Data Protection
Tobi GmbH&Co.KG Data Protection Policy
All personal data will be treated confidentially. Our data protection practices comply with the Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GDPR). Below, we provide you with details on data protection:
Controller within the meaning of the GDPR and the BDSG
Tobi GmbH&Co.KG
Christian Pihale
Wildmoos 2, 82266 Inning am Ammersee
Fax: +49 8143 99949-199
Email: info@babybay.de
The controller decides alone or jointly with others on the purposes and means of processing personal data (e.g., names, contact details, etc.).
Data Protection Officer
You can reach the data protection officer at:
Tobi GmbH&Co. KG
Christian Pihale
Wildmoos 2, 82266 Inning am Ammersee
Email: datenschutz@babybay.de
Fax: 08143/99949-199
1. Reasons for Data Collection
We collect and process your data to provide our website and to provide you with the best possible service through convenient access to our services.
2. What data is collected, processed, or used?
2.1 Visiting our website
When you access our website, our servers automatically collect information of a general nature, particularly for the purpose of establishing a connection, ensuring functionality, and ensuring system security. This includes the type of browser used, the operating system used, the domain name of the Internet service provider, the connection data of the computer used (IP address), the website from which you visit us (referrer URL), the pages you visit on our site, and the date and duration of your visit. Due to pseudonymization, we are unable to draw conclusions about specific individuals from this data.
2.2 Contact form
If you contact us via a contact form, personal data will be collected. The data collected in each case can be seen on the contact form. This data will be stored for the purpose of processing your inquiry. Mandatory information is marked with an asterisk (*), while all other information is voluntary. We will delete the data collected in connection with the contact form as soon as storage is no longer required, or we will restrict processing if statutory retention periods apply.
The legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR if you contact us in the context of concluding a contract. Otherwise, it is our legitimate interest to answer your inquiries, which is why the legal basis in this case is Art. 6 (1) (f) GDPR.
Data submitted via the contact form, including your contact details, will be stored in order to process your inquiry or to be available for any follow-up questions. This data will not be passed on to third parties without your consent.
The data entered into the contact form is processed exclusively on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. You have the right to revoke your previously granted consent at any time. Revocation can be made informally by email. The legality of the data processing operations carried out up to the time of revocation remains unaffected by the revocation.
The data transmitted via the contact form will remain with us until you request us to delete it, revoke your consent to storage, or until there is no longer any need to store the data. Mandatory statutory provisions – in particular retention periods – remain unaffected.
2.3 Newsletter registration and dispatch
You can subscribe to our free email newsletter to be informed about current interesting offers. Registration for the newsletter is based on your consent in accordance with Art. 6 (1) (a) GDPR. You have the right to revoke your consent at any time. You can unsubscribe from the newsletter at any time by sending a message to the controller as stated at the beginning of our privacy policy, for example, by email to info@babybay.de.
If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email. This is based on our legitimate interest in the transmission of personalized direct advertising in accordance with Art. 6 (1) (f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send you emails for this purpose. Even if you did not initially object, you have the right to withdraw your consent at any time to the use of your email address for this advertising purpose with future effect. To withdraw your consent, simply notify the controller, as stated at the beginning of our privacy policy. Only transmission costs according to the basic rates will apply. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.
2.4 Newsletter Data
In order to send you the newsletter, we need your email address. This will be verified, and receipt of the newsletter requires your consent. Further data is not collected or is voluntary. The data is used exclusively for sending the newsletter.
The data provided when registering for the newsletter will be processed exclusively on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. You have the right to withdraw your consent at any time. To withdraw your consent, simply send an informal email or unsubscribe using the "Unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the withdrawal.
The data entered when setting up your newsletter subscription will be deleted if you unsubscribe. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.
2.5 Data processing when opening a customer account/registering
If you open a customer account or register on our website, we collect and process the personal data you provide to us. The legal basis for this data processing is Art. 6 (1) (b) GDPR, as this is necessary to execute the contract or open a customer account.
