any legal obligation under Union or national law to which the controller is subject.
f) the personal data have been collected in relation to information society services provided in accordance with Article 8 (1).
Would like to have one Persons who claim this right to be deleted / right to be forgotten can do so at any time a n contact an employee of the controller.
If we have made the personal data publicly available and we are required to delete it in accordance with Article 17 (1) of the GDPR, we will take appropriate measures, taking into account the available technology and the implementation costs Measures, including those of a technical nature, to inform data controllers who process the personal data that an affected person has requested that they delete all links to such personal data or copies or replications of such personal data. Our employees will take the necessary action.
– Right to Restrict Processing:
Thesubject has the right to require the controller to restrict processing if any of the following conditions exist (
a) the accuracy of the personal data is disputed by the data subject for a period allowing the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the person concerned refuses to delete the personal data and instead requests the restriction on the use of the personal data;
c) the person responsible no longer needs the personal data for the purposes of the processing, but the data subject to assert, exercise or Defense of legal rights needed, or
d) thesubject objection g the processing has taken place in accordance with Article 21 (1), as long as it is not certain that the responsible person’s legitimate reasons prevail over those of the data subject.
interested party wishes to exercise
If anthis right to restriction of processing, he may At any time, contact an employee of the controller.
– Right to object to processing:
Any person concerned by the processing of personal data has the right granted by the DS-BER Reasons arising from their particular situation, may at any time object to the processing of personal data concerning them pursuant to Article 6 (1) (e) or (f) of the GDPR. This also applies to a profiling based on these provisions.
We will no longer process personal data in the event of an objection, unless we can prove that there are compelling legitimate grounds for processing that are in conflict with the interests, rights and interests Freedoms of thepredominate, or the processing serves the assertion, exercise or defense of legal claims.
If we process personal data in order to operate direct mail, the data subject has the right at any time to object to the processing of the data personal data for the purpose of such advertising. This also applies to the profiling, as far as it is associated with such direct mail. If the data subject opposes us for processing for direct marketing purposes, we will no longer process the personal data for these purposes. data subject
In addition, thehas the right, for reasons arising out of their particular situation give rise to objections to the processing of personal data concerning us for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) of the GDPR, unless such processing is necessary to fulfill one in the public domaindata subject may
In order to exercise the right of opposition, theaddress each employee directly. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58 / EC, to exercise its right of opposition through automated procedures using technical specifications.
– Law Data portability:
Thesubject has the right to receive personal data relating to him or her provided to a responsible person in a structured, common and machine-readable format, and has the right to transfer that information to another person without (
A) processing with consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) or with a contract pursuant to Article 6 (1) Letter b is based and
b) the processing is done by automated means
In the exercise of their right to data portability under Art. 20 para. 1 DS-GMO the person concerned has to obtain that personal data are transferred directly from a charge another charge, if this is technically feasible and the right the rights and freedoms of others are not compromised.
interested party wishes to exercisecontroller
If anthis data transferability right, they may contact an employee of theat any time.
– Automated Case-case decision including profiling
by-Each person concerned by the processing of personal data has the rightby thenot to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on it or significantly affect them in a similar wayif the decision is
(a)not necessary for the conclusion or performance of a contract between the data subject and the person responsible, or
(2) on the basis of Union or Member State legislation to which Is subject to, permissible, and that this legislation contains reasonable measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
(3) with the express consent of the.
Is the decision In order to conclude or execute a contract between the data subject and the controller, or with the express consent of the data subject, we shall take reasonable steps to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the law to the effect of the intervention of a person by the Responsible If the data subject wishes tocontroller.
claim rights with respect to automated decisions, he may, at any time, contact an employee of the
(2) You also have the right to complain to us about the processing of your personal data by a data protection supervisory authority. The supervisory authority responsible for our company is as follows:
Bavarian State Office for Data Protection Supervision
Tel .: 0981 – 53 1300
E- Mail: email@example.com
4. Collection of personal data when visiting our website / cookies
(1) In the case of merely informative use of our website, ie if you do not register or otherwise provide us with information, we will only collect the personal data that your browser uses transmitted to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to show you our website and to ensure the stability and security (legal basis is Art. 6 (1) sentence 1 DS-GVO ):
– IP address
– Date and time of the request
– Greenwich mean time (GMT) time zone difference
– Internet service provider of the accessing system
– content of the request (concrete page)
– access status / HTTP status code
– amount of data transferred
– website thatthe request (referrer)
– Operating system and its interface
– Language and version of the browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and by which the body that sets the cookie (here through us) receives certain information. Cookies can not run programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective.
