Log inShopping basket

Privacy Policy

1 Our contact details

maut1 GmbH
Anton-Jakob-Straße 5
83026 Rosenheim
Germany

represented by the managing directors: Julian Schmelzer and Simon Baumgartner

The data protection officer can also be contacted at: enzo@eb-con.com

2 Our data processing principles

The principles explained in this section apply to all personal data processed by us as the responsible body. Insofar as we are able to provide further details in the context of individually listed data processing operations, we will specify our explanations in section C and in the relevant places.

2.1 Purpose limitation

We process your personal data only for the pursuit of a legitimate purpose. As a matter of principle, we process personal data only for the provision and delivery of our services, including our online offerings (e.g. the maintenance of our website).

2.2 Legal bases

We only process your personal data if at least one of the following legal bases applies:

2.2.1 Consent (Art. 6(1)(a) GDPR)

In individual cases, we ask for your consent to process certain personal data for predefined and communicated purposes in accordance with Art. 6 (1) (a) GDPR.

By giving your consent, you grant us permission to process the data covered by the consent. You can revoke your consent at any time without any disadvantages for the future. In this case, you have a right of revocation (Section E.II).

2.2.2 Fulfilment of a contract (Art. 6 para. 1 sentence 1 lit. b GDPR)

The processing of personal data for the purpose of implementing pre-contractual measures or within the framework of contract fulfilment is based on Art. 6 para. 1 sentence 1 lit. b GDPR. This applies, for example, to your contact details, which we need to process the contract and for communication purposes.

If we process data to fulfil a legal obligation (e.g. commercial or tax obligations), the legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR.

2.2.4 Vital interests (Art. 6(1)(d) GDPR)

If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, the legal basis is Art. 6(1)(d) GDPR.

2.2.5 Performance of tasks carried out in the public interest or in the exercise of official authority (Art. 6(1)(e) GDPR)

For the processing of personal data in the performance of tasks in the public interest or in the exercise of official authority, we refer to the legal basis of Art. 6 para. 1 sentence 1 lit. e GDPR.

2.2.6 Protection of legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)

In accordance with Art. 6 (1) (f) GDPR, we process personal data if we protect our legitimate interests or those of a third party and these interests outweigh your interests, fundamental rights and freedoms. In these cases, you may have a right to object to the processing. Please refer to the detailed information on your right to object in section E.I.

2.3 Deletion of data

We delete your personal data as soon as the purpose of the processing has been achieved or otherwise ceases to apply, unless further storage is required by law, for example in accordance with Art. 17 (3) GDPR. In the event of consent being given, we will delete the data in the event of revocation or after a certain period of time has elapsed, after which we can no longer assume that you maintain your consent.

In order to ensure that any deletion is carried out in a timely manner, we follow a deletion concept based on the deletion of personal data after the expiry of certain storage and deletion periods, which we divide into the following criteria:

  • We retain accounting documents and balance sheets for 10 years (Section 257 (1), in particular No. 4, (4) HGB, § 238 (1) HGB),

  • We retain commercial letters, contracts and correspondence relating to the initiation and execution of contracts for 6 years in accordance with § 257 (1) Nos. 2–3, (4) HGB,

  • We retain documents and associated personal data that may give rise to claims (e.g. warranty claims) until the expiry of the relevant limitation period (in accordance with Section 195 of the German Civil Code (BGB), generally three years).

  • In the case of other personal data that does not fall under the above categories, we delete data immediately after the purpose has been achieved.

2.4 Disclosure of personal data to third parties

We only pass on personal data to third parties if we are legally obliged or authorised to do so. Data is passed on to the following categories of recipients, for example:

  • Our contractual partners who support us in fulfilling our (pre-)contractual obligations towards you (e.g. logistics, mobility and payment service providers),

  • Administrative authorities (e.g. financial or supervisory authorities) and courts, provided that there is an obligation or legitimate interest to do so.

  • Web services and advertising partners who support us in the presentation and evaluation of our website (such as Google) and who use your personal data – provided you have given your consent – for interest analysis and needs-based advertising based on this.

If required, we can provide you with a list of the specific recipients of your personal data.

2.5 Processing of data in so-called third countries, in particular the USA

Your personal data will only be processed in countries within the EU or the European Economic Area that are subject to the scope of the GDPR. We only transfer your personal data to all other so-called ‘third countries’ only if an adequate level of data protection is guaranteed in the respective third country or by the respective recipient in the third country in accordance with Art. 44 ff. GDPR. This is the case, for example

  • if there is a so-called ‘adequacy decision’ by the European Commission in accordance with Art. 45 GDPR and

  • by establishing appropriate safeguards in accordance with Art. 46 GDPR, such as the use of so-called ‘EU standard contractual clauses’ in accordance with Art. 46 (2) (c) or binding internal data protection regulations in accordance with Art. 47 GDPR.

If we cannot guarantee an adequate level of data protection when transferring data to a third country, we will only process your personal data if you give us your express consent to do so (Art. 49(1)(a) GDPR) and inform you of the risks associated with the transfer to third countries, such as in the case of data transfers to the USA.

In the case of data transfers to the USA, an adequate level of data protection can be assumed on the basis of the adequacy decision pursuant to Art. 45 GDPR if the respective recipient is additionally registered under the ‘EU-US Data Privacy Framework’ . The list of registered companies can be found at https://www.dataprivacyframework.gov/s/. However, under certain circumstances, investigative authorities in the United States may gain access to this data without any influence on our part or on the part of the companies behind the services used. It cannot therefore be fully guaranteed that your data is completely subject to the data protection level of the GDPR.

3 Data processing when you visit our website

In this section, we inform you about the personal data processing operations that take place when you visit our website.

3.1 Log file

When you visit our website, the browser used on your device automatically sends information to our website's server. This information is temporarily stored in a so-called ‘log file’.

3.1.1 Data collected

The following information is automatically collected anonymously when you visit our website and stored until it is automatically deleted:

  • the IP address of the requesting computer,

  • Information about the device type (mobile device, desktop computer, etc.), the browser type and version used, and, if applicable, the operating system of your end device.

  • The user's internet service provider.

  • Date and time of access to our website.

  • Website from which the user accessed our website (so-called ‘referrer URL’)

  • Websites that the user's system accesses via our website, and

  • The user's movements on our website.

We collect and process ‘log data’ for the following purposes on the following legal basis:

  • Provision of the content of our website to the user, which also requires the temporary storage of the IP address in order to enable the user to communicate with our website. The legal basis for this data processing – i.e. for the duration of your visit to the website – is Art. 6 para. 1 sentence 1 lit. b GDPR. In addition, data processing is based on Art. 6 para. 1 sentence 1 lit. f GDPR (cf. section B.II.6), whereby our legitimate interest arises from the fact that we can make the provision of content possible in the first place.

