GDPR Privacy Statement 

 

Privacy Statement of FTT SIA (Webshop i-rewardshop.com)

 

I. Name and address of the data controller

The data controller according to General Data Protection Regulation and other national data protection laws of the EU Member States, as well as other data protection regulations, is:

SIA “FTT”
Registration and office Address:
Liliju iela 29
LV 2167 Mārupe, Mārupes nov.
LATVIA

i-rewardshop.com

II. General information about data processing

1) Scope of the processing of personal data

We collect and utilize our users’ personal data only insofar as this is necessary for the provision of an operational site and of our content and services. Collection and utilization of our users’ personal data is regularly only done with the user’s consent. An exception applies in those cases where prior consent cannot be obtained for legal or factual reasons and the processing of the data is permitted by law.

2) Legal basis for the processing of personal data

Insofar as we obtain consent from the data subject for the processing operations of personal data, Art. 6 para. 1 (a) of the EU General Data Protection Regulation (GDPR) serves as legal basis.

In processing personal data necessary for performance of a contract to which the data subject is a party, Art. 6 para. 1 (b) GDPR serves as legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 (c) GDPR serves as legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 para. 1 (d) GDPR serves as legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 (f) GDPR serves as the legal basis for processing.

3) Data deletion and storage duration

The personal data of a data subject will be deleted or blocked as soon as the purpose of storage ceases to exist.

In the event that you send us unsolicited application data via our website or otherwise electronically, we will delete the data immediately if we do not initiate an application process. In the event that we initiate an application process or you send us application data at our request, we will delete your data at the latest 4 months after completion of the application process if an employment relationship does not come into existence. Longer storage takes place if you have expressly declared your consent to this.

Furthermore, data may be stored if this has been intended by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. The blocking or deletion of data will also be carried out if a storage deadline prescribed by the referenced standards expires, unless data storage is a necessity for concluding or performing a contract.

4) Categories of recipients

Unless described otherwise below, the recipient of the personal data processed via our website is generally the data controller (see § I above). The personal data will generally not be communicated to third parties. A transmission to third parties, however, takes place in compliance with the provisions of the GDPR and the BDSG as well as other data protection regulations, if and insofar as this is necessary within the framework of a contract that has come into existence via our website (contract initiations, contract execution (even if you commission services that are provided in whole or in part by third parties)and contract processing (e.g. external payment service providers), insofar as this is legally prescribed, within the framework of the requirements specified by the respective law and, if applicable, consideration of the interests concerned. Such cases may include criminal investigations, for example. Such a transmission also takes place if you have given legally valid consent.

If you submit your data to us in order to apply to our company as an employee, data will only be transferred to the relevant department or departments within our company.

III. Provision of the website and creation of log files

1) Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.

In doing so, the following data is collected:

– Information about the browser type and the version used
– The operating system of the user
– The IP address of the user
– Date and time of access

The data is also stored in the log files of our system. These data is not stored together with other personal data of the user.

2) Legal basis for data processing

The legal basis for temporary storage of data and log files is Art. 6 para. 1 (f) GDPR.

3) Purpose of data processing

Temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session. The data is stored in log files to ensure the website’s functionality. The data is also used to optimize the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context.

These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 para. 1 (f) GDPR.

4) Storage duration

The data will be deleted as soon as they are no longer necessary to fulfill the purpose for which they had been collected. In the case of data collected in order to provide the website, this occurs once the respective session has ended. If the data is stored in log files, this occurs within 14 days at the latest, unless otherwise stated in this privacy statement.

5) Objection and deletion option

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

IV. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again. We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser be identifiable even after changing pages. The following data is stored and transmitted in the cookies:

– Language settings

We also use cookies on our website to analyze users’ web surfing behavior. The following data can be transmitted in this way:

– Specified search terms
– Frequency of page views
– Use of website functions
– Session duration up to 20 minutes
– Campaign tracking
– Analysis of the origin of the user
– Areas which the user clicks the most
– Bounce rate
– Viewing of contact data
– Playing media
– Page updates
– Adding to favorites
– Sharing content (social media)
– IP address, if applicable
– Email address data, if applicable – Browser type, version, number and extensions
– Time zone settings
– Operating system
– Platform, including date and time
– Device ID

The user data collected in this way is pseudonymized via technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with users’ other personal data.

When accessing our website, users are informed by an information banner on the use of cookies for analytical purposes and referred to this privacy statement. In this context, a note is also included as to how users can disable the storage of cookies in the browser settings.

b) Legal basis for data processing

The legal basis for processing personal data using cookies is Art. 6 para. 1 (f) GDPR.

c) Purpose of data processing

The purpose of using technically essential cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. In this case, it is necessary that the browser be recognizable even after changing the page.