a) This website uses the following types of cookies, the scope and operation of which are explained below:
– Transient cookies (also b)
– Persistent cookies (also c)
– Flash cookies (see f).
b) Transient cookies are automatically deleted when you close the browser. These include, in particular, the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies in your browser’s security settings at any time.
d) You can configure your browser settings to suit your needs. B. decline the acceptance of third-party cookies or all cookies. We point out that you may not be able to use all features of this website.
f) The Flash cookies used are not detected by your browser, but by your Flash plug-in. Furthermore, we use HTML5 storage objects, which are stored on your device. These objects store the required data regardless of your browser and do not have an automatic expiration date. If you do not want to process the Flash cookies, you will need to install an add-on such as: For example, “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/en/firefox/addon/betterprivacy/) or the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. In addition, we recommend that you regularly delete your cookies and the browser history manually.
5. Other functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you will generally need to provide other personal information that we use to provide the service and for which the aforementioned data-processing principles apply.
(2) We may use your part to process your data from external service providers. These have been carefully selected and commissioned by us, are bound by our instructions and are subject to regular controls.
(3) The hosting services we use are designed to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, securities, and technical maintenance services we use to operate this online offer.
We, or our hosting provider, process inventory data, contact information, content data, contract data, usage data, meta and communication data from customers, Interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with. Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO.
(4) Furthermore, we may disclose your personal data to third parties if we offer action participations, competitions, contracts or similar services together with our partners. For further information, please refer to your personal data or below in the description of the offer.
(5) Insofar as our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences this circumstance in the description of the offer.
6. Privacy on applications
The controller collects and processes the personal data of applicants for the purpose of processing the application process. The processing can also be done electronically. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means, for example by e-mail or via a contact form on the website. If the controller concludes an employment contract with an applicant, the data transferred will be stored for the purpose of executing the employment contract in accordance with the legal requirements. If no employment contract is concluded with the candidate by the controller, the application documents will be automatically deleted unless deletion precludes other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG).
The processing of the applicant data takes place in order to fulfill our (pre-) contractual obligations within the framework of the application procedure in the sense of Art. 6 para. 1 lit. b. DSGVO Art. 6 para. 1 lit. f. DSGVO if the data processing is necessary for us eg in the context of legal procedures (in Germany additionally § 26 BDSG applies).
7. Opposition or Revocation Against the Processing of Your Data
(1) If you have given your consent to the processing of your data, you can revoke it at any time and by any means of communication. Such revocation will affect the admissibility of the processing of your personal data after you have given it to us.
(2) To the extent that we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if, in particular, the processing is not required to fulfill a contract with you, which we present in the following description of the functions. In the event of any such disagreement, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your reasonable objection, we will review the facts and will either discontinue or adapt the data processing or show you our compelling legitimate reasons why we continue processing.
(3) You may, of course,the processing of your personal data for purposes contradict advertising and data analysis at any time. You may contact us via your adver- tisement request at the address given in 2. (2).
8. Statutory or contractual provisions governing the provision of personal data / Necessity for concluding a contract / Consequences of non-provision / deletion
(1) We would like to inform you that the provision of personal data is partly required by law. However, it may also be possible for an affected person to provide us with personal information in order for a contract to be conducted. A non-provision would mean that the contract could not be closed. Our staff will be happy to answer any specific questions.
(2) The data processed by us will be deleted or restricted in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this privacy statement, the data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and the deletion does not conflict with any statutory storage requirements. Unless the data is deleted because it is required for other and legally permitted purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements, the retention takes place in particular for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 No. 1 4, para. 4 HGB (books, records, management reports, accounting documents, trading books, documents relevant to taxation, etc.) and 6 years pursuant to § 257 (1) nos. 2 and 3, para. 4 HGB (Handelsbriefe) / p>
9. Using the comment function
(1) In addition to your comment, the comment function on this page will also include information on when the comment was written, your e-mail address and, if you are not anonymous, the one you have selected User name saved.
