Data protection

We are delighted by your interest in our company. Data protection is of paramount importance to the management of Franky's Best. Using Franky's Best's website is generally possible without providing any personal data. However, if a data subject wishes to use special services offered by our company via our website, processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the data subject's consent.

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online services and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online services"). Regarding the terminology used, such as "processing" or "controller," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Responsible

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

Franky's Best (sole proprietorship)
Kirchstraße 13a
10557 Berlin
Germany

Managing Director: Frank Möhler
Email: frank (at) frankysbest (dot) de
Legal notice: https://www.frankysbest.de/impressum

Types of data processed

• Inventory data (e.g., names, addresses).
• Contact details (e.g., email, phone numbers).
• Content data (e.g., text entries, photographs, videos).
• Usage data (e.g., websites visited, interest in content, access times).
• Metadata/communication data (e.g., device information, IP addresses).

Purpose of processing

• Provision of the online service, its functions and content.
• Responding to contact requests and communicating with users and customers.
• Security measures.
• Audience measurement and marketing.

Terminology used

Franky's Best's privacy policy is based on the terms used by the European legislator when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for both the general public and our customers and business partners. To ensure this, we would like to explain the terminology used beforehand.

In this privacy policy, we use, among other things, the following terms:

• “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• “Data subject” means any identified or identifiable natural person whose personal data is processed by the controller.
• "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.
• “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
• “Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
• “Controller” or “data controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.
• “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
• “Recipient” means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
• “Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
• “Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Relevant legal bases

In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing. Unless otherwise stated in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR; the legal basis for processing data to fulfill our services and implement contractual measures, as well as to respond to inquiries, is Article 6(1)(b) of the GDPR; the legal basis for processing data to comply with our legal obligations is Article 6(1)(c) of the GDPR; and the legal basis for processing data to protect our legitimate interests is Article 6(1)(f) of the GDPR. In the event that processing personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.

Security measures

We ask that you regularly review the content of our privacy policy. We will update the privacy policy as soon as changes to our data processing activities make this necessary. We will inform you if any changes require action on your part (e.g., consent) or any other individual notification.

Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant you access to the data, this is done only on the basis of legal permission (e.g., if the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR), if you have given your consent, if a legal obligation requires it, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "data processing agreement," this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is necessary for the performance of our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we will only process or have data processed in a third country if the special requirements of Articles 44 et seq. of the GDPR are met. This means, for example, that processing is based on special guarantees, such as the officially recognized finding of a level of data protection equivalent to that of the EU (e.g., for the USA through the "Privacy Shield") or compliance with officially recognized specific contractual obligations (so-called "standard contractual clauses").

Rights of data subjects

• You have the right to request confirmation as to whether your personal data is being processed, and to access this data, as well as further information and a copy of the data, in accordance with Article 15 of the GDPR. Every data subject has the right, granted by the European legislator, to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If you wish to exercise this right of confirmation, you may contact an employee of the controller at any time.
• According to Article 16 of the GDPR, you have the right to request the completion of your personal data or the rectification of inaccurate personal data concerning you. Every data subject whose personal data is being processed has the right, granted by the European legislator, to request the immediate rectification of inaccurate personal data concerning them. Furthermore, taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement. If a data subject wishes to exercise this right to rectification, they may contact an employee of the data controller at any time.
• In accordance with Article 17 of the GDPR, you have the right to request that your data be erased without undue delay, or alternatively, in accordance with Article 18 of the GDPR, to request the restriction of processing of your data. Every data subject has the right granted by the European legislator to request from the controller the erasure of personal data concerning them without undue delay where one of the grounds listed below applies and where processing is not necessary. If one of the grounds listed below applies and a data subject wishes to request the erasure of personal data stored by the controller, they may contact an employee of the controller at any time. The controller will ensure that the erasure request is complied with without undue delay. If the controller has made personal data public and our company, as the controller, is obliged to erase the personal data pursuant to Article 17(1) GDPR, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the published personal data that the data subject has requested the erasure by those other controllers of any links to, or copies or replications of, that personal data, insofar as processing is not necessary. The controller will take the necessary steps in each individual case.
• The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
• The data subject withdraws their consent on which the processing was based pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
• The data subject objects to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
• The personal data was processed unlawfully.
• The erasure of personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
• The personal data were collected in relation to information society services offered, in accordance with Article 8(1) of the GDPR.
• You have the right to request access to the personal data you have provided to us, in accordance with Article 20 of the GDPR, and to request its transmission to another controller. Every data subject has the right, granted by the European legislator, to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was initially provided, where the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, when exercising their right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have their personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others. The data subject may contact the controller at any time to assert their right to data portability.
• Furthermore, pursuant to Article 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
• You have the right to withdraw your consent at any time with effect for the future, in accordance with Article 7(3) of the GDPR. Every data subject has the right, granted by the European legislator, to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions. In the event of such an objection, the controller will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of establishing, exercising or defending legal claims.
• You can object to the future processing of your personal data at any time in accordance with Article 21 of the GDPR. If the controller processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the controller will no longer process the personal data for these purposes. Furthermore, the data subject has the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out by the controller for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest. To exercise the right to object, the data subject can contact the controller directly. Furthermore, the data subject is free, in connection with the use of information society services and notwithstanding Directive 2002/58/EC, to exercise his or her right to object by automated means using technical specifications.
• Every data subject has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision (1) is necessary for entering into, or performing, a contract between the data subject and a data controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent. Where the decision (1) is necessary for entering into, or performing, a contract between the data subject and a data controller, or (2) is based on the data subject’s explicit consent, the controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. If the data subject wishes to assert rights relating to automated decision-making, they can contact an employee of the controller at any time.