We require cookies for the following applications:

– Copying language settings
– Copying data for contact forms
– Search results
– Product advice
– Product comparison

The user data collected by technically essential cookies is not used to create user profiles.

The analytics cookies are used to improve the quality of our website and its content. Using analytics cookies, we learn how the website is used and can thereby constantly optimize our service.

While making your data anonymous, we record which areas of our website and provided media are particularly used by our users in terms of content and/or design and are therefore of particular interest to them in order to ensure that such an offer can be continuously found and updated.

For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Art. 6 para. 1 (f) GDPR.

e) Duration of storage, objection and removal option

Cookies are stored on the user’s computer and transmitted to our site. Therefore, as a user you have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all of the website’s features.

V. consent to data transfer and data processing in non-EU countries

a) Description and scope of data processing

In certain cases, personal data may also be transferred to and processed by entities based in countries outside the EU where European data protection law does not apply or where a lower level of data protection exists, in particular to entities in the United States.

This is the case with us for the services described below:

MailChimp
Google Analytics
Doubleclick Ad Exchange Buyer
Google Tag Manager
Form auto-complete and validation

There is no legal or contractual permission to transfer personal data. There is no so-called adequacy decision or other guarantee regarding the handling of personal data which ensures that your data is processed with the same level of protection as in Europe in accordance with the DSGVO or other European data protection regulations. There is therefore a risk that your data may be used in third countries in a way that would be inadmissible under European law. This includes, among other things, statements on the duration of storage, as well as objection and removal options or other legal remedies against any legal infringements resulting from the use of your personal data in these countries.

b) Legal basis for data processing

The legal basis for the processing of personal data is Art. 49 I lit. a) DSDGVO (Consent).

A data protection banner will be displayed on the start page of our website when you access the website. In this banner, you can individually configure the data protection settings or your consent to data transfer or accept all settings. By clicking on the button “Accept all” or by individual settings of the cookie rights “Performance, Functional and Advertising”, you also expressly consent to the transfer of data to locations outside the EU where the DSGVO does not apply or where an appropriate level of data protection does not exist.

 

c) Purpose of data processing

The purpose of data processing is the use of our e-mail service for advertising purposes, the design and execution of functions on our website and the collection and analysis of marketing data to improve our offer.

VI. Newsletter

1) Description and scope of data processing

You can subscribe to a free newsletter on our website. In doing so, the data from the contact form are transmitted to us when you subscribe to the newsletter.

– Email address
– First name
– Last name

The following data will also be collected upon subscription:

– IP address of accessing computer
– Date and time of registration

During the registration process, your consent for the data processing is obtained and reference to this privacy statement is made.

2. Mailchimp

The newsletter can be sent via the provider “MailChimp” (provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA). In so doing, we transmit the following data, which is also stored by this provider on a server in the USA, to the provider as our contractual partner for sending newsletters:

– Email Address
– First Name
– Last Name

The data is also evaluated by the provider in order to improve its own services, e.g. by technical optimization of the dispatch under presentation of newsletters. However, under no circumstances does the provider use the transmitted data to pass it on to third parties or to address the person behind the personal data itself.

We have concluded a so-called contract on order data processing with the provider, according to which the provider is obliged to protect the data of our users and to insure an appropriate level of protection and to process it on our behalf, in particular also not to pass the data on to third parties.

3) Legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is the consent of the user, see VII of this privacy policy.

4) Purpose of data processing

The user’s email address is collected in order to deliver the newsletter. The collection of other personal data as part of the subscription process ensures the prevention of misuse of the services or of the used email address.

5) Storage duration

The data will be deleted as soon as they are no longer necessary to fulfill the purpose for which they had been collected. Therefore, the user’s email address will be stored for as long as the newsletter subscription is active.

6) Objection and deletion option

The newsletter subscription can be cancelled by the user at any time. A link to unsubscribe can be found in every newsletter. This also allows for withdrawal of consent to the storage of personal data collected during the subscription process.

VII. Registration

1) Description and scope of data processing

By entering personal data, we offer users the option to register on our website for sales and/or warranty purpose. The data is entered into an input screen, transmitted to us, and stored. These data will not be transferred to third parties.

The following data is collected during the warranty registration process:

Product ID, Serial number, date of purchase, first name, last name, zip code, city, street, house number, country, date of birth (optional), email address. optional newsletter registration or participation in market research (survey and collection of individual views on our products and services, their presentation and distribution).

In the online shop, the following data is collected for registration

Email address
Password
Private customer/Company
Title
First name
Last name
Phone number
Street and house number
Zip code/City
Country
Delivery address: title, company name, if applicable; department, first name, last name, street/house number; zip code/city; country

The following data is also stored during registration:

– The IP address of the user
– Date and time of registration

– For product registration: first name, last name, address, email address, serial numbers of purchased products, seller name, date of purchase

The user’s consent to processing this data is obtained during the registration process.