(2) As a user of the page you can subscribe to comments after registering. You will receive a confirmation email to verify that you are the owner of the given email address. You can unsubscribe from this function at any time via a link in the info mails. The data entered in the course of subscribing to comments will be deleted in this case; however, if you have submitted this data to us for other purposes and elsewhere (eg, newsletter ordering), they will remain with us.
(3) The comments and related data (eg, IP address) will be stored and retained on our website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (eg offensive comments).
(4) The comments are stored on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent at any time. An informal message by e-mail to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.
10. Registration on the Website
(1) You can register on our website to use additional functions on the Site. We only use the data entered for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be given in full. Otherwise, we will refuse registration.
(2) For important changes, such as the scope of the offer or technical changes, we use the e-mail address provided during registration to inform you in this way.
(3) The processing of the data entered during registration takes place on the basis of your consent (Article 6 (1) (a) GDPR). You can revoke your consent at any time. An informal message by e-mail to us is sufficient. The legality of the data processing that has already taken place will not be affected by the revocation.
(4) The data collected during registration will be stored by us as long as you are registered on our website and will subsequently be deleted. Legal retention periods remain unaffected.
11. Registration with Facebook Connect
(1) Instead of registering directly on our website, you can register with Facebook Connect. Provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
(2) If you decide to register with Facebook Connect and click on the “Login with Facebook” – / “Connect with Facebook “Button, you will automatically be redirected to the Facebook platform. There you can log in with your usage data. This links your Facebook profile to our website or services. This link gives us access to your data stored on Facebook. These are above all:
• Facebook name
• Facebook profile and cover picture
• Facebook cover picture
• E-mail address stored on Facebook
• Facebook ID
• Facebook Friends Lists
• Facebook Likes
This information is used to set up, provision and personalize your account.
(1) With your consent, you can subscribe to our newsletter, which will inform you about our current interesting offers. The advertised goods and services are named inof consent.
the declaration(2) To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses, the computer system used and the times of login and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data.
(3) Personal data collected during the registration process will be used exclusively to send our newsletter. In addition, subscribers to the newsletter may be notified by e-mail if this is necessary for the operation of the newsletter service or registration, as may be the case in the event of changes to the newsletter offer or technical changes. There is no transfer of the personal data collected in the context of the newsletter service to third parties.
(4) The only requirement for sending the newsletter is your e-mail address. The specification of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a DS-GVO.
(5) You may revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. The revocation can be addressed to us by any means of communication, for example by clicking on the link provided in each newsletter e-mail, by e-mail to firstname.lastname@example.org or by a message to the contact details specified in the imprint />
(6) We point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent include so-called web beacons or tracking pixels that represent one-pixel image files stored on our website. For the analyzes, we link the data mentioned in Section 4 and the web beacons with your e-mail address and an individual ID. Also in the newsletter received links contain this ID. With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click in these and from that infer your personal interests. We associate this information withactions you take on our site.
anyYou may object to this tracking at any time by clicking on the separate link provided in each e-mail or by contacting us through any other means of contact. The information will be stored as long as you subscribe to the newsletter. After a logout we save the data purely statistically and anonymously. Also, such tracking is not possible if you’ve turned off image display by default in your email client. In this case the newsletter will not be displayed completely and you may not be able to use all the features. If you display the images manually, the above tracking is done.
(7) Newsletter – Service Provider: CleverReach
The shipping service provider may use the data of the recipients in a pseudonymous form, ie without assignment to a user, to optimize or improve their own services, eg for the technical optimization of shipping and the presentation of the newsletter or use for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write them down themselves or to pass the data on to third parties.
13. Web Analytics
1. Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is enabled on this website, Google will truncate your IP address beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator />
(2) The IP address transmitted by Google Analytics within the framework of Google Analytics will not be merged with any other data provided by Google.