You can find the data you provide in the respective input form. Your customer account can be deleted at any time and can be done by sending a message to the contact address of the responsible party. We use the data you provide to process the contract between you and us. After the contract has been fully processed or your customer account has been deleted, your data will be blocked, taking into account retention periods under tax and commercial law, and deleted after these periods have expired. This applies unless you have expressly consented to further use of your data or we have reserved the right to further use of the data permitted by law, about which we will inform you in this privacy policy.
Registration is required to use certain functions of our website. The data you submit will be used exclusively for the purpose of using the respective offer or service. It is important that you provide all required information when registering, otherwise we will have to reject your registration.
Should important changes affect your registration, e.g. for technical reasons, we will inform you by email. The email will be sent to the address you provided during registration.
The data entered during registration is processed based on your consent in accordance with Art. 6 (1) (a) GDPR. You have the right to revoke your previously granted consent at any time. You can revoke your consent informally by email. The legality of the data processing already carried out remains unaffected by the revocation.
We store the data collected during registration for the period you are registered on our website. Your data will be deleted as soon as you cancel your registration. Statutory retention periods remain unaffected.
2.6 Data processing for guest orders
You have the option of placing an order without registering a customer account. Personal data will also be collected and processed in accordance with Art. 6 (1) (b) GDPR. The data collected and processed can be seen in the respective input forms. We store and use the data you provide for guest orders for contract processing. After the contract has been fully processed, your data will be blocked in accordance with tax and commercial retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or we have reserved the right to legally permitted further use of the data, about which we will inform you in this privacy policy.
2.7 Data processing for order processing - Data transfer to third parties
Personal data will only be transferred to third parties if this is necessary for the purchase and shipping of goods in the context of contract processing. These third parties include, for example, shipping service providers such as DHL-Deutsche Post AG, DPD Deutschland GmbH, or freight forwarders appointed by us who are commissioned with the delivery.
Your personal data will only be passed on to the transport company to the extent necessary for the proper delivery of the goods. In the case of freight forwarded goods, we will also provide the transport company with your telephone number to enable the arrangement of the delivery date.
Your data will not be passed on to third parties unless you have expressly consented.
The basis for this data processing is Art. 6 (1) (b) GDPR, which permits the processing of data to fulfill a contract or pre-contractual measures, and Art. 6 (1) (f) GDPR, which permits processing to protect legitimate interests. Data transfer to payment service providers and credit checks
PayPal:
We have integrated components from PayPal, an online payment service provider, on our website. PayPal enables payments via so-called PayPal accounts, which are virtual private or business accounts. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., based in Luxembourg.
If you select the "PayPal" payment option during the ordering process in our online shop, data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of personal data required for payment processing. The transmitted data generally includes your first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing, including data related to the respective order.
The transmission is for payment processing and fraud prevention. We will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. PayPal may use personal data for identity and credit checks in cooperation with credit reporting agencies.
If necessary, PayPal will transmit personal data to affiliated companies, service providers, or subcontractors if this is necessary to fulfill contractual obligations or if the data is to be processed on behalf of the customer.
You have the option to revoke your consent to the processing of your personal data by PayPal at any time. Please note that revoking your consent does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing.
Your payment data will be transmitted to PayPal based on your consent in accordance with Art. 6 (1) (a) GDPR and on processing for the performance of a contract in accordance with Art. 6 (1) (b) GDPR. You can revoke your consent at any time; this does not affect any data processing that has already taken place.