2) Legal basis for data processing

If the user’s consent has been obtained, the legal basis for processing the data is Art. 6 para. 1 (a) GDPR. If registration is for fulfillment of a contract to which the user is a party or for execution of pre-contractual measures, an additional legal basis for the data processing is Art. 6, para. 1 (b) GDPR.

3) Purpose of data processing

User registration is sensible for the guarantee processing of our manufacturer’s guarantee and for the product management of the products sold by us as well as necessary for the execution and processing of contracts in the context of the online shop. It is subject to the user’s consent. If and to the extent that a registration option for the creation of a user account is offered on our website, it is also possible via this user account to register products in order to extend the warranty conditions for certain products of which we are the seller (manufacturer’s warranty extension). The specified data will be used by us as part of a purchase transaction contract related to the execution and processing of your order. They are used to create the user account, which you can use to retrieve contract-related information. In this respect, there is also a usage relationship from which you can access your customer data via our website at any time by logging in with your blog in data, as long as these are processed (stored) within the framework of the user relationship.

4) Storage duration

The data will be deleted as soon as they are no longer necessary to fulfill the purpose for which they had been collected. This is the case during the registration process for the fulfillment of a guarantee contract (manufacturer’s guarantee) if the data for the execution of a contract, e.g. a purchase contract and the usage relationship (access to your customer accounts) are no longer required.

Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfill contractual or legal obligations.

5) Objection and deletion option

As user, you have the option of canceling the registration at any time. You can have the data stored about you changed at any time.

Please use the contact form provided on our website to send us an email with the email address used for registration. We will then verify your request by contacting you, after which we will delete or amend your request if it is positively verified.

If the data is required for the fulfillment of a contract, early data deletion is only possible insofar as contractual or legal obligations do not preclude deletion.

VIII. Contact form and email contact

1) Description and scope of data processing

Our website provides contact forms which can be used for electronic contact. If the user takes advantage of these forms, the data that is entered in the input mask will be transmitted to us and stored. These data is (depending on the type of contact form used):

General contact form:

– General contact form: name, email address, request, questions about purchased products, support,

– Spare part inquiries and warranty: name, email address, address, product, serial number, request, date of purchase

– Sales and advertising materials: request, email address, company, address

The web shop also provides a general contact form:

-Title
– First name
– Last name
– Email address
– Phone number
– Subject
– Comment: Your details in the free text comment field, enter them there and submit them to us.

Contact form “technical inquiries”
– Title
– First name
– Last name
– Email address
– Phone number
– Subject
– Comment: Your details in the free text comment field, enter them there and submit them to us.

Other personal data:

– The IP address of the user
– Date and time of registration

Alternatively, you may contact us via the provided email address. In this case, the user’s personal data that is transmitted along with the email will be stored.

This data will not be disclosed to third parties in this context. The data is used exclusively for processing the conversation.

2) Legal basis for data processing

If the user’s consent has been obtained, the legal basis for processing the data is Art. 6 para. 1 (a) GDPR. The legal basis for processing the data transmitted in the course of sending an email is Art. 6 para. 1 (f) GDPR. If you send us an email with the intention to enter into a contract with us, this creates an additional legal basis for its processing per Art. 1 (b) GDPR.

3) Purpose of data processing

The processing of personal data from the input mask is used by us only for processing the contact request. In the event that a contact request is sent by email, this also constitutes the necessary legitimate interest in processing the data.

The processing of other personal data during the sending process is done for the purpose of preventing the abuse of the contact form and ensuring the security of our information technology systems.

4) Storage duration

The data will be deleted as soon as they are no longer necessary to fulfill the purpose for which they had been collected. For personal data that was taken from the contact form input mask and data that was sent by email, this is the case when the respective conversation with the user has been completed. The conversation will have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.

Personal data that was additionally collected during the sending procedure will be deleted at the latest after a period of seven days.

5) Objection and deletion option

The user has the option of revoking his or her consent to the processing of personal data, at any time. A user who has contacted us by email can object at any time to the storage of his or her personal data. It will not be possible to continue the conversation in this case. All personal data stored in the course of making contact will be deleted in this case if and insofar as this is not contrary to statutory provisions, e.g. under the Latvian Commercial Code or the Tax Code, or any other justification under data protection regulations, which requires storage after weighing all interests.

IX. Online shop orders (payment service providers, among others)

1) Description and scope of data processing

(1) Through our online shop, we record your personal data in the context of the ordering process, which is described in detail on our website, as far as you provide us with these by input in corresponding form fields, to the extent that the reasoning, execution or processing of a contractual relationship about the purchase of individual goods offered by us in the online shop is required.