  • Ensuring smooth connection establishment and comfortable use of our website, evaluation of system security and stability, and for other administrative purposes. This is achieved by processing and storing the IP address in the log files beyond the communication process . This is also based on Art. 6 para. 1 sentence 1 lit. f GDPR (cf. section B.II.6). The data will be deleted when the purpose for which it was collected no longer applies. In the context of providing the content of our website, the data will therefore generally be deleted when you leave our pages.

The data will be deleted when the purpose for which it was collected no longer applies. In the context of providing the content of our website, the data is therefore generally deleted when you leave our pages and the session is thus ended.

The data recorded in the log file is stored for a maximum of seven days after the end of the session for the purpose of system security and stability. Beyond these seven days, storage or other processing will only take place in such a way that the IP addresses of users are deleted after the aforementioned storage period of seven days has expired or are changed (e.g. through anonymisation or pseudonymisation) in such a way that it is no longer possible to assign the log data to an IP address and thus to the user.

3.1.4 Right to object

As we explain in section E.I, you generally have the right to object if we rely on legitimate interests. However, since the data processing described above is essential for the operation of our website , you can only exercise your right to object if your particular situation gives rise to reasons that do not permit processing to the extent described above. As a rule, however, we can demonstrate the aforementioned compelling necessity of data processing.

When you visit our website, we use the widely used SSL (Secure Socket Layer) procedure in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We have implemented appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

3.2 Use of a consent management tool (‘Cookiebot’)

We use a consent management tool to manage our cookies as part of the operation of our website. By using this tool, you are given the proactive opportunity to decide for yourself how extensively you wish to use our website by granting your consent to the use of cookies (see section C.III below) (full use of the website), rejecting it (partial use of the website) and/or objecting to the use of any cookies (restricted use of the website). This tool collects and stores information for us about the decision you have made at a given point in time and allows you to revise your decision. Data about the device you are using and related data (e.g. the shortened IP address) are also stored.

By using the cookie bot, we aim to be able to prove your decision regarding cookies. This also includes specifying the time at which consent was given. The legal basis for this type of consent management is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in being able to document existing consents or, if applicable, objections in a legally compliant and verifiable manner.

3.2.2 Storage period

If you give your consent, we will store this information until we have fulfilled our accountability obligations and any limitation periods (usually three years) have expired. The cookie for consent management itself has a duration of 30 days.

The respective consents and objections can be revoked or asserted at any time in the ‘Settings’ by clicking on the fingerprint icon and then selecting the checkbox.

3.3 Cookies

As already stated in our cookie bot, we use cookies on our website. Cookies are small text files that your browser automatically creates and stores on your device (PC, laptop, tablet, smartphone, etc.) when you visit our website. Cookies contain information that enables the respective browser to be uniquely identified when the same website is visited again. Setting cookies does not give us any direct knowledge of your identity, but depending on the type of cookie placed and the possibility of assigning a cookie to an IP address, it is generally possible to establish a personal reference to the user. We generally distinguish between two types of cookies:

  • Necessary cookies, which are required to display and offer the services and information you have requested (optimally), such as language settings, shopping basket and/or login functions.

  • Optional cookies, which record and, if necessary, analyse user behaviour on our websites and also across website or device boundaries (e.g. across different domains of different providers), store this information in a cookie on your device and, if necessary, make it available for retrieval by web applications.

3.3.1 Purpose and legal basis

The use of necessary cookies serves to enable the provision of our website and the full use of our services and to make them more convenient for you. Functions such as language settings, a shopping basket or similar would not be possible without the use of these cookies.

We also use optional cookies to statistically record the use of our website and to analyse the surfing behaviour of users on our website. This serves to optimise our services and the quality of our website and its content. The analysis cookies tell us how the website is used, enabling us to continuously optimise our services. This enables us to tailor our offering to the wishes of our user group, for example through market research , and to design it in line with demand. The data collected about users in this way is pseudonymised by technical measures. It is then no longer possible for us to assign the data to the user who accessed the website; however, it may be possible for the companies whose tools we use when employing cookies (such as Google) may be able to assign and identify the user more clearly (we provide more detailed information on this in connection with the tools used).

The legal basis for the use of our cookies with regard to the provision of our website and the full use of our offer is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as the use is necessary for the fulfilment of the contract or for the implementation of pre-contractual measures (such as the shopping basket function). Insofar as we pursue other functional purposes (appealing design, etc.) and access to your terminal device is necessary for this, we require we require your consent in accordance with Section 25 (1) TTDSG for initial access to your terminal device and for any subsequent data processing in accordance with Art. 6 (1) (a) GDPR.

Insofar as we analyse the surfing behaviour of our users using optional cookies and in some cases use third-party software to do so, we rely on your previously given consent. We obtain your consent with regard to initial access to your end device in accordance with Section 25 (1) TTDSG and with regard to the subsequent processing of the data in accordance with Art. 6 ( 1 (1) (a) GDPR. We will, of course, refrain from these types of data processing if you have not given your consent or have revoked your previously given consent. Storage period

Session cookies are only stored by your browser for the duration of your browser session and are deleted when you close your browser. Optional cookies remain stored on the device you are using for a longer period of time.

3.3.3 Right of objection and removal option

When you visited our website, you were informed about the use of cookies and referred to this privacy policy. You were asked to give your consent to the use of optional cookies. You can revoke your consent at any time (Section E.II) . You can exercise your right of revocation by calling up the cookie widget and clicking on the checkbox.

As a user, you can also decide for yourself whether and how cookies are used or stored by your browser through technical default settings. You can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. You can delete cookies that have already been created or have your browser delete them automatically. However, completely deactivating cookies may mean that you cannot use all the functions of our website.

3.4 Web analysis services

If you have given your consent to this via the consent management tool when visiting our website in accordance with the legal basis of Art. 6 (1) (a) GDPR and § 25 (1) TTDSG (cf. section B.II.1), we use analysis tools on our website, i.e. tools for so-called web analysis. These collect information about user behaviour on our websites and technical details, such as the proportion of new technologies used and the reach of our offers. Please note that you have a right of revocation (Section F.II), which you can also exercise via the consent management tool.

Insofar as we use services that also process personal data on servers in the USA (hereinafter referred to as US services), we ask you to note our explanations on the level of data protection in Section B.V and the associated associated risks. If you have given your consent taking these risks into account, your consent expressly refers to the fact that you are aware of and accept these risks.

The following analysis tools are used on our websites:

3.4.1 Google Analytics (US service)

3.4.1.1 Purpose

For the purpose of analysis, needs-based design and ongoing optimisation of our websites and their use, we use the web analysis service ‘Google Analytics’ provided by Google, based in Ireland (Google Ireland Limited, Gordon House, Barrow Street Dublin 4; hereinafter referred to as ‘Google’).

In particular, we would like to take advantage of the opportunities offered by the use of Google Analytics (these are described at https://marketingplatform.google.com/intl/en/about/analytics/features/) , in particular with the aim of marketing our products in a more targeted and needs-based manner and increasing marketing overall.

Google Analytics uses cookies (see section C.II) that enable an analysis of website usage by creating pseudonymous usage profiles of our customers.

