Privacy Policy
Thank you for your interest in our website. Protecting your privacy is very important to us. Below we inform you in detail regarding how your personal information is handled. This Privacy Policy provides you with information about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “personal information”) within our online offer and the websites, functions, and content associated with it, as well as external online presences such as our social media profiles (hereinafter collectively referred to as our “online offer”). With regard to the terms used, such as “processing” or “data controller,” we refer to the definitions in art. 4 of the General Data Protection Regulation (GDPR).
Data controller
ITG GmbH Internationale Spedition und Logistik
Eichenstr. 2
85445 Schwaig, Germany
E-mail address: info@itg.de
Managing Directors: Holger Funk, Patrick Lindig
https://www.itg.de/de/kontakt/impressum.html
Data Protection Officer contact:
Peter Grenzmann
datenschutz@itg.de
Types of personal information processed:
- Inventory data (e.g., names, addresses)
- Contact details (e.g., e-mail, phone numbers)
- Content data (e.g., text input, photographs, videos)
- Usage data (e.g., web pages visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses)
We also process:
- Contract data (e.g., subject matter of the contract, contract term, customer category)
- Payment data (e.g., bank details, payment history) via BSPAYONE (https://www.bspayone.com/DE/de/privacy) of our customers, prospective customers, and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising, and market research.
Categories of data subjects
Visitors and users of the online offer (hereafter we also refer to the data subjects collectively as “users”).
Purpose of processing
- Provision of the online services, their functions, and their content
- Responding to contact requests and communicating with users
- Security measures
- Affiliate tracking
- Measuring reach/marketing
Terms used
“Personal information” refers to any information relating to an identified or identifiable natural person (hereinafter the “data subject”); an identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier (e.g., a cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. “Processing” means any operation or set of operations performed upon personal information, whether or not these actions are automated. The term is broad and encompasses virtually any handling of personal information. “Pseudonymization” refers to processing of personal information in such a way that the personal information can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure that the personal information is not attributed to an identified or identifiable natural person. “Profiling” refers to any automated processing of personal information that consists of using such personal information to evaluate certain personal aspects relating to a natural person, in particular to analyzing or predicting aspects relating to that natural person’s performance at work or their economic situation, health, personal preferences, interests, reliability, behavior, location, or change of location. “Data controller” refers to the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal information. “Data processor” refers to a natural or legal person, public authority, agency, or other body which processes personal information on behalf of the data controller.
Relevant legal bases
In accordance with art. 13 GDPR, we are informing you about the legal basis of our personal information processing. Unless the legal basis is stated in the Privacy Policy, the following applies: The legal basis for obtaining consent is art. 6 (1) (a) and art. 7 GDPR, the legal basis for processing to fulfill our services, perform contractual measures, and respond to inquiries is art. 6 (1) (b) GDPR, the legal basis for processing to fulfill our legal obligations is art. 6 (1) (c) GDPR, and the legal basis for processing to protect our legitimate interests is art. 6 (1) (f) GDPR. In the event that vital interests of the data subject or another natural person make it necessary to process personal information, art. 6 (1) (d) GDPR serves as the legal basis.
Security measures
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with art. 32 GDPR, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. In particular, the measures include ensuring the confidentiality, integrity and availability of personal information by controlling physical access to the personal information as well as access to, entry, disclosure of, assurance of availability of, and separation of the personal information. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and a response to jeopardizing the security of the data. In addition, we already take the protection of personal information into account during the development and selection of hardware, software, and processes in accordance with the principle of data protection through technology design and through data protection-friendly default settings (art. 25 GDPR).
Cooperation with data processors and third parties
If, in the course of our processing, we disclose personal information to other persons and companies (data processors or third parties), transmit it to them, or otherwise grant them access to the personal information, this will only be done on the basis of a legal permission (e.g., if transmission of the personal information to third parties, such as payment service providers, is required for the performance of the contract pursuant to art. 6 (1) (b) GDPR), if you have consented, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using commissioned parties, web hosts, etc.). If we commission third parties with the processing of personal information on the basis of a “data processing agreement,” this is done on the basis of art. 28 GDPR.
Your entered personal data will be forwarded to RECARO Holding GmbH, Jahnstraße 1, 70597 Stuttgart, Germany, for the purpose of internal customer analysis and, in the case of a legitimate interest according to §§ 15 AktG (German Stock Corporation Act), also to companies affiliated with RECARO Holding GmbH.
