Privacy Policy of www.feuerwear.com

 

Table of contents

  1. Name and address of the responsible party
  2. General information on data processing
    1. Scope of processing of personal data
    2. Legal basis for the processing of personal data
    3. Data deletion and retention policy
  3. Provision of the website and creation of log files
    1. Description and scope of data processing
    2. Legal basis for data processing
    3. Purpose of data processing
    4. Duration of storage
    5. Possibility to object and remove
  4. Use of cookies/tracking
    1. Description and scope of data processing
    2. Legal basis for data processing
    3. Purpose of data processing
    4. Duration of storage, opportunity to object and remove
  5. Newsletter
    1. Description and scope of data processing
    2. Legal basis for data processing
    3. Purpose of data processing
    4. Duration of storage
    5. Possibility to object and remove
  6. Registration/Customer account/Ordering
    1. Description and scope of data processing
      1. Online shop – creating a customer account
      2. Online shop – ordering without a customer account
    2. Legal basis for data processing
    3. Purpose of data processing
    4. Duration of storage
    5. Possibility to object and remove
  7. Contact form and e-mail contact
    1. Description and scope of data processing
    2. Legal basis for data processing
    3. Purpose of data processing
    4. Duration of storage
    5. Possibility to object and remove
  8. Product reviews/Customer ratings
    1. Description and scope of data processing
    2. Legal basis for data processing
    3. Purpose of data processing
    4. Duration of storage
    5. Possibility to object and remove
  9. YouTube videos
  10. Google Maps
  11. Google Forms/Google Drive for surveys
  12. Rights of data subjects
    1. Rights of access
    2. Right to rectification
    3. Right to restrict processing
    4. Right to erasure
      1. Duty to erase
      2. Information provided to third parties
      3. Exceptions
    5. Right to rectification
    6. Right to data portability
    7. Right to object
    8. Right to withdraw consent under data protection law
    9. Automated individual decision-making, including profiling
    10. Right to lodge complaints with a supervisory authority
  13. Notes on the Act on Alternative Dispute Resolution in Consumer Matters and ODR guidelines

 

I. Name and address of the responsible party

The party responsible in accordance with the Data Protection Regulation and other national data protection laws governing the Member States as well as all other pertinent data protection laws (hereafter “controller”) is:

Feuerwear GmbH & Co. KG
Wilhelm-Mauser-Str. 47
50827 Cologne
Germany
Tel. +49 (0) 221 46 89 23 - 0
Fax +49 (0) 221 46 89 23 – 41

info@feuerwear.de

II. General information on data processing

1. Scope of processing of personal data

In principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and our products and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for practical reasons and in which the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6, 1 (a) EU General Data Protection Regulation (GDPR) forms the legal basis.

For the processing of personal data necessary for the performance of a contract to which the data subject is party, Art. 6, 1 (b) GDPR forms the legal basis. This also applies to processing operations required to carry out pre-contractual measures.

Insofar as processing of personal data is required to fulfil a legal obligation that is subject to our association, Art. 6, 1 (c) GDPR forms the legal basis.

In the event that vital interests of the data subject or another natural person requires the processing of personal data, the legal basis is Art. 6, 1 (d) GDPR.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, the legal basis for such processing is Art. 6, 1 (f) GDPR. 

3. Data deletion and retention policy

The personal data of the data subject are deleted or blocked as soon as they are no longer required to achieve the purpose for which they were collected. Furthermore, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

III. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the accessing computer.

The following data are collected here:

  1. information about the browser type and version used
  2. operating system of the user
  3. IP address of the user
  4. date and time of access
  5. websites from which the system of the user reaches our website
  6. websites that are accessed by the user’s system through our website

The data is also stored in the log files of our system. This data will not be stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6, 1 (f) GDPR.

3. Purpose of data processing

Temporary storage of the IP address by the system is necessary to permit delivery of the website to the user’s computer. For this reason, the user’s IP address must be stored for the duration of the browser session.