We use Google Analytics to evaluate data from AdWords and the DoubleClick cookie for statistical purposes. If you do not wish this to happen, you can deactivate it via the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=en).

3.4.1.2 Recipients of the data

As Google exchanges data with us in the aforementioned sense, Google is also the recipient of the data. We cannot rule out the possibility that the information generated by the cookie (e.g. browser type, operating system, IP address, etc.) about your website usage generated by the cookie may be transmitted to a server in the USA and stored there. If this is the case, your IP address will be truncated and anonymised by Google within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area prior to transmission (so-called ‘IP masking’) . Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there.

We are jointly responsible with Google for the entire data processing chain (Art. 26 GDPR). Data collection on the website is initially carried out by us; the website then transmits the collected data to Google using the respective tool. When you visit the website, Google receives the information that you have accessed the corresponding page of our website. The data is transmitted to Google regardless of whether you have a Google user account that you are logged into or not. If you are logged into Google, your data will be directly assigned to your account. nbsp;

If you do not want this to happen, you must log out before activating the button. Once the data has been transmitted, Google is solely responsible for further processing. Google uses the aforementioned information to evaluate the use of the website for us, to compile reports on website activity and to provide other services related to website activity and internet usage for market research and the design of these websites in line with requirements . Google also pursues its own purposes in doing so; if necessary, this information is transferred to third parties, provided that this is required by law or insofar as third parties process this data on behalf of Google. If necessary, Google also combines data from other sources with your data so that Google can identify you even if your IP address is masked.

Further information on data processing by Google can be found at https://support.google.com/analytics/answer/6004245?sjid=9484776245034955392-EU.

We have entered into an agreement with Google whereby you can exercise your rights as a data subject in accordance with this processing series both vis-à-vis us and vis-à-vis Google. If the assertion of your rights relates to a data processing operation that falls within the area of responsibility of the other joint controller, we will forward your request accordingly to ensure that your rights are protected.

3.4.2 Google Adwords Conversion Tracking (US service)

3.4.2.1 Purpose

In order to statistically record the use of our website and for the purpose of optimising our website (including the goal of marketing our products in a more targeted and needs-based manner and increasing marketing overall), we also use Google Conversion Tracking from Google, based in Ireland (Google Ireland Limited, Gordon House, Barrow Street Dublin 4; hereinafter ‘Google’). Google Adwords sets a cookie (see section C.II) on your computer if you have accessed our website via a Google advertisement. These cookies store, among other things, the IP address and data on the user's behaviour. If the user visits certain pages of the AdWords customer's website and the cookie has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page. We can also track whether and which website activities have led to a ‘conversion’ (successful marketing). Each AdWords customer receives a different cookie. Cookies cannot therefore be tracked across AdWords customers' websites.

The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers – including us – learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. These cookies expire after 30 days and are not used for personal identification.

3.4.2.2 Recipients of the data

As Google exchanges data with us in the aforementioned sense, Google is also the recipient of the data. We cannot rule out the possibility that the information generated by the cookie (e.g. browser type, operating system, IP address, etc.) may be transferred via your website usage may be transmitted by Google to a server in the USA and stored there. If this is the case, your IP address will be truncated and anonymised by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission (so-called ‘IP masking’). Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there.

We are jointly responsible with Google for the entire data processing chain (Art. 26 GDPR). Data collection on the website is initially carried out by us; the website then transmits the collected data to Google via the respective tool. When you visit the website, Google receives information that you have accessed the corresponding page of our website. The data is transmitted to Google regardless of whether you have a Google user account that you are logged into or not. If you are logged into Google, your data will be directly assigned to your account.

If you do not want this to happen, you must log out before activating the button. Once the data has been transmitted, Google is solely responsible for further processing. Google uses the aforementioned information to evaluate the use of the website for us, to compile reports on website activity and to provide other services related to website and internet usage for the purposes of market research and the design of these websites in line with user needs .

Google also pursues its own purposes in doing so; where applicable, this information may be transferred to third parties if required by law or if third parties process this data on behalf of Google. Where applicable, Google may also combine data from other sources with your data so that Google can identify you despite IP masking. Further information on data processing by Google can be found at https://support.google.com/analytics/answer/6004245? sjid=9484776245034955392-EU.

We have entered into an agreement with Google whereby you can exercise your data subject rights in accordance with this processing series both vis-à-vis us and vis-à-vis Google. If the assertion of your rights relates to a data processing operation that falls within the area of responsibility of the other joint controller, we will forward your request accordingly to ensure that your rights are protected.

3.4.3 Google Ads and Google Remarketing (US service)

We use the remarketing technology of Google, based in Ireland (Google Ireland Limited, Gordon House, Barrow Street Dublin 4; hereinafter ‘Google’), an additional function of Google Analytics. Users who have already visited our website and/or our online services and are interested in the offer are addressed again through targeted advertising on the pages of the Google Partner Network. The advertisements are displayed using cookies. Cookies can be used to analyse user behaviour when visiting the website and then used for targeted product recommendations and interest-based advertising.

This tool is used to market our products and services. If you do not wish to receive interest-based advertising, you can deactivate the use of cookies by Google for this purpose by visiting the page https://www.google.de/settings/ads/onweb .

Alternatively, users can disable the use of third-party cookies by visiting the Network Advertising Initiative's opt-out page http://optout.networkadvertising.org/?c=1.

3.4.3.2 Recipients of the data

As Google exchanges data with us in the aforementioned sense, Google is also a recipient of the data. We cannot rule out the possibility that the information generated by the cookie (e.g. browser type, operating system, IP address, etc.) about your use of the website may be transmitted by Google to a server in the USA and stored there. If this is the case, your IP address will be truncated and anonymised by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission (so-called ‘IP masking’). Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

We are jointly responsible with Google for the entire data processing chain (Art. 26 GDPR). The data is first collected by us on the website; the website then transmits the collected data to Google using the respective tool. When you visit the website, Google receives the information that you have accessed the corresponding page of our website. The data is transmitted to Google regardless of whether you have a Google user account that you are logged into or not. If you are logged into Google, your data will be directly assigned to your account. If you do not want this to happen, you must log out before activating the button. Once the data has been transmitted, Google is solely responsible for further processing. Google uses the aforementioned information to evaluate the use of the website for us, to compile reports on website activity and to provide other services related to website and internet usage for the purposes of market research and the design of these websites to meet user needs.

Google also pursues its own purposes in doing so; if necessary, this information is transferred to third parties if this is required by law or if third parties process this data on behalf of Google. If necessary, Google also combines data from other sources with your data so that Google can identify you even if your IP address is masked. Further information on data processing by Google can be found at https://support.google.com/analytics/answer/6004245?sjid=9484776245034955392-EU.

We have entered into an agreement with Google whereby you can exercise your rights as a data subject in accordance with this processing series both vis-à-vis us and vis-à-vis Google. If the assertion of your rights relates to a data processing operation that falls within the area of responsibility of the other joint controller, we will forward your request accordingly to ensure that your rights are protected.