Transfers to third countries
If we process personal information in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of the use of third-party services or disclosing or transferring personal information to third parties, this will only be done if it is necessary to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of personal information in a third country only if the special requirements of art. 44 et seq. GDPR are met. This means, for example, that processing takes place on the basis of special guarantees such as the officially recognized determination of a level of data protection that corresponds to that of the EU (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations.
Rights of data subjects
You have the right to request confirmation as to whether personal information concerning you is being processed and to information about this personal information as well as further information and a copy of the personal information in accordance with art. 15 GDPR. According to art. 16 GDPR, you have the right to request the completion of the personal information concerning you or the correction of incorrect personal information concerning you. In accordance with art. 17 GDPR, you have the right to demand that the personal information concerning you will be deleted without delay or, alternatively, to demand restriction of the processing of the personal information in accordance with art. 18 GDPR. You have the right to request to receive the personal information concerning you that you have provided to us in accordance with art. 20 GDPR and to request its transfer to other data controllers. You also have the right to lodge a complaint with the competent supervisory authority pursuant to art. 77 GDPR:
Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27, 91522 Ansbach, Germany
Right to revoke consent
You have the right to revoke consent given according to art. 7 (3) GDPR with effect for the future.
Right to object
You may object at any time to future processing of personal information concerning you in accordance with art. 21 GDPR. You can object in particular to processing for purposes of direct advertising.
Cookies and the right to object to direct advertising
“Cookies” are small files stored on users’ computers. A variety of different information can be stored in cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offer. Temporary cookies, also known as “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online offer and closes their browser. Such a cookie can store the contents of a shopping cart in an online shop or a login status, for example. “Permanent” or “persistent” cookies are cookies that remain in place even after the browser is closed. For example, the login status can be saved until the user visits the site again after several days. Such a cookie may also store the interests of users, which are then used for reach measurement or marketing purposes. “Third-party cookies” are cookies that are offered by providers other than the responsible party operating the online offer (otherwise, if they are only its cookies, they are referred to as “first-party cookies”). We can use temporary and permanent cookies, and we explain this in our Privacy Policy. If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. Excluding the use of cookies may cause the features of this online offer to be limited. You can declare a general objection to the use of cookies for online marketing purposes for a large number of services, especially in case of tracking, using the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. You can also stop cookies from being stored by disabling them in your browser settings. Please note that not all features of this online offer can be used in this case.
Deleting personal information
The personal information processed by us will be deleted or restricted in its processing in accordance with art. 17 and 18 GDPR. Unless expressly stated within the scope of this Privacy Policy, the personal information stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the personal information is not deleted because it is required for other purposes that are legally permissible, its processing will be restricted. That is, the personal information is blocked and not processed for other purposes. This applies, for example, to personal information that is necessary to retain for reasons of commercial or tax law. According to Germany’s legal requirements, personal information is stored in particular for 10 years in accordance with section 147 (1) of Germany’s tax code (AO), section 257 (1) (1 and 4), (4) of Germany’s commercial code (HGB) (books, records, management reports, accounting receipts, commercial books, documents relevant to taxation, etc.) and 6 years in accordance with section 257 (1) (2 and 3), (4) HGB (commercial letters).
Data processing in the online shop and customer account
We process personal information of our customers in the context of order processing in our online shop to enable them to select and order the selected products and services as well to enable payment and delivery or execution of the order. The personal information processed includes master data, communication data, contract data, and payment data, and the data subjects of the processing include our customers, prospective customers, and other business partners. Processing is carried out for the purpose of providing contractual services within the framework of the operation of an online shop and of billing, delivery, and provision of customer services. We use session cookies to store the contents of the shopping cart and permanent cookies to store the login status. Processing is based on art. 6 (1) (b) (execution of order transactions) and (c) (legally required archiving) GDPR. In this context, the information marked as required is necessary as the basis of and for fulfillment of the contract. We disclose personal information to third parties only within the scope of delivery or payment or within the framework of legal permissions and obligations to legal advisors and authorities. Personal information is only processed in third countries if such processing is necessary for the fulfillment of the contract (e.g., at the customer’s request for delivery or payment). Users have the option to create a user account that allows them to view their orders in particular. During the registration process, the required mandatory information is provided to the users. The user accounts are not public and cannot be indexed by search engines. If a user has terminated their user account, their personal information with regard to the user account will be deleted, subject to its retention being necessary for reasons of commercial or tax law in accordance with art. 6 (1) (c) GDPR. Information in the customer account remains until it is deleted, with subsequent archiving in the event of a legal obligation. If the contract is terminated, it is the responsibility of the user to back up their personal information before the end of the contract. Within the scope of registration and renewed logins, as well as use of our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as those of users in protecting against misuse and other unauthorized use of the system. This personal information generally will not be passed on to third parties unless it is necessary to do so to pursue our claims or if there is a relevant legal obligation pursuant to art. 6 (1) (c) GDPR. Deletion occurs after expiry of the legal warranty and comparable obligations, with the necessity of keeping the personal information reviewed every three years; if legal archiving obligations apply, the deletion takes place after they expire (end of the retention obligation under commercial law (6 years) and tax law (10 years).