PayPal's current privacy policy can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
PayPal Checkout:
This website uses PayPal Checkout, an online payment system from PayPal that combines PayPal's own payment methods with local payment methods from third-party providers. When paying via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "Pay Later" via PayPal, we will transfer your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transfer takes place in accordance with Art. 6 (1) (b) GDPR and only to the extent necessary for payment processing. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – "Pay later" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check regarding the statistical probability of default to decide whether to provide the respective payment method. The credit check may contain probability values (so-called score values). To the extent that score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing. If you select the PayPal payment method "Purchase on account," your payment data will first be transmitted to PayPal to prepare the payment, after which PayPal will forward it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") to process the payment. The legal basis in each case is Art. 6 (1) (b) GDPR. In this case, RatePay will conduct an identity and credit check in its own name to determine your solvency in accordance with the principle already mentioned above and will pass your payment data on to credit agencies based on its legitimate interest in determining your solvency in accordance with Art. 6 (1) (f) GDPR. A list of credit agencies Ratepay can access can be found here: https://www.ratepay.com/legal-payment-creditagencies/
If you use a local third-party payment method, your payment data will initially be transferred to PayPal to prepare the payment in accordance with Art. 6 (1) (b) GDPR. Depending on your selection of an available local payment method, PayPal will then transmit your payment data to the relevant provider in accordance with Art. 6 (1) (b) GDPR to process the payment:
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
For further information on data protection, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
3. Integration of YouTube videos
We have integrated YouTube videos on our website that are stored on http://www.YouTube.com and can be played directly from our website. These videos are all embedded in "extended data protection mode," which means that no data about you as a user is transferred to YouTube as long as you do not play the videos. Certain data is only transferred when you play the videos.
By visiting our website, YouTube receives the information that you have accessed the corresponding subpage of our website. Your IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred, website from which the request originated, browser, operating system and its interface, language, and browser software version are transmitted. This data transfer occurs regardless of whether you are logged in to YouTube or do not have a user account.
We have no influence on this data transfer. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to be assigned to your YouTube profile, you must log out before activating the button.
YouTube stores your data as user profiles and uses them for the purposes of advertising, market research, and/or tailoring its website to meet your needs. Such evaluations are also carried out for non-logged-in users in order to enable needs-based advertising and to inform other users of the social network about your activities on our website.
You have the right to object to the creation of these user profiles. To do so, you must contact YouTube directly.
Further information on the purpose and scope of data collection and processing by YouTube can be found in the privacy policy at https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for this processing is Art. 6 (1) (f) GDPR.
4. Integration of Google Maps
Type and Scope of Processing
To display interactive maps, we use the Google Maps map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you access the content of our website, data such as your IP address and, if applicable, browser data (e.g., user agent) are transmitted to servers of Google Ireland Limited. This data is processed exclusively for the purpose of creating directions and maintaining the security and functionality of Google Maps.
Purpose and Legal Basis
Google Maps is used on the basis of your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG.
Data Transfer to Third Countries We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In the event that no adequacy decision exists from the European Commission (e.g., for the USA), we have agreed with the recipients of the data to provide appropriate safeguards in accordance with Art. 44 et seq. GDPR. Unless otherwise stated, these guarantees are based on the EU Commission's standard contractual clauses pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
Furthermore, before such a third-country transfer, we will obtain your consent in accordance with Art. 49 (1) (a) GDPR, which you grant via the Consent Manager (or other forms, registrations, etc.). We would like to point out that transfers to third countries may involve risks that are unknown in detail (e.g., data processing by security authorities in the third country, the exact scope and consequences of which we do not know, over which we have no influence, and of which you may not be aware).
Storage Period
The specific storage period of the processed data is not within our control; it is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Maps: https://policies.google.com/privacy.
5. Competitions
From time to time, you have the opportunity to participate in competitions on our website. Within the scope of these competitions, personal data (email address, name, address, and any other data necessary for the competition) may also be collected and stored for the purpose of administering the competition. The personal information you provide to us will be used exclusively for administering the competition (e.g., for determining the winner, notifying the winner, and handing over the prize). Within the scope of the competition, we will specifically inform the participant about data processing related to the specific competition. After our competitions have ended, the participants' data will be deleted.