3.4.4 Google Reviews

We use the website functions to display Google Reviews from Google, based in Ireland (Google Ireland Limited, Gordon House, Barrow Street Dublin 4; hereinafter ‘Google’), provided that you have given your consent via our consent management tool.

3.4.4.1 Purpose

The integration of Google Reviews serves to display customer reviews and thus strengthen confidence in our offering.

3.4.4.2 Recipients of the data

Since Google establishes a connection to Google's servers when you visit our website with integrated Google Reviews, Google is also the recipient of the data. We cannot rule out the possibility that the information generated by the cookie (e.g. browser type, operating system, IP address, etc.) about your website usage may be transmitted by Google to a server in the USA and stored there.

We are jointly responsible with Google for the entire data processing chain (Art. 26 GDPR). The data is initially collected by us on the website; the website then transmits the collected data to Google using the respective tool. When you visit the website, Google receives information that you have accessed the corresponding page of our website. The data is transmitted to Google regardless of whether you have a Google user account that you are logged into or not.

If you are logged into Google, your data may be assigned directly to your account. If you do not want this to happen, you must log out before activating the button. Once the data has been transmitted, Google is solely responsible for further processing. Google primarily uses the aforementioned information to link your rating to our website and to make the rating traceable for us.

We have entered into an agreement with Google whereby you can exercise your rights as a data subject in accordance with this processing series both vis-à-vis us and vis-à-vis Google. If the assertion of your rights relates to a data processing operation that is the responsibility of the other joint controller, we will forward your request accordingly to ensure that your rights are protected. Further information on data processing by Google can be found at https://policies.google.com/privacy?hl=en.

3.4.5 Trustpilot

We use widgets and content from the Trustpilot review service, operated by Trustpilot A/S, Pilestræde 58, 1112 Copenhagen, Denmark (‘Trustpilot’), on our website, provided that you give your consent via our consent management tool.

When you visit a page with an embedded Trustpilot widget, a connection is established to Trustpilot's servers. Personal data such as your IP address and browser information is transmitted.

3.4.5.1 Purpose

The integration of Trustpilot serves to display customer reviews and thus strengthen confidence in our offering.

3.4.5.2 Recipients of the data

As Trustpilot establishes a connection to Trustpilot's servers when you visit our website with integrated Trustpilot reviews, Trustpilot is also the recipient of the data.

If Trustpilot requests a review from you and receives the review on our behalf, Trustpilot acts as a processor with whom we have concluded a processing agreement. As soon as you register an account with Trustpilot as part of the review process, Trustpilot acts as a separate controller in relation to your account.

Further information on this distribution of responsibilities can be found at https://help.trustpilot.com/s/article/Is-Trustpilot-a-data-processor-or-data-controller?language=en. Further information can also be found in Trustpilot's privacy policy at https://de.trustpilot.com/legal/privacy-policy.

3.4.6 Adcell

We use the affiliate marketing network Adcell from Firstlead GmbH, Rosenfelder Str. 15-16, 10315 Berlin (‘Adcell’) to advertise our products or services via partner links. If consent is given, we can measure the success of online advertising (known as ‘conversion’) via the affiliate marketing network by using cookies. For this purpose, usage data relating to the website and clicks on individual elements are logged.

3.4.6.1 Purpose

The aim is to acquire new customers through performance-based online advertising and to reward successful online marketing. In addition, the aim is to analyse how successful online marketing measures are.

3.4.6.2 Recipients of the data

Data is received by our partners in the affiliate marketing network and by Adcell itself.

3.5 Social media presence

We have included links to social networks such as Facebook, Instagram, and YouTube on our website. When clicked, these links take you to our respective company profiles on the social networks. By including links and maintaining our respective profiles, we aim to raise awareness of our company via these networks. You can access our social media profiles via the corresponding links (visible as icons) on our website. In this case, the social networks can link the IP address of your browser session to your own profile on the respective social network via one of their cookies.

Insofar as we use services that also process personal data on servers in the USA (hereinafter referred to as US services), we ask you to note our explanations on the level of data protection in section B.V and the associated risks. If you have given your consent taking these risks into account, your consent expressly refers to the fact that you are aware of and accept these risks.

3.5.1 Facebook and Instagram (US service)

We maintain a presence on the social networks Facebook and Instagram, which are operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: ‘Meta’). Among other things, Meta initially receives the information that you have visited our site with your IP address.

3.5.1.1 Data processing and responsibilities

Meta uses the aforementioned information on its own responsibility to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet usage for the purposes of market research and the needs-based design of these websites. This information may be transferred to third parties if required by law or if third parties process this data on behalf of Meta. Meta may also combine data from other sources with your data.

For the purpose and scope of data collection and the further processing and use of data by Meta, as well as your rights in this regard and setting options for protecting your privacy, please refer to Meta's privacy policy (https://www.facebook.com/about/privacy/).

Data is processed as soon as you access our Meta profile (‘Facebook page’ or ‘Instagram page’) via the corresponding link on our website. When you visit our Meta profile, Meta may process data stored in cookies and, if applicable, log data originating from our website and transmitted to Meta. However, when you visit our profile, Meta mainly processes data on how and whether you have interacted with our profile (e.g. posts, follows, etc.).

If you are also a member of the respective Meta social networks, Meta processes the data you have already provided (e.g. name, age, gender, etc.), creates analyses and statistics, and then makes these available to us in aggregated form. This aggregated data does not contain any personal references. Meta refers to this as ‘Page Insights’. For more information, please visit https://www.facebook.com/privacy/policy?section_id=0-WhatIsThePrivacy.

We are jointly responsible with Meta for the ‘Page Insights’ data processing described above (Art. 26 GDPR). We have transparently defined the obligations and rights regarding data processing in a contract with Meta, which is available at https://www.facebook.com/legal/controller_addendum. From this, you can see that Meta has also primarily assumed the task of addressing your data subject rights (see section F) if you wish to exercise them.

You can do this easily via your profile settings at Meta or by contacting them directly. You are also free to contact us regarding your data subject rights . However, we would like to point out that, due to a lack of insight into the specific data processing, we will usually forward your request to Meta.

The data processing associated with ‘Page Insights’ (i.e. the use of aggregated statistics and analyses) is carried out by us on our own responsibility. We are also responsible for the use and further processing of your personal and publicly visible interactions on our profile page (e.g. likes, posts, sharing posts, etc.) and for any contact with us. Meta is solely responsible for all data processing carried out outside of ‘Page Insights’. We operate our profiles on Meta in order to present our services in an appealing manner and to give them the appropriate reach.

We operate our profiles on Meta in order to present our services in an appealing manner and to give them the appropriate reach.

The analysis services provided by ‘Page Insights’ serve to generate aggregated statistics for us. This enables us to better understand our visitors and customers and to improve our offering. It also allows us to tailor our advertising on this basis (which does not contain any personal references).

