Privacy notice

Scope of anonymous data collection and data processing

Unless otherwise stated in the following sections, no personal data is collected, processed or used when you use our websites. However, we do learn certain technical information through the use of analysis and tracking tools based on the data transmitted by your browser (e.g. browser type/version, operating system used, our websites visited including length of stay, previously visited website). We evaluate this information for statistical purposes only.

The legal basis for the processing of personal data

1. Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

2. Art. 6 (1) (b) GDPR serves as the legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is party. This also applies to processing operations required to carry out pre-contractual measures.

3. Insofar as the processing of personal data is required for compliance with a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

4. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d) GDPR serves as the legal basis.

5. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f) GDPR serves as the legal basis for processing.

Use of cookies

The AT Zweirad GmbH website uses cookies. Cookies are data that are stored by the internet browser on the user's computer system. The cookies can be transmitted to a page when it is accessed and thus enable the user to be identified. Cookies help to make using the website easier for the user.

It is possible to object to the setting of cookies at any time by changing the settings in the internet browser. Set cookies can be deleted. Please note that if you disable cookies, you may not be able to use all the features of our website to their full extent. The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the user. When accessing our website, users are informed about the use of cookies for analytical purposes by means of an information banner and referred to this privacy notice. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings. The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) (f) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user in this regard, in accordance with Article 6 (1) (a) GDPR. Please refer to our cookie banner and the information in this privacy notice to find out whether and to what extent cookies are used on our website.

Creation of log files

Every time the website is accessed, AT Zweirad GmbH collects data and information using an automated system. This is stored in the server's log files. The data is also stored in our system's log files. This data is not stored together with other personal data of the user.

The following data may be collected:

(1) Information about the browser type and version used

(2) The user's operating system

(3) the user's internet service provider

(4) the user's IP address

(5) the date and time of access

(6) websites from which the user's system accesses our website (referrer)

(7) websites accessed by the user's system via our website

Duration of the storage of personal data

Personal data is stored for the duration of the respective statutory retention period. After the deadline, the data is routinely deleted, unless there is a need for a contract initiation or contract fulfilment.

Ways to get in touch

There is a contact form on the AT Zweirad GmbH website that can be used for electronic contact. Alternatively, contact via the provided e-mail address is possible. If the data subject contacts the data controller through one of these channels, the personal data transmitted by the data subject will be stored automatically. The storage is solely for the purpose of processing or contacting the data subject. The data will not be passed on to third parties. The legal basis for the processing of the data is the consent of the user in accordance with Article 6 (1) (a) GDPR. The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6 (1) (f) GDPR. If the e-mail contact aims to conclude a contract, then an additional legal basis for the processing is Article 6 (1) (b) GDPR. The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the facts in question have been conclusively clarified.

Newsletter

If you subscribe to our company newsletter, the data in the respective input mask will be transmitted to the data controller. Registration for our newsletter is done in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with external e-mail addresses. When registering for the newsletter, the user's IP address and the date and time of registration are stored. This is to prevent misuse of the services or the e-mail address of the person concerned. The data will not be passed on to unauthorised third parties. However, data required for the purpose of sending the newsletter could be transmitted to corresponding service providers. An exception also exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The data subject can cancel their subscription to the newsletter at any time. Consent to the storage of personal data can also be withdrawn at any time. Each newsletter contains a link for this purpose. The legal basis for the processing of data after the user has registered for the newsletter and provided consent is Art. 6 (1) (a) GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

Online Shop

We use your personal data to process your online purchases (your orders and returns are processed through our online services) and to send you messages about delivery status or notifications in the event of problems with the delivery of your items. We use your personal data to process your payments. We also use your data to process complaints and product warranty claims. Your personal data is used to verify your identity, ensure that you are of legal age to make online purchases and verify your address with external partners. We want to offer you a range of payment options and so we analyse your data to determine which payment options are available to you, including your payment history and credit checks.

Disclosure of data when using online payment service providers

If you decide to pay using one of the online payment service providers we offer as part of your order process, your contact details will be sent to them as part of the order process. The lawfulness of the disclosure of the data is based on Art. 6 (1) (b) GDPR, for the purpose of implementing the payment method you have chosen and our legitimate interests pursuant to Art. 6 (1) (f) GDPR for enabling user-friendly and uncomplicated payment processing. The personal data transmitted to the online payment service provider is usually first name, last name, address, IP address, email address, or other data required for order processing, as well as data related to the service, such as type of service, identity of the recipient, invoice amount and taxes in percent, invoice information, etc. This transfer is necessary to provide the service with the payment method you have selected, in particular to confirm your identity, to manage your payment and the customer relationship. Please note, however, that personal data may also be passed on by the online payment service provider to service providers, subcontractors or other affiliated companies if this is necessary to fulfil the contractual obligations arising from your order or if the personal data is to be processed on behalf of the service provider. Depending on the selected payment method, e.g. invoice or direct debit, the personal data transmitted to the provider will be transmitted by the provider to credit reference agencies. This transmission is used to verify your identity and creditworthiness in relation to the order you have placed. Please refer to the respective providers' privacy notices to find out which credit reference agencies are involved and which data is generally collected, processed, stored and passed on by the respective provider:

1. American Express American Express Services Europe Limited, Zweigniederlassung Frankfurt am Main, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main at https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html

2. Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium at https://www.mastercard.de/de-de/datenschutz.html

3. Visa Europe Services Inc., London branch, 1 Sheldon Square, London W2 6TT, United Kingdom at https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html

4. PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

5. Amazon Payments Europe s.c.a., and secondarily by Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three located at 5, Rue Plaetis L 2338 Luxembourg (hereinafter ‘Amazon Payments’) at https://pay.amazon.com/de/help/201751600

6. Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA at https://stripe.com/de/privacy#translation g. micropayment GmbH, Scharnweberstrasse 69, D-12587 Berlin at https://www.micropayment.de/about/privacy/

7. giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, Germany at https://www.giropay.de/rechtliches/datenschutz-agb/

8. Paymorrow GmbH, Alstertor 9, 20095 Hamburg at https://paymorrow.de/datenschutz and https://paymorrow.de/datenschutzbedingungen-online-kaeufer

9. RatePAY GmbH, Schlüterstraße 39, 10629 Berlin at https://www.ratepay.com/datenschutz/ and https://www.ratepay.com/legal/ k. Payment service provider Skrill Ltd., Floor 27, 25 Canada Square, London, E14 5LQ, England at https://www.skrill.com/de/fusszeile/allgemeinegeschaeftsbedingungen/skrillaccounttermsofuse/

10. Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany, at https://www.sofort.com/ger-DE/general/fuer-kaeufer/fragen-und-antworten/ and https://www.klarna.com/sofort/#cq-0. m. Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden, https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy?_ga =2.6805040.305071156.1572516038-1923284729.1570451601

Transfer to third countries

We would like to inform you that your personal data may also be transferred to a server in a third country and thus processed outside the EU.

Duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you revoke your consent or request the deletion of your personal data. Contractual or statutory duty to provide personal data. The provision of personal data is not prescribed by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide personal data. However, if you do not provide personal data, you may not be able to use this service or may not be able to use it to its full extent.

Registration on our website

If the data subject uses the option to register on the data controller's website by providing personal data, the data in the respective input mask will be transmitted to the data controller. The data will be stored solely for the purpose of internal use by the data controller. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. When registering, the user's IP address and the date and time of registration are stored. This is to prevent misuse of the services. The data will not be passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The registration of the data is necessary for the provision of content or services. Registered persons have the option at any time to have the stored data deleted or modified. The data subject will receive information about their stored personal data at any time.

Routine erasure and blocking of personal data

The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage. Storage may be extended beyond this period if so provided by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. As soon as the purpose of storage no longer applies or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:

Right of access according to Art. 15 GDPR

You have the right to request confirmation from the data controller as to whether personal data concerning you will be processed by us. If such processing is carried out, you can request the following information from the data controller:

1. the purposes for which the personal data is processed;

2. the categories of personal data that are processed;

3. the recipients or categories of recipients to whom your personal data has been or will be disclosed;

4. the planned duration of the storage of your personal data or, if specific information is not available, the criteria for determining the duration of the storage;

5. the existence of a right to the rectification or erasure of your personal data, a right to the restriction of the processing by the data controller or a right to object to such processing;

6. the right to lodge a complaint with a supervisory authority;

7. all available information on the origin of the data if the personal data are not collected from the data subject;

8. the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether your personal data is being transferred to a third country or to an international organisation. In this context, you can request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

Right to rectification in accordance with Art. 16 GDPR

You have the right to request that the data controller rectify and/or complete the data if the processed personal data concerning you is incorrect or incomplete. The data controller must carry out the rectification without delay.

Right to erasure in accordance with Art. 17 GDPR

(1) You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the data controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

2. You withdraw your consent on which the processing is based according to Art. 6 (1) (a), or Art. 9 (2) (a) GDPR, and where there is no other legal ground for the processing.

3. You object to the processing in accordance with Art. 21 (1) of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) of the GDPR.

4. Your personal data has been processed unlawfully.

5. The deletion of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which the data controller is subject.

6. The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

(2) If the data controller has made your personal data public and is obliged to delete it pursuant to Art. 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to to inform data controllers who process the personal data that you, as the data subject, have requested the deletion of all links to such personal data or of copies or replications of such personal data.