External payment service providers
We employ external payment service providers whose platforms allow users and us to carry out payment transactions. These providers include Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full), Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), and instant bank transfer provided by Sofort GmbH (https://www.sofort.com/integrationCenter-ger-DE/integration/datenschutz.html) In the context of contract performance, we use payment service providers on the basis of art. 6 (1) (b) GDPR. We also use external payment service providers on the basis of our legitimate interests pursuant to art. 6 (1) (f) GDPR in order to offer our users effective and secure payment options. The personal information processed by the payment service providers includes master data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, and contract, total, and recipient-related information. The information is necessary to carry out the transactions. However, the information entered is only processed by the payment service providers and stored on their systems. That is, we do not receive any account or credit card-related information but instead only information that confirms the success of the payment or lets us know that the payment did not go through. Under certain circumstances, the payment service providers may transmit personal information to credit agencies. This information is transmitted for the purpose of checking identity and creditworthiness. In this regard we refer to the terms and conditions and privacy policies of the payment service providers. The terms and conditions and privacy policies of the respective payment service providers apply to the payment transactions that can be accessed within the respective websites and transaction applications. We also refer to these for further information and assertion of revocation, information, and other data subject rights.
Administration, financial accounting, office organization, contact management
We process personal information in the context of administrative tasks as well as the organization of our operations, financial accounting, and compliance with legal obligations, such as archiving. In doing so, we process the same personal information that we process in the provision of our contractual services. The bases for such processing are art. 6 (1) (c) GDPR and art. 6 (1) (f) GDPR. Customers, interested parties, business partners, and website visitors are affected by the processing. The purpose of and our interest in the processing lies in the administration, financial accounting, office organization, and archiving of personal information, that is, tasks that serve to maintain our business activities, perform our tasks, and provide our services. The deletion of the personal information with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities. In this context, we disclose or transmit data to the tax authorities, advisors, such as tax consultants or auditors, and other fee offices and payment service providers. We also store information on suppliers, event organizers, and other business partners on the basis of our business interests, such as for the purpose of contacting them at a later date. We generally store this information, which is mainly company-related, for 10 years.
Business analyses and market research
In order to run our business economically and to be able to recognize market trends as well as the wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, and so on. In doing so, we process master data, communication data, contract data, payment data, usage data, and metadata on the basis of art. 6 (1) (f) GDPR, with the data subjects including contractual partners, interested parties, customers, visitors, and users of our online offer. The analyses are carried out for the purpose of business evaluations, marketing, and market research. In doing so, we can take into account the profiles of registered users with information about the services they have used, for example. The analyses serve to increase user-friendliness as well as to optimize our offer and that of the operational economy. The analyses are for our purposes only and are not disclosed externally unless they are anonymous analyses with aggregated values. The analyses can also be based on surveys conducted by e-mail or phone. If these analyses or profiles relate to a person, they are deleted or anonymized upon termination by the user or otherwise after two years from the conclusion of the contract. In other respects, the overall business analyses and general trend determinations are prepared anonymously wherever possible.