6. Deletion
Personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies or you request its deletion. Data will also be deleted if a storage period prescribed by the aforementioned standard expires, unless there is a need to further store the data for the conclusion or fulfillment of a contract or you have given your consent to this.
7. Cookies
Our website uses cookies to make the website more attractive and to take into account the preferences of website visitors. Cookies are small text files that your web browser stores on your device and enable the browser to be identified when you visit the website again.
Some cookies are so-called "session cookies," which are automatically deleted when you end your browser session. Other cookies remain on your device until you delete them yourself and help us recognize you when you return to our website.
You have the option to monitor, restrict, or block the use of cookies. Most web browsers can be configured to automatically delete cookies when you close the program. However, please note that deactivating cookies may limit the functionality of our website.
The legal basis for processing cookies necessary for electronic communication or for providing certain functions you have requested (e.g., shopping cart) is Art. 6 (1) (f) GDPR. As the operator of this website, we have a legitimate interest in storing these cookies in order to provide our services technically error-free and smoothly. If other cookies (e.g., for analysis functions) are set, these are addressed separately in this privacy policy.
You can prevent cookies from being stored on your hard drive by selecting the appropriate browser settings. Cookies already set can be deleted at any time. Information on this can be found in the respective browser instructions.
8. Data Security
We protect our website and other systems through technical and organizational measures against loss, destruction, access, alteration, or distribution of your data by unauthorized persons. Depending on the browser used, data is transmitted using 128-bit to 256-bit SSL encryption. Despite regular checks and continuous improvement of our security measures, complete protection against all threats is not possible.
9. Google AdWords Remarketing
Our website uses Google AdWords Remarketing to advertise this website in Google search results and on third-party websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). For this purpose, Google places a cookie in the browser of your device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit. This processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 (1) (f) GDPR.
Further data processing will only take place if you have consented to Google linking your internet and app browsing history to your Google Account and using information from your Google Account to personalize ads you view on the web. If you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google will temporarily link your personal data with Google Analytics data to create target groups. You can permanently deactivate the setting of cookies for ad preferences by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/
Alternatively, you can find out more about the use of cookies and configure your settings at the Digital Advertising Alliance's website address www.aboutads.info. Finally, you can set your browser to inform you about the use of cookies and decide individually whether to accept them, or to exclude cookies in certain cases or generally. If you do not accept cookies, the functionality of our website may be limited.
Google LLC, based in the USA, is certified for the US-European data protection agreement "Privacy Shield," which guarantees compliance with the level of data protection applicable in the EU. Further information and the privacy policy regarding advertising and Google can be found here: http://www.google.com/policies/technologies/ads/
10. Use of Google Analytics for Web Analysis
Type and Scope of Processing: For the statistical evaluation of our online offering, we use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data such as the number of page views, subpages visited, and the length of time visitors stay are analyzed. Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users. This information is used, among other things, to compile reports on website activity.
Purpose and Legal Basis: Google Analytics is used based on your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG.
Data Transfer to Third Countries: We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In the event that no adequacy decision of the European Commission exists (e.g., for the USA), we have agreed appropriate safeguards with the recipients of the data within the meaning of Articles 44 et seq. of the GDPR. Unless otherwise stated, these safeguards are based on the EU Commission's standard contractual clauses pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
Furthermore, before such a third country transfer, we will obtain your consent in accordance with Article 49 (1) (a) GDPR, which you grant via the Consent Manager (or other forms, registrations, etc.). We would like to point out that transfers to third countries may involve unknown risks (e.g., data processing by security authorities in the third country, the exact scope of which and the consequences for you are unknown to us, over which we have no influence, and of which you may not be aware).
Retention period: The specific retention period of the processed data is beyond our control; it is determined by Google Ireland Limited. Further information can be found in the Google Analytics privacy policy: https://policies.google.com/privacy.
