This privacy policy informs you about the nature, scope, and purpose of processing personal data (hereinafter referred to as “data”) within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”). With regard to the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller:
Name/Company: dimari Technologies GmbH
Street No.: Bürgermeister-Brunner-Str. 15
Postal Code, City, Country: 34117 Kassel, Germany
Commercial Register/No.: Local Court Kassel HRB 4939
Managing Director: Diethard Kumpf
Phone number: +49 (0) 561 84098930
Email address: info@audio-culture.de
Data Protection Officer:
Name: Dina-Maria Kumpf
Street No.: Bürgermeister-Brunner-Str. 15
Postal Code, City, Country: 34117 Kassel, Germany
Phone number: +49 (0) 561 84098930
Email address: dina.kumpf@audio-culture.de
Types of processed data:
– Inventory data (e.g., names, addresses).
– Contact data (e.g., email, phone numbers).
– Content data (e.g., text entries, photographs, videos).
– Contract data (e.g., subject matter of the contract, term, customer category).
– Payment data (e.g., bank details, payment history).
– Usage data (e.g., visited websites, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).
Processing of special categories of data (Article 9(1) GDPR):
No special categories of data are processed.
Categories of data subjects affected by the processing:
– Customers, prospects, visitors, and users of the online offering, business partners.
– Visitors and users of the online offering.
Hereinafter, we also collectively refer to the data subjects as “users.”
Purpose of processing:
– Provision of the online offering, its content, and shop functions.
– Provision of contractual services, service, and customer care.
– Responding to contact inquiries and communicating with users.
– Marketing, advertising, and market research.
– Security measures.
As of: Month/Year: 09/2018
1.2. “Processing” is any operation or set of operations performed with or without the aid of automated processes in connection with personal data. The term is broad and encompasses virtually any handling of data.
1.3. The term “Controller” refers to the natural or legal person, authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.
2. Relevant Legal Bases
In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing to fulfill our services and perform contractual measures and respond to inquiries is Art. 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.
4.2. Among the security measures is the encrypted transmission of data between your browser and our server.
5.2. If we engage third parties to process data on the basis of a so-called “data processing agreement,” this is done on the basis of Art. 28 GDPR.
7.2. According to Art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.
7.3. According to Art. 17 GDPR, you have the right to request the immediate deletion of relevant data, or alternatively, according to Art. 18 GDPR, to request a restriction of data processing.
7.4. You have the right, in accordance with Art. 20 GDPR, to receive the personal data concerning you that you have provided to us and to request their transmission to other controllers.
7.5. Furthermore, in accordance with Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
10.2. We use temporary and permanent cookies and provide information about this in our privacy policy. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser’s system settings. Stored cookies can be deleted in the system settings of the browser. Disabling cookies may limit the functionality of this online offering.
10.3. A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that this may result in not all functions of this online offering being used.
11.2. Germany: In accordance with legal requirements, data is stored for 6 years in particular in accordance with § 257(1) HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147(1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.
11.3. Austria: In accordance with legal requirements, data is stored for 7 years in particular in accordance with § 132(1) BAO (accounting documents, documents/invoices, accounts, documents, business papers, a list of income and expenses, etc.), for 22 years in connection with real estate, and for 10 years for documents in connection with electronically provided services, telecommunications, broadcasting, and television services provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.
12.2. The processed data includes inventory data, communication data, contract data, payment data, and the affected persons are our customers, prospects, and other business partners. The processing is carried out for the purpose of providing contract services in the operation of an online shop, billing, delivery, and customer services. In this process, we use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.
12.3. The processing is based on Art. 6(1)(b) (execution of order processes) and (c) (legally required archiving) of the GDPR. The data disclosed as required is necessary for the establishment and fulfillment of the contract. We only disclose data to third parties within the scope of delivery, payment, or within the framework of legal permissions and obligations to legal advisors and authorities. Data is processed in third countries only if required for the fulfillment of the contract (e.g., at the customer’s request upon delivery or payment).
12.4. Users can optionally create a user account, which allows them to view their orders, among other things. During registration, the necessary mandatory information is provided to users. User accounts are not public and cannot be indexed by search engines. When users have terminated their user accounts, their data is deleted with regard to the user account, subject to its retention being necessary for commercial or tax law reasons according to Art. 6(1)(c) GDPR. Information in the customer account is retained until deletion, with subsequent archiving in case of a legal obligation. Users are responsible for securing their data prior to contract termination.