Cookies and the right to object to direct marketing

Cookies are small files that are stored on users' computers. Various types of information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or even after their visit to an online service. Temporary cookies, also known as "session cookies" or "transient cookies," are deleted after a user leaves an online service and closes their browser. Such a cookie might, for example, store the contents of a shopping cart in an online store or a login status. "Permanent" or "persistent" cookies remain stored even after the browser is closed. These can, for example, save the login status so that users remain logged in when they return to the site after several days. Similarly, user interests can be stored in such a cookie for audience measurement or marketing purposes. Third-party cookies are cookies that are offered by providers other than the operator of the online service (otherwise, if they are only the operator's own cookies, they are called first-party cookies).

We may use temporary and permanent cookies, and we explain this in our privacy policy.

If users do not wish to have cookies stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Disabling cookies may lead to functional limitations of this online service.

You can generally object to the use of cookies for online marketing purposes with many services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/ . Furthermore, you can prevent the storage of cookies by disabling them in your browser settings. Please note that this may prevent you from using all the features of this website.

Deletion of data

The data we process will be erased or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us will be erased as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not erased because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

In accordance with legal requirements in Germany, records must be retained for 6 years in particular pursuant to Section 257 Paragraph 1 of the German Commercial Code (HGB) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years pursuant to Section 147 Paragraph 1 of the German Fiscal Code (AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

According to legal requirements in Austria, records must be retained for 7 years in particular pursuant to § 132 para. 1 BAO (accounting records, receipts/invoices, accounts, vouchers, business papers, statements of income and expenses, etc.), for 22 years in connection with real estate and for 10 years for documents relating to electronically supplied services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU member states and for which the Mini One-Stop-Shop (MOSS) is used.

Business-related processing

In addition, we process

• Contract details (e.g., subject matter of the contract, term, customer category).
• Payment details (e.g., bank details, payment history)

from our customers, prospective customers and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.

Hosting

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we use for the purpose of operating this online service.

In this process, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospective customers and visitors of this online service on the basis of our legitimate interests in the efficient and secure provision of this online service pursuant to Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential information, such as inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the padlock icon in your browser's address bar. When SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Collection of access data and log files

We, or rather our hosting provider, collect data about every access to the server on which this service is located (so-called server log files) based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR. Access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Log file information is stored for a maximum of 7 days for security reasons (e.g., to investigate misuse or fraud) and then deleted. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.

Order processing in the online shop and customer account

We process our customers' data as part of the order process in our online shop to enable them to select and order the chosen products and services, as well as to facilitate payment and delivery or execution.

The data processed includes inventory data, communication data, contract data, and payment data. The individuals affected by this processing include our customers, prospective customers, and other business partners. Processing is carried out for the purpose of providing contractual services within the framework of operating an online shop, including invoicing, delivery, and customer service. We use session cookies to store the contents of the shopping cart and persistent cookies to store the login status.

The processing of your data is based on Article 6(1)(b) (performance of a contract) and (c) (compliance with legal requirements) of the GDPR. The information marked as required is necessary for the establishment and fulfillment of the contract. We only disclose your data to third parties for the purposes of delivery, payment, or as required by law, including disclosures to legal advisors and authorities. Data is only processed in third countries if this is necessary for the performance of the contract (e.g., at the customer's request for delivery or payment).

Users can optionally create a user account, which allows them to view their orders. During registration, users are informed of the required mandatory information. User accounts are not public and cannot be indexed by search engines. If users terminate their user account, their data relating to the user account will be deleted, unless its retention is necessary for commercial or tax law reasons in accordance with Art. 6 para. 1 lit. c GDPR. Information in the customer account remains until its deletion, with subsequent archiving in the event of a legal obligation. It is the users' responsibility to back up their data before the end of the contract if they have terminated their account.

As part of the registration and subsequent login processes, as well as the use of our online services, we store the IP address and the time of each user action. This storage is based on our legitimate interests, as well as the user's interest in protection against misuse and other unauthorized use. This data is generally not shared with third parties, unless it is necessary for the enforcement of our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c GDPR.

The data will be deleted after the expiry of statutory warranty periods and comparable obligations; the necessity of retaining the data will be reviewed every three years; in the case of statutory archiving obligations, the data will be deleted after their expiry (end of commercial (6 years) and tax law (10 years) retention periods).