11. Use of social media plug-ins
11.1 Which providers do we use?
We currently use the following social media plug-ins: Facebook, Instagram, Google+, and Pinterest. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially transferred to the plug-in providers. You can identify the plug-in provider by the marking on the box above its initial letter or logo. We offer you the opportunity to communicate directly with the plug-in provider via the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have accessed the corresponding website of our online offering. In addition, the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request originates, browser, operating system and its interface, language, and browser software version are transmitted. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the USA for US providers). Since the plug-in provider collects data primarily via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the grayed-out box.
11.2 No influence by us
We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of data collection, the purposes of processing, or the retention periods. We also have no information on the deletion of the collected data by the plug-in provider.
11.3 Use by the provider
The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research, and/or tailoring its website to meet your needs. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact the respective plug-in provider. Through the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 (1) (f) GDPR.
11.4 Data transfer
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data we collect will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, For example, if you link to the page, the plug-in provider also saves this information in your user account and publicly shares it with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this prevents the plug-in provider from associating your data with your profile.
11.5 Providers' Privacy Policy
Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the privacy policies of these providers provided below. There you will also find further information on your rights in this regard and setting options for protecting your privacy.
Addresses of the respective plug-in providers and URL with their privacy policies:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Instagram LLC, 1 Hacker Way, Building 14 First Floor, Mento Park, CA, USA, https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Pinterest Inc., 808 Braunau Street, San Francisco, CA 94103-490, USA, https://about.pinterest.com/de/privacy-policies.
11.6. Facebook Pixel
We use the Facebook Pixel, a Facebook Business tool provided by Facebook Ireland Limited (Ireland, EU), on our website, as well as Facebook Ads provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Information about the contact details of Facebook Ireland and Meta Platforms Ireland Limited, as well as the contact details of Facebook Ireland's data protection officer, can be found in Facebook Ireland's data policy at https://www.facebook.com/about/privacy and Meta Platforms Ireland Limited's privacy policy at https://www.facebook.com/privacy/explanation.
Facebook Pixel is a JavaScript code snippet that allows us to track the activities of visitors to our website. This tracking is called conversion tracking. The Facebook pixel collects and processes various information for this purpose, such as information about the actions and activities of visitors to our website, specific pixel information such as the pixel ID and the Facebook cookie, information about buttons clicked by website visitors, and information contained in the HTTP headers, such as IP addresses, information about the web browser, the location of the page and the referrer, and information about the status of deactivation/restriction of ad tracking.
Some of this event data is information stored on the device you use. Cookies are also used via the Facebook pixel to store information on the device you use. Such storage of information by the Facebook pixel or access to information already stored on your device only occurs with your consent.
Facebook Ads enables us to create custom audiences, i.e., to segment visitor groups to our online offering, determine conversion rates, and subsequently optimize them, especially when you interact with ads that we have placed with Meta Platforms Ireland Limited.
The event data collected via the Facebook pixel and Facebook Ads is used to target our ads and improve ad delivery, to personalize functions and content, and to improve and secure Facebook products.
Event data is only processed by the Facebook pixel and Facebook Ads if you have given your prior consent. The legal basis for the collection and transmission of personal data by us to Facebook Ireland and Meta Platforms Ireland Limited is therefore Art. 6 (1) (a) GDPR. You can revoke your consent via our consent management system.
This collection and transmission of event data is carried out by us, Facebook Ireland, and Meta Platforms Ireland Limited as joint controllers. We have entered into a processing agreement with Facebook Ireland and Meta Platforms Ireland Limited as joint controllers, which specifies the allocation of data protection obligations between us and the companies.
Facebook Ireland and Meta Platforms Ireland Limited are solely responsible for the subsequent processing of the transmitted event data. For more information on how Facebook Ireland and Meta Platforms Ireland Limited process personal data, including the legal bases they rely on and the options for exercising your rights vis-à-vis the companies, please see Facebook Ireland's Data Policy at https://www.facebook.com/about/privacy and Meta Platforms Ireland Limited's Privacy Policy at https://www.facebook.com/privacy/explanation.