12.5. As part of registration and re-registration, as well as when using our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests, as well as the users’ interest in protection against misuse and other unauthorized use. These data are generally not disclosed to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6(1)(c) GDPR.
12.6. Deletion takes place after the expiration of statutory warranty and similar obligations; the necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiration (end of commercial (6 years) and tax (10 years) retention obligation); information in the customer account remains until deletion.
13.2. If these analyses or profiles are personal, they are deleted or anonymized upon user termination, otherwise after two years from the contract conclusion. Otherwise, the overall business analyses and general trend determinations are created in an anonymous way as much as possible.
It should also be noted that obtaining an automated credit report constitutes an “automated decision in an individual case” pursuant to Art. 22 GDPR, meaning a legal decision without human involvement. This is permissible if the customer has consented or this decision is necessary for the conclusion of the contract. Whether the decision is necessary is not yet conclusively clarified but is widely accepted, even by the author of this template. However, if you want to eliminate any risk, you should obtain consent.
Consent is also required if the credit report is already used to decide whether the “purchase on account” option should even be displayed. This is because it could have been the case that the customer would have chosen prepayment or PayPal anyway, and the credit check would not have been necessary.
Such consent could be given as follows:
I consent to a credit check being carried out in order to decide in an automated process (Art. 22 GDPR) whether the option of purchasing on account is offered. Further information on the credit check, the credit reporting agencies used, the procedure, and your options for objecting can be found in our [Link]privacy policy[/Link].
15.2. User information may be stored in our Customer Relationship Management (CRM) system or a comparable inquiry organization.
15.3. We delete the requests if they are no longer necessary. We review the necessity every two years; requests from customers with a customer account are stored permanently and are referred to the information in the customer account for deletion. In addition, statutory archiving obligations apply.
16.2. Logfile information is stored for a maximum of seven days for security reasons (e.g., to investigate misuse or fraudulent activities) and is then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until the respective incident is finally resolved.
17.2. Unless otherwise stated within our privacy policy, we process users’ data if they communicate with us within social networks and platforms, e.g., by posting on our online presences or sending us messages.
17.2 a. We use Google Analytics to display ads placed within Google’s advertising services and its partners’ ads only to users who have shown an interest in our online offering or who exhibit certain features (e.g., interest in specific topics or products determined based on visited websites) that we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we also want to ensure that our ads correspond to the potential interests of users and are not annoying.
18.2. Google is certified under the Privacy Shield agreement and, through this, offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
18.3. Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on activities within this online offering, and to provide us with other services associated with the use of this online offering and internet usage. Pseudonymous user profiles can be created from the processed data.
18.4. We only use Google Analytics with IP anonymization enabled. This means that the IP address of users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
18.5. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and related to their use of the online offering, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
18.6. For more information on data usage by Google, settings, and objection options, please visit Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Data usage by Google when you use our partners’ websites or apps”), https://policies.google.com/technologies/ads (“Data usage for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information that Google uses to show you advertising”).
21.2. Facebook is certified under the Privacy Shield agreement and, through this, offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
21.3. When a user accesses a feature of this online offering containing such a plugin, their device establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted directly from Facebook to the user’s device and integrated into the online offering. User profiles can be created from the processed data. We therefore have no influence on the scope of data that Facebook collects using this plugin and inform users to the best of our knowledge.
21.4. By integrating the plugins, Facebook receives information that a user has accessed the corresponding page of the online offering. If the user is logged in to Facebook, Facebook can associate the visit with their Facebook account. If users interact with the plugins, for example, by clicking the like button or leaving a comment, the corresponding information is directly transmitted from your device to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will learn and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.
21.5. Users can find information on the purpose and scope of data collection and further processing and use of the data by Facebook, as well as their related rights and privacy settings, in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
21.6. If a user is a Facebook member and does not want Facebook to collect data about them via this online offering and link it to their member data stored on Facebook, they must log out of Facebook before using our online offering and delete their cookies. Further settings and objections to the use of data for advertising purposes can be made within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the U.S. website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform-independent, meaning they apply to all devices, such as desktop computers or mobile devices.