Administration, financial accounting, office organization, contact management

We process data for administrative tasks, the organization of our business operations, financial accounting, and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process when providing our contractual services. The legal bases for this processing are Article 6(1)(c) and (f) of the GDPR. Customers, prospective customers, business partners, and website visitors are affected by this processing. The purpose of and our legitimate interest in this processing lies in administration, financial accounting, office organization, and data archiving—tasks that serve to maintain our business operations, fulfill our obligations, and provide our services. The deletion of data relating to contractual services and contractual communication is carried out in accordance with the information provided for these processing activities.

In this process, we disclose or transmit data to the tax authorities, advisors such as tax consultants or auditors, as well as other fee collection agencies and payment service providers.

Furthermore, based on our legitimate business interests, we store information about suppliers, event organizers, and other business partners, for example, for later contact. We generally store this predominantly business-related data permanently.

Business analyses and market research

In order to operate our business efficiently and to identify market trends, customer and user needs, we analyze the data we have on business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, and metadata on the basis of Article 6 Paragraph 1 Letter f of the GDPR, whereby the data subjects include customers, prospective customers, business partners, visitors, and users of the online service.

The analyses are conducted for the purposes of business evaluations, marketing, and market research. In doing so, we may consider the profiles of registered users, including information such as their purchase history. These analyses help us improve user-friendliness, optimize our offerings, and enhance our business efficiency. The analyses are for our internal use only and will not be disclosed externally, unless they are anonymous analyses with aggregated data.

If these analyses or profiles are personally identifiable, they will be deleted or anonymized upon termination of the user's account; otherwise, they will be deleted two years after the contract was concluded. Furthermore, company-wide business analyses and general trend assessments will be created anonymously whenever possible.

Data protection information for the application process

We process applicant data solely for the purpose and within the scope of the application process, in accordance with legal requirements. The processing of applicant data is carried out to fulfill our (pre-)contractual obligations within the framework of the application process, pursuant to Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR, insofar as data processing becomes necessary for us, for example, in the context of legal proceedings (in Germany, Section 26 BDSG also applies).

The application process requires applicants to provide us with their application data. The necessary application data is marked accordingly if we offer an online form; otherwise, it can be found in the job descriptions. This data generally includes personal information, postal and contact addresses, and application documents such as a cover letter, resume, and certificates. Applicants may also voluntarily provide us with additional information.

By submitting their application to us, applicants agree to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this privacy policy.

If, during the application process, special categories of personal data within the meaning of Article 9(1) GDPR are voluntarily disclosed, their processing is additionally carried out in accordance with Article 9(2)(b) GDPR (e.g., health data, such as information on severe disability or ethnic origin). If, during the application process, special categories of personal data within the meaning of Article 9(1) GDPR are requested from applicants, their processing is additionally carried out in accordance with Article 9(2)(a) GDPR (e.g., health data, if required for the performance of the job).

If available, applicants can submit their applications to us via an online form on our website. The data is transmitted to us using state-of-the-art encryption.
Furthermore, applicants can submit their applications via email. However, please note that emails are generally not encrypted, and applicants are responsible for ensuring encryption themselves. Therefore, we cannot assume any responsibility for the transmission of the application between the sender and its receipt on our server and recommend using an online form or sending it by post. Applicants still have the option of sending their application by post instead of using the online form or email.

The data provided by applicants may be further processed by us for the purposes of the employment relationship if the application is successful. Otherwise, if the application for a job offer is unsuccessful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.

Subject to a justified objection from the applicant, the data will be deleted after a period of six months so that we can answer any follow-up questions regarding the application and comply with our obligations under the Equal Treatment Act. Invoices for any travel expense reimbursements will be archived in accordance with tax regulations.

Amazon Affiliate Program

Based on our legitimate interests (i.e., our interest in the economic operation of our online services within the meaning of Art. 6 para. 1 lit. f GDPR), we participate in the Amazon EU Partner Program, which is designed to provide a means for websites to earn advertising fees by placing advertisements and links to Amazon.de (so-called affiliate system). Amazon uses cookies to track the origin of orders. Among other things, Amazon can recognize that you clicked on the partner link on this website and subsequently purchased a product from Amazon.

Further information on data usage by Amazon and options to object can be found in the company's privacy policy: http://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401 .

Registration function

Users can optionally create a user account. During registration, users will be informed of the required mandatory information. The data entered during registration will be used for the purpose of using the service. Users may be informed by email about service- or registration-related information, such as changes to the scope of services or technical issues. If users have terminated their user account, their data relating to the user account will be deleted, unless its retention is necessary for commercial or tax law reasons in accordance with Art. 6 Para. 1 lit. c GDPR. It is the users' responsibility to back up their data before the end of the contract if they have terminated their account. We are entitled to irretrievably delete all user data stored during the contract period.

When you use our registration and login functions, as well as your user account, we store your IP address and the time of each action. This storage is based on our legitimate interests, as well as the user's interest in protection against misuse and other unauthorized use. We generally do not share this data with third parties, unless it is necessary for pursuing our claims or we are legally obligated to do so pursuant to Art. 6 para. 1 lit. c GDPR. IP addresses are anonymized or deleted after a maximum of 7 days.