Registration function
Users can create a user account. As part of the registration process, the required mandatory information is communicated to the users and processed on the basis of art. 6 (1) (b) GDPR for the purpose of provision of the user account. The processed personal information includes the login information (name, password, and an e-mail address) in particular. The personal information entered during registration is processed for the purposes of usage of the user account and its purpose. Users can be notified by e-mail in regard to information relevant to their user account, such as technical changes. If users have terminated their user account, their personal information relating to the user account will be deleted, subject to any legal obligation to retain such personal information. If the contract is terminated, it is the responsibility of the user to back up their personal information before the end of the contract. We are entitled to irretrievably delete all of the user’s personal information stored during the term of the contract. Within the scope of your use of our registration and login functions as well as the user account, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as those of users in protecting against misuse and other unauthorized use of the system. This personal information generally will not be passed on to third parties unless it is necessary to do so to pursue our claims or if there is a relevant legal obligation pursuant to art. 6 (1) (c) GDPR. The IP addresses are made anonymous or deleted after 7 days at the latest.
Comments and posts
When users leave comments or other posts, their IP addresses may be stored for 7 days on the basis of our legitimate interests as defined in art. 6 (1) (f) GDPR. We do this for our security for cases in which someone leaves illegal content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves may be prosecuted for the comment or post, giving us an interest in identifying the author. We also reserve the right, on the basis of our legitimate interests pursuant to art. 6 (1) (f) GDPR, to process user information for the purpose of detecting spam. On the same legal basis, during surveys we reserve the right to store the IP addresses of users for the duration of the survey and to use cookies to prevent users from voting multiple times. The personal information provided in the context of comments and posts will be stored by us for 10 years unless the user objects.
Contacting us
When contacting us (e.g., by contact form, e-mail, telephone, or social media), the user’s personal information will be used to process and respond to the contact request pursuant to art. 6 (1) (b) (in the context of contractual/pre-contractual relations) and art. 6 (1) (f) (other inquiries) GDPR. User information may be stored in a customer relationship management system (“CRM System”) or similar inquiry management system. We delete the inquiries if they are no longer necessary. We review the necessity of deletion every two years, while also being subject to legal archiving obligations.
Newsletter
In the following, we inform you about our newsletter as well as the processes for signing up for and the dispatch of the newsletter, how we evaluate its statistical information, and your rights to object to processing of your personal information in this context. By subscribing to our newsletter, you agree to receive the newsletter and to the procedures we describe below. Newsletter content: We send newsletters, e-mails, and other electronic notifications with promotional information (hereinafter referred to as the “newsletter”) only with the consent of the recipients or other legal permission to do so. Insofar as the content of the newsletter is specifically described in the sign-up process, the user’s consent applies to receiving the content described. Apart from that, our newsletters contain information about our services and us. Double opt-in and logging: Signing up for our newsletter takes place by means of what is referred to as a double opt-in process. That is, after you sign up, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that it is impossible for third parties to sign you up under your e-mail address without your permission. Subscriptions to the newsletter are logged in order to prove that the subscription process occurred in accordance with legal requirements. This logging includes storage of the time at which you signed up and confirmed your sign-up, along with your IP address. In addition, changes to the personal information stored with the service provider for newsletter dispatch are logged. Information for signing up: To subscribe to the newsletter, it is sufficient to provide your e-mail address. We ask you to optionally provide a name so that we can address you personally in the newsletter. Dispatch of the newsletter and the associated performance measurement are based on the consent of the recipients pursuant to art. 6 (1) (a) and art. 7 GDPR in conjunction with section 7 (2) (3) of the Unfair Competition Act (UCA) or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to art. 6 (1) (f) GDPR in conjunction with section 7 (3) UCA. The logging of the sign-up process is based on our legitimate interests pursuant to art. 6 (1) (f) GDPR. We are interested in use of a user-friendly and secure newsletter system that serves our business interests, meets the expectations of users, and also allows us to prove that users consented to receipt of the newsletter. Unsubscribing/revocation – You can unsubscribe from our newsletter at any time, that is, revoke your consent to receiving it. The bottom of each newsletter contains a link for unsubscribing from the newsletter. We may store unsubscribed e-mail addresses for up to three years before deleting them based on our legitimate interest in proving that consent was previously given. Processing this personal information is limited to the purpose that it serves as a possible defense against claims against us. An individual deletion request is possible to fulfill at any time, provided that the previous existence of consent is confirmed at the same time.
Newsletter – Newsletter2Go
The newsletter is dispatched using the newsletter dispatch service provider Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. You can view the Privacy Policy of the newsletter dispatch service provider here: https://www.newsletter2go.de/datenschutz/. The newsletter dispatch service provider is used on the basis of our legitimate interests pursuant to art. 6 (1) (f) GDPR and a data processing contract according to art. 28 (3) (1) GDPR. The newsletter dispatch service provider may use the personal information of the recipients in pseudonymous form, that is, without assignment to a user, to optimize or improve its own services, such as technically optimizing dispatch and display of the newsletter or for statistical purposes. However, the newsletter dispatch service provider does not use the personal information of our newsletter recipients to contact our recipients itself or to disclose their personal information to third parties.