Note: 1. Please remove this section if you do not use this service. 2. Please refer to https://matomo.org/docs/privacy/#step-3-include-a-web-analytics-opt-out-feature-on-your-site-using-an-iframe for implementing Matomo opt-out and privacy settings.
22. Reach Analysis with Matomo
22.1. As part of the reach analysis using Matomo, the following data is processed based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering within the meaning of Art. 6(1)(f) GDPR): the browser type and version used, the operating system used, your country of origin, date and time of the server request, the number of visits, your duration on the website, and the external links you clicked. User IP addresses are anonymized before being stored.
22.2. Matomo uses cookies that are stored on users’ computers and enable an analysis of user use of our online offering. Pseudonymous user profiles can be created from the processed data. The cookies have a storage duration of one week. The information generated by the cookie about your use of this website is stored on our server only and is not passed on to third parties.
22.3. Users can object to anonymized data collection by Matomo at any time with future effect by clicking on the link below. In this case, an opt-out cookie is stored in your browser, which means that Matomo will not collect any session data. However, if users delete their cookies, this will also result in the deletion of the opt-out cookie and must be reactivated by users.
22.4. [Please insert the Matomo opt-out cookie IFRAME at this point (and activate IP anonymization in the settings)].
Note: Please remove this section if you do not use the service.
23. Jetpack (WordPress Stats)
23.1. Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we use the Jetpack plugin (specifically the “WordPress Stats” subfunction), which integrates a tool for statistical evaluation of visitor access and is provided by Automattic, Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA. Jetpack uses so-called “cookies,” text files that are stored on your computer and allow an analysis of your website usage.
23.2. Automattic is certified under the Privacy Shield agreement and, through this, offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).
23.3. The information generated by the cookie about your use of this online offering is stored on a server in the USA. These usage profiles can be used for analysis but not for advertising purposes. Further information can be found in Automattic’s privacy policy: https://automattic.com/privacy/ and information on Jetpack cookies: https://jetpack.com/support/cookies/.
Note: Please remove this section if you do not use the service.
24. etracker
24.1. Based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering within the meaning of Art. 6(1)(f) GDPR), we use the analysis service “etracker” from etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg.
24.2. Pseudonymous usage profiles of users can be created from the data processed by etracker. Cookies may be used for this purpose. Cookies allow your browser to be recognized. The data collected using etracker technologies are not used to personally identify visitors to our website without separate consent and are not combined with personal data about the bearer of the pseudonym. Furthermore, personal data is processed only for us, i.e., not combined with personal data collected within other online offerings.
24.3. You can object to data collection and storage at any time with effect for the future. To object to the collection and storage of visitor data for the future, you can obtain an etracker opt-out cookie via the following link, which will prevent visitor data from your browser from being collected and stored by etracker in the future: http://www.etracker.de/privacy?et=Account-ID [Please insert your Account-ID at this point].
24.4. By opting out, an opt-out cookie named “cntcookie” is set by etracker. Please do not delete this cookie as long as you wish to maintain your objection. Further information can be found in etracker’s privacy policy: http://www.etracker.com/de/datenschutz.html.
Note: Please remove this section if you do not use the service.
25. Criteo
25.1. Based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering within the meaning of Art. 6(1)(f) GDPR), we use the services of the provider Criteo GmbH, Gewürzmühlstr. 11, 80538 Munich, Germany.
25.2. Criteo’s services allow us to display advertisements for and on our website more selectively, presenting users with only those advertisements that potentially match their interests. For example, if a user is shown advertisements for products they have shown interest in on other websites, this is referred to as “remarketing.” For this purpose, when our website and other websites where Criteo is active are accessed, Criteo immediately runs a code by Criteo and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are embedded into the website. These tags help store an individual cookie, i.e., a small file, on the user’s device (instead of cookies, similar technologies can also be used). This file records the websites the user has visited, the content they are interested in, and the offers they have clicked on, as well as technical information about the browser and operating system, referring websites, visit time, and further information about the use of the online offering. The information mentioned above may also be combined by Criteo with information from other sources. Subsequently, when users visit other websites, tailored advertisements may be displayed to them based on their interests.