Contact

When you contact us (e.g., via contact form, email, telephone, or social media), the information you provide will be processed in accordance with Article 6(1)(b) GDPR for the purpose of handling your inquiry. Your information may be stored in a customer relationship management system ("CRM system") or similar inquiry management system.

We delete inquiries when they are no longer needed. We review the necessity of retaining inquiries every two years; statutory archiving obligations also apply.

Comments and posts

When users leave comments or other contributions, their IP addresses are stored for 7 days based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. This is done for our security in case someone leaves unlawful content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we ourselves could be held liable for the comment or contribution and are therefore interested in the author's identity.

Comment subscriptions

Users can subscribe to follow-up comments with their consent in accordance with Article 6 Paragraph 1 Letter a of the GDPR. Users will receive a confirmation email to verify that they are the owner of the email address provided. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will contain information on how to unsubscribe. For the purpose of documenting user consent, we store the registration time along with the user's IP address and delete this information when users unsubscribe.

You can unsubscribe from our newsletter at any time, i.e., withdraw your consent. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove previously given consent. The processing of this data is limited to the purpose of defending against potential claims. An individual deletion request is possible at any time, provided that the prior existence of consent is confirmed.

Akismet Anti-Spam Check

Our website uses the "Akismet" service, provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. This service is used based on our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Akismet helps distinguish comments from real people from spam comments. For this purpose, all comment data is sent to a server in the USA, where it is analyzed and stored for comparison purposes for four days. If a comment is classified as spam, the data is stored beyond this period. This data includes the entered name, email address, IP address, comment content, referrer, information about the browser and operating system used, and the time of entry.

Automattic is certified under the Privacy Shield agreement and thus guarantees compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active ).

Further information on the collection and use of data by Akismet can be found in Automattic's privacy policy: https://automattic.com/privacy/ .

Users are welcome to use pseudonyms or refrain from entering their name or email address. You can completely prevent the transmission of data by not using our commenting system. That would be a shame, but unfortunately, we see no other equally effective alternatives.

Retrieving profile pictures from Gravatar

We use the Gravatar service from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, within our online services and especially in our blog.

Gravatar is a service where users can register and upload profile pictures and their email addresses. When users with that email address post or comment on other online platforms (especially blogs), their profile pictures can be displayed alongside their posts or comments. For this purpose, the email address provided by the user is encrypted and transmitted to Gravatar to check if a profile is associated with it. This is the sole purpose of transmitting the email address; it is not used for any other purpose and is subsequently deleted.

The use of Gravatar is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR, as we use Gravatar to offer authors of posts and comments the opportunity to personalize their posts with a profile picture.

Automattic is certified under the Privacy Shield agreement and thus guarantees compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active ).

By displaying the images, Gravatar learns the user's IP address, as this is necessary for communication between a browser and an online service. Further information on the collection and use of data by Gravatar can be found in Automattic's privacy policy: https://automattic.com/privacy/.

If users do not want a profile picture associated with their email address on Gravatar to appear in the comments, they should use an email address that is not registered with Gravatar when commenting. We would also like to point out that it is possible to use an anonymous email address or no email address at all if users do not wish their email address to be transmitted to Gravatar. Users can completely prevent the transmission of data by not using our commenting system.

Newsletter

The following information explains the content of our newsletter, the registration, distribution, and statistical analysis procedures, as well as your rights to object. By subscribing to our newsletter, you agree to receive it and to the procedures described.

Newsletter content: We only send newsletters, emails, and other electronic notifications containing promotional information (hereinafter "newsletters") with the recipient's consent or where legally permitted. If the newsletter's content is specifically described during the registration process, this description is decisive for the user's consent. Otherwise, our newsletters contain information about our services and our company.
Double opt-in and logging: Subscription to our newsletter uses a double opt-in process. This means that after registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from subscribing using someone else's email address. Newsletter subscriptions are logged to document the registration process in accordance with legal requirements. This includes recording the time of registration and confirmation, as well as the IP address. Changes to your data stored with the email service provider are also logged.

Registration details: To subscribe to the newsletter, simply provide your email address. Optionally, we ask you to provide a name for personalized addressing in the newsletter.

Germany: The newsletter is sent and its success is measured on the basis of the recipients' consent pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or on the basis of the legal permission pursuant to § 7 para. 3 UWG.

The registration process is logged based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our interest lies in the use of a user-friendly and secure newsletter system that serves both our business interests and meets user expectations, and also allows us to provide proof of consent.

Cancellation/Revocation - You can unsubscribe from our newsletter at any time, i.e., revoke your consent. You will find an unsubscribe link at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove previously given consent. The processing of this data is limited to the purpose of defending against potential claims. An individual deletion request is possible at any time, provided that the prior existence of consent is confirmed.