Data analysis and newsletter - Klaviyo
We use the services of Klaviyo, Inc ("Klaviyo"), 125 Summer Street, Boston MA, 02111, USA, to analyze user behavior in our online store for our own advertising and market research purposes and - in addition to Newsletter2Go - to send newsletters. Klaviyo also uses cookies and may link your behavior in our webshop with your personal data, provided that you have subscribed to our newsletter, created a customer account, agreed to the use of Klaviyo or gone through an order process in our webshop. You can find Klaviyo's privacy policy at https://www.klaviyo.com/privacy.
When using the services offered by Klaviyo, personal data is transmitted to Klaviyo and processed by Klaviyo:
- Contact details and demographic data, purchase history, and details regarding consumer engagement with marketing communications;
- Details regarding the terminal equipment used to access our website (such as IP address and type of operating system and web browser);
- Dates and times of visits to and use of our website;
- Information about how our website is used (such as the content displayed on our customers' websites and how users navigate between websites, and the date and time of access);
- Details about how individuals interact with our emails (such as whether the email is opened and which links in the email are clicked);
- URLs that refer visitors to our website
The Klaviyo service is operated by and is the responsibility of RECARO Holding GmbH itself.
In order to provide its service, Klaviyo may share such personal data with its partner companies. If this is the case, Klaviyo enters into an agreement with them that contains provisions on data protection that provide at least as high a level of protection as the provisions of the data protection agreement that Klaviyo has entered into with us. A list of Klaviyo's affiliated companies can be found here: https://www.klaviyo.com/legal/subprocessors.
Klaviyo retains personal information until RECARO instructs Klaviyo to delete it, which will be no later than 180 days from the date we asked Klaviyo to use the information.
To protect your data in the U.S., Recaro has entered into a data processing agreement ("Data Protection Addendum") with Klaviyo based on the European Commission's standard contractual clauses to allow the transfer of your personal data to Klaviyo. If you are interested, this data processing agreement can be viewed at the following internet address: https://www.klaviyo.com/privacy/dpa.
Klaviyo Inc. is a company based in the USA. The transfer to as well as the processing and/or storage of personal data by Klaviyo is based on the standard contractual clauses of the European Commission. You can find these clauses in the order agreement Recaro has concluded with Klaviyo: https://www.klaviyo.com/privacy/dpa.
Newsletter performance measurement
The newsletters contain a so-called “web beacon,” that is, a pixel-sized file that is retrieved from our server when the newsletter is opened, or, if we use a newsletter dispatch service provider, from the server of this provider or they contain a tracking link for measuring the success of the newsletter via Google Analytics. When this web beacon is retrieved, technical information is collected, including information about your browser and system as well as your IP address and the time of the retrieval. This information is used for the improve the service from a technical standpoint based on the technical information or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the time of access. The statistical information collected also includes determinations of whether newsletters are opened, when they are opened, and which links within them are clicked. For technical reasons, such information can be assigned to individual newsletter recipients, but monitoring individual users is not our intention nor the intention of any newsletter dispatch service provider we might use. Rather, we use these evaluations to determine the reading habits of our users and to adapt our content to them or to send different content that corresponds to the interests of our users. It is unfortunately impossible to separately revoke permission for performance measurement; in this case it is necessary to completely unsubscribe from the newsletter.
Hosting and e-mail dispatch
The hosting services we use are for the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services, and technical maintenance services that we use for the purpose of operating this online offer. We, or our hosting provider, process master data, contact data, content data, contract data, usage data, meta data, and communication data of customers, interested parties, and visitors of this online offer on the basis of our legitimate interests in efficient and secure provision of this online offer pursuant to art. 6 (1) (f) GDPR in conjunction with art. 28 GDPR (conclusion of a data processing contract).
Google Tag Manager
Google Tag Manager is a solution that allows us to manage website tags via an interface (so we can integrate Google Analytics and other Google marketing services into our online offer, for example). Google Tag Manager itself (which implements the tags) does not process any personal information of users. With regard to processing of users’ personal information, reference is made to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.
Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC (“Google”), on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and cost-efficient operation of our online offering within the meaning of art. 6 (1) (f) GDPR). Google uses cookies. The information generated by the cookie about the user’s use of the online offer is usually transmitted to a Google server in the United States and stored there. Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information on our behalf for the purpose of evaluating the user’s use of our website, for compiling reports on activities within this online offer, and for providing other services to us relating to the use of this online offer and of the Internet. In the process, pseudonymous usage profiles of the users can be created from the processed personal information. We use Google Analytics only with IP anonymization enabled, which means that the IP address of the user is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and truncated there. The IP address transmitted by the user’s browser is not merged with other personal information from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the personal information generated by the cookie and related to their use of the online offer as well as the processing of this personal information by Google by downloading and installing the browser add-on available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. For more information about Google’s use of personal information, settings, and opt-out options, please refer to Google’s Privacy Policy (https://policies.google.com/technologies/ads) and the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated). Users’ personal information is deleted or anonymized after 14 months.
Google Universal Analytics
We use Google Analytics in the form of “Universal Analytics.” “Universal Analytics” refers to a method of Google Analytics in which user analysis is performed on the basis of a pseudonymous user ID, thus creating a pseudonymous profile of the user with information from the use of different devices (known as “cross-device tracking”).
Target group formation with Google Analytics
We use Google Analytics to display the ads placed within advertising services of Google and its partners only to those users who have also shown an interest in our online offer or who have certain characteristics (e.g., interests in certain topics or products determined on the basis of the websites visited), which we transmit to Google (for “remarketing audiences” or “Google Analytics audiences”). Through the use of remarketing audiences, we also would like to ensure that our ads match the potential interests of the users.
Google AdWords and conversion measurement
We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google”) on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and cost-efficient operation of our online offer within the meaning of art. 6 (1) (f) GDPR). Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). We use the online marketing method “Google AdWords” to place ads in the Google advertising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who are presumed to have an interest in the ads. This allows us to display ads for and within our online offer in a more targeted manner in order to present users only with ads that potentially correspond to their interests. For example, if a user is shown ads for products that they expressed interest in on other online offers, this is referred to as “remarketing.” For these purposes, when our website and other websites on which the Google advertising network is active are called up, certain code is executed directly by Google and (re)marketing tags (invisible graphics or code also known as “web beacons”) are integrated into the website. With the help of these web beacons, an individual cookie, that is, a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). This file records the web pages that the user has visited, which content the user is interested in, and which offers the user has clicked on, as well as technical information about the browser and operating system, referring web pages, time of visit, and other information about use of the online offer. We also receive an individual “conversion cookie.” Google uses the information obtained with the cookie to create conversion statistics for us. However, we only learn the total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag, and all of the information is anonymous – we do not receive any information that personally identifies users. Personal information of users is processed pseudonymously within the Google advertising network. That is, Google does not store and process the name or e-mail address of the users, for example, but instead processes the relevant personal information from each cookie within pseudonymous user profiles. That is, from Google’s point of view, the ads are managed and displayed not for a specifically identified person but for the cookie holder, regardless of who this cookie holder happens to be. This does not apply if a user has expressly permitted Google to process the personal information without this pseudonymization. The information collected about users is transmitted to Google and stored on Google’s servers in the United States. For more information about Google’s use of personal information, settings, and opt-out options, please refer to Google’s Privacy Policy (https://policies.google.com/technologies/ads) and the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
Google Doubleclick
We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google”) on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and cost-efficient operation of our online offer within the meaning of art. 6 (1) (f) GDPR). Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). We use the online marketing method Google “DoubleClick” to place ads in the Google advertising network (e.g., in search results, in videos, on web pages, etc.). DoubleClick displays ads in real time based on users’ presumed interests. This allows us to display ads for and within our online offer in a more targeted manner in order to present users only with ads that potentially correspond to their interests. For example, if a user is shown ads for products that they expressed interest in on other online offers, this is referred to as “remarketing.” For these purposes, when our website and other websites on which the Google advertising network is active are called up, certain code is executed directly by Google and (re)marketing tags (invisible graphics or code also known as “web beacons”) are integrated into the website. With the help of these web beacons, an individual cookie, that is, a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). This