(3) The right to erasure does not apply to the extent that processing is necessary

1. for exercising the right of freedom of expression and information;

2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 (2) as well as Art. 9 (3) GDPR;

4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

5. for the establishment, exercise or defence of legal claims.

Right to restriction of processing in accordance with Art. 18 GDPR

You have the right to request that the processing of your personal data be restricted under the following conditions:

1. if you dispute the accuracy of your personal data, for a period of time that enables the data controller to verify the accuracy of the personal data;

2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

3. the data controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or

4. you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the data controller override your grounds.

If the processing of your personal data has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State. If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

Right to information in accordance with Art. 19 GDPR

If you have asserted the right to rectification, erasure or restriction of processing against the data controller, the data controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to request the data controller to be informed about these recipients.

Right to data portability in accordance with Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to a data controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

1. the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and

2. the processing is carried out by automated means. In exercising this right, you also have the right to have your personal data transferred directly from one data controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

Right to object in accordance with Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6 (1) GDPR, including profiling based on those provisions. The data controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes. You have the option, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.

Right to revoke the data protection declaration of consent in accordance with Art. 7 (3) GDPR

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

1. is necessary for entering into, or performance of, a contract between you and the data controller;

2. is authorised by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

3. with your express consent.

However, these decisions must not be based on special categories of personal data in accordance with Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and appropriate measures have been taken to protect rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in a. and c., the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

Inclusion of other services and third-party content

Description and purpose

It may be the case that third-party content, such as videos, fonts or graphics from other websites, are integrated into this online offering. This always assumes that the providers of this content (hereinafter referred to as ‘third-party providers’) are aware of the IP address of the user. This is because without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore required for the presentation of this content. We endeavour to use only content from providers who use the IP address solely for the delivery of the content. However, we have no influence over whether the third-party providers store the IP address, e.g. for statistical purposes. We will inform users if we become aware of such storage. We use these integrations to provide and improve our online services.

Legal basis

The legal basis for the integration of other services and content from third parties is Art. 6 (1) (f) GDPR. Our overriding legitimate interest lies in the intention to present our online presence in an appropriate manner and to provide user-friendly and economically efficient services on our part. For further information, please refer to the respective providers' data protection information.

Contractual or statutory duty to provide personal data

The provision of personal data is not prescribed by law or contract and is not required for the conclusion of a contract. You are also not obliged to provide personal data. However, failure to provide such data may mean that you are unable to use this function or are unable to use it to its full extent.

Matomo (web analysis service)

Description and purpose

Our website uses Matomo (formerly Piwik), an open-source software for the statistical analysis of visitor access. Matomo is provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo uses cookies that are stored on your computer and that enable an anonymised analysis of your use of the website. It is not usually possible to draw any conclusions about a specific person, as your IP address is anonymised immediately after processing and before storage. We use Matomo to improve the quality of our website and its content. This tells us how the website is used, enabling us to constantly optimise our services. When individual pages of our website are accessed, the following data is stored: 1. Two bytes of the IP address of the user's system 2. The accessed website 3. The website from which the user accessed the accessed website (referrer) 4. The sub-pages that are accessed from the accessed website 5. The time spent on the website 6. The frequency of access to the website. The software runs exclusively on our website's servers. The storage of users' personal data only takes place there. The data will not be passed on to third parties. The software is set up in such a way that the IP addresses are not stored in full, but that 2 bytes of the IP address are masked. This means that it is no longer possible to assign the abbreviated IP address to the accessing computer. Processing users‘ personal data enables us to analyse our users’ surfing behaviour.

Legal basis

The legal basis for processing your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Matomo, InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.

Transfer to third countries

By using the service, personal data may be transferred to a third country. In the event of a transfer of personal data, the provider ensures the level of protection of the GDPR by complying with Art. 44 ff. GDPR. If there is no adequacy decision with the third country in which the data importer is based, the transfer is subject to suitable guarantees. If you have any questions, please contact our data protection officer.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Option to revoke

You have the right to revoke your consent at any time, see Art. 7 (3) cl. 1 GDPR. This can be done informally and without giving reasons and will take effect in the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. For more information, please refer to our privacy notice above under ‘Rights of data subjects’.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy notes

Further information on the processing of your personal data can be found here:

https://matomo.org/privacy-policy/

Google Maps

Description and purpose

This website uses the Google Maps API from Google LLC. ( 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to visually display geographic information. When Google Maps is used, Google also collects, processes and uses data about the use of the Maps functions by visitors to the website.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Transfer to third countries

The personal data is transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. Where necessary, we have concluded appropriate safeguards within the meaning of Art. 46 (2) GDPR with the data importer. Furthermore, we are aware of our responsibility and, where necessary, take further measures to ensure the protection of personal data in order to protect the rights and freedoms of natural persons.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Revocation

You have the right to revoke your consent at any time, see Art. 7 (3) cl. 1 GDPR. This can be done informally and without giving reasons and will take effect in the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. For more information, please refer to our privacy notice above under ‘Rights of data subjects’.