Newsletter - Mailing service provider

Newsletters may be sent via the service provider "MailChimp," a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the service provider's privacy policy here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Framework and thus guarantees compliance with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The service provider is used on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR and a data processing agreement pursuant to Art. 28 Para. 3 Sentence 1 GDPR.

The email service provider may use recipient data in pseudonymized form, i.e., without linking it to a specific user, to optimize or improve its own services, for example, for the technical optimization of email delivery and the display of newsletters, or for statistical purposes. However, the email service provider does not use the data of our newsletter recipients to contact them directly or to share the data with third parties.

Newsletter - Performance Measurement

The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server, or, if we use a mailing service provider, from their server, when the newsletter is opened. During this retrieval, technical information such as browser and system information, as well as your IP address and the time of retrieval, are collected.

This information is used to technically improve our services based on technical data or target groups and their reading behavior, including their location (determined using their IP address) and access times. Statistical analysis also includes determining whether newsletters are opened, when they are opened, and which links are clicked. While this information can be technically associated with individual newsletter recipients, it is neither our intention, nor, if applicable, that of our email service provider, to monitor individual users. Rather, the analyses help us understand our users' reading habits and tailor our content to you, or send different content based on your interests.

Jetpack (WordPress Stats)

Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and operating our online services economically, in accordance with Article 6(1)(f) of the GDPR), we use the Jetpack plugin (specifically the "WordPress Stats" feature), which integrates a tool for statistically evaluating visitor traffic and is provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack uses so-called "cookies," text files that are stored on your computer and enable an analysis of your use of the website.

Automattic is certified under the Privacy Shield agreement and thus guarantees compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active ).

The information generated by the cookie about your use of this website is stored on a server in the USA. Usage profiles may be created from the processed data, but these are used solely for analysis and not for advertising purposes. Further information can be found in Automattic's privacy policy: https://automattic.com/privacy/ and in the information about Jetpack cookies: https://jetpack.com/support/cookies/ .

Google Universal Analytics

Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and operating our online services economically, in accordance with Article 6(1)(f) of the GDPR), we use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google uses cookies. The information generated by the cookie about users' use of the online services is generally transmitted to and stored on a Google server in the USA.

Google is certified under the Privacy Shield agreement and thereby guarantees compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).

Google will use this information on our behalf to evaluate users' use of our online services, to compile reports on activity within these online services, and to provide us with other services related to the use of these online services and internet usage. Pseudonymous user profiles may be created from the processed data.

We use Google Analytics in its " Universal Analytics " configuration. "Universal Analytics" refers to a Google Analytics method where user analysis is based on a pseudonymous user ID, thus creating a pseudonymous user profile with information from the use of different devices (so-called "cross-device tracking").

We only use Google Analytics with IP anonymization enabled. This means that Google shortens the IP address of users within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser settings; users can also prevent Google from collecting and processing data generated by the cookie and related to their use of the online service by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de .

Further information on data usage by Google, settings and opt-out options can be found in Google's privacy policy ( https://policies.google.com/technologies/ads ) and in the settings for displaying ads by Google (https://adssettings.google.com/authenticated ).

Users' personal data will be deleted or anonymized after 14 months.

Google Re/Marketing Services

Based on our legitimate interests (i.e., our interest in analyzing, optimizing and operating our online services economically within the meaning of Art. 6 para. 1 lit. f. GDPR), we use the marketing and remarketing services (hereinafter referred to as “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

Google is certified under the Privacy Shield agreement and thereby guarantees compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).

Google Marketing Services allow us to display more targeted advertisements on and for our website, presenting users only with ads that potentially match their interests. For example, if a user is shown ads for products they have previously viewed on other websites, this is called "remarketing." For this purpose, when our website and other websites using Google Marketing Services are accessed, Google immediately executes a code and integrates so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") into the website. These tags store an individual cookie, i.e., a small file, on the user's device (comparable technologies may also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, and googleadservices.com. This file records which websites the user visits, which content they are interested in, and which offers they click on. It also includes technical information about the browser and operating system, referring websites, visit time, and other information about the use of the online service. The user's IP address is also recorded. Regarding Google Analytics, we would like to inform you that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and is only transmitted in full to a Google server in the USA and shortened there in exceptional cases. The IP address is not combined with user data from other Google services. Google may also combine the aforementioned information with information from other sources. When the user subsequently visits other websites, they may be shown advertisements tailored to their interests.

User data is processed pseudonymously within the framework of Google Marketing Services. This means that Google does not store or process, for example, the name or email address of users, but rather processes the relevant data on a cookie-related basis within pseudonymous user profiles. From Google's perspective, this means that ads are not managed and displayed for a specifically identified person, but rather for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has explicitly permitted Google to process the data without this pseudonymization. The information collected about users by Google Marketing Services is transmitted to Google and stored on Google's servers in the USA.

Among the Google marketing services we use is the online advertising program "Google AdWords." With Google AdWords, each AdWords customer receives a different "conversion cookie." Therefore, cookies cannot be tracked across the websites of different AdWords customers. The information collected using the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you do not receive any information that can personally identify users.