(3) You may prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case you may not be able to use all the functions of this website in full. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by using the browser plug-in available under the following link. in download and install: https://tools.google.com/dlpage/gaoptout?hl=de
(4) This website uses Google Analytics with the extension “_anonymizeIp ()”. As a result, IP addresses are processed shortened, a person-relatedness can thus be excluded. Insofar as the data collected about you is assigned a personal reference, it will be immediately excluded and the personal data will be deleted immediately. The data sent by us and linked to cookies, user IDs (eg user IDs) or advertising IDs will be automatically deleted after 14 months. The deletion of data whose retention period has been reached is done automatically once a month.
(5) We use Google Analytics to analyze and regularly improve the use of our website. With the statistics we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal information is transferred to the US, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f DS-GVO.
(7) This site also uses Google Analytics for cross-device analysis of visitor traffic conducted through a user ID. You can deactivate the cross-device analysis of your use in your customer account under “My data”, “Personal data”.
Opt-out cookies prevent the future collection of your data when you visit this website. To avoid detection by Universal Analytics across devices, you must opt-out on all systems you use. If you click here, the opt-out cookie will be set: Disable Google Analytics
14th Social Media
1. Use of social media plug-ins / links
(1) We currently use the following social media plug-ins / links:
Facebook, Twitter, Xing, Instagram, Vimeo, Pinterest, LinkedIn
We use the so-called two-click solution. In other words, when you visit our site, initially no personal data is passed on to the providers of the plug-ins. The provider of the plug-in can be recognized by the marking on the box above the first letter or the logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the highlighted field and activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online service. In addition, the data referred to in point 4 of this declaration will be transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, personal data will be transmitted by you to the respective plug-in provider and stored there (with US providers in the USA). Because the plug-in provider makes data collection in particular about cookies, we recommend you to delete all cookies on the grayed box on your browser security settings before clicking.
(2) We have no influence on the data collected and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, the retention periods. We also have no information to delete the data collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as usage profiles and uses them for advertising, market research and marketing purposes / or custom design of its website. Such an evaluation is carried out in particular (also for non-logged-in users) for the presentation of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise this. Through the plug-ins, we offer you the opportunity to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f DS-GVO.
(4) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged into the plug-in provider, your data collected from us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and z. For example, if you link the page, the plug-in provider also stores this information in your user account and shares it with your contacts publicly. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will prevent you from being assigned to your profile with the plug-in provider.
(5) For more information on purpose and The scope of the data collection and its processing by the plug-in provider can be found in the following privacy statements of these providers. There you will also find further information about your rights and settings options for the protection of your privacy.
(6) Addresses of the respective plug-in providers and URL with their privacy notices:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; more information about data collection: https://www.facebook.com/policy.php; https://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US framework.
b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US framework.
c) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; https://www.xing.com/privacy.
f) Pinterest, offered by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, United States of America. This may include, for example, content such as images, videos or text and buttons that allow users to share the content of this online offering within Pinterest. If the users are members of the platform Pinterest, Pinterest can assign the call of the abovementioned contents and functions to the profiles of the users there. Pinterest Privacy Statement: https://about.pinterest.com/privacy-policy.
G) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; https://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework.
2. Inclusion of YouTube Videos
(1) We have included YouTube videos in our online offering, which are stored on http://www.YouTube.com and are directly playable from our website. These are all embedded in “enhanced privacy mode”, which means that if you do not play the video, you will not transfer any data about you as a user to YouTube. Only when you play the videos, the data mentioned in paragraph 2 will be transmitted. We have no control over this data transfer.
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data referred to in point 4 of this declaration will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and / or customization of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have a right to object to the creation of these User Profiles, and you must comply with YouTube to use them.
please refer to
3. Integration of Google Maps
(1) On this website we use the offer of Google Maps. This will allow us to show you interactive maps directly on the website and allow you to make comfortable use of the map feature.
(2) By visiting this website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in point 4 of this declaration will be transmitted. This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or tailor-made website design. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have a right of objection to the creation of these User Profiles, and you must submit them to Google for exercise.
please refer to
(3) For more information on the purpose and scope of the data collection and its processing by the Plug-in Provider,the privacy statements of the provider. You can also find out more about your rights and privacy settings here: http://www.google.com/intl/en/policies/privacy. Google also processes your personal information in the US and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework.