25.3. Further information, as well as options for objecting to the collection by Criteo, can be found in Criteo’s privacy policy: https://www.criteo.com/de/privacy/.
Note: Please remove this section if you do not use the service.
26. Amazon Partner Program
26.1. We are, based on our legitimate interests (i.e., interest in the economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), participants in the Amazon EU partner program, which was designed to provide a means for websites to earn advertising fees by placing advertisements and links to Amazon.de. Amazon uses cookies to trace the origin of orders. Among other things, Amazon can recognize that you have clicked on the partner link on this website.
26.2. You can find further information about data usage by Amazon in the company’s privacy policy: http://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401.
Note: This section will apply to almost every online shop and typically does not need to be deleted.
27. Communication via Mail, Email, Fax, or Telephone
27.1 We use remote communication tools such as mail, telephone, or email for business transactions and marketing purposes. We process customer, participant, prospect, and communication partner inventory data, address and contact data, as well as contract data.
27.2 Processing is based on Art. 6(1)(a), Art. 7 GDPR, Art. 6(1)(f) GDPR in connection with legal requirements for advertising communications. Contact is only made with the consent of the contact partners or within the framework of legal permissions, and the processed data is deleted as soon as it is no longer required, and otherwise with objections/revocation or the lapse of authorization bases or legal archiving obligations.
Note: 1. Please remove this section if you do not use the service. 2. This is a template for a newsletter sent via third-party senders (examples include MailChimp and Clever Reach) with opening and click statistics. In this case, inquire with the shipping service providers about a “data processing agreement” (or “Auftragsverarbeitungsvertrag”). If you send the newsletter yourself or do not perform any analyses, you should adjust the template accordingly.
Note: Please inform users about the newsletter content and the evaluation of opening and clicking behavior during the registration process, e.g.:
Our newsletter contains information about our products, offers, promotions, and our company. You can find information on data protection, revocation, logging, and the success measurement covered by your consent in our https://www.cleverreach.com/de/datenschutz/.
Shipping service provider: The newsletter is sent via “MailChimp,” a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the data protection regulations of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection standards: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active.
Note on the legal basis: Please choose the variant for Germany or Austria when providing information on legal bases. Please note that in Austria, the so-called “ECG list” must be considered due to a provision of the E-Commerce Act (ECG). This list is maintained by the regulatory authority for telecommunications and broadcasting (RTR-GmbH): https://www.rtr.at/de/tk/TKKS_Spam. It contains email addresses that may not receive emails.
28. Newsletter
28.1. With the following information, we inform you about the content of our newsletter, the registration, dispatch, and the statistical evaluation procedure, as well as your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.
28.2. Newsletter Content: We send newsletters, emails, and other electronic notifications with advertising information (hereinafter “Newsletter”) only with the consent of the recipients or legal permission. If the content of a newsletter is specifically described as part of a newsletter registration, it is decisive for the consent of the users. In all other respects, our newsletters contain information about our products, offers, promotions, and our company.
28.3. Double-Opt-In and Logging: The registration for our newsletter is done in a double opt-in process. In other words, after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with other people’s email addresses. Registrations for the newsletter are logged to be able to demonstrate the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored with the shipping service provider are also logged.
28.4. Shipping Service Provider: The newsletters are sent via “MailChimp,” a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the data protection regulations of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection standards: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active.
28.5. To the extent we use a shipping service provider, the shipping service provider can use this data in pseudonymous form, i.e., without allocation to a user, for the optimization or improvement of their services according to their information. For example, for the technical optimization of shipping and newsletter presentation or for statistical purposes to determine the countries from which recipients come. However, the shipping service provider does not use the data of our newsletter recipients to contact them or pass it on to third parties.
28.6. Registration Data: To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for personal addressing in the newsletters.
28.7. Success Measurement – The newsletters contain a so-called “web beacon,” a pixel-sized file that is retrieved from our server when the newsletter is opened, or if we use a shipping service provider, from their server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected. This information is used for the technical improvement of services based on technical data or target groups and their reading behavior, based on retrieval locations (determinable using the IP address) or access times. The statistical surveys also include the determination of whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the shipping service provider to observe individual users. The evaluations rather serve to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
28.8. Germany: The sending of the newsletter and the success measurement are based on the consent of the recipients according to Art. 6(1)(a), Art. 7 GDPR in connection with § 7(2) No. 3 UWG or based on legal permission according to § 7(3) UWG.