Contractual or legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy notes

Further information on the processing of your personal data can be found here:

https://policies.google.com/privacy?hl=de&gl=del

Meta pixel

Description and purpose

We use the so-called meta pixel from Meta Platforms Inc, 1 Hacker Way, Menlo Park, California 94025, USA to recognise your user behaviour. This is an analysis tool that can be used to measure the effectiveness of advertising. It is a code snippet for the website that can be used to measure, optimise and build advertising campaign target groups. Conversion tracking allows us to track what people do after they see our Facebook ads across devices (including mobile phones, tablets and desktop computers). By creating a pixel and adding it to our pages where conversions occur (e.g. the purchase confirmation page), we can determine which people perform conversions based on our Facebook ads. The pixel is used to further monitor the actions that people take after clicking on our ads. Here we can determine on which device our customers saw the ad and on which devices they ultimately performed the conversion. According to Facebook, the data collected includes:

• HTTP headers

• HTTP headers contain a range of information sent between any browser request and any server on the internet using a standard web protocol. HTTP headers contain information such as IP addresses (which in Germany can only be evaluated at the general country level), information about the web browser, page storage location, document, URI reference and user agent of the web browser.

• Pixel-specific data

• This includes the pixel ID and Facebook cookie data, which are used to link events to a specific Facebook ad account and to associate them with a person known to Facebook.

• Optional values

• Developers and marketers can optionally send additional information about the visit via standard and custom data events. Typical custom data events include, for example, information about whether a purchase was made on a page, the conversion value and much more. Further information about custom data events can be found here. With your consent, we use the ‘visitor action pixel’ from Meta Platforms Inc, 1 Hacker Way, Menlo Park, California 94025, USA or, if you are a resident of the EU, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, within our website. This conversion tool allows us to track your actions after you have seen or clicked on a Facebook ad. This is for monitoring and analysing the effectiveness of our Facebook ads for statistical and market research purposes. Although we can only recognise this data in anonymised form, this data is also stored and processed by Facebook. We do not know exactly what Facebook does with this data, but it can be assumed that Facebook can and will link this data to your Facebook account. This means that Facebook can use this information for the purposes of advertising, market research and designing Facebook pages to meet requirements. To this end, Facebook and its partners create profiles of usage, interests and relationships, e.g. to evaluate your use of our website with regard to the advertisements displayed on Facebook, to inform other Facebook users about your activities on our website and to provide further services associated with the use of Facebook. For this purpose, cookies may also be stored on your PC. Please refer to Facebook's privacy notes for the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy. The data may be merged with other Facebook services, such as Custom Audiences.

Advanced matching

Advertisers can optionally activate the advanced matching function of the meta pixel by sending encrypted information such as email address or phone number to Facebook. Advertisers can send one or more of the following identifiers for matching: email address, phone number, first name, last name, city, state, zip code, date of birth or gender.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Meta Platforms Inc. (1 Hacker Way, Menlo Park, California 94025, USA) and Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Transfer to third countries

Personal data is transferred to the USA. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. We have concluded standard contractual clauses with the data importer in accordance with Art. 46 (2) (c) GDPR. In addition, we are aware of our responsibility and, where necessary, take further measures to ensure the protection of personal data in order to protect the rights and freedoms of natural persons.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Revocation

You have the right to revoke your consent at any time, cf. Art. 7 (3) cl. 1 GDPR. This can be done informally and without stating reasons and will take effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. Further information on this can be found above in our privacy notice under ‘Rights of data subjects’.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy notes

Further information on the processing of your personal data can be found here: https://www.facebook.com/about/privacy 

Further information about the meta pixel can be found here: https://de-de.facebook.com/business/help/742478679120153?id=1205376682832142 

Facebook Custom Audiences

Description and purpose

Custom Audiences are target groups that advertisers on the social network Facebook can create in order to optimise Facebook ads even more precisely. For example, an advertising company can use the social network Facebook to target its advertising to specific groups that have visited the website of the advertising company by creating so-called ‘custom audiences’. Alternatively, or cumulatively, this targeted advertising is also possible if the advertising company has access to the email addresses or telephone numbers of the respective individuals.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Meta Platforms Inc. (1 Hacker Way, Menlo Park, California 94025, USA) and Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Transfer to third countries

Personal data is transferred to the USA. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. We have concluded standard contractual clauses with the data importer in accordance with Art. 46 (2) (c) GDPR. In addition, we are aware of our responsibility and, where necessary, take further measures to ensure the protection of personal data in order to protect the rights and freedoms of natural persons.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Revocation