We base this processing on your consent (to Meta) (Art. 6 para. 1 sentence 1 lit. a GDPR). nbsp;

Insofar as we communicate with you on our own responsibility, the processing serves to respond to enquiries and to prepare for the conclusion of a contract and, if necessary, even to execute it (Art. 6 (1) (b) GDPR), as in other cases of (see section C.VIII). Any other use is based on legitimate interests (Art. 6(1)(f) GDPR), which lie in our ability to improve our offers and services in line with our target groups. Please note your right of withdrawal with regard to the processing of personal data, which we base on our legitimate interests (cf. F.I.1).

3.5.1.3 Data transfer to the USA

Some data processing also takes place in the USA. The USA is a third country (see section B.V for the term and further explanations) for which the EU Commission has issued an adequacy decision. Meta is registered in the EU-US Data Privacy Framework.

3.5.2 YouTube channel (US service)

We maintain a presence (‘YouTube channel’) on the video hosting provider YouTube, a service provided by Google, based in Ireland (Google Ireland Limited, Gordon House, Barrow Street Dublin 4; hereinafter ‘Google’).

When you access YouTube via our website, the data we have already mentioned in section C.I.1 is transferred to YouTube. If you have a user account with YouTube or Google and are logged in when you access our website , the data will also be assigned to your user account. You can prevent this by logging out of YouTube and/or Google before playing the video.

3.5.2.1 Data processing and responsibilities

If you access our website via the link, the data mentioned in section I.1 will be transferred to YouTube. If you have a user account with YouTube or Google and are also logged in when you visit our website, the data will also be assigned to your user account. You can prevent this assignment by logging out of YouTube and/or Google before playing the video.

If you consent to Google (consent to the setting of cookies when visiting YouTube), Google will use the aforementioned information to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and the design of these websites in line with user needs.

This information may be transferred to third parties where required by law or where third parties process this data on behalf of Google. Google may also combine your data with data from other sources. If you would like to know more about the purpose and scope of data collection, your rights and technical settings options, you can access Google's privacy policy: https://policies.google.com/privacy?hl=en

However, when you visit our channel, Google/YouTube primarily processes data on how and whether you have interacted with our channel (e.g. videos viewed, viewer retention, click rate, target group, etc.). If you have a YouTube account and visit our channel as a registered member, the data you have already provided (e.g. name, age, gender, etc.) will also be included in the analyses and statistics described above. YouTube then provides us with all data in aggregated (summarised, anonymised and compressed) form. This aggregated data does not contain any personal references. YouTube refers to this as ‘YouTube Analytics’. Further information and the data available from us can be found at https://support.google.com/youtube/answer/9002587?hl=de& ref_topic=9313691&sjid=15447359475380143902-EU summarised explained.

We are jointly responsible with YouTube and Google for the ‘YouTube Analytics’ data processing described above (Art. 26 GDPR). We have transparently defined the obligations and rights regarding data processing in a contract with Google , which is available here: https://support.google.com/analytics/answer/9012600?hl=en

From this, you can see that Google has also primarily assumed the task of addressing your data subject rights (see section F) if you wish to exercise them. You can do this easily via your profile settings on Facebook or by contacting them directly. You are also free to contact us regarding your data subject rights. However, we would like to point out that, due to a lack of insight into the specific data processing, we will usually forward your request to Google .

The data processing associated with ‘YouTube Analytics’ (i.e. the use of aggregated statistics and analyses) is carried out by us on our own responsibility. We are also solely responsible for the use and further processing of your personal and publicly visible interactions on our channel page (e.g. likes, posts, sharing of posts, etc.) as well as for any contact with us.

YouTube is solely responsible for all data processing carried out outside of YouTube Analytics.

3.5.2.2 Purpose and legal basis

We operate our channel on YouTube in order to present our services in an appealing manner and to give them the appropriate reach.

The analysis services provided by ‘YouTube Analytics’ serve to generate aggregated statistics for us. This enables us to better understand our visitors and customers and improve our offering. We can also use this basis (which does not contain any personal references) to tailor our advertising to specific target groups. We base this processing on your consent (to Google) (Art. 6(1)(a) GDPR).

Insofar as we communicate with you on our own responsibility, the processing serves to respond to enquiries, prepare for the conclusion of a contract and, if necessary, even to execute (Art. 6(1)(b) GDPR), as in other cases of contact (see section C.VIII). Any other use is based on legitimate interests (Art. 6(1)(f) GDPR), which lie in being able to improve our offers and services in line with our target groups. Please note your right of withdrawal with regard to the processing of personal data, which we base on our legitimate interests (cf. F.I.1).

3.5.3 LinkedIn (US service)

We maintain a presence on the social network LinkedIn. This is offered by LinkedIn Ireland Limited, 77 Sir John Rogerson's Quay, Dublin 2, Ireland. At the same time, we maintain our own profile on LinkedIn, which you can access via the link on our website.

3.5.3.1 Data processing and responsibilities

Data processing takes place as soon as you visit our LinkedIn profile. When you visit our LinkedIn profile, LinkedIn may process data stored in cookies and, if applicable, log data originating from our website and transmitted to LinkedIn . However, when you visit our profile, LinkedIn mainly processes data on how and whether you have interacted with our profile (e.g. posts, followings, etc.).

If you are also a member of the LinkedIn social network, LinkedIn processes the data you have already provided (e.g. job title, country, industry, length of service, company size and employment status), creates analyses and statistics and then makes these available to us in aggregated form. This aggregated data does not contain any personal references. LinkedIn refers to this as ‘Page Insights’. For more information, please visit (https://www.linkedin.com/help/linkedin/answer/4499/linkedin-page-analytics-overview?lang=en).

We are jointly responsible with LinkedIn for the ‘Page Insights’ data processing described above (Art. 26 GDPR). We have transparently defined the obligations and rights regarding data processing in a contract with LinkedIn (‘Page Insights Joint Controller Addendum’), which can be found at https://legal.linkedin.com/pages-joint-controller-addendum.

From this, you can see that LinkedIn has also primarily assumed the task of addressing your data subject rights (see section F) if you wish to exercise them. You can do this easily via your profile settings on LinkedIn or by contacting them directly. You are also free to contact us regarding your data subject rights. However, we would like to point out that, due to a lack of insight into the specific data processing, we will usually forward your request to LinkedIn .

The data processing associated with ‘Page Insights’ (i.e. the use of aggregated statistics and analyses) is carried out by us on our own responsibility. We are also responsible for the use and further processing of your personal and publicly visible interactions on our profile page (e.g. likes, posts, sharing of posts, etc.) and for any contact with us.

3.5.3.2 Purpose and legal basis

We use the plug-in on our website to draw attention to our LinkedIn profile and to enable you to use the functions of the LinkedIn social network directly.

We operate our profile on LinkedIn in order to present our services in an appealing manner and to give them the appropriate reach.

The analysis services provided by ‘Page Insights’ serve to generate aggregated statistics for us. This enables us to better understand our visitors and customers and to improve our offering. We can also use this information to tailor our advertising (which does not refer to any specific individuals) to specific target groups.