28.9. Austria: The sending of the newsletter and the success measurement are based on the consent of the recipients according to Art. 6(1)(a), Art. 7 GDPR in connection with § 107(2) TKG or based on legal permission according to § 107(2) and (3) TKG.
28.10. The logging of the registration process is based on our legitimate interests according to Art. 6(1)(f) GDPR and serves as evidence of consent to receive the newsletter.
28.11. Newsletter recipients can unsubscribe from receiving our newsletter at any time, i.e., revoke their consent. A link to unsubscribe from the newsletter can be found at the end of each newsletter. This simultaneously revokes their consent for success measurement. Separate revocation of success measurement is not possible; in this case, the entire newsletter subscription must be canceled. When unsubscribing from the newsletter, personal data is deleted unless its storage is legally required or justified, in which case processing is restricted to these exceptional purposes. In particular, we may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them for the purpose of demonstrating a previously given consent. The processing of this data is limited to the purpose of possible defense against claims. Individual deletion requests are possible at any time, provided that the previous existence of consent is confirmed.
Note: Please check if the mentioned services are used within your online offering and adjust the listing accordingly. You can add other services according to the existing examples.
29. Integration of Third-Party Services and Content
29.1. We use content or service offerings from third-party providers within our online offering on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering as defined in Art. 6(1)(f) GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore required for displaying this content. We make every effort to use only those contents whose respective providers use the IP address solely for the purpose of delivering the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Information on visitor traffic on the pages of this website can be evaluated using “pixel tags.” The pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring web pages, visit time, as well as other information about the use of our online offering, and may also be combined with such information from other sources.
29.2. The following presentation provides an overview of third-party providers and their content, along with links to their privacy policies, which provide further information on data processing and, in some cases, options for opting out (so-called opt-out).
– If our customers use third-party payment services (e.g., PayPal or Sofortüberweisung), the general terms and conditions and data protection information of the respective third-party providers apply, which can be accessed within the respective websites or transaction applications.
– External fonts from Google LLC, https://www.google.com/fonts (“Google Fonts”). Google Fonts are integrated by making a server call to Google (usually in the United States). Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
– Maps from the “Google Maps” service provided by third-party Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
– Videos from the “YouTube” platform provided by the third-party Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
– Features of the Google+ service are integrated within our online offering. These features are provided by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged into your Google+ account, you can link the content of our pages with your Google+ profile by clicking the Google+ button. This allows Google to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Google+. Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
– Features of the Instagram service are integrated within our online offering. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages with your Instagram profile by clicking the Instagram button. This enables Instagram to associate your visit to our pages with your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Instagram. Privacy Policy: http://instagram.com/about/legal/privacy/.
– We use social plugins of the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). When you access a page that contains such a plugin, your browser establishes a direct connection to Pinterest’s servers. The plugin transmits log data to Pinterest’s server in the USA. This log data may include your IP address, the addresses of visited websites, which also contain Pinterest functions, type and settings of your browser, date and time of the request, your use of Pinterest, as well as cookies. Privacy Policy: https://about.pinterest.com/de/privacy-policy.
– Features of the Twitter service or platform are integrated within our online offering (hereinafter referred to as “Twitter”). Twitter is offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The features include the display of our posts within Twitter within our online offering, the link to our profile on Twitter, and the ability to interact with Twitter posts and functions, as well as to measure whether users access our online offering via the Twitter advertisements we place (so-called conversion measurement). Twitter is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy Policy: https://twitter.com/de/privacy, Opt-Out: .
21.5. The purpose and scope of data collection and the further processing and use of data by Facebook, as well as the rights and privacy settings for users, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
21.6. If a user is a Facebook member and does not want Facebook to collect data about them via this online offering and link it to their stored member data at Facebook, they must log out of Facebook before using our online offering and delete their cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform-independent, meaning they apply to all devices, such as desktop computers or mobile devices.