We use the privacy-protected “Shariff” buttons. Shariff is designed to provide more privacy and replace the usual social networking share buttons. It is not the browser, but the server on which the online offer is located, that establishes a connection with the server of the respective social media platforms and, for example, queries the number of likes, etc. The user remains anonymous. More information about the Shariff project can be found at the developers of the magazine c & # 8217; t: www.ct.de.
15. Online Advertising
1. Amazon Affiliate Program
affiliated with the Affiliate Program
(1) We areof Amazon Europe S.à. rl and Affiliate of the Advertising Program designed to provide a medium for websites that earn advertising reimbursements through the placement of advertisements and links to amazon.co.uk. With the program, we are interested in showing you advertisements that are of interest to you and that make our site more interesting to our users.
(2) The provision of advertisements collects statistical information about you from our advertising partners are processed. By visiting the website, Amazon receives the information that you have accessed the corresponding page of our website. For this purpose, Amazon determines your needs via web beacons and, if necessary, sets a cookie on your computer. The data referred to in point 4 of this declaration will be transmitted. We have no influence on the collected data, nor are we aware of the full scope of data collection and storage duration. If you are logged in to Amazon, your data can be assigned directly to your local account. If you do not want to be associated with your Amazon profile, you must log out. It is possible that your data will be shared with Amazon and government contractors. We have no influence on the data collected nor are we aware of the full extent of the data collection. The data is transmitted to the USA and evaluated there. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f DS-GMO.
(3) You can prevent the installation of the cookies of the Amazon Affiliate Program in various ways: a) by setting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving any advertisements from Received from third parties; b) by deactivating interest-based ads on Amazon via the link https://www.amazon.de/gp/dra/info; c) by deactivating the interest-based advertisements of the providers that are part of the “About Ads” self-regulation campaign via the link https://www.aboutads.info/choices, these settings being deleted when you delete your cookies. We must point out that you may not be able to use all features of this offering to their full extent.
2. A / B Testing
We do not currently use A / B testing.
3. DoubleClick by Google
(2) Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and further use of the data collected by the use of this tool by Google and therefore inform you to the best of our knowledge: By including DoubleClick, Google receives the information that you access the corresponding part of our website or clicked an ad from us. If you’re registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find out and store your IP address.
(3) You can varyparticipation in this tracking process To prevent this: a) By setting your browser software accordingly, in particular, the suppression of third party cookies will prevent you from receiving any third party advertisements; b) by disabling the cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.com/settings/ads, this setting is deleted when you delete your cookies; c) by deactivating the interest-based advertisements of the providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies; d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all the features of this offer to the full extent.
16. Plugins and Tools
1. Google Web Fonts
This site uses so-called web fonts, provided by Google, to unify fonts. When you call up a page, your browser loads the required web fonts into your browser cache to correctly display texts and fonts. To do this, the browser you use must connect to Google’s servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google WebFonts is in the interest of a consistent and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
If your browser does not support web fonts, a default font will be used by your computer.
2. Using Google reCaptcha
3. Using ajax.googleapis.com and jQuery
This page uses Ajax and jQuery technologies to optimize loading speeds. In this regard, program libraries are accessed by Google servers. It uses Google’s Content Delivery Network (CDN). If you previously used jQuery on another page of the Google CDN, your browser will fall back on the cached copy. If this is not true, it will require downloading, with data from your browser sent to Google! Inc. (“Google”). Your data will be transmitted to the USA. You can find out more on the websites of the providers.
legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f DS-GMO.
(1) We use Zendesk’s CRM system, Zendesk, Inc., 989 Market Street # 300, San Francisco, CA 94102, USA, to handle requests from users faster and more efficiently (legitimate interest in accordance with Article 6 (1) (f) of the GDPR).
(2) Zendesk is certified under the Privacy Shield Agreement and thus offers an additional guarantee to comply with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG&status=Active).