file records the web pages that the user has visited, which content the user is interested in, and which offers the user has clicked on, as well as technical information about the browser and operating system, referring web pages, time of visit, and other information about use of the online offer. The IP address of the user is also recorded, with this IP address being truncated within member states of the European Union or in other contracting states to the Agreement on the European Economic Area and the IP address being transferred in full to a Google server in the United States and truncated there only in exceptional cases. Google may also combine the above-mentioned information with such information from other sources. If the user subsequently visits other websites, they can be shown ads tailored to their presumed interests based on their user profile. Personal information of users is processed pseudonymously within the Google advertising network. That is, Google does not store and process the name or e-mail address of the users, for example, but instead processes the relevant personal information from each cookie within pseudonymous user profiles. That is, from Google’s point of view, the ads are managed and displayed not for a specifically identified person but for the cookie holder, regardless of who this cookie holder happens to be. This does not apply if a user has expressly permitted Google to process the personal information without this pseudonymization. The information collected about users by Google Marketing Services is transmitted to Google and stored on Google’s servers in the United States. For more information about Google’s use of personal information, settings, and opt-out options, please refer to Google’s Privacy Policy (https://policies.google.com/technologies/ads) and the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
Microsoft Bing Ads
With Microsoft Bing Ads, we use the conversion tracking of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Bing Ads stores a cookie on your computer if you have reached our store via a Microsoft Bing ad. Microsoft and we can thereby recognize that a user has clicked on an ad, has been redirected to our website and has reached a previously determined target page (Art. 6 (1) (f) DS-GVO). We only learn the total number of users who clicked on the Microsoft Bing ad and were then redirected to the conversion page. No information about the identity of the user is disclosed. This allows us to measure the success of our ad placement and plan our marketing costs (our legitimate interest). We process the data until the end of the evaluation. The provision of the data by you is not required by law or contract, nor is it necessary for the conclusion of a contract. You can prevent the processing by opting out using the following link: https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings your objection. For more information on data protection and the cookies used by Microsoft and Bing Ads, please visit the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement.
Facebook pixel, Custom Audiences and Facebook conversion
Within our online offer, the “Facebook pixel” and the "Facebook Conversion API" of the Facebook social network, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used based on and for the purposes of our legitimate interests in the analysis, optimization, and cost-efficient operation of our online offer. Facebook is certified under the Privacy Shield agreement, which means it offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). Using the Facebook pixel, it is possible for Facebook to identify the visitors of our online offer as a target group for the display of advertisements (known as “Facebook ads”). The Facebook Conversion API is a data interface and a server-side event tracking tool through which we transmit data about you and your behavior on our website to Facebook for evaluation. The functionality and processing of data in the context of the Conversions API is basically the same as the functionality and processing in the context of the use of the Facebook Pixel. In connection with the Conversion API, we use the following data: Usage data: (user ids, IP address, client user agent, click ids, browser ID, product ids, advertising ID, Facebook login ID) and identifying personal data (email address, phone number, gender, date of birth, first and last name, city, state and country,zip code). Accordingly, we use the Facebook pixel to display Facebook ads placed by us only to Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g., interests in certain topics or products determined on the basis of websites visited) that we transmit to Facebook (known as “Custom Audiences”). Using the Facebook pixel, we also would like to ensure that our Facebook ads correspond to the potential interests of the users and are not annoying to them. The Facebook pixel also allows us to track the effectiveness of Facebook ads for statistical and market research purposes, as we can see whether users were redirected to our website after clicking on a Facebook ad (known as “conversion”). Facebook’s processing of personal information takes place within the framework of Facebook’s Data Policy, which provides general guidance on the display of Facebook ads: https://www.facebook.com/policy. Specific information and details about the Facebook pixel and how it works can be found in Facebook’s Help section: https://www.facebook.com/business/help/651294705016616. You can object to the collection of your personal information using the Facebook pixel as well as to the use of your personal information to display Facebook ads. To set what types of ads are shown to you within Facebook, you can go to the page set up by Facebook and follow the instructions there in regard to usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, that is, they are applied to all devices, including desktop computers and mobile devices. You may also object to the use of cookies used for reach measurement and advertising purposes by visiting the Network Advertising Initiative opt-out site (http://optout.networkadvertising.org/) and additionally the U.S. website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
Online presence in social media