We may integrate third-party advertisements based on the Google marketing service "AdSense". AdSense uses cookies that enable Google and its partner websites to display ads based on users' visits to this website and other websites on the internet.

Furthermore, we can use the "Google Tag Manager" to integrate and manage Google's analytics and marketing services on our website.

Further information on Google's use of data for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads , Google's privacy policy is available at https://www.google.com/policies/privacy .

If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences .

Facebook Pixel, Custom Audiences and Facebook Conversion

Within our online services, we use the so-called "Facebook pixel" of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are located in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), based on our legitimate interests in the analysis, optimization and economic operation of our online services and for these purposes.

Facebook is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active ).

With the help of the Facebook pixel, Facebook can identify visitors to our website as a target audience for displaying advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to show the Facebook ads we place only to Facebook users who have shown an interest in our website or who exhibit certain characteristics (e.g., interests in specific topics or products, determined based on the websites they visit) that we transmit to Facebook (so-called "Custom Audiences"). We also use the Facebook pixel to ensure that our Facebook ads correspond to the potential interests of users and are not perceived as intrusive. Furthermore, the Facebook pixel allows us to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

This consent may only be given by users who are older than 13 years of age. If you are younger, please ask your parent or guardian for advice.

Facebook processes data in accordance with its Data Policy. General information on how Facebook ads are displayed can be found in Facebook's Data Policy: https://www.facebook.com/policy.php . Specific information and details about the Facebook Pixel and how it works can be found in Facebook's Help Center: https://www.facebook.com/business/help/651294705016616 .

You can object to the collection of data by the Facebook pixel and the use of your data for displaying Facebook ads. To adjust which types of ads are displayed to you on Facebook, you can visit the page provided by Facebook and follow the instructions for managing your ad preferences: https://www.facebook.com/settings?tab=ads . These settings are platform-independent, meaning they apply to all devices, such as desktop computers and mobile devices.

You can also object to the use of cookies for audience measurement and advertising purposes via the Network Advertising Initiative's opt-out page ( http://optout.networkadvertising.org/ ) and additionally the US website ( http://www.aboutads.info/choices ) or the European website ( http://www.youronlinechoices.com/uk/your-ad-choices/ ).

Communication via Facebook Messenger

Within our online services, we use Facebook Messenger from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) as an additional communication medium. The data and content of the communication are processed via servers in the USA. Facebook also analyzes the metadata of the communication for advertising purposes, but not the content of the messages.

For further details, please refer to Facebook's privacy policy .

Online presence on social media

We maintain online presences within social networks and platforms to communicate with customers, prospects, and users active there and to inform them about our services. When accessing these networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless otherwise stated in our privacy policy, we process user data when users communicate with us within social networks and platforms, e.g. by posting on our online presences or sending us messages.

Integration of third-party services and content

Within our online services, we use content or service offerings from third-party providers based on our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online services within the meaning of Art. 6 para. 1 lit. f. GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter referred to collectively as “Content”).

This always requires that the third-party providers of this content are aware of the users' IP addresses, as they could not send the content to their browsers without them. The IP address is therefore necessary for displaying this content. We strive to use only content from providers who use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These pixel tags allow information such as visitor traffic on the pages of this website to be analyzed. The pseudonymized information can also be stored in cookies on the users' devices and may include, among other things, technical information about the browser and operating system, referring websites, time of visit, and other information about the use of our online services, as well as be combined with such information from other sources.

Vimeo

We can embed videos from the platform “Vimeo” provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street, New York, NY 10011, USA. Privacy policy: https://vimeo.com/privacy . We would like to point out that Vimeo may use Google Analytics and refer you to Google's privacy policy ( https://www.google.com/policies/privacy ) as well as the opt-out options for Google Analytics ( http://tools.google.com/dlpage/gaoptout?hl=de ) or Google's settings for data usage for marketing purposes ( https://adssettings.google.com/ ).

YouTube

We embed videos from the platform “YouTube” provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/ , Opt-out: https://adssettings.google.com/authenticated .

Google Fonts

We integrate fonts ("Google Fonts") from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/ , Opt-out: https://adssettings.google.com/authenticated .

Google reCaptcha

We integrate the bot detection function, e.g., for entries in online forms ("ReCaptcha"), from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/ , Opt-out: https://adssettings.google.com/authenticated .

Google Maps

We integrate maps from the "Google Maps" service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may include, in particular, users' IP addresses and location data, which, however, are not collected without their consent (usually obtained through their mobile device settings). The data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/ , Opt-out: https://adssettings.google.com/authenticated .

Use of Facebook Social Plugins

Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and operating our online services economically, in accordance with Article 6(1)(f) of the GDPR), we use social plugins ("plugins") from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can display interactive elements or content (e.g., videos, graphics, or text posts) and are recognizable by one of the Facebook logos (a white "f" on a blue tile, the terms "Like" or "Gefällt mir", or a "thumbs up" icon) or are marked with the addition "Facebook Social Plugin". The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/ .