Note: 1. Please remove the passage if you do not use the service. 2. Please refer to the Matomo Opt-Out and Privacy Settings implementation: https://matomo.org/docs/privacy/#step-3-include-a-web-analytics-opt-out-feature-on-your-site-using-an-iframe.
22. Audience Analysis with Matomo
22.1. Within the scope of audience analysis with Matomo, the following data is processed based on our legitimate interests (i.e., an interest in the analysis, optimization, and economic operation of our online offering in the sense of Art. 6 Para. 1 lit. f. DSGVO): the type and version of the browser used by you, the operating system used by you, your country of origin, date and time of the server request, the number of visits, your length of stay on the website, and the external links you clicked on. The IP address of users is anonymized before being stored.
22.2. Matomo uses cookies that are stored on users’ computers and that enable an analysis of the use of our online offering by users. Pseudonymous user profiles can be created from the processed data. The cookies have a storage duration of one week. The information generated by the cookie about your use of this website is only stored on our server and is not passed on to third parties.
22.3. Users can object to the anonymized data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is stored in their browser, which means that Matomo no longer collects any session data. However, if users delete their cookies, this also means that the opt-out cookie is deleted and must be reactivated by users.
22.4. [Please insert the Matomo iframe with the opt-out cookie at this point (and enable IP anonymization in the settings).]
Note: Please remove the passage if you do not use the service.
23. Jetpack (WordPress Stats)
23.1. Based on our legitimate interests (i.e., an interest in the analysis, optimization, and economic operation of our online offering in the sense of Art. 6 Para. 1 lit. f. DSGVO), we use the Jetpack plugin (here the subfunction “WordPress Stats”), which integrates a tool for statistical evaluation of visitor access and is provided by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. Jetpack uses so-called “cookies,” text files that are stored on your computer and that allow an analysis of website usage by you.
23.2. Automattic is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).
23.3. The information generated by the cookie about your use of this online offering is stored on a server in the USA. The processed data can be used to create user profiles, but they are used for analysis purposes only and not for advertising purposes. Further information is available in Automattic’s privacy policy: https://automattic.com/privacy/ and information on Jetpack cookies: https://jetpack.com/support/cookies/.
Note: Please remove the passage if you do not use the service.
24. etracker
24. etracker
24.1. Based on our legitimate interests (i.e., an interest in the analysis, optimization, and economic operation of our online offering in the sense of Art. 6 Para. 1 lit. f. DSGVO), we use the analytics service “etracker” provided by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg.
24.2. User profiles can be created under a pseudonym from the data processed by etracker. Cookies may be used for this purpose. These cookies enable your browser to be recognized. Data collected using etracker technologies is not used to personally identify visitors to our website without their separate consent and is not merged with personal data of the pseudonym holder. Furthermore, personal data is processed only for our purposes and is not combined with personal data collected within other online services.
24.3. You can object to the collection and storage of data at any time with effect for the future. To object to the collection and storage of visitor data for the future, you can obtain an etracker opt-out cookie by clicking on the link below. This will prevent any future collection and storage of browser visitor data by etracker: http://www.etracker.de/privacy?et=Account-ID [Please insert your Account-ID at this point].
24.4. The opt-out will set an opt-out cookie named “cntcookie” from etracker. Please do not delete this cookie as long as you wish to maintain your objection. Further information can be found in etracker’s privacy policy: http://www.etracker.com/de/datenschutz.html.
Note: Please remove this passage if you do not use the service.
25. Criteo
25.1. Based on our legitimate interests (i.e., an interest in the analysis, optimization, and economic operation of our online offering in the sense of Art. 6 Para. 1 lit. f. DSGVO), we use the services of the provider Criteo GmbH, Gewürzmühlstr. 11, 80538 Munich, Germany.
25.2. Criteo’s services allow us to display targeted advertisements for and on our website to show users ads that potentially match their interests. If a user is shown ads for products they have been interested in on other websites, this is referred to as “remarketing.” For this purpose, when our website and other websites with active Criteo code are accessed, Criteo runs code and (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are included on the website. This allows Criteo to store an individual cookie, a small file, on the user’s device (instead of cookies, comparable technologies can also be used). This file records the websites the user has visited, the content they are interested in, and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, visit time, and other details about using the online offering. The information mentioned above may also be combined with information from other sources by Criteo. Subsequently, when the user visits other websites, ads tailored to their interests may be displayed.