Log files are stored in order to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

The legal basis for the processing of data for these purposes lies in our legitimate interest according to Art. 6, 1 (f) GDPR.

4. Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of collection of data necessary to permit delivery of a functional website, deletion takes place at the end of each browser session.

In the case of storage of data in log files, personal data is stored for a maximum of seven days before being deleted. Further storage is also possible after this period. In this case, the IP addresses of the users are deleted or anonymized, so that an identification of the calling client is no longer possible.

5. Possibility to object and remove

The collection of data for delivery of the website and the storage of the data in log files is essential for the operation of the website, in which case there is no possibility for the user to object.

IV. Use of cookies/tracking

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are generated by the internet browser and stored on the user's computer by the browser. When a user visits a website, a cookie may be stored on the user’s computer. This cookie contains a character string that allows the browser to be uniquely identified when the website is revisited.

We use cookies to make our website more user-friendly. Some elements of our website make it necessary for us to identify the accessing browser each time the user visits a new page.

The following data are stored and transmitted in the cookies:

  1. Items in the shopping cart
  2. Acceptance of the cookie notification banner
  3. Log-in information of the customer account
  4. Session ID

Google Analytics

Our website also uses cookies that enable us to analyze the surfing habits of our users. To this end, we use Google Analytics a web analytics service provided by Google Inc. The generated information about your use of our website is generally transmitted to a Google server in the US and stored there. The EU-US Privacy Shield protects personal data while being transferred from the European Union to the United States on the basis of the Adequacy Decision of the European Commission. You can view the certificate here:https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

By activating IP anonymization on this website, your IP address will be shortened by Google prior to transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Please note that for this website an anonymization step has been added in Google Analytics to ensure that IP addresses are logged anonymously (IP masking). The anonymized IP address provided by Google Analytics within the framework of Google Analytics will not be merged with other data held by Google. You can find more information about Google’s data usage and privacy policy at:https://www.google.com/analytics/terms/us.html

This makes it possible for us to obtain the following data:

  1. Duration and frequency of visits per page
  2. Referrer website from which access is initiated
  3. Sub-websites accessed by the visited website
  4. Use of website functions
  5. Type of device and browser settings
  6. Shopping history (time, amount, product[s], value, returns)
  7. Interests and demographic characteristics (age group, gender)
  8. Location (via anonymized IP addresses)

Bing Ads

Our website uses Bing Ads technology to collect and store data for creating pseudonymized user profiles. Bing is a tracking service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables us to track the activities of visitors on our website who have reached our site by clicking on a Bing Ad. A cookie is saved on the computer of such visitors. We have integrated a Bing UET tag on our website, which uses a code to store non-personal data in the cookie about the use of our website, such as the amount of time a user spent on our website, which specific page or section of our site was visited and which ad the user clicked on to reach our site. No information about the user’s identity is stored in this process. The information stored in the cookies is transmitted to servers of Microsoft in the US, where they are generally held for a maximum of 180 days. If you do not wish to have data about your visits to our website stored in cookies and processed, you can disable the cookies. However, this may make it impossible for you to use the full functionality of this website. If need be, Microsoft may use so-called cross-device tracking to follow your behavior across more than one electronic device, making it possible to integrate personalized advertising in, for example, Microsoft websites and apps. You can disable this tracking at http://choice.microsoft.com/en-us/opt-out . For more detailed information on Bing’s analysis services, visit the Bing Ads website ( https://help.bingads.microsoft.com/#apex/3/gb/53056/2 ). You can find more detailed information on the data protection of Microsoft and Bing in Microsoft’s privacy policy provisions ( https://privacy.microsoft.com/en-us/privacystatement).

 

Facebook 

Our website uses the Facebook pixels of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, US (“Facebook”). This enables us to track a user’s behavior after he or she has seen or clicked on a Facebook advertisement. This process is designed to evaluate the impact of Facebook ads for statistical and market research purposes. Data collected this way remains anonymous and cannot be used to draw any conclusion about the identity of the user. However, these data are stored and processed by Facebook, of which we inform you according to our information status. Facebook can connect these data to your user profile and use them for its own advertising purposes in accordance with the Facebook privacy policy https://www.facebook.com/about/privacy/. You may allow Facebook and its partners to place ads on and outside of Facebook. A cookie may also be stored on your computer for these purposes.