We maintain online presences within social networks and platforms so we can communicate with customers, interested parties, and users who are active there and to inform them about our services there. We would like to point out that such social networks and platforms may involve the processing of personal information of users outside the area of the European Union. This may result in risks for users, as it could make it more difficult to enforce users’ rights, for example. With regard to US providers certified under the Privacy Shield, we point out that such providers thereby undertake to comply with EU data protection standards. In addition, personal information of users is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and resulting interests of the users. The usage profiles can in turn be used to display advertisements inside and outside the platforms that presumably correspond to the users’ interests, for example. This means that cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. In addition, personal information may also be stored in the usage profiles, irrespective of the devices used by the users (in particular if the users are members of the respective platforms and logged in to them). The processing of users’ personal information is based on our legitimate interests in providing users with effective information and communication with users pursuant to art. 6 (1) (f) GDPR. If users are asked by the respective providers for consent to processing of personal information (that is, they declare their consent by checking a checkbox or confirming with a button, for example), the legal basis of the processing is art. 6 (1) (a) art. 7 GDPR. For a detailed description of the respective processing and the opt-out options, please refer to the information of the providers linked below. In the case of requests for information and the assertion of user rights, we point out that these claims can be asserted most effectively if lodged directly with the providers. In each case, only the providers have access to the users’ personal information, and only the providers can take appropriate measures and directly provide information. If you nevertheless still need help, you can then contact us. - Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy: https://www.facebook.com/about/privacy/, opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. - Google/YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Privacy Policy: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. - Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/opt-out: http://instagram.com/about/legal/privacy/. - Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Privacy Policy: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active. - Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Privacy Policy/opt-out: https://about.pinterest.com/de/privacy-policy. - LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Policy https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active. - Xing (XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany) – Privacy Policy/opt-out: https://privacy.xing.com/de/datenschutzerklaerung. - Wakalet (Wakelet Limited, 76 Quay Street, Manchester, M3 4PR, United Kingdom) – Privacy Policy/opt-out: https://wakelet.com/privacy.html. - Soundcloud (SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany) – Privacy Policy/opt-out: https://soundcloud.com/pages/privacy.
Affiliate programs and affiliate links
We include so-called affiliate links or other references (which may include, for example, search masks, widgets or discount codes) to the offers and services of third-party providers in our online offer (collectively referred to as "affiliate links"). If users follow the Affiliate Links or subsequently take advantage of the offers, we may receive a commission or other benefits from those third parties (collectively, "Commission").
In order to be able to track whether users have taken advantage of the offers of an affiliate link used by us, it is necessary that the respective third-party providers learn that the users have followed an affiliate link used within our online offer. The assignment of the affiliate links to the respective business transactions or to other actions (e.g. purchases) serves the sole purpose of commission accounting and will be cancelled as soon as it is no longer necessary for the purpose.
For the purposes of the aforementioned assignment of the affiliate links, the affiliate links may be supplemented by certain values that are a component of the link or may be stored elsewhere, e.g. in a cookie. The values may include, in particular, the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online identifier of the user.
Notes on legal bases: if we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy. Types of data processed: contractual data (e.g. subject matter of contract, term, customer category); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses). Data subjects: Users (e.g., website visitors, users of online services). Purposes of processing: affiliate tracking. Legal Grounds: Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO); Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
Integration of third-party services and content
On the basis of our legitimate interests (i.e., interest in the analysis, optimization, and cost-efficient operation of our online offer within the meaning of art. 6 (1) (f) GDPR), we use content or service offers of third-party providers within our online offer in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content are aware of the IP addresses of the users, since without the IP address they would not be able to send the content to their browsers. The IP address is thus required for display of this content. We endeavor to use only the content whose respective providers use the IP address only for delivery of the content. Third-party providers may also use “pixel tags” (invisible graphics also known as “web beacons”) for statistical or marketing purposes. The pixel tags can be used to evaluate information such as visitor traffic to the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain data such as technical information about the browser and operating system, referring websites, time of visit, and other information about the use of our online offer, and it may be combined with such information from other sources.
YouTube
We integrate the videos of the “YouTube” platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Pinterest
Within our online offer, features and content can be integrated from the service Pinterest, offered by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. This may include content such as images, videos, or texts and buttons with which users can share content of this online offer within Pinterest. If users are members of the platform Pinterest, Pinterest can assign access to the above-mentioned content and features to the profiles of the users there. Pinterest Privacy Policy: https://about.pinterest.com/de/privacy-policy.
Created with data protection generator by attorney Dr. Thomas Schwenke
________________________________________
*The term “customer” is used to refer to women, men, and intersex persons on a neutral basis.