25.3. For further information and objection options for data collection by Criteo, please refer to Criteo’s privacy policy: https://www.criteo.com/de/privacy/.
Note: Please remove this passage if you do not use the service.
26. Amazon Partner Program
26.1. Based on our legitimate interests (i.e., an interest in the economic operation of our online offering in the sense of Art. 6 Para. 1 lit. f. DSGVO), we participate in the Amazon EU Partner Program, which was designed to provide a medium for websites to earn advertising fees by placing ads and links to Amazon.de. Amazon uses cookies to track the origin of orders. Among other things, Amazon can recognize that you have clicked on the affiliate link on this website.
26.2. For further information about data usage by Amazon, please refer to the company’s privacy policy: http://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=3312401.
Note: This point applies to almost every online shop and usually does not need to be deleted.
27. Communication via Mail, Email, Fax, or Phone
27.1. We use remote communication tools such as mail, phone, or email for business transactions and marketing purposes. We process customer, participant, prospect, and communication partner master data, address and contact details, as well as contract data.
27.2. The processing is based on Art. 6 Para. 1 lit. a, Art. 7 DSGVO, Art. 6 Para. 1 lit. f DSGVO in conjunction with legal requirements for advertising communications. Contact is made only with the consent of the contact partners or within the scope of legal permissions, and the processed data is deleted as soon as it is no longer necessary and otherwise with objections/revocation or loss of the authorization basis or legal archiving obligations.
Note: 1. Please remove this passage if you do not use the service. 2. This is a sample for a newsletter sent via third-party senders (MailChimp and Clever Reach are optionally mentioned). In this case, you should request a “data processing agreement” (or “Auftragsverarbeitungsvertrag”) from the sending service providers. If you send the newsletter yourself or do not perform analyses, you should shorten the template accordingly.
Note: Please inform users about the newsletter content and the analysis of open and click behavior during registration, e.g.:
Our newsletter contains information about our products, offers, promotions, and our company. Information about data protection, revocation, logging, and the success measurement covered by the consent can be found in our [LINK]privacy policy[/LINK].
If you use a sending service provider, you should add details about them. You can use these examples (one from an EU service provider and one from a service provider in a third country):
Sending Service Provider: Newsletters are sent via CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, hereinafter referred to as the “sending service provider.” The sending service provider’s privacy policy can be viewed here: https://www.cleverreach.com/de/datenschutz/.
Sending Service Provider: Newsletters are sent via “MailChimp,” a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The privacy policy of the shipping service provider can be found here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement, providing a guarantee of compliance with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
Note regarding the legal basis: Please choose the option for Germany or Austria when providing information about legal bases. Please be aware that in Austria, due to a provision in the E-Commerce Act (ECG), the so-called “ECG list” must be considered. This list is maintained by the regulatory authority for telecommunications and broadcasting (RTR-GmbH): https://www.rtr.at/de/tk/TKKS_Spam. It contains email addresses to which emails may not be sent.
28. Newsletter28.1. With the following information, we inform you about the content of our newsletter as well as the registration, shipping, and statistical evaluation procedures, and your rights to object. By subscribing to our newsletter, you agree to receive it and to the described procedures.
28.2. Newsletter Content: We only send newsletters, emails, and other electronic notifications with advertising information (hereinafter “Newsletter”) with the consent of the recipients or legal permission. If the content of the newsletter is specifically described as part of the registration, it is decisive for the consent of the users. In addition, our newsletters contain information about our products, offers, promotions, and our company.
28.3. Double Opt-In and Logging: Registration for our newsletter takes place in a double opt-in procedure. This means that you will receive an email after registration in which you will be asked to confirm your registration. This confirmation is necessary to prevent anyone from registering with someone else’s email addresses. Newsletter registrations are logged to demonstrate compliance with legal requirements. This includes the storage of the registration and confirmation times, as well as the IP address. Changes to your data stored by the shipping service provider are also logged.