This makes it possible for us to obtain the following data:

  1. Duration and frequency of visits per page
  2. Use of website functions
  3. Type of device and browser settings (operating system, firmware, language settings)
  4. Purchases made (time, amount, name[s] of product[s], value)
  5. Interests (these may be retrieved at https://www.awin.com/gb/legal)
  6. Demographic characteristics
  7. Location (via anonymized IP addresses)

AWIN

On this website, the controller has integrated components of the performance advertising network of AWIN AG, Eichhornstraße 3, 10785 Berlin (hereafter “AWIN”). Within the framework of its tracking services, for documenting transactions (e.g. leads and sales) AWIN saves a cookie on the devices of users who visit the websites or other online offerings of its clients (e.g. when registering for a newsletter or placing an order in an online shop). These cookies serve solely to evaluate the success of an advertising medium and the corresponding billing or commissions within the network.

Only information about the time at which a user clicks on a certain advertising medium is stored in a cookie. The AWIN tracking cookie stores an identifiable number sequence, which cannot be traced to an individual visitor of the website and with which the partner program of an advertiser, the website operator and the time of the activity of the user (click or view) are documented. At the same time, AWIN also stores information about the device from which the transaction is made, e.g. the operating system and the accessing browser. If personal data is processed in this context, it is done as described pursuant to Art. 6, 1 (f) GDPR based on our legitimate interest in participating in the network and processing commission payments with AWIN.

If you do not wish to store cookies in your browser, you can configure your internet browser to refuse the acceptance of cookies. In your browser settings under extras/internet options you can disable cookies, refuse acceptance of cookies on specific websites or set your browser to inform you when a web server wants to send you a cookie. Please note, however, that you may not be able to use all the features of the website to their full extent. You can also delete cookies at any time. This will remove all information stored in the cookie from your computer. You can find out more on the data use of AWIN in their data protection provisions under 
https://www.awin.com/gb/legal

Google Display Network & Retargeting

This website uses Google Display Network for placing ads for our products on other websites and with third-party vendors. Additionally, the so-called remarketing technology collects and stores information about the surfing habits and visitor data of the users of the website in anonymized form for marketing purposes. This technology makes it possible to use partner sites to show targeted display ads to visitors of our site who have already shown an interest in our shop and our products. We are convinced that showing our visitors personalized, interest-based ads is generally more effective on internet users than advertising that has no such personal relevance. The data are stored on your computer with the help of text files, so-called cookies. Using an algorithm, the technology analyzes the user’s surfing habits and can then display targeted product recommendations on relevant display remarketing banners on other websites and third-party vendors (so-called publishers). It is in no way possible to personally identify the visitor of this website on the basis of these data. The collected data are only used to improve the performance of the website and are not used for other purposes or shared with any third parties.

The data relating to our users that we collect here are pseudonymized using a standard technical procedure. It is therefore impossible to assign the data to the accessing user. These data are not stored together with other personal data relating to the user.

When our website is accessed, an information banner is displayed with information about the use of cookies for analysis purposes on our site, and reference is made to this privacy policy. In this context, we also inform you on how to disable the storage of cookies in your browser settings or via an opt-out cookie. You can also deactivate ad personalization by Google here: https://adssettings.google.com/.

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6, l (f) GDPR.

3. Purpose of data processing

The purpose of technical cookies is to make it easier for you to use the website. These cookies are crucial for website operation or essential to allow users to perform certain activities. For this it is necessary to recognize the browser every time a new page is visited.

We require cookies for the following applications:

  1. Shopping cart
  2. Storage of acceptance of the cookie notification banner
  3. Customer account
  4. Prevention / recognition of misuse of the website

User data collected by the technical cookies are not used for creating user profiles.