You have the right to revoke your consent at any time, cf. Art. 7 (3) cl. 1 GDPR. This can be done informally and without stating reasons and will be effective for the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. For more information, please refer to our privacy notice above under ‘Rights of data subjects’.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy notes

Further information on the processing of your personal data can be found here: https://www.facebook.com/about/privacy 

YouTube

Description and purpose

We use the YouTube.com platform to upload our own videos and make them publicly available. YouTube is a service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Some of our websites contain links or connections to the YouTube service. In general, we are not responsible for the content of linked websites. However, if you follow a link to YouTube, we would like to point out that YouTube stores the data of its users (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes. We also embed videos stored on YouTube directly on some of our websites. When this is done, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only accessed when you click on them separately. This technique is also called ‘framing’. When you access a (sub)page of our website on which YouTube videos are embedded in this way, a connection is established to the YouTube servers and the content is displayed on the website by notifying your browser.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Transfer to third countries

Personal data is transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. We have concluded standard contractual clauses with the data importer for this purpose. Furthermore, we are aware of our responsibility and, where necessary, take further measures to ensure the protection of personal data in order to protect the rights and freedoms of natural persons.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Revocation

You have the right to revoke your consent at any time, cf. Art. 7 (3) cl. 1 GDPR. This can be done informally and without stating reasons and will take effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. Further information on this can be found above in our privacy notice under ‘Rights of data subjects’.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy notes

Further information on the processing of your personal data can be found here:

https://policies.google.com/privacy

Data transfer to third countries

The data controller may transfer personal data to a third country. In principle, the data controller can ensure that an adequate level of protection for the processing is provided by various suitable guarantees. It is possible to transfer data on the basis of an adequacy decision, internal data protection regulations, approved codes of conduct, standard data protection clauses or an approved certification mechanism in accordance with Art. 46 (2) (a) – (f) GDPR.

If the data controller transfers the data to a third country on the legal basis of Art. 49 (1) (a) GDPR, you will be informed here about the possible risks of data transfer to a third country.

There is a risk that the third country receiving your personal data may not be able to provide an equivalent level of protection to that provided for personal data in the European Union. This may be the case, for example, if the EU Commission has not issued an adequacy decision for the third country in question or if certain agreements between the European Union and the third country in question are declared invalid. Specifically, there are risks in some third countries with regard to the effective protection of EU fundamental rights due to the use of surveillance laws (e.g. USA). In such cases, it is the responsibility of the data controller and the recipient to assess whether the rights of the data subjects in the third country enjoy an equivalent level of protection to that in the Union and can also be effectively enforced.

However, the General Data Protection Regulation should not undermine the level of protection of natural persons ensured throughout the Union when personal data is transferred from the Union to data controllers, data processors or other recipients in third countries or to international organisations, even if personal data is further transferred from a third country or from an international organisation to data controllers or data processors in the same or another third country or to the same or another international organisation.

Other website functions

CookieFirst

Description and purpose

The operator of this website uses the functions of CookieFirst from Digital Data Solutions B.V. CookieFirst provides the website operator with a legally required cookie notice and enables the website operator to manage the opt-in and opt-out with the help of a cookie consent manager, as required by law.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (c) GDPR.

Recipient

The recipient of your personal data is Digital Data Solutions B.V. (CookieFirst), Plantage Middenlaan 42a, 1018DH, Amsterdam, Netherlands.

Transfer to third countries

By using the service, personal data may be transferred to a third country. In the event of a transfer of personal data, the provider ensures the level of protection of the GDPR by complying with Art. 44 ff. GDPR. If you have any questions, please contact our data protection officer.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Contractual or legal obligation

Furthermore, personal data must be provided if we are legally obliged to collect it (or) if the provision of this data is necessary for compliance with a legal obligation. The legal obligation is defined by Union law or the law of the Member States to which the data controller is subject. Failure to provide the data would mean that this legal obligation cannot be fulfilled.

Further privacy notes

Further information on the processing of your personal data can be found here: https://cookiefirst.com/legal/cookie-declaration/

Freshdesk

Description and purpose

We use the Freshdesk service to provide our contact form. With Freshdesk, Freshworks' online customer care solution, we can optimise and manage customer support using customer service software. Freshdesk features:

· Tracking and managing incoming tickets from various channels

· Supporting customers via various platforms such as email, phone, call, chat, social media and other messaging apps

· Sharing and assigning requests within the team

· Automation of tasks such as assigning agents based on skills, workload and availability

· Knowledge base and self-service portal for customers

· Analyse and collect data on agent performance and customer experience

· Freddy's AI and ML capabilities

Legal basis

The legal basis for the processing of your personal data is consent in accordance with Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Freshworks Inc., 2950 S. Delaware Street, San Mateo, CA 94403, USA.