Facebook is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active ).

When a user accesses a feature of this online service that contains such a plugin, their device establishes a direct connection to Facebook's servers. The plugin's content is transmitted directly from Facebook to the user's device and integrated into the online service. Usage profiles of users can be created from the processed data. We therefore have no control over the scope of data that Facebook collects using this plugin and are informing users accordingly, based on our current knowledge.

By integrating these plugins, Facebook receives information that a user has accessed the corresponding page of the website. If the user is logged into Facebook, Facebook can associate the visit with their Facebook account. When users interact with the plugins, for example, by clicking the Like button or leaving a comment, the corresponding information is transmitted directly from their device to Facebook and stored there. Even if a user is not a member of Facebook, it is still possible that Facebook will learn and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and scope of data collection and the further processing and use of data by Facebook, as well as the related rights and settings options for protecting users' privacy, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/ .

If a user is a Facebook member and does not want Facebook to collect data about them via this website and link it to their Facebook profile data, they must log out of Facebook and delete their cookies before using our website. Further settings and options to object to the use of data for advertising purposes are available within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/ . These settings are platform-independent, meaning they apply to all devices, such as desktop computers and mobile devices.

Twitter

Our website may include features and content from the Twitter service, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include content such as images, videos, or text, as well as buttons that allow users to express their approval of the content, follow the content creators, or subscribe to our posts. If users are members of the Twitter platform, Twitter can associate the access of the aforementioned content and features with their Twitter profiles. Twitter is certified under the Privacy Shield Framework and thus guarantees compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active ). Privacy policy: https://twitter.com/de/privacy , Opt-out: https://twitter.com/personalization .

Instagram

Our website may include features and content from the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include content such as images, videos, or text, as well as buttons that allow users to express their appreciation for the content, follow the content creators, or subscribe to our posts. If users are members of the Instagram platform, Instagram may associate the access of the aforementioned content and features with their Instagram profiles. Instagram's privacy policy can be found here: http://instagram.com/about/legal/privacy/ .

Pinterest

Our website may include features and content from the Pinterest service, offered by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. This may include content such as images, videos, or text, as well as buttons that allow users to express their appreciation for the content, follow the content creators, or subscribe to our posts. If users are members of the Pinterest platform, Pinterest may associate the access of the aforementioned content and features with their Pinterest profiles. Pinterest's privacy policy can be found here: https://about.pinterest.com/de/privacy-policy .

Xing

Our website may include features and content from the Xing service, offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. This may include content such as images, videos, or text, as well as buttons that allow users to express their approval of the content, subscribe to the content creators, or subscribe to our posts. If users are members of the Xing platform, Xing may associate the access of the aforementioned content and features with their Xing profiles. Xing's privacy policy can be found here: https://www.xing.com/app/share?op=data_protection.

LinkedIn

Our website may include features and content from the LinkedIn service, offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. This may include content such as images, videos, or text, as well as buttons that allow users to express their approval of the content, follow the content creators, or subscribe to our posts. If users are members of the LinkedIn platform, LinkedIn can associate the access of the aforementioned content and features with their LinkedIn profiles. LinkedIn's privacy policy can be found here: https://www.linkedin.com/legal/privacy-policy . LinkedIn is certified under the Privacy Shield Framework and thus guarantees compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active ). Privacy Policy: https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

PayPal

The data controller has integrated components from PayPal on this website. PayPal is an online payment service provider. Payments are processed via PayPal accounts, which are virtual private or business accounts. PayPal also allows users to make virtual payments via credit card if they do not have a PayPal account. A PayPal account is managed via an email address, so there is no traditional account number. PayPal enables users to send and receive online payments. PayPal also acts as an escrow service and offers buyer protection.

PayPal's European operating company is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject selects "PayPal" as the payment method during the ordering process in our online shop, their data will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data necessary for payment processing.

The personal data transmitted to PayPal typically includes first name, last name, address, email address, IP address, telephone number, mobile phone number, and other data necessary for payment processing. Personal data related to the specific order is also necessary for processing the purchase agreement.

The data is transmitted for the purpose of payment processing and fraud prevention. The data controller will transmit personal data to PayPal, in particular, when there is a legitimate interest in doing so. The personal data exchanged between PayPal and the data controller may be transmitted by PayPal to credit reference agencies. This transmission is for the purpose of identity and creditworthiness verification.

PayPal may share personal data with affiliated companies and service providers or subcontractors to the extent necessary to fulfill contractual obligations or to process the data on its behalf.

The data subject has the right to withdraw their consent to the processing of their personal data by PayPal at any time. Such withdrawal does not affect personal data that must be processed, used, or transmitted for the (contractual) processing of payments.

PayPal's current privacy policy can be accessed at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Amazon Pay

When paying via Amazon Pay, we primarily forward your payment data to Amazon Payments Europe sca, and secondarily to Amazon EU SARL, Amazon Services Europe SARL, and Amazon Media EU SARL, all three located at 5, Rue Plaetis, L-2338 Luxembourg (hereinafter "Amazon Payments"). Amazon Payments reserves the right to conduct a credit check. Amazon Payments uses the result of the credit check, specifically the statistical probability of payment default, to decide whether to offer the respective payment method. The credit check may include probability values ​​(so-called score values). If score values ​​are included in the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Address data is among the information used to calculate the score values. Furthermore, Amazon Payments is authorized to share your data with, among others, unnamed third parties (banks, e-service providers, service partners, as well as auditors, analytics services, credit agencies, marketing partners, cloud service providers, retargeting providers, and affiliated companies). For further information regarding data protection, including details about the credit agencies used, please refer to the Amazon Payments Privacy Notice: https://pay.amazon.com/de/help/201751600

Instant bank transfer

Should you choose to pay using the online payment service Sofortüberweisung during the ordering process, your contact details will be transmitted to Sofortüberweisung as part of the order. Sofortüberweisung is a service offered by SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany. Sofortüberweisung acts as an online payment service provider, enabling cashless payment for products and services on the internet.

The personal data transmitted to Sofortüberweisung (instant bank transfer) usually includes first name, last name, address, telephone number, IP address, email address, or other data required for order processing, as well as data related to the order, such as number of items, item number, invoice amount and tax percentage, invoice information, etc.

This transmission is necessary for processing your order with your chosen payment method, in particular for confirming your identity, administering your payment and the customer relationship.

Please note, however, that Sofortüberweisung may also pass on personal data to service providers, subcontractors or other affiliated companies, insofar as this is necessary to fulfill the contractual obligations arising from your order or the personal data is to be processed on their behalf.

Under certain circumstances, the personal data transmitted to Sofortüberweisung (instant bank transfer) may be shared by Sofortüberweisung with credit reference agencies. This transfer serves the purpose of identity and creditworthiness verification in relation to your order.

You can find information about the data protection principles that Sofortüberweisung applies when processing your data in the data protection information displayed to you during the payment process by Sofortüberweisung.

If you have any further questions about the use of your personal data, you can contact Sofortüberweisung by email (datenschutz@sofort.com) or in writing (SOFORT GmbH, Datenschutz, Theresienhöhe 12, 80339 München).

Klarna

If you choose Klarna Invoice and Klarna Installments from Klarna AB, located at Sveavägen 46, 111 34 Stockholm, Sweden, as your payment option during the ordering process, you consent to us collecting and transmitting the personal data necessary for processing the invoice purchase and for identity and credit checks to Klarna AB.

This includes, in particular, first and last name, title, address, date of birth, gender, email address, IP address, telephone number, mobile phone number, as well as data necessary for processing the purchase on account and data related to the order, such as the number of items, item number, invoice amount and tax percentage, invoice information, bank details, card number, expiry date, CVV code, information about goods/services, historical information, details of previous purchases, payment history, any rejections, financial information, details of any credit obligations and payment notes, information about the interaction between you and Klarna Checkout, page load times, download errors and methods used to leave the displayed page, information about electronic communication, delivery confirmations, device information, and geographical information.

This transfer of your data is necessary for processing your purchase with your chosen payment method, in particular for verifying your identity, administering your payment and customer relationship, customer analysis, administering Klarna's services, and for internal processes, including troubleshooting, data analysis, internal testing, development, statistical purposes, improving Klarna's services, ensuring that the necessary information is displayed as effectively as possible for you and your device, preventing misuse or improper application of Klarna's services, as part of Klarna's efforts to make its services as secure as possible, assessing which payment methods we can offer you via Klarna, conducting internal credit assessments, carrying out risk analyses and risk management, business development, and complying with applicable law. Klarna has a legitimate interest in transferring the customer's personal data and requires it to obtain information from credit reference agencies for the purpose of identity and credit checks. In Germany, the aforementioned data may be transferred to the following credit reference agencies:

• Arvato Infoscore Consumer Data GmbH and Infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden
• Bürgel Wirtschaftsinformationen GmbH & Co. KG, Postfach 5001 66, 22701 Hamburg
• Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss
• Deltavista GmbH, Freisinger Landstr. 74 80939 Munich
• SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden

Furthermore, Klarna may provide your personal data to other companies within the Klarna Group, service providers and subcontractors, insofar as this is necessary to fulfill the contractual relationship with you or with them.

As part of the decision regarding the establishment, execution, or termination of the contractual relationship, Klarna collects and uses information about the buyer's past payment behavior as well as probability scores for this behavior in the future. Klarna calculates this scoring using scientifically recognized mathematical and statistical methods.

You have the right to withdraw your consent to the use of your personal data by Klarna at any time. However, even in this case, Klarna may still be entitled to process, use, and transfer your personal data if this is necessary for the contractual processing of payments through Klarna's services, is legally required, or is requested by a court or authority.

You can also obtain further information on data protection directly from Klarna:

Privacy Policy of Klarna AB

You can obtain information about the personal data stored by Klarna at any time by contacting Datenschutz@klarna.de .