We base this processing on the consent you have given (to LinkedIn) (Art. 6(1)(a) GDPR).

Insofar as we communicate with you on our own responsibility, the processing serves to respond to enquiries and to prepare for the conclusion of a contract and, if necessary, even to execute it (Art. 6(1)(b) GDPR), as in other cases of contact (see section C.VIII). Any other use is based on legitimate interests (Art. 6(1)(f) GDPR), which lie in our ability to improve our offers and services in line with our target groups. Please note your right of withdrawal with regard to the processing of personal data, which we base on our legitimate interests (see F.I.1). Please note your right of withdrawal with regard to the processing of personal data, which we base on our legitimate interests (cf. F.I.1). Storage period

The storage of personal data by us when you contact us is carried out in accordance with the general rules (see B.III).

The storage period for data processed by LinkedIn can be found in LinkedIn's privacy policy (see link above).

3.5.4 Xing

Functions and services of the social network ‘Xing’ are integrated on our pages. These are offered by New Work SE, Baumwall 7, 20459 Hamburg, Germany.

3.5.4.1 Data processing and responsibilities

Data is processed as soon as you access our Xing profile via the corresponding link on our website, marked by a Xing symbol (plug-in). When you access our Xing profile, Xing may process data stored in cookies and log data that originates from our website and is transmitted to Xing.

However, when you visit our profile, Xing mainly processes data on how and whether you have interacted with our profile (e.g. postings, followings, etc.).

If you are also a member of the Xing social network, Xing processes the data you have already provided (e.g. function, country, industry, seniority, company size and employment status), creates analyses and statistics and then makes these available to us in aggregated form. Xing uses other analysis services (e.g. Adobe Digital Analytics, Google Analytics etc.). This data aggregated for us has no personal reference.

We are jointly responsible with LinkedIn for the data processing described above (Art. 26 GDPR). We have transparently defined the obligations and rights with regard to data processing in a contract with Xing.

Xing also primarily assumes the task of addressing your rights as a data subject (see section F) if you wish to exercise them. You can do this simply via your Xing profile settings or by contacting Xing directly. You are also free to contact us regarding your rights as a data subject. However, we would like to point out that we will generally forward your enquiry to Xing due to a lack of insight into the specific data processing.

We are responsible for the subsequent data processing described above (e.g. the use of aggregated statistics and analyses). We are also responsible for the use and further processing of your personal and publicly visible interactions on our profile page (e.g. likes, posts, sharing of contributions, etc.) and for any contact with us.

When you activate and use the plug-in, your browser establishes a direct connection to the Xing servers. The content of the plug-in is transmitted by Xing directly to your browser, which integrates it into the website. By activating the plug-ins, Xing receives the information that you have accessed the corresponding page of our website.

If you are logged in to Xing, Xing can assign the visit to your Xing account. The purpose and scope of the data collection and the further processing and use of the data by Xing as well as your rights in this regard and setting options to protect your privacy can be found in Xing's data protection information at https://privacy.xing.com/de/datenschutzerklaerung.

For more information, you are welcome to access Xing's privacy policy, where you will also find information on the options for deactivating certain tracking data processing: https://privacy.xing.com/de/datenschutzerklaerung/druckversion

3.5.4.2 Purpose and legal basis

We use the plug-in on our website to draw attention to our Xing profile and to enable you to use the functions of the Xing social network directly.

We operate our profile on Xing in order to present our services in an appealing way and to be able to provide them with a corresponding reach.

The purpose of Xing's analytics services is to compile aggregated statistics for us. This enables us to better understand our visitors and customers and improve our offering. We can also target our advertising on this basis (which has no personal reference).

We base this processing on consent given by you (to Xing) (Art. 6 para. 1 sentence 1 lit. a GDPR).

Insofar as we communicate with you on our own responsibility, the processing serves to answer the enquiries and to prepare the conclusion of a contract and, if necessary, even to execute it (Art. 6 para. 1 sentence 1 lit. b GDPR), as in other cases of contact (see section C.VIII). The remaining use is otherwise based on legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR), which lie in being able to improve our offers and services in line with the target group. Please note your right of cancellation with regard to the processing of personal data that we base on our legitimate interests (see F.I.1).

3.5.4.3 Storage period

We store personal data when you contact us in accordance with the general rules (see B.III).

The storage period of the data processed by Xing can be found in Xing's privacy policy (see link above).

3.6 Registration / setting up a user account

We offer registration and the creation of a personal user account on our websites. This is mandatory for the use of some of our offers and services. In any case, the user's IP address and the date and time of registration are stored during registration and creation of the user account.

In addition, we collect and store the following necessary personal data as mandatory information (marked with an ‘ * ’ as a mandatory field):

  • Password

  • E-mail address

  • First name, surname, title

  • Company (if relevant)

  • Address

  • Vehicle registration number and country of registration

  • Vehicle-related data, insofar as this is necessary for toll collection,

  • Telephone number (optional)

The registration process is only complete once you have filled in the mandatory fields and confirmed the link contained in an email sent by us. In addition, voluntary information may be provided, such as telephone number, fax number or mobile phone number. This information may be used in particular for the purpose of improving our services and customer care. The data will not be passed on to third parties. The purpose of user registration is to restrict and control access to certain content and services that we offer exclusively to registered users.

3.6.1 Purpose and legal basis

The purpose of user registration is to restrict and control access to certain content and services that we make available exclusively to registered users as part of our offerings. The provision of certain content and services to registered users within the scope of contract fulfilment and for the implementation of pre-contractual measures is also covered by the purpose of registration. We base this on the following legal grounds:

  • Art. 6 para. 1 sentence 1 lit. a GDPR, if the user has consented to the processing of their personal data during registration,

  • Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as the registration serves to fulfil a contract to which the user is a party or to implement pre-contractual measures, such as retrieving current information regarding the order status, and

  • Art. 6 (1) (f) GDPR, insofar as registration is carried out for the purpose of restricting access and/or access control, as we are protecting our legitimate interests; the legitimate interest lies in restricting access in order to protect the content and information we have developed.

3.6.2 Storage period

If the registration and creation of the user account serves the purpose of fulfilling the contract or implementing pre-contractual measures in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we store the registration data for as long as the contractual relationship exists and no contractual deadlines have expired. In all other cases, we store the registration data as long as the user does not cancel the registration.

The deletion period is subject to any obligations and rights in accordance with Section B.III

3.6.3 Right to object and right to erasure

As a user, you have the option of cancelling your registration and changing the data you have provided at any time. However, deletion is subject to our previous statements in section B.III.

3.7 Newsletter and advertising

We offer you the opportunity to register for our newsletter. We also use other advertising options.