(3) Zendesk uses users’ data only for technical processing of requests and does not disclose them to third parties , To use Zendesk at least the specification of a correct e-mail address is necessary. A pseudonymous use is possible.processing service requests, additional data may be required (name, address).
(4) When users disagree with Zendesk’s data collection and storage in the external system We offer alternative contact options for submitting service requests by e-mail, telephone, fax or mail.
5. Google Tag Manager
Google Tag Manager is a solution that allows us to manage so-called web site tags through one interface (including, for example, Google Analytics and other Google marketing services in our online offering). The tag manager itself (which implements the tags) does not process users’ personal data. With regard to the processing of users’ personal data, reference is made to the following information about the Google services. Usage Policy: https://www.google.com/intl/en/tagmanager/use-policy.html.
17. Shop function via Woocommerce (German Market Plugin)
We offer products and services for sale through our website. For this we use the service Woocommerce. As soon as you click on one of our product buttons, you leave our website and are redirected to our individual sales page. The service is offered by Automattic Inc., 60, 29th Street # 343, San Francisco, CA 94110-4929, USA. We are not aware of the further processing and the duration of the storage of your data. Further information can be found here: https://woocommerce.com/terms-conditions/. All functions on the sales side as well as the entire downstream sales transaction take place via Woocommerce and the German Market Plug-In.
The legal basis for the processing of the personal data in the forwarding from our website to the sales page via Woocommerce results from Art. 6 para. 1 sentence 1 lit. b).
18. Payment Service Providers
(2) As part of the fulfillment of contracts, we set the payment service providers on the basis of Art. 6 para. 1 lit. b. DSGVO. Incidentally, we use external payment service providers on the basis of our legitimate interests. Art. 6 para. 1 lit. f. DSGVO, in order to provide our users with effective and secure payment options.
(4) For the payment transactions,the privacy notices of the respective payment service providers, which are available within the respective websites, or transactional applications. We also refer to these for further information and assertion of rights of withdrawal, information and other data subjects.
19. Chat Solution
20. Our Social Media Launches
Social Data Processing
We have publicly available profiles on social networks. The individual social networks we use below can be found below.
Social networks such as Facebook, Google+ etc. can generally analyze your user behavior comprehensively if you use their website or a website with integrated social media sites. Visit content (eg like buttons or banners). By visiting our social media presences, numerous data protection relevant processing processes are triggered. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are deposited. This way, you can see interest-based advertising in and out of your social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you were logged in or logged in.
Our social media appearances are intended to provide the widest possible presence in the Ensure Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (eg consent within the meaning of Article 6 (1) (a) GDPR).
Responsible and Assertive Rights
When you visit one of our social media sites (eg Facebook), we are in partnership with the social media platform operator responsible for the data processing operations triggered during this visit. Your rights (information, correction, deletion, limitation of processing, data portability and complaint) can in principle be us as well as against. to the operator of the respective social media portal (eg Facebook).
Please note that we do not have full influence despite the shared responsibility with the social media portal operators to the data processing operations of the social media portals. Our options are largely based on the company policy of the respective provider.
The data collected directly from us via the social media presence is used by our company Deleted as soon as the purpose of their storage ceases, you ask us to delete it, you revoke your consent to the storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected. retention period of
Individual social networks
Facebook < / strong>
We have a profile on Facebook. Provider is the Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.
We have a collaborative agreement with Facebook (Controller Addendum). This agreement determines which computing operations we or Facebook will be responsible for when you visit our Facebook page. To view this agreement, please visit the following link: https: //www.facebook. com / legal / terms / page_controller_addendum .
For details,: https://www.facebook.com/about/privacy/ .
We have a profile on Google+. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google has an EU-US Privacy Shield certification:
For details,: https://policies.google.com/privacy .
We use the Twitter short message service. Provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. Twitter has EU-US Privacy Shield certification.
You can customize your Twitter privacy settings in your user account. To do this, click on the following link and log in: https://twitter.com / personalization .
We have a LinkedIn profile. The provider is LinkedIn Ireland Unlimited Company , Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified under the EU-US Privacy Shield. LinkedIn uses advertising cookies.
If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out . < / p>