Transfer to third countries

The personal data is transferred to Freshworks affiliates in various locations in third countries. The transfer is subject to suitable guarantees in accordance with Art. 46 GDPR. For this purpose, we have agreed standard contractual clauses with the data importer. In addition, we are aware of our responsibility and, where necessary, take further measures to ensure the protection of personal data in order to protect the rights and freedoms of natural persons.

Duration of data storage

If consent has been given for the processing, the data will only be stored until the consent is revoked or statutory retention periods apply.

Revocation

You have the right to revoke your consent at any time, see Art. 7 (3) cl. 1 GDPR. This can be done informally and without giving reasons and will take effect in the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. For more information, see our privacy notice above under ‘Rights of data subjects’.

Contractual or legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy notes

Further privacy notes can be found at: https://www.freshworks.com/privacy/

Shopware

Description and purpose

We use Shopware to create and send newsletters. Shopware is a software company that develops solutions for digital commerce.

Shopware processes contact data and other personal data for sending newsletters. This is done for marketing purposes. You can unsubscribe from the newsletter at any time.

Legal basis

The legal basis is consent in accordance with Art. 6 (1) (a) GDPR.

Recipient

The recipient of the data is Shopware AG, Ebbinghoff 10, 48624 Schoeppingen, Germany.

Transfer to third countries

A transfer of your personal data to a third country cannot be ruled out. The transfer is subject to appropriate safeguards pursuant to Art. 46 GDPR. Where necessary, we have concluded appropriate guarantees within the meaning of Art. 46 (2) GDPR with the data importer. In addition, we are aware of our responsibility and, where necessary, take further measures to ensure the protection of personal data in order to protect the rights and freedoms of natural persons. In the event of a transfer to a third country, we will update this information as soon as possible.

Duration of data storage

If consent to the processing has been given, data will only be stored until such time as consent is withdrawn or statutory retention periods apply.

Withdrawal

You have the right to revoke your consent at any time, cf. Art. 7 (3) cl. 1 GDPR. This can be done informally and without giving reasons and will take effect in the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. For more information, please refer to our privacy notice above under ‘Rights of data subjects’.

Contractual or legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy notes

Further privacy notes can be found at: https://www.shopware.com/de/datenschutz/website/

Matomo web analysis service

Description and purpose

Our website uses Matomo (formerly Piwik), an open-source software for the statistical evaluation of visitor access. Matomo is provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Matomo uses cookies that are stored on your computer and that enable an anonymised analysis of your use of the website. It is not usually possible to draw any conclusions about a specific person, as your IP address is anonymised immediately after processing and before storage. We use Matomo to improve the quality of our website and its content. This tells us how the website is used and enables us to constantly optimise our services. When individual pages of our website are accessed, the following data is stored: 1. Two bytes of the IP address of the user's system 2. The accessed website 3. The website from which the user accessed the accessed website (referrer) 4. The sub-pages that are accessed from the accessed website 5. The time spent on the website 6. The frequency of access to the website. The software runs exclusively on our website's servers. The storage of users' personal data only takes place there. The data will not be passed on to third parties. The software is set up in such a way that the IP addresses are not stored in full, but that 2 bytes of the IP address are masked. This means that it is no longer possible to assign the abbreviated IP address to the accessing computer. Processing users‘ personal data enables us to analyse our users’ surfing behaviour.

Legal basis

The legal basis for processing your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Matomo, InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.

Transfer to third countries

By using the service, personal data may be transferred to a third country. In the event of a transfer of personal data, the provider ensures the level of protection of the GDPR by complying with Art. 44 ff. GDPR. If there is no adequacy decision with the third country in which the data importer is based, the transfer is subject to suitable guarantees. If you have any questions, please contact our data protection officer.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Option to revoke

You have the right to revoke your consent at any time, see Art. 7 (3) cl. 1 GDPR. This can be done informally and without giving reasons and will take effect in the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. For more information, please refer to our privacy notice above under ‘Rights of data subjects’.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy notes

Further information on the processing of your personal data can be found here:

https://matomo.org/privacy-policy/

Google Maps

Description and purpose

This website uses the Google Maps API from Google LLC. ( 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to visually display geographic information. When Google Maps is used, Google also collects, processes and uses data about the use of the Maps functions by visitors to the website.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Transfer to third countries

The personal data is transferred to the United States. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. Where necessary, we have concluded appropriate safeguards within the meaning of Art. 46 (2) GDPR with the data importer. Furthermore, we are aware of our responsibility and, where necessary, take further measures to ensure the protection of personal data in order to protect the rights and freedoms of natural persons.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Revocation

You have the right to revoke your consent at any time, cf. Art. 7 (3) cl. 1 GDPR. This can be done informally and without stating reasons and will take effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. Further information on this can be found above in our privacy notice under ‘Rights of data subjects’.