28.4. Shipping Service Provider: The newsletters are sent via “MailChimp,” a newsletter distribution platform provided by the US-based Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the shipping service provider here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement, providing a guarantee of compliance with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
28.5. To the extent that we use a shipping service provider, the shipping service provider may use this data in pseudonymous form, i.e., without assignment to a user, to optimize or improve its own services, e.g., for the technical optimization of shipping and the presentation of newsletters or for statistical purposes to determine from which countries recipients come. The shipping service provider does not use the data of our newsletter recipients to write to them directly or to pass them on to third parties.
28.6. Registration Data: To subscribe to the newsletter, it is sufficient to enter your email address. Optionally, we ask you to provide a name for personal address in the newsletter.
28.7. Measurement of Success: The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened, or, if we use a shipping service provider, from its server. In the course of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, are initially collected. These pieces of information are used for technical improvement of the services based on technical data or target groups and their reading behavior, based on their retrieval locations (which can be determined using the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavor nor that of the shipping service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
28.8. Germany: The sending of the newsletter and the measurement of success are based on the consent of the recipients according to Art. 6 Para. 1 lit. a, Art. 7 DSGVO i.V.m § 7 Para. 2 No. 3 UWG or based on the legal permission according to § 7 Para. 3 UWG.
28.9. Austria: The sending of the newsletter and the measurement of success are based on the consent of the recipients according to Art. 6 Para. 1 lit. a, Art. 7 DSGVO i.V.m § 107 Para. 2 TKG or based on the legal permission according to § 107 Para. 2 u. 3 TKG.
28.10. The logging of the registration process is based on our legitimate interests according to Art. 6 Para. 1 lit. f DSGVO and serves as evidence of consent to receive the newsletter.
28.11. Newsletter recipients can cancel the receipt of our newsletter at any time, i.e., revoke their consent. A link to cancel the newsletter can be found at the end of each newsletter. With the cancellation of the newsletter, the personal data will be deleted unless their retention is legally required or justified, in which case their processing will be limited to these exceptional purposes. In particular, we can store the unsubscribed email addresses for up to three years based on our legitimate interests before we delete them for the purpose of providing evidence of the previously given consent. The processing of this data is limited to the purpose of possible defense of claims. An individual deletion request is possible at any time, provided that at the same time the previous existence of consent is confirmed.
Note: Please check whether the mentioned services are used within your online offering and adjust the list accordingly. You can add more services based on the existing examples.
29. Integration of Third-Party Services and Content 29.1. Within our online offering, we use third-party content or service offerings based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 Para. 1 lit. f. DSGVO) to include their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always assumes that the third-party providers of this content perceive the IP address of the users because they could not send the content to their browser without the IP address. The IP address is, therefore, necessary for displaying this content. We make every effort to use only those contents whose respective providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring websites, visit times, and other information about the use of our online offering, as well as may be linked with such information from other sources.29.2. The following presentation provides an overview of third-party providers and their content, along with links to their privacy policies, which contain additional information on data processing and, in some cases, options for objection (so-called Opt-Out):
– If our customers use third-party payment services (e.g., PayPal or Sofortüberweisung), the terms and privacy policies of the respective third-party providers apply, which can be accessed on their respective websites or transaction applications.
– External fonts from Google, LLC., https://www.google.com/fonts (“Google Fonts”). Google Fonts are integrated by making a server request to Google (usually in the USA). Privacy policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
– Maps from the “Google Maps” service of the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
– Videos from the “YouTube” platform of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
– Functions of the Google+ service are integrated within our online offering. These functions are offered by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged into your Google+ account, you can link the content of our pages to your Google+ profile by clicking the Google+ button. This allows Google to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Google+. Privacy policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
– Functions of the Instagram service are integrated within our online offering. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram. Privacy policy: http://instagram.com/about/legal/privacy/.
– We use social plugins of the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). When you call up a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may include your IP address, the address of the websites visited, which also contain Pinterest functions, browser type and settings, the date and time of the request, your use of Pinterest, and cookies. Privacy policy: https://about.pinterest.com/de/privacy-policy.
– Functions of the Twitter service or platform are integrated within our online offering (hereinafter referred to as “Twitter”). Twitter is an offering of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the display of our posts within Twitter within our online offering, the linking to our profile on Twitter, and the option to interact with the posts and functions of Twitter, as well as to measure whether users come to our online offering via the ads we place on Twitter (so-called conversion measurement). Twitter is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization
