This data protection declaration clarifies the type, scope and purpose of the processing of personal data within this online offer, the associated offers as well as applications and services (hereinafter collectively referred to as “offers” or “services”). The validity of this data protection declaration is independent of the internet addresses, systems or devices used on which the services are carried out or the offers are perceived.
According to Art. 4 Clause 1 GDPR, personal data is the information that can be used by identifying individual natural persons or that make them directly or indirectly identifiable. Additional information on PII can be found in Art. 4 No. 1 of the GDPR.
Responsible for the processing of personal data according to Art. 4 No. 7 GDPR is:
Munich BY 80336
Right to object
According to Art. 21 GDPR, you have the right to object if we cite our legitimate interest or that of a third party in accordance with Art. 6 Para. 1 GDPR for the reason for collecting personal data. You can object to the processing of personal data at any time. If you object, we will no longer process your personal data, unless we can prove compelling and legitimate reasons for processing your personal data that outweigh your interests, rights and freedoms. The same applies if the processing serves to assert, exercise or defend legal claims (see, for example, Art. 21 Paragraph 1 GDPR, the so-called "restricted right of objection").
California Privacy Rights & Non-EU Residents
In accordance with Art. 3 GDPR and the California Consumer Privacy Act (CCPA), this data protection declaration applies to all users of the services and offers. In addition, California citizens are also granted the rights under the CCPA and California Civil Code Section 1798.83. The rights and existing obligations granted in accordance with the GDPR also apply to users who are not permanently resident in the European Union (EU) or the European Economic Area (EEA).
Usage of cookies and transmission data
In order to use the services, it is necessary that you, consciously or unconsciously, transmit certain personal data to our services. This includes so-called “cookies” as well as the transport data of the underlying IPv4, IPv6, HTTP and TLS protocols and other common protocols for Internet data transmission. The data is stored in the European Union (EU) without exception. We will not consciously conduct the data transfer between our services and citizens who are in the EU at the time of using the services via territories outside the EU. However, due to your location or the configuration of your systems, the technical basics of the Internet protocols of version 4 and 6 can lead to you unconsciously transmitting data to non-EU areas. We can not have complete control of the transport route of your data, but at no time will actively promote or operate the transfer of data from EU citizens across non-EU areas. The exception to this is that this was explicitly requested.
Cookies as defined in RFC 2965 and RFC 2109
The services use so-called "cookies" as specified in RFC 2965 and RFC 2109. These serve to guarantee the operation, usability, communication and security of the services. Your user agent (often referred to as "browser") offers you the option to individually define which cookies you want to save permanently, temporarily or not at all.
If you have configured your user agent in such a way that it also saves the "cookies" requested by our services, we will assume that you consent to their use. Your user agent's handling of the relevant data is subject to the usage agreement between you and the licensor of your user agent's software.
If you do not agree to the storage, processing and use of certain "cookies", we recommend that you configure specific "cookies" in the configuration of your user agent. Refer to the documentation for your user agent for more information. In the following sections of this data protection declaration you will find further information about which of your personal data and which "cookies" are used by our services.
Transport and transmission data of the internet protocol (IP)
The metadata of the IP transport or IP header data are not saved separately or for evaluation. So-called “log files” are not saved explicitly and not permanently. If storage takes place, this will only take place for a short time while your request is being processed and for no longer than 24 hours.
Use of Third Party Services
For the proper operation of the services and offers, we are dependent on components and services from third-party providers, with whom we also process personal data in accordance with Art. 6 Para. 1 GDPR. These third-party providers include service providers for the delivery and provision as well as monitoring the security and stability of our services. These third-party services are part of the online offering and the software applications provided. In the following, you will find information about which third-party services we use for the storage and processing of personal data.
Amazon Web Services
We use the infrastructure of Amazon Web Services (AWS), provided by Amazon Web Services EMEA SARL and its sister and subsidiary companies. Information on data protection and GDPR compliance at Amazon Web Services can be found at the address "aws.amazon.com/en/compliance/gdpr-center". Your personal data is encrypted separately against physical access to the storage media at Amazon Web Services. The storage of the data of EU citizens on Amazon Web Services takes place exclusively within the EU.
We use HubSpot, provided by HubSpot Ireland Limited, to manage customer information, relations and support services. Any communication you have with us, including chat, e-mail and phone calls are stored within the systems provided by HubSpot. Besides address, contact information and communications, the data includes contractual statuses, service and support tickets.
We use Stripe, which is operated by Stripe Payments Europe Ltd., for processing payments and managing subscriptions to our services. In addition to your payment data for commissioning or ordering the subscription to our services, all payment transactions with information about the means of payment, issuing banks, related transaction information for the payment of our services as well as your address, company address and information on fraud prevention are stored there.