Processing of personal user data enables us to analyze the surfing habits of our users. Thanks to the evaluation of these data, we are in a position to gather information about the use of the individual components of our website. This helps us to continually improve our website and keep it user friendly while optimizing our marketing measures. The legal basis for the processing of data for these purposes lies in our legitimate interest according to Art. 6, 1 (f) GDPR. Anonymization of the user’s IP address is a suitable measure to safeguard the user’s rights and freedoms and legitimate interests.

4. Duration of storage, opportunity to object and remove

Cookies are stored on the user’s computer and transmitted from there to our website. The user therefore is in complete control of the use of cookies. By changing the settings of the internet browser, the transmission of cookies can be deactivated or restricted. Cookies that have already been saved can be disabled at any time. This can also be automated. If the cookies for our website are deactivated, however, this may make it impossible for you use the full functionality of this website. The data sent to us by Google Analytics and linked with cookies, user identifiers (e.g. user ID) or advertising IDs is automatically deleted after 14 months. Data with an expired storage period is automatically deleted once per month.

By using this website, you consent to the setting of so-called cookies for the collection, storage and processing of data collected on you by Google. Furthermore, you consent to storage of your data in cookies after your browser session has ended, for example so that they can be retrieved for future sessions. You can withdraw this consent at any time for future sessions by setting your browser to refuse the acceptance of cookies.

You can prevent cookies from being saved on your computer by configuring your browser to only save cookies when you accept them. If you want to accept Feuerwear cookies but not the cookies of our service providers and other partners, you can select the “block third-party cookies” setting in your browser. As a rule, the menu bar of your web browser is displayed above the “Help” button, if you wish to refuse acceptance of new cookies and deactivate cookies that are already stored on your computer. If you are sharing a computer that is categorically set to accept cookies, we recommend that you log out entirely after every session.

This consent may only be given by users who are at least 13 years old. If you are not yet 13, we ask you to please consult a parent or legal guardian for advice.

You can also use the ad management settings to deactivate Google Analytics for display ads and personalize the ads in the Google Display Network.

There is a browser add-on available for deactivating Google Analytics as well as an opt-out cookie for Google Analytics and Facebook cookies, which you can use to prevent information about your use of the website being sent to Google Analytics or Facebook. 

V. Newsletter

1. Description and scope of data processing

We send out our newsletters (newsletter, new product alert) to users who sign up for it on our website. Either separately under a special link (e.g. https://www.feuerwear.com/about-feuerwear-old/newsletter-en) or in the course of the checkout process, where the user can check a box provided for this.

On our website, our users can subscribe to our newsletter and/or our brand-new product alert free of charge. When a user registers for the newsletter the data from the input form are transmitted to us.

The only information required for registration is an e-mail address. The user’s title, name and surname are provided voluntarily.

The following data are also stored during registration:

  1. IP address of the accessing computer (source)
  2. Date and time of access
  3. Date and time of confirmation of the subscription
  4. Language version(s) used by the website (DE, COM)

We require your consent for the processing of your data within the scope of the registration process and make reference to the terms of this privacy policy.

No personal data are disclosed to third parties in connection with delivery of the newsletter. We store and process these data solely for the purpose of sending the newsletter.

2. Legal basis for data processing

The legal basis for the processing of personal data we store when a user signs up to receive our newsletter, provided that the user has given their consent to this effect, is Art. 6, 1 (a) GDPR.

3. Purpose of data processing

We store and process the user’s e-mail address for the purpose of sending the newsletter.

4. Duration of storage

The data are deleted as soon as they are no longer required for the purpose for which they were collected. Consequently, the e-mail address of the user is only stored as long as the user’s subscription to the newsletter is active.

5. Possibility to object and remove

Users can cancel their subscriptions to the newsletter at any time, using the link provided for this purpose in the lower section of every newsletter.

At the same time, users can withdraw their consent for the storage of their personal data, given during the registration process.

VI. Registration/Customer account/Ordering

1. Description and scope of data processing

On our website, users have the option of providing personal data to register as a customer.

a) Online shop – creating a customer account

In the scope of the ordering process in our online shop we offer you the option of creating a customer account. The advantage of such an account is that it gives us the opportunity to offer you additional services. In particular, every time you call up your account you can view your past purchases and the corresponding ordering process and won’t have to input your details again (e.g. name, address, payment method) every time you place a new order. You can manage your (shipping) addresses (e.g. to place orders for friends and family), post your feedback on products you have ordered, use the data for returns or to get in touch with the vendor for whatever reason and check out the reviews.

Registration is not compulsory for purchasing our unique products; registration and the associated customer account are merely an offer from Feuerwear to our users and does not constitute any obligation. You can also shop as a guest user without having to create a customer account, using our easy checkout process. However, this precludes the benefits of a customer account and other services mentioned above.

The registration data are typed into a form, transferred to us and stored in our system. These data are not disclosed to third parties. At the time of registration the following data are stored:

  • Title
  • First name
  • Surname
  • E-mail address
  • Street
  • Street number
  • Postal code
  • Town/City
  • Country
  • Payment method (PayPal, direct debit, credit card, purchase on account, prepayment by bank transfer)
  • User name
  • Password

At the time of registration the following data are also stored:

  • The user’s IP address
  • Date and time of registration

The user’s consent with regard to processing of this data is obtained during the registration process.

b) Online shop – ordering without a customer account

If you want to order a product in our online shop without creating a customer account (as a “guest”), we store only the data necessary for processing your order and information on the status of your order.

The data are typed into a form, transferred to us and stored in our system. These data are not disclosed to third parties. The following data are stored in the course of optional registration:

  • Title
  • First name
  • Surname
  • E-mail address
  • Street
  • Street number
  • Postal code
  • Town/City
  • Country
  • Payment method (PayPal, direct debit, credit card, purchase on account, prepayment by bank transfer)
  • User name
  • Password

The following data are also stored in the course of optional registration:

  • The user’s IP address
  • Date and time of registration

2. Legal basis for data processing

The legal basis for the processing of personal data, provided that the user has given their consent to this effect, is Art. 6, 1 (a) GDPR.

If registration is necessary for the performance of a contract to which the data subject is party, or for carrying out pre-contractual measures, the additional legal basis for the processing of personal data is Art. 6, 1 (b) GDPR.

3. Purpose of data processing

Registration of the user (customer account) is required for the provision of certain content and services on our website. The user can register on our website in order to manage personal details such as addresses (and also buy stuff for friends and family), view past orders in a history archive, post your feedback on products you have ordered, use the data for returns or to get in touch with the vendor for whatever reason and check out the reviews. Registration is not compulsory for purchasing our unique products; registration and the associated customer account are merely an offer from Feuerwear to our users and does not constitute any obligation. Guest users can shop with our easy checkout process without having to create a customer account.

If a user registers in the course of the checkout process, no further data will be collected in addition to the data required for concluding the contract (aside from a required password). At the end of the checkout process the user also has the option of checking a separate box to determine whether a user account should be created using the personal data that has already been provided.

4. Duration of storage

The data are deleted as soon as they are no longer required for the purpose for which they were collected.

This applies to the data stored in the course of creating a customer account, if a user’s registration on our website has been deleted or changed.

This applies to the data stored in the course of registering for the performance of a contract or for carrying out pre-contractual measures, if the data are no longer required for the performance of the contract. Even after a contract is concluded it may be necessary to store the personal data of the contracting partner in order to comply with a contractual or legal obligation.

5. Possibility to object and remove

As our user you can choose to cancel your registration at any time. You can also have any inaccurate data corrected.

Users can have their user accounts deleted at any time by using the function provided for this purpose in the system.

If the data are required for the performance of a contract or for carrying out pre-contractual measures, these data may only be deleted if no contractual or legal obligation prevents this.