To do this, you must create a customer account using a form for entering your personal data, whereby your personal data will be stored by us after your submission (see “Registration” above). Here you can also specify whether you would like to receive our newsletter (see “Newsletter” above).

(2) When concluding the purchase contract via our online shop, you also choose your desired payment method which we offer for the product purchase. If you use the PayPal or PayPal Plus payment service, the following data will be sent via an interface directly to the service provider of this payment service

(PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg E-Mail: [email protected])

by us. Use of the payment service requires that you have previously entered into an agreement about the use with this service provider. The respective service provider is responsible for the use of this service and related handling of your data in line with data protection laws, except for the present transmission of your data by us. The privacy policy of the provider can be found on the respective website of the service provider.

With the agreement of the PayPal or PayPal plus payment service, we transfer according to agreement after completion of the purchase contract to the service provider who maintains this payment service your

– First name and last name,

– Purchase price of the products

and the short description of the purchased product(s),

whereby they are forwarded automatically to the website via which provides the payment service. You can then continue to make the payment as agreed with the payment service provider.

After payment has been processed via this payment service provider, we will immediately receive an electronic message about the execution of the payment according to the payment data transmitted by us. We do not receive any further data from the provider of this payment service.

(3) If you choose the credit card payment method (Visa card/Mastercard), then the settlement data will be forwarded to an external company, A/S Swedbank (https://www.swedbank.lv) based in Riga, Latvia (provider). This company carries out the payment processing of your purchase contract for us as ordered based on contractual agreements with the providers of the respective credit cards.

In doing so, the provider will store your first and last name, your home country, your address data, your email address, possibly an IP address and, if applicable, a provided phone number, the type of card you are using, your bank details, the purchase price from your order, the designated use of your order and, if applicable, a note about processing, which you have provided us with the purchase. We can access these data via our customer account, which we maintain with the provider. In the event of the termination of the contractual relationship with the provider, we can export this data to us in a generally readable format. The provider requests the purchase price resulting from your order on our behalf with your credit card provider, and forwards it electronically to us.

2) Legal basis for data processing

If the user’s consent has been obtained, the legal basis for processing the data is Art. 6 para. 1 (a) GDPR. The legal basis for the processing of data concerning the execution of a purchase contract is Art. 6 para. 1 (b) GDPR, alternatively Art. 6 para. 1 (f) GDPR

3) Purpose of data processing

The purpose of the data processing is the efficient execution of a contractual relationship with you, which is completed via our online platform. The processing of the payment for your order is done fast in this way, efficient and quite safe, and leads to the fact that the purchase contract is completed in your interest quickly and with a low error rate and that the goods are delivered to you quickly and promptly. Herein lies also the legitimate interest in data processing.

4) Storage duration

The data, which are processed for the execution of a contract by us, are deleted according to legal regulations. In addition, the deletion takes place when storage according to the respective purpose of the contract is no longer required.

5) Objection and deletion option

A right to objection and deletion according to Art. 21 GDPR does not apply to data processed via the sales process in the online shop, insofar as this concerns data which is required for the execution of the purchase contract in commercial, tax or otherwise accounting terms.

X. Web analytics by Google Analytics

1) Scope of the processing of personal data

We use the “Google Analytics” software (Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website to analyze the surfing behavior of our users. The use of this software makes it possible to assign user behavior to a user’s pseudonym ID, even across devices.

Terms of use of Google Inc. for Google Analytics:

www.google.com/analytics/terms/de.htmlpolicies.google.com

We have concluded a so-called contract on order data processing with the provider, according to which the provider is obliged to protect the data of our users and to insure an appropriate level of protection and to process it on our behalf, in particular also not to pass the data on to third parties. The software places one or more cookies on the user’s end device (see above for cookies). If individual pages of our website are accessed, the following data is stored:

– Two bytes of the IP address of the accessing system of the user
– The visited web page
– The website from which the user came to the accessed web page (referrer)
– The subpages, which are accessed from the accessed web page
– The length of stay on the website
– The frequency of accessing the website

The user behavior information stored in such cookies is automatically transferred to a server of the software provider (Google), which is usually located in the USA, i.e. in a so-called third country outside the EU and the EEA. However, we use the anonymization of the IP address provided by the software on our website. This will shorten your IP address, which would otherwise have made it possible to identify the respective user, within the member states of the EU and the EEA, before such a transmission, whereby in exceptional cases a truncation can also take place after such a transmission. Under no circumstances will your IP address be combined with other data in order to record and analyze profiles and user behavior. Google only analyses and displays your website activity in relation to our website as part of our order data processing in order to make information collected in this way available to us as a service. This is also our legitimate interest in data processing.