3.7.1 Newsletter

If you wish to register for our newsletter, you thereby give us your express consent to collect your email address, which you provide to us during the registration process. We use the so-called ‘double opt-in’ procedure to verify your identity, i.e. after receiving your email address, we send an automated email to the email address provided, which contains a confirmation link. The registration process is only complete once you have confirmed your email address. We do not collect any further data beyond the email address and the information required to confirm your registration. Please note that you can revoke your consent at any time (Section F.II) .

The purpose of data processing is exclusively to send you the newsletter you have requested. The legal basis for this is Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (performance of a contract). If you unsubscribe from the newsletter, we will delete your registered data, subject to any obligations and rights under Section B.III. We use your personal data either on the basis of your prior consent (Art. 6 (1) (a) GDPR) for the purpose of direct advertising and marketing, or on the basis of your prior consent (Art. 6 (1) (a) GDPR) for the purpose of direct advertising and marketing, or on the basis of your prior consent (Art. 6 (1) (a) GDPR) for the purpose of direct advertising and marketing, or on the basis of your prior consent (Art. 6 (1) (a) GDPR) for the purpose of direct advertising and marketing, or on the basis of your prior consent (Art. 6 (1) (a) GDPR) for the purpose of direct advertising and marketing, or on the basis of your prior consent (Art. 6 (1) (a) GDPR) for the purpose of direct advertising and marketing, or on the basis of your prior consent (Art. 6 (1) (a) GDPR) for the purpose of direct advertising and marketing, or on the basis of your prior consent (Art. 6 (1) (a) GDPR) We use your personal data either on the basis of your prior consent (Art. 6(1)(a) GDPR) for the purposes of direct advertising and marketing as well as other customer support, which you can revoke at any time (F.II) or on the basis of legitimate interest (Art. 6(1)(f) GDPR). In the latter case, our interest lies in improving and marketing our products and services in line with user preferences.

If we engage in direct advertising and marketing as well as other customer support by electronic means, we rely on the legal basis of Section 7 (3) UWG (German Unfair Competition Act), provided that we

  • have obtained your e-mail address in connection with the sale of a product or service,

  • you have not objected to the use of your e-mail address for direct marketing purposes, and

  • we clearly indicate to you when collecting your email address and each time we use it that you can object to such use of your email address at any time.

You can therefore object to our data processing, direct advertising and marketing, and other customer support at any time without incurring any costs other than the basic transmission costs (Section F.I.2). In this case, please contact us using the contact details provided above.

3.8 Contact form and email contact

Our website offers you the option of contacting us via our contact form. In all cases, the user's IP address and the date and time of sending your message will be stored when you contact us.

We collect and store the following personal data as mandatory information (marked with an ‘ * ’ as a mandatory field):

  • First name

  • Surname

  • Email address

  • Telephone number (optional)

  • Postcode (address)

  • Your message

If you decide to contact us via the email address provided on our website, we will store your email address and any other data you have (voluntarily) provided. This data will only be passed on to third parties if this is necessary to process your enquiry.

3.8.1 Purpose and legal basis

We process the aforementioned data for the purpose of handling your enquiry. Other data is only processed for technical or security reasons (e.g. to prevent misuse and ensure the security of our system). The legal basis is Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (b) GDPR (performance of a contract or pre-contractual measures) and, with regard to the latter purpose, Art. 6 (1) (f) GDPR, as we have a legitimate interest in the integrity of our website.

3.8.2 Storage period

All of the aforementioned data will be deleted as soon as we have processed your request and further clarification is no longer necessary. The deletion is subject to any obligations and rights in accordance with Section B.III.

3.8.3 Right to object and right to erasure

After contacting us, you may withdraw your request at any time and object to further processing of your data. In addition, you may have a right to object in accordance with Art. 21 GDPR (see Section F.I.1).

4 Webshop

4.1 Use of our web shop

In order to use the order function of our web shop, we require data to execute the order process. Mandatory data is marked as such; further information is voluntary. We process the data you provide to process your order. In addition, you can use the payment method of your choice, for which data entry is also required. The legal basis for this is Art. 6 (1) (b) GDPR.

We process user and customer data in accordance with our principles set out above. We also refer to the data processing operations within the framework of our contracts (Section E).

4.2 Entering data for payment and logistics service providers

In order to process orders, we use service providers for payment and shipping processes within the scope of our web shop. The following service providers are listed as examples only, as the data processing operations are generally similar. Furthermore, these service providers also act on their own responsibility, so we ask you to take note of the respective data protection declarations of our service providers and partners.

4.2.1 DHL

We use the services of the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn). In doing so, we transfer your shipping data (title, first name, surname, country/region, street, house number, postcode, town/city, telephone number (optional), email address, different delivery address (optional), comments (optional) and payment method) to DHL, which we are entitled to do in accordance with Art. 6 (1) (b) GDPR. If you give us your consent, we will also provide DHL with your email address for the purpose of tracking the parcel.

For further information, you can also access DHL's privacy policy at https://www.dhl.de/en/toolbar/footer/datenschutz.html

4.2.2 PayPal

We have integrated a plug-in from PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg) for payment processing. Payments are processed via your personal PayPal account.

If you choose PayPal as your payment service provider, we will transfer your order details to PayPal, usually your first name, surname, address, e-mail address, IP address, telephone number, mobile phone number or other data necessary for payment processing and which you have provided to us. This is covered by Art. 6 para. 1 sentence 1 lit. b) GDPR, as we pursue the purpose of being able to process the order in full.

Please note that PayPal is a separate controller within the meaning of the GDPR and may pass on data to its own partners under certain circumstances. PayPal is also responsible for obtaining consent for certain data transfers (e.g. for credit checks). For further information, please visit PayPal's privacy policy at https://www.paypal.com/en/webapps/mpp/ua/privacy-full.

4.3 Storage

As already stated above, we are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, after approximately three years, i.e. after the expiry of any warranty and other rights, we restrict the processing of your data. Your data will then only be stored for the purpose of complying with legal obligations.

4.4 Encryption

To prevent unauthorised access by third parties to your personal data, in particular financial data, the ordering process is encrypted.

5 Contracts

If you are our contractual partner, we will inform you in this section in addition to our General Terms and Conditions and our data processing principles under section B.

5.1 Purposes, legal bases and storage period

Any processing of personal data obtained in the context of concluding and executing the contract serves primarily to enable us to fulfil our contractual obligations and to provide you with customer service. The legal basis is Art. 6 (1) (b) GDPR. Data will only be passed on to third parties under the conditions set out in sections B.IV and B.V. Categories of recipients in our contracts include payment service providers and logistics service providers.

If you do not provide the data, this may mean that the contract cannot be concluded and/or performed.

Where appropriate, we use data for statistical market and opinion research purposes and for product development purposes. This is necessary in order to continuously improve our products and services, to market them appropriately and to adapt them to the needs of our customers. These are also legitimate interests pursuant to Art. 6 (1) (1) (a) f GDPR. Advertising purposes are only pursued if you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or if we can assert legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

The storage period is in accordance with our data processing principles (B.III).