Contractual or legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy notes

Further information on the processing of your personal data can be found here:

https://policies.google.com/privacy?hl=de&gl=del

Meta Pixel

Description and purpose

We use the so-called Meta Pixel from Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA, to recognise your user behaviour. This is an analysis tool that can be used to measure the effectiveness of advertising. It is a code snippet for the website that can be used to measure, optimise and build advertising campaign target groups. Conversion tracking allows us to track what people do after they see our Facebook ads across devices (including mobile phones, tablets and desktop computers). By creating a meta pixel and adding it to our pages where conversions occur (e.g. the purchase confirmation page), we can determine which people convert based on our Facebook ads. The pixel further monitors the actions that people take after clicking on our ads. Here we can determine on which device our customers saw the ad and on which devices they ultimately performed the conversion. According to Facebook, the data collected includes:

• HTTP headers

• HTTP headers contain a range of information sent between any browser request and any server on the internet using a standard web protocol. HTTP headers contain information such as IP addresses (which in Germany can only be analysed at the general country level), information about the web browser, page storage location, document, URI reference and user agent of the web browser.

• Pixel-specific data

• This includes the pixel ID and Facebook cookie data, which are used to link events to a specific Facebook advertising account and to associate them with a person known to Facebook.

• Optional values

• Developers and marketers can optionally send additional information about the visit via standard and custom data events. Typical custom data events include, for example, information about whether a purchase was made on a page, the conversion value and much more. Further information about custom data events can be found here. With your consent, we use the ‘visitor action pixel’ of Meta Platforms Inc, 1 Hacker Way, Menlo Park, California 94025, USA or, if you are a resident of the EU, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, within our website. This conversion tool allows us to track your actions after you have seen or clicked on a Facebook ad. This is for monitoring and analysing the effectiveness of our Facebook ads for statistical and market research purposes. Although we can only see this data in anonymised form, it is also stored and processed by Facebook. We do not know exactly what Facebook does with this data, but it can be assumed that Facebook can and will link this data to your Facebook account. This means that Facebook can use this information for the purposes of advertising, market research and designing Facebook pages to meet demand. To this end, Facebook and its partners create profiles of usage, interests and relationships, e.g. to evaluate your use of our website with regard to the advertisements displayed on Facebook, to inform other Facebook users about your activities on our website and to provide further services associated with the use of Facebook. For this purpose, cookies may also be stored on your PC. Please refer to Facebook's privacy notes for the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy. The data may be merged with other Facebook services, such as Custom Audiences.

Advanced matching

Advertisers can optionally activate the advanced matching function of the meta pixel by sending encrypted information such as email address or phone number to Facebook. Advertisers can send one or more of the following identifiers for matching: email address, phone number, first name, last name, city, state, zip code, date of birth or gender.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Meta Platforms Inc. (1 Hacker Way, Menlo Park, California 94025, USA) and Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Transfer to third countries

Personal data is transferred to the USA. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. We have concluded standard contractual clauses with the data importer in accordance with Art. 46 (2) (c) GDPR. In addition, we are aware of our responsibility and, where necessary, take further measures to ensure the protection of personal data in order to protect the rights and freedoms of natural persons.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Revocation

You have the right to revoke your consent at any time, cf. Art. 7 (3) cl. 1 GDPR. This can be done informally and without stating reasons and will take effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. Further information on this can be found above in our privacy notice under ‘Rights of data subjects’.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy notes

Further information on the processing of your personal data can be found here: https://www.facebook.com/about/privacy 

Further information about the meta pixel can be found here: https://de-de.facebook.com/business/help/742478679120153?id=1205376682832142 

Facebook Custom Audiences

Description and purpose

Custom Audiences are target groups that advertisers on the social network Facebook can create in order to optimise Facebook ads even more precisely. For example, an advertising company can use the social network Facebook to target its advertising to specific groups that have visited the website of the advertising company by creating so-called ‘custom audiences’. Alternatively, or cumulatively, this targeted advertising is also possible if the advertising company has access to the email addresses or telephone numbers of the respective individuals.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Meta Platforms Inc. (1 Hacker Way, Menlo Park, California 94025, USA) and Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

Transfer to third countries

Personal data is transferred to the USA. The transfer is subject to appropriate safeguards in accordance with Art. 46 GDPR. We have concluded standard contractual clauses with the data importer in accordance with Art. 46 (2) (c) GDPR. In addition, we are aware of our responsibility and, where necessary, take further measures to ensure the protection of personal data in order to protect the rights and freedoms of natural persons.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Revocation

You have the right to revoke your consent at any time, cf. Art. 7 (3) cl. 1 GDPR. This can be done informally and without stating reasons and will be effective for the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. For more information, please refer to our privacy notice above under ‘Rights of data subjects’.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy notes

Further information on the processing of your personal data can be found here: https://www.facebook.com/about/privacy 

YouTube

Description and purpose

We use the YouTube.com platform to upload our own videos and make them publicly available. YouTube is a service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Some of our websites contain links or connections to the YouTube service. In general, we are not responsible for the content of linked websites. However, if you follow a link on YouTube, we would like to point out that YouTube stores the data of its users (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes. We also directly embed videos stored on YouTube on some of our websites. When this is done, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only accessed when the user clicks on them separately. This technique is also called ‘framing’. When you access a (sub)page of our website on which YouTube videos are embedded in this way, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Transfer to third countries

The personal data is transferred to the United States. The transfer is subject to suitable guarantees in accordance with Art. 46 GDPR. We have concluded standard contractual clauses with the data importer for this purpose. Furthermore, we are aware of our responsibility and, where necessary, take further measures to ensure the protection of personal data in order to protect the rights and freedoms of natural persons.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Revocation

You have the right to revoke your consent at any time, cf. Art. 7 (3) cl. 1 GDPR. This can be done informally and without stating reasons and will take effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. For more information, please refer to our privacy notice above under ‘Rights of data subjects’.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy notes

Further information on the processing of your personal data can be found here:

https://policies.google.com/privacy

Divinci GmbH

Description and purpose

We use the services of Divinci GmbH on our website. Divinci processes your personal data for the purpose of handling applications that you can submit via the application portal. Thanks to Divinci, we are able to make this process efficient and simple, thereby optimising our application process.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.

Recipient

The recipient of your personal data is Divinci GmbH, Baumgarten 7, 97508 Grettstadt.

Transfer to third countries

The use of the service may result in personal data being transferred to a third country. In the event of personal data being transferred, the provider ensures the level of protection of the GDPR by complying with Art. 44 ff. GDPR. If there is no adequacy decision with the third country in which the data importer is based, the transfer is subject to suitable safeguards. If you have any questions, please contact our data protection officer.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Revocation

You have the right to revoke your consent at any time, cf. Art. 7 (3) cl. 1 GDPR. This can be done informally and without stating reasons and will be effective for the future. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation. For more information, please refer to our privacy notice above under ‘Rights of data subjects’.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further privacy notes

Further information on the processing of your personal data can be found here:

https://www.divinci.de/datenschutzerklaerung/

Applications (training & job offers)

By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in the manner and to the extent set out in this privacy notice. The legal basis for the processing of applicant data is Art. 88 GDPR, § 26 of the new German Data Protection Act (BDSG) and Art. 9 (2) (b) GDPR. Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily provided as part of the application process, their processing is also carried out in accordance with Art. 9 (2) (b) GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants as part of the application process, their processing is also carried out in accordance with Art. 9 (2) (a) GDPR (e.g. health data if this is necessary for the performance of a job). If provided, applicants can submit their applications to us using an online form on our website. The data is encrypted and transmitted to us using state-of-the-art technology. Furthermore, applicants can send us their applications by email (karriere@velo-de-ville.com). However, we ask you to note that, as a matter of principle, emails are not sent in encrypted form and that applicants themselves must ensure that they are encrypted. We therefore cannot assume any responsibility for the transmission of the application between the sender and receipt on our server and therefore recommend using an online form or sending it by post. Instead of applying via the online form and email, applicants still have the option of sending us their application by post. In the event of a successful application, we may further process the data provided by applicants for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicants‘ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. The deletion takes place after a period of six months so that we can answer any follow-up questions regarding the application and meet our obligations under the General Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax law.

Data recipients

Insofar as this is legally permitted or prescribed, or insofar as you have given your consent, we also share your personal data with other recipients who provide services for us. We limit the disclosure of your personal data to the extent necessary. In some cases, our service providers receive your personal data as data processors and are then strictly bound by our instructions when handling your personal data (data protection agreements in accordance with Art. 28 GDPR). In some cases, the recipients act independently with the data that we transmit to them. The following categories of service providers/recipients may receive your data:

• Email marketing providers for newsletters

• Hosting service providers for the operation of our servers

• Service providers in the field of job applications to support the selection of applicants

• Service providers for development work, including programming, development, maintenance and support of software applications

• Postal service providers

• External legal advice

• Marketing agencies/website support

• Other IT service providers (e.g. system houses)

• Other services and tools

The service providers we commission must meet strict confidentiality requirements. They only receive the access to your data that they need to fulfil the assigned tasks.

In the event of suspicion of a criminal offence, data may be passed on to law enforcement authorities.

Security

We have implemented extensive technical and operational safeguards to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress. In addition, data protection is continuously guaranteed by us through constant auditing and optimisation of the data protection organisation.

Conclusion

AT Zweirad GmbH reserves all rights to make changes and updates to this privacy notice. This privacy notice was created by Keyed GmbH.