2) Legal basis for the processing of personal data

The legal basis for the use of Google Analytics is your consent, see VII of this privacy policy.

3) Purpose of data processing

The processing of users’ personal data enables us to analyze the surfing behavior of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Art. 6 para. 1 (f) GDPR. By anonymizing the IP address, users’ interest in protecting their personal data is sufficiently taken into account.

4) Storage duration

The data processed by us when using our website via the “Google Analytics” service is automatically deleted after 14 months. Data exceeding storage duration limits are deleted automatically once a month.

5) Objection and deletion option

Cookies are stored on the user’s computer and transmitted to our site. Therefore, as a user you have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all of the website’s features.

We offer our users the possibility of an opt-out from the analysis procedure on our website. To do this, you must follow the corresponding link. In this way, another cookie is placed on your system, which signals to our system not to store the user’s data. If the user deletes the corresponding cookie from his or her system in the meantime, the opt-out cookie must be reset again.

By changing the security settings of your Internet browser, you can prevent cookies from being stored in the devices it uses. However, this can lead to restrictions in the use of Internet pages.

You can also prevent the processing of your data collected in cookies by the Google Analytics software by using software provided by Google Inc. (browser add-on for deactivating Google Analytics), which you can download and use at the following link tools.google.com/dlpage/gaoptout. The provider is exclusively Google Inc. so that its terms of use and, where applicable, restrictions must be observed. It cannot be guaranteed that the software provider makes this software available for all operating systems and/or devices.

XI. Doubleclick Ad Exchange Buyer

1) Scope of the processing of personal data

We use the “Ad Exchange Buyer” software (Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website to analyze the surfing behavior of our users. The use of this software enables us to effectively design advertising material and advertisements on Internet pages based on your interests and your user behavior. Privacy Policy of Google Inc policies.google.com/privacy

We have concluded a so-called contract on order data processing with the provider, according to which the provider is obliged to protect the data of our users and to insure an appropriate level of protection and to process it on our behalf, in particular also not to pass the data on to third parties.

The software sets one or more cookies on the user’s end device (see above for cookies), which determine what advertising reference the user has when accessing Internet pages and to which advertising a user reacts.

If individual pages of our website are accessed, the following data is recorded and stored in a non-personal or non-referable manner:

– Information about the Internet browser you are using
– Keyword of product searches
– (Previously) visited websites

The user behavior information stored in such cookies is automatically transferred to a server of the software provider (Google), which is usually located in the USA, i.e. in a so-called third country outside the EU and the EEA. A personal reference is not established. Under no circumstances will your data be merged in order to be able to record and analyze individual profiles and user behavior in this way.

2) Legal basis for the processing of personal data

The legal basis for the use of the service of Google Ad Exchange Buyer is your consent see VII of this privacy policy.

3) Purpose of data processing

The processing of users’ personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are in a position to design our advertising media and advertisements in a targeted manner and to measure and statistically evaluate the success of advertisements. This helps us to continuously improve our website and its user-friendliness. For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Art. 6 para. 1 (f) GDPR. By anonymizing the IP address, users’ interest in protecting their personal data is sufficiently taken into account.

4) Storage duration

The data processed by us when using our website via the “Google Analytics” service is automatically deleted after 14 months. Data exceeding storage duration limits are deleted automatically once a month. In all other respects, data is only stored to the extent and as long as this is necessary in the context of the use of the service.

5) Objection and deletion option

As user, you have full control over the use of cookies used by Google as part of the “Ad Exchange Buyer” service. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all of the website’s features. You can also set your browser to block cookies from the “googleadservices.com” domain so that cookies from other providers remain permitted by you.

By changing the security settings of your Internet browser, you can prevent cookies from being stored in the devices it uses. However, this can lead to restrictions in the use of Internet pages.

XII. Google DoubleClick-Cookies (Floodlights)

1. scope of the processing of personal data

This website occasionally uses Google DoubleClick cookies (floodlights) for certain campaigns. Doubleclick is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This involves placing cookies, not text files, in your browser cache (i.e. in the cache of your Internet browser) when an advertising banner that links to our website is displayed on the Internet as part of our campaign. If you reach our website via this advertising banner, we can register this via the cookie, but cannot assign it to an individual person. These cookies are technically designed in such a way that they are pseudonomized and their content is not suitable for establishing a personal connection to you. A pseudonymous identification number (ID) is assigned to your browser. DoubleClick cookies therefore do not contain any personal data. They are only collected when we evaluate the use of this website as part of our campaign. The data collected is only evaluated by us for statistical purposes and in anonymized form.