Google and YouTube
We use the Google services Google Analytics, Google Ads, Google Fonts, Google Remarketing Services, YouTube including embedded YouTube videos and analytical services to optimise and monitor the performance of our services and offerings. These Google services are offered by Google Ireland Limited, its subsidiaries and sister companies. The inclusion of these services might lead to Google collecting and processing personal data. It cannot be ruled out that Google may also transmit the information to a third country outside the European Union, such as the United States of America. Google has a Privacy Shield certification and thus declares that it is ready to comply with the EU-US Privacy Shield Framework. Further information can be found in the proof of certification under “www.privacyshield.gov/participant?id=a2zt000000001L5AAI” and the general conditions for data transfers from Google under “policies.google.com/privacy/frameworks”.
Facebook, Instagram and WhatsApp
We use services for Facebook, Instagram and WhatsApp, which are provided by Facebook Ireland Ltd. This includes communication options via direct messages, Facebook advertising services with so-called “Facebook Ads” as well as so-called “social plugins”. Facebook may use the data to create more precise target groups for advertising. Facebook is certified under the Privacy Shield Agreement and has agreed to comply with the European data protection guidelines. If necessary, we will carry out a regular data comparison of our customer data with the advertisements used to optimize our target group management. Proof of certification can be found at “www.privacyshield.gov/participant?id=a2zt0000000GnywAAC”. Information on data processing by Facebook is available from Facebook at the address “facebook.com/about/privacy”.
What data we collect about you
Should you only use the offers on our website, we record the transport data of the connection as well as the website usage information. The analysis of the use with so-called web analytics software does not allow us to draw any conclusions about your person and does not allow us to analyse your specific, personal use in a personally identifiable way. The analysis of the use of our website is only possible anonymously and aggregated.
If you are interested in subscribing to our services and contact us, we will save the data you provided when contacting us. If you decide against a subscription after contacting us, we will completely remove this data after 6 months at the latest, unless you express interest in our services again.
Once you decide to subscribe, we will save all the data necessary for the mutual fulfillment of the contract. This includes your full business address or that of your company, your contact and payment information as well as joint communication regarding the contractual relationship or to solve problems with our services. We will also inform you about changes to our services and thus the contractual objects via the communication data provided to us.
After termination of the subscription or the contractual relationship, we will continue to store your data in accordance with the statutory retention periods and delete your data immediately upon request, but no later than 6 months after the end of the contractual relationship, unless we are otherwise legally obliged to store the data.
Data processing on behalf of our customers
Customers who choose our services and use them conclude an agreement with us on order data processing. Information on the use of consumers or customers of our customers (hereinafter referred to as "consumers") is transmitted to us and stored. However, this only includes transport data, unless the consumer also decides to carry out a transaction.
If our customers' consumers carry out a transaction, we store this transaction data on behalf of our customer on the basis of the jointly agreed order data processing. This data include all the information that you submitted when executing or concluding the transaction.
The respective customer informs separately in his data protection declaration about the stored and processed data, if the jurisdiction or legal requirements of his location or company headquarters so require. Inquiries and contradictions regarding the data stored on behalf of our customers must be addressed directly to the respective customer.
Deletion of data
We delete saved data as soon as it is no longer required for the original purpose and the deletion does not conflict with any statutory retention requirements. If legally permissible purposes require the further storage of the data, their processing will be restricted. These are in particular data and information that must be kept for tax or commercial reasons. The legal requirement for storage is 6 years in accordance with Section 257 (1) HGB and 10 years in accordance with Section 147 (1) AO.
Revocation and rights as a data subject
You may revoke your consent at any time with effect for the future. The processing until the revocation remains unaffected due to the previously given consent. In addition to this right, you also have the right to information (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to object (Art. 21 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art 18f.GDPR) as well as the right to data portability (Art. 20 GDPR). Please address inquiries in this regard to the e-mail address mentioned in this data protection declaration. For these inquiries, we must ensure that the person making the request is actually the person concerned. You have the right to lodge a complaint with a data protection supervisory authority.
We secure our services with technical and organisational measures against loss, destruction, unauthorized access as well as unauthorized modification or dissemination. Despite regular controls and compliance with security standards such as the IT-Grundschutz of the Federal Office for Information Security (BSI) and the standards of the National Institute of Standards and Technology (NIST), complete protection against all dangers and risks is impossible. The software and systems used have auditing systems for tracking accesses and alerting suspicious accesses (so-called "anomaly detection"), especially for personal data. Maintenance access to the systems is fully logged and protected at least by common authorization procedures and two-factor authorization.