5.2 Right to object and right to erasure

In particular, you have the right to revoke your consent to the collection and further processing of data on the basis of consent (see section F.II). Data processing required for the fulfilment of the contract or the implementation of pre-contractual measures is not subject to any right of objection; however, you may object to data processing based on legitimate interests under the conditions specified in section F.I.1. With regard to our direct advertising, we refer to your right of revocation (in the case of consent) in accordance with Section F.II and your right of objection in accordance with Section F.I.2. In addition, you are entitled to the rights of data subjects already mentioned in Section F.

6 Your rights as a data subject

If you are affected by our processing of your personal data, you may have the following rights:

6.1 Right to object (Art. 21 GDPR)

When data is processed for specific purposes, you have the right to object in accordance with Art. 21 GDPR. You can use our consent management tool to object to data processing on our website. Otherwise, please contact us or our data protection officer using the contact details provided. You will not incur any costs other than the transmission costs according to the basic rates of your telecommunications provider. You have the right to object in the following cases:

6.1.1 Processing based on legitimate interest (Art. 6(1)(f), 21(1) GDPR):

If personal data is processed to safeguard legitimate interests (Art. 6(1)(f) GDPR), you may object to the processing of your personal data at any time for reasons arising from your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms as the data subject, or the processing serves to assert, exercise or defend legal claims.

6.1.2 Processing for direct marketing purposes (Art. 21(2) GDPR, Section 7(3) UWG):

Insofar as we process data for the purpose of direct marketing and/or profiling related to such marketing, you may object at any time to the processing of your personal data for the purpose of such advertising and/or profiling. If you object, we will refrain from any further processing of your data for the purpose of direct marketing and/or profiling.

6.1.3 Processing for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6(1)(e), 21(1) GDPR):

If personal data is processed for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6(1)(e) GDPR), you may object to the processing of personal data concerning you at any time on grounds relating to your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

6.1.4 Processing for scientific or historical research purposes or for statistical purposes (Art. 21(6)):

If personal data is processed for scientific or historical research purposes or for statistical purposes in accordance with Art. 89(1) GDPR, you have the right to object to the processing of personal data concerning you on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out in the public interest.

6.2 Right of withdrawal of consent (Art. 7(3) GDPR)

You may revoke your consent at any time with future effect, in whole or in part, at no cost, by contacting us. The lawfulness of the processing of the data covered by the consent remains unaffected by the revocation.

6.3 Right to information (Art. 15 GDPR)

You have the right to request information about your personal data processed by us. This right to information includes

  • the purposes of processing;

  • the categories of personal data processed by us;

  • the categories of recipients to whom your data has been or will be disclosed;

  • in the case of a transfer of personal data to so-called ‘third countries’ (cf. Section B.V) outside the scope of the GDPR, whether and how we ensure an adequate level of protection by means of appropriate safeguards (Articles 45 and 46 GDPR) at the data recipient in the third country;

  • the planned storage period, as far as we can assess this; if an assessment and specification of the storage period is not yet possible, we will at least provide information on the criteria for determining the storage period (e.g. limitation periods, statutory retention periods, see also section B.III);

  • Your right to rectification, erasure, restriction of processing and to object to the processing of personal data concerning you (details below);

  • the existence of a right of appeal to a supervisory authority;

  • the origin of the data, if it was not collected by us; and

  • the existence of automated decision-making in individual cases within the meaning of Art. 22 GDPR, including profiling, which also includes details of the decision-making criteria (i.e. the logic used) of the automated decision and the effects and scope for the data subject.

You have the right to request a copy of your personal data processed by us. There is no charge for the first copy of your data; we will charge a reasonable fee for any further copies. If you exercise this right, we will generally provide the data copy in electronic form, unless otherwise specified. The provision of the data copy is subject to the rights and freedoms of other persons who may be affected by the transmission of the data copy.

6.4 Right to rectification (Art. 16 GDPR)

You have the right to request that we correct your inaccurate data without delay. You may also request that we complete your incomplete personal data by providing supplementary statements or notifications.

6.5 Right to erasure (Art. 17 GDPR)

You have the right to request that we delete your personal data stored by us without delay, provided that

  • you have revoked your consent (see B.II.1) to data processing, unless there is another legal basis for data processing;

  • the storage or other processing of your personal data is no longer necessary for the purposes for which it was collected and processed;

  • you have objected to data processing pursuant to Art. 21 GDPR and there are no overriding legitimate grounds for further processing; in the case of direct marketing pursuant to Art. 21(2) GDPR, the deletion shall take place without reservation;

  • your personal data has been processed unlawfully;

  • the data relates to a child and has been collected in relation to information society services pursuant to Art. 8(1) GDPR.

If we have made personal data public, we will also inform other controllers of your request for erasure, including the erasure of links, copies and/or replications, to the extent that this is technically possible and reasonable. The aforementioned rights to erasure of your personal data do not apply if the processing

  • for exercising the right of freedom of expression and information;

  • for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;

  • for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) GDPR and Art. 9(3) GDPR;

  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as your right to erasure is likely to render impossible or seriously impair the achievement of the objectives of this processing, or

  • for the establishment, exercise or defence of legal claims

is necessary.

6.6 Right to restriction of processing (Art. 18 GDPR)

You have the right to request that we restrict the processing of your personal data (i.e. restrict processing to mere storage) if one of the following cases applies:

  • You have contested the accuracy of your personal data. For the duration of our verification of accuracy, you may request that your data not be used for other purposes and be restricted in this respect.

  • The processing is unlawful and you refuse to have the personal data deleted (Art. 17 (1) sentence 1 lit. d GDPR) and instead request the restriction of the use of the personal data (Art. 18 GDPR).

  • We no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims. In this case, you may request the restriction of processing to the aforementioned purposes.

  • You have objected to the processing pursuant to Article 21(1) GDPR. As long as it is not yet clear whether our legitimate interests or reasons for processing outweigh yours, you may request that we only process your data for the purpose of examining the aforementioned consideration.

If we have restricted the processing of your personal data at your request, we may and will only process this data – apart from its storage – with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. Should a restriction on processing be lifted, you will be informed in advance.

6.7 Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from us, provided that

  • the processing is based on consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR and

  • the processing is carried out using automated procedures. Insofar as it is technically feasible, you can also request that we transfer your personal data directly to another controller.

Exercising the right to data portability does not affect the right to data erasure (Art. 17 GDPR). However, the right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

You cannot exercise the right to data portability if it adversely affects the rights and freedoms of others.

6.8 Right to lodge a complaint (Art. 77 GDPR)

We always process personal data in accordance with the law. However, if you have reason to believe that we have violated applicable data protection law, you can contact the competent supervisory authority of the Union or the Member States at any time and lodge a complaint. The supervisory authority responsible is that of your habitual residence, your place of work or the place of the alleged infringement. The processing of personal data carried out by us as the controller is supervised by the following supervisory authority:

Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach

Telephone: +49 (0) 981 180093-0
Email address: poststelle@lda.bayern.de

You will also find a list of all data protection supervisory authorities at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html