The data is stored with the provider of the tracking tool, with whom we have concluded a so-called contract on order data processing, according to which the provider is obliged to protect the data of our users and to insure an appropriate level of protection and to process the data on our behalf, in particular not to pass the data on to third parties.

2.) legal basis for the processing of personal data

The legal basis for the use of the DoubleClick cookie service is Art 6 Paragraph 1 lit a) DSGVO if consent has been given, otherwise Art 6 Paragraph 1 lit f) DSGVO (legitimate interest)

3.) purpose of data processing

The processing of users’ personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to design our advertising material and advertisements in a targeted manner and to measure and statistically evaluate the success of advertisements.

This helps us to constantly improve our website and its user-friendliness. In these purposes also lies our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f DSGVO. The anonymization of cookie contents takes sufficient account of the users’ interest in their protection of personal data.

4.) duration of storage

The data processed by us when using our website via the “Google Analytics” service are automatically deleted as cookies after 540 days (cookie runtime). The data stored by us (general Kampaganenkennzahlen) are deleted one month after collection. Otherwise, data will only be stored to the extent and for as long as necessary in the context of using the service. With the provider of the tracking tool if the data is stored up to 180 days.

5.) possibility of objection and removal

You can prevent the use of cookies by downloading and installing the browser plugin available at the following link (https://adssettings.google.com/u/0/authenticated?hl=en-GB) under the DoubleClick opt-out extension Alternatively, you may disable the Doubleclick cookies on the Digital Advertising site by clicking the following link (http://optout.aboutads.info/?c=2&lang=EN).”

XIII. Google Tag Manager

1) Scope of the processing of personal data

We use the “Google Tag Manager” service on our website (provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).The Tag Manager is a service with which we can manage so-called website tags (e.g. tracking code) via an interface. The tool provides the administration of other “tags” (e.g. Google Analytics), which in turn may collect data. The Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.

2) Legal basis for the processing of personal data

The legal basis for the use of Google Tag Manager is, with your consent, see VII of this Privacy Policy.

3) Purpose of data processing

The use of the “Google Tag Manager” service improves the programming and administration of our website with regard to so-called text (e.g. tracking code, Google Analytics) and the functionality of the website.

4) Storage duration

No personal data is collected via the service, but possibly via the managed day (with us Google Analytics, see Web analysis by Google Analytics above).

5) Objection and deletion option

You can exclude the Service by deactivating the JavaScript function within the software you are using on the end device with which you are accessing our website. If disabled at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.

XIV. Facebook pixels (standard version)

1. scope of the processing of personal data

For marketing purposes, we collect personal data via the analysis software “Facebook Pixel”, which is provided by Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are located in the EU, Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin , Ireland (hereinafter also referred to as “Provider”), if you call up our website via an advertisement or other advertising measure by forwarding it to Facebook. We record and analyze the connection between the advertisement and the call and use of our website. For this purpose, we set and write a cookie (first-party cookie) when you click on one of our advertisements on Facebook and are redirected to the website stored by us there. At the same time, contact is then made with a server operated by Facebook, this data is transmitted to Facebook and made available to us for analysis purposes. In particular, the IP address, information on the web browser and on visits to our website, a pixel ID, button click data are recorded. Facebook also assigns the information to your Facebook user account and, if necessary, the provider links this information to other data, including data on your visit to other websites. However, we are not provided with any information about this. We receive exclusively statistical data from Facebook, which concern the call of our website via our advertisements on Facebook.

We use Facebook pixels only in the standard version, not in the so-called mode via extended data synchronization.

2.) Legal basis for the processing of personal data

The legal basis for the use of the service faceboo pixel is, with your consent, Art 6 para. 1 lit. a DSGVO, i.Ü. Art. 6 paragraph 1 lit. f . DSGVO.

3.) purpose of the data processing

By using the “Facebook Pixel” service, advertising information about our products is displayed in a targeted manner on suitable websites, thus serving our marketing and your interest in information about our products. This is also our legitimate interest.

4.) duration of storage

The data is stored by us only statistically and without allocation to a specific person. After one year, we will check whether further storage for marketing purposes is necessary and delete it if not.

5.) possibility of objection and removal

You can object to the use of Facebook pixels by clicking on the following LINK, which will disable (opt-out) the writing of the cookie and the tracking via Facebook pixels. You can also make settings in your Facebook account to limit or specify the data processing www.facebook.com/help/568137493302217.

XV. Social networks

1) Description and scope of data processing

Our website provides links (identified by a pictogram) to other websites of our Internet presence in social networks, enabling us to access our respective website in these social networks.

(1) Facebook is a social network of Facebook Ireland Limited (operator) (Hanover Reach, 5-7 Hanover Quay, Dublin 2 Ireland). We have integrated our company website into Facebook.

(2) YouTube is a social network of YouTube LLC (operator) (901 Cherry Ave. San Bruno, CA 94066 USA). We have integrated our company website into YouTube.

(3) Instagram is a social network of Instagram LLC, (operator) (1601 Willow Rd, Menlo Park, CA, USA). We have integrated our company website on Instagram.

(4) Pinterest is a social network of Pinterest Europe Ltd. (operator) (Palmerston House, 2nd Floor Fenian Street Dublin 2, Ireland). We have integrated our company website on Pinterest.

(5) LinkedIn is a social network of LinkedIn Corp, (operator) (1000 West Maude Avenue Sunnyvale, CA 94085 United States). We have integrated our company website on LinkedIn.

(hereinafter referred to as: social network)

a) By clicking on the link (hyperlink) on our website, which refers to the website of the respective social network, you access the website of the operator of the social network. If necessary, you may need to log into your social network customer account to fully access our website on the website of the respective social network. We may then have access to your public information on the social network or information that you share for that particular application within the social network. The public information can be viewed by any third party. Such information includes in particular your name, your profile, cover pictures and photographs, gender, networks, user name (also called Facebook URL on Facebook) and user ID (also called Facebook ID on Facebook), comments and contributions (user content). In accordance with contractual agreements between the operators of the respective social networks, information may also be exchanged between these networks, e.g. on the social network Pinterest, if you sign up for this service with a Facebook or Google account in accordance with the contractual conditions of the respective operators. Details of personal data processed within the social network are decided by your contractual relationship with the operator of the social network and its respective data protection regulations and data protection regulations to which reference is made in this respect. These are available on the social network website. They are also used and processed by us only within the social network within the framework of the functions and procedures offered there in each case. Personal data that we use within our Internet presence on Facebook will not be transmitted by us to third parties unless and to the extent that nothing to the contrary has been expressly agreed to or permission has been given for such transmission. This may be the case, for example, if you request a newsletter (see “Newsletter” above) via our company pages.

b) Within the social network Facebook, we use the Facebook Insights service, which gives us marketing data about members of the Facebook social network when using the services of this network provided by the operator. Among other things, we are provided with information on the age group, gender, education, occupation, relationship status, interests and hobbies, user locations and their interaction behavior on Facebook (e.g. reaction feedback on postings, number of average likes of postings and pages) and linking of this information for marketing evaluation (target group and advertising analysis) and for targeted promotional information. We do not receive any information about Facebook names, real names, addresses (including IP addresses) or any other information that enables us to personalize the data provided to certain persons.

The data protection responsibility is regulated by an agreement between us and the operator of the Facebook platform according to Art. 26 GDPR. Thereby, the operator of the Facebook platform has assumed and expressly assured to bear all rights and obligations under the GDPR in connection with the provision and use of the Facebook Insights service next to us as the primary data controller. The statement to this effect can be found under www.facebook.com/legal/terms/page_controller_addendum.

To the extent that this agreement provides that the Irish Data Protection Commission is the lead supervisory authority for processing according to Art. 26 GDPR, any local complaint or breach of the GDPR may also be the responsibility of your local regulatory authority if the breach or the subject matter the complaint is only related to a branch in your state (member state) or only persons of your state (member state) are significantly impaired. In this case, the lead supervisory authority decides on the competence of the respective supervisory authority, Art. 56 (3) GDPR.2) Legal basis for data processing

If the user’s consent has been obtained, the legal basis for processing the data is Art. 6 para. 1 (a), alternatively Art. 6 (f) GDPR.

3) Purpose of data processing

We use your personal data exclusively for the purpose of offering and making available the respective service in social networks. Any further use will only take place if your legally effective consent is available or we are legally obliged to do so.4) Storage duration

The data is stored for the duration of the link to our website in the social network and for the duration of the existence of our website in the social network.

5) Objection and deletion option

The user has the option of revoking his or her consent to the processing of personal data, at any time. Such a revocation can be given to us at any time electronically by email, by post, by fax or phone. You may also use the contact form provided on the website or the contact data given in the About us section of the website as well as the contact data given next to the contact form on our website.

All personal data stored by us in the course of using our services in social networks will be deleted in this case, provided that data protection regulations which require legal storage or storage of the respective data that is necessary according to the purpose of the contract do not conflict.

You can also remove or restrict a link between your data and our Internet service via settings in your social media account.

XVI. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights with respect to the data controller:

1. Right to information

You can request that the data controller confirm whether we process personal data that concerns you.

If such processing is taking place, you can request to be informed by the data controller regarding the following information:

(1) the purposes for processing the personal data;

(2) the categories of personal data being processed;

(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;

(4) the planned storage duration of personal data concerning you or, if specific information in this respect is not possible, criteria for determining the storage period;

(5) the existence of a right of rectification or deletion of personal data that concerns you or of a restriction on processing by the data controller or of a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) any available information on the origin of the data if the personal data has not been collected from the data subject;

(8) the existence of automated decision-making, including profiling in accordance with Art. 22 para. 1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information regarding whether your personal information will be transmitted to a third-party country or an international organization. In this respect, you can request the appropriate guarantees in accordance with Art. 46 of the GDPR in connection with the transmission.

2. Right to rectification

You have a right to correct and/or add to your personal data held by the data controller if the processed personal data that concern you are incorrect or incomplete. The data controller shall make the correction immediately.

3) Right to limitation of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted if:

(1) you dispute the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

(3) the data controller no longer needs the personal data for processing purposes, but you need it to establish, exercise, or defend legal claims; or

(4) you object to the processing in accordance with Art. 21 para. 1 of the GDPR and it is not yet clear whether the legitimate reasons of the data controller outweigh your reasons.

Where processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State.

If the processing restriction has been done in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to deletion

a) Duty to delete

You may request that the data controller delete the personal data that concerns you immediately, and the data controller will be obliged to delete this data immediately if one of the following reasons applies:

(1) the personal data that concerns you is no longer necessary for the purposes for which it was collected or otherwise processed;

(2) you revoke your consent to the processing pursuant to Art. 6 para. 1 (a) or Art. 9 para. 2 (a) GDPR, and where there is no other legal ground for the processing.

(3) you submit an objection to the processing pursuant to Art. 21 para. 1, GDPR, and there are no overriding legitimate grounds for processing, or you submit an objection according to Art. 21 para. 2 GDPR to the processing;

(4) the personal data that concerns you has been processed unlawfully;

(5) the deletion of personal data is required to comply with legal obligations according to Union law or the laws of the Member States to which the data controller is subject;

(6) the personal data that concerns you has been collected in connection with offered information society services pursuant to Art. 8 para. 1 GDPR.

b) Information to third parties

If the data controller has made the personal data that concerns you public and if the data controller is obliged for its deletion pursuant to Art. 17 para. 1 of the GDPR, the data controller shall take appropriate measures, including technical means, while taking into account available technology and implementation costs, to inform the third parties processing your data that you as the data subject have requested deletion of all links to such personal data or of copies or replications of such personal data.

c) Exceptions

The right to deletion does not exist insofar as the processing is necessary

(1) to exercise the right of freedom of expression and information;

(2) for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the data controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred to the data controller;

(3) for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 (h) and (i), as well as Art. 9 para. 3 of the GDPR;

(4) for archiving purposes in the interest of public, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, to the extent that the law referred to in (a) is likely to render impossible or seriously prejudicial the attainment of the objectives of such processing; or

(5) to assert, exercise or defend legal claims.

5) Right to information

If you have exercised your right to have the data controller correct, delete, or limit the processing, he or she is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

It is your right to have the data controller inform you about these recipients.

6. Right to data portability

You have the right to obtain your personal data, which you have provided to the data controller, in a structured, commonly used and machine-readable format. In addition, you have the right to pass this data on to another data controller without obstruction by the data controller to whom the personal data was provided, insofar as

(1) the processing is based on consent pursuant Art. 6 para. (1) a of the DSGVO or Art. 9 para. (2) a of the DSGVO or on a contract pursuant to Art. 6 para. 1 (b) of the GDPR and

(2) the processing is undertaken using automated procedures.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

7. Right to object

You have the right, for reasons arising from your specific situation, to object to the processing of personal data concerning you at any time, which is carried out in accordance with Art. 6 para. 1 (e) or (f) GDPR, including profiling based on those provisions;

The data controller will no longer process the personal data that concerns you, unless the party can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data that concerns you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to processing that is for direct marketing purposes, the personal data that concerns you will no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8) Right to revoke the data protection declaration of consent

You have the right at any time to revoke your data protection declaration of consent. The revocation of consent shall not affect the legality of any processing undertaken on the basis of this consent before its withdrawal.

9) Automated decision on a case-by-case basis, including profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This shall not apply if the decision:

(1) is necessary for the conclusion or fulfillment of a contract between you and the data controller;

(2) is permissible on the basis of legislation of the Union or the Member States, to which the data controller is subject, and these laws contain adequate measures to safeguard your rights and freedoms, as well as your legitimate interests, or

(3) is undertaken with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 Para. 2 (a) or (g) and appropriate measures have been taken to protect your rights and freedom as well as your legitimate interests.

In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person on the part of the data controller, to state his or her own position and to challenge the decision.

10) Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of the GDPR.

The supervisory authority with which the appeal has been filed shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 of the GDPR.

Status as of: 04-28-21