VII. Contact form and e-mail contact

1. Description and scope of data processing

On our website is a form that can be used to contact us by electronic means. Information entered in the form by users who choose this option will be sent to us and stored in our system. This information includes the following data:

Which personal data are transmitted to the controller is dependent on the purpose of the respective form. As a rule, we require only an e-mail address. Any further information is provided voluntarily by the user, with the exception of the contact form at https://www.feuerwear.de/kontakt/weiterverkauf , which is for use only by commercial customers and requires additional company information.

The following data are also stored when a message is sent:

  1. IP address of the user
  2. Date and time of transmission of message
  3. Security token for prevention of misuse

We require your consent for the processing of personal data relating to you within the scope of sending electronic communication and make reference to the terms of this privacy policy.

Alternatively, you can contact us via the e-mail address we provide. In this case, we store the personal data that you transmitted by e-mail.

No personal data relating to the user are disclosed to third parties. The data will be used exclusively for the purposes of processing and responding to the user’s inquiry.

2. Legal basis for data processing

The legal basis for the processing of personal data, provided that the user has given their consent to this effect, is Art. 6, 1 (a) GDPR.

The legal basis for the processing of personal data provided in the course of sending e-mail is Art. 6, 1 (f) GDPR. If the purpose of the e-mail contact is to conclude a contract, Art. 6, 1 (b) GDPR forms an additional legal basis.

3. Purpose of data processing

We process personal data from the input form solely for the purpose of processing the user’s inquiry. If the user has made contact by e-mail, we have a legitimate interest in processing the data.

Any other personal data that are stored in the course of electronic communication serve to prevent any misuse of the contact form and to ensure the security of our information systems.

4. Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data from the input screen (e.g. contact form) and data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the situation concerned has been conclusively clarified.

Personal data that are also stored in the course of electronic communication are deleted after a period of seven days.

5. Possibility to object and remove

Users can choose to withdraw their consent for the processing of their personal data at any time. If a user has made contact by e-mail, he can object to the storage of his personal data at any time. In this case the conversation is ended.

The best way to withdraw your consent is by sending us an e-mail, although other methods of communication are also acceptable.

In this case, all personal data that are stored in the course of electronic communication are deleted.

VIII. Product reviews/Customer ratings

1. Description and scope of data processing

On the product pages of our website we offer our users the opportunity to rate our products and services or leave comments on our products under “customer ratings”.

The following data are stored for this:

  • Name (optional – this could be an alias/invented name)

  • E-mail address (will not be published with the rating)

  • Data provided in the “Comment” field

    At the time of sending the message the following data are also stored:

  1. IP address of the user

  2. Date and time of submission

  3. Security token for prevention of misuse

In this connection no personal data will be disclosed to third parties. These data are used solely for the publication of the rating.

2. Legal basis for data processing

 

Furthermore, the legal basis for the processing of personal data required for publication of a product review/rating within the scope of the evaluation is Art. 6, 1 (b) GDPR.

Your e-mail address will not be published with the rating you submit. We only collect and process this data in order to prevent any misuse of the rating system, to safeguard against incorrect or falsified ratings not based on the purchase of a product or experience with our products or services. This serves to safeguard our legitimate interests pursuant to Art. 6, 1 (f) GDPR.

3. Purpose of data processing

The processing of personal data from the input form is solely for the publication of a rating/product review and to prevent any misuse of the rating system.

4. Duration of storage

The data are deleted as soon as they are no longer required to for the purpose for which they were collected or when you choose to opt out of further processing and publication of personal data linked to your rating.

The e-mail address is stored for a maximum of six months for the evaluation and then deleted.

The personal data that is also stored during the communication is saved for a maximum of seven days and then deleted.

5. Possibility to object and remove

The user has the right to withdraw his consent to the processing of his personal data at any time. If the user has made contact by e-mail, he can object to the storage of his personal data at any time. The best way to withdraw your consent is by sending us an e-mail, although other methods of communication are also acceptable.

In this case, all personal data that are stored in the course of electronic communication are deleted.

IX. YouTube videos

Our website uses plugins from YouTube, the site operated by Google. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages featuring a YouTube plugin, a connection to YouTube’s servers is established. 

The embedding of YouTube videos on our website is done in “extended data protection mode”, offered by YouTube. According to provider information, user data will not be stored unless the playback function of the video is started. Simply visiting our site in protected mode does not use any cookies. Regardless of whether the embedded video is played back, a connection to the Google DoubleClick advertising platform is established when a user visits this website, without any user information being stored by Google. However, if you click on an embedded YouTube video and play it, this will trigger further data processing by YouTube that is beyond our control as operator of our website.

If you are logged into your YouTube account, you are enabling YouTube to allocate your surfing behavior directly to your personal profile. You can prevent this from happening by logging out of your YouTube account beforehand.

You will find further information about the handling of user data in YouTube’s privacy policy at: https://www.google.com/intl/en/policies/privacy/

X. Google Maps

Our website uses Google Maps API, a web service for displaying geographical information visually. When using Google Maps, information about your use of the website functions is collected, processed and used by Google. You can find more information on data protection in connection with the use of Google Maps on Google’s website at https://www.google.com/intl/en/policies/privacy/. Here in the data protection center you can also change the settings to personalize the protection of personal data relating to you.

XI. Google Forms/Google Drive for surveys

We use Google Forms for creating and conducting customer surveys und user questionnaires with the aim of improving our products and services. The data collected in “Google Forms” forms are stored in the “Google Drive” cloud provided for our use by Google.

NYou can find more detailed information about data processing in connection with Google Forms and Google Drive in Google’s privacy policy at: https://www.google.com/intl/en/policies/privacy/

You can find more detailed information about protecting your data in connection with Google products on Google’s website at https://www.dataliberation.org/.

XII. Rights of data subjects

If personal data relating to you are processed, that makes you a data subject within the meaning of the GDPR and you have the following rights before the controller:

1. Rights of access

You have the right to request that the controller confirm whether personal data that relate to you are processed by us.

If that should be the case, you can request information on the following from the controller:

(1)the purposes for which the personal data are processed;

(2)the categories of personal data processed;

(3)the recipients or categories of recipients to whom your personal data are or have been disclosed;

(4)the contemplated duration of storage of your personal data or, if concrete information cannot be provided, the criteria for determination of the duration of storage;

(5)the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller or a right to object to such processing;

(6)the existence of a right to lodge complaints with a supervisory authority;

(7)all available information on the origin of personal data not obtained from the data subject;

(8)the existence of automated decision-making, including profiling, pursuant to Art. 22, 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to receive information on whether your personal data are transferred to a third country or an international organization. In this context, you can require that we notify you of appropriate safeguards pursuant to Art. 46 GDPR in connection with any such transfer.

2. Right to rectification

You have the right to require that the controller rectify and/or complete your personal data if the data that are processed are inaccurate or incomplete. The controller must make such changes without undue delay.

3. Right to restrict processing

You have the right to require that the controller restrict processing of your personal data under the following conditions:

(1)if you contest the accuracy of personal data for a period enabling the controller to verify the accuracy of the respective personal data;

(2)if the processing is unlawful and you oppose erasure of the personal data and request restriction of their use instead;

(3)if the controller no longer needs the personal data for the purposes of processing, but you need the personal data to establish, exercise or defend legal claims; and

(4)if you have objected to processing pursuant to Art. 21, 1 GDPR pending verification of whether the legitimate grounds of the controller override your grounds.

If the processing of your personal data has been restricted, such personal data may, except as regards storage, be processed only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted as described above, you will be notified by the controller before such restriction is lifted.

4. Right to erasure

a) Duty to erase

You have the right to require that the controller erase personal data relating to you without undue delay and the controller must then erase such personal data without undue delay if one of the following grounds applies:

(1)The personal data are no longer needed for the purposes for which they were originally collected or otherwise processed;

(2)You have withdrawn the consent to processing given pursuant to Art. 6, 1 (a) or Art. 9, 2 (a) GDPR and there is no other legal ground for such processing;

(3)You object to the processing pursuant to Art. 21, 1 GDPR and there are no overriding legitimate grounds for such processing or you object to the processing pursuant to Art. 21, 2 GDPR;

(4)Your personal data were processed unlawfully;

(5)Your personal data must be erased to comply with a legal obligation under Union or Member State law to which the controller is subject;

(6)Your personal data were collected in connection with an offer of information society services pursuant to Art. 8, 1 GDPR;

b) Information provided to third parties

If the controller has disclosed personal data relating to you and is obligated to erase such data pursuant to Art. 17, 1 GDPR, the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers that are processing the personal data that you, as the data subject, have requested erasure by such controllers of any links to or copy or replication of such personal data.

c) Exceptions

The right to erasure does not apply if processing is necessary

(1) to exercise the right to freedom of expression and information;

(2)to comply with a legal obligation that requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or to exercise official authority vested in the controller;

(3)for reasons of public interest in the area of the public health pursuant to Art. 9, 2 (h) and (i) and Art. 9, 3 GDPR;

(4)for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89, 1 GDPR insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or

(5)to establish, exercise or defend legal claims.

5. Right to rectification

If you have the right to require that a controller rectify, erase or restrict processing, the controller must notify all recipients to whom personal data relating to you were disclosed of such rectification, erasure or restriction of processing unless notification proves impossible or would entail an unreasonable effort.

You have the right to be notified of such recipients by the controller.

6. Right to data portability

You have the right to receive the personal data relating to you that you have made available to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit such data to another controller without hindrance from the controller to which the personal data were provided if

(1)processing is based on consent pursuant to Art. 6, 1 (a) GDPR or Art. 9, 2 (a) GDPR or on a contract pursuant to Art. 6, 1 (b) GDPR and

(2)processing is carried out by automated means.

In exercising this right, you also have the right to have personal data relating to you transmitted directly from one controller to another if technically feasible. This may not be allowed to adversely affect the freedoms and rights of others.

The right to data portability does not apply to the processing of personal data required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object at any time to the processing of personal data relating to you for reasons related to your particular situation on the basis of Art. 6, 1(e) or (f) GDPR. This will also apply accordingly as regards profiling based on these provisions.

The controller will then cease to process personal data relating to you unless it is possible to demonstrate compelling legitimate reasons for such processing that outweigh your interests, rights and freedoms or such processing serves to establish, exercise or defend legal claims

If personal data relating to you are processed for direct marketing purposes, you have the right to object to the processing of your data for such marketing purposes at any time. This will apply accordingly to any profiling related to such direct marketing activities.

If you object to processing for the purposes of direct marketing, personal data relating to you will no longer be processed for such purposes.

In the context of the use of information society services and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent under data protection law

You have the right to withdraw your consent to having your personal data processed at any time. Withdrawal of consent will not affect the lawfulness of processing based on your consent prior to withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that legally affects you or entails effects that are of similar importance. This will not apply in the case of any decision that is

(1)necessary for the entry into or performance of a contract between you and the controller,

(2)permissible under Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or

(3)based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9, 1 GDPR unless Art. 9, 2 (a) or (g) GDPR applies and suitable measures have been taken to safeguard your rights and freedoms as well as your legitimate interests.

In the cases referred to in (1) and (3) above, the controller must implement suitable measures to safeguard your rights and freedoms as well as your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge complaints with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you are of the opinion that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint is lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

XIII. Notes on the Act on Alternative Dispute Resolution in Consumer Matters and ODR guidelines:

The European Commission provides a platform for online dispute resolutions (ODR) which can be accessed under www.ec.europa.eu/consumers/odr. This allows consumers and traders to resolve disputes arising from online purchases of goods and services without having to go to court.

We are neither obligated nor willing to participate in extra-judicial dispute settlement proceedings before a consumer dispute resolution body.