For the creation of analyses and campaign reports, we have also commissioned Facebook Ireland to prepare reports on the impact of our advertising campaigns and other online content (campaign reports) based on the event data collected via the Facebook pixel, as well as to create analyses and insights about users and their use of our website, products, and services (analyses). For this purpose, we transmit personal data contained in the event data to Facebook Ireland and Meta Platforms Ireland Limited. The transmitted personal data is processed by Facebook Ireland and Meta Platforms Ireland Limited as our data processors in order to provide us with the campaign reports and analyses.
Personal data will only be processed to create analyses and campaign reports if you have given your prior consent. The legal basis for this processing of personal data is therefore Art. 6 (1) (a) GDPR. A transfer of data to Facebook Inc. in the USA cannot be ruled out. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to processors in third countries. Please note the information in the "Data transfer to third countries" section. The specific storage period of the processed data is beyond our control; it is determined by Facebook Ireland and Meta Platforms Ireland Limited. Further information can be found in the privacy policy for Facebook Pixel: https://www.facebook.com/privacy/explanation.
11.7. TikTok Pixel
We use the TikTok Pixel on our website. The TikTok Pixel is a TikTok advertising tool from both providers. TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both are hereinafter referred to collectively as “TikTok”).
The TikTok Pixel is a JavaScript code snippet that enables us to understand and track the activities of visitors to our website. The TikTok Pixel collects and processes information about visitors to our website or the devices they use (so-called event data).
The event data collected via the TikTok Pixel is used to target our ads and to improve ad delivery and for personalized advertising. For this purpose, the event data collected on our website using the TikTok Pixel is transmitted to Facebook TikTok.
Some of this event data is information stored on the device you use. Cookies are also used via the TikTok Pixel, which store information on the device you use. Such storage of information by the TikTok pixel or access to information already stored on your device only occurs with your consent. The legal basis for the collection and transmission of personal data by us to TikTok is therefore Art. 6 (1) (a) GDPR. You can revoke your consent at any time using our Consent Management Tool. This collection and transmission of event data is carried out by us and TikTok as joint controllers. We have concluded an agreement with TikTok regarding processing as joint controllers, which specifies the distribution of data protection obligations between us and TikTok. In this agreement, we and TikTok have agreed, among other things, that we are responsible for providing you with all information in accordance with Art. 13 and 14 GDPR regarding the joint processing of personal data, and that TikTok is responsible for enabling the rights of data subjects in accordance with Art. 15 to 20 GDPR with regard to the personal data stored by Facebook Ireland after the joint processing. You can access the agreement concluded between us and TikTok at https://ads.tiktok.com/i18n/official/article?aid=300871706948451871.
TikTok is solely responsible for the subsequent processing of the transmitted event data. For more information on how TikTok processes personal data, including the legal basis TikTok relies on and the options for exercising your rights vis-à-vis TikTok, please see TikTok's data policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE.
12. Applications
We also collect and process personal data from applicants for the purpose of processing the application process we conduct. Processing may also be carried out electronically. This is always the case when the applicant submits application documents to us electronically, i.e., by email or via a web form implemented on our website. If we conclude an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal regulations. However, if no employment contract is concluded between us and the applicant, the application documents will be deleted four months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with deletion. Another legitimate interest in this sense is, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG). We would like to evaluate all applicants solely on their qualifications and therefore ask that, if possible, you refrain from including information about racial or ethnic origin, political opinions, religious or ideological beliefs, or any trade union membership, genetic data, biometric data for the unique identification of a natural person, health data, or data concerning your sex life or sexual orientation in your application.
13. Rights of the Data Subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
13.1 Right to Information
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing exists, you can request information from the controller about the following:
- the purposes for which the personal data is being processed;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the planned duration of storage of the personal data concerning you or, if specific information is not available, the criteria for determining the storage period;
- the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- all available information on the origin of the data if the personal data were not collected from the data subject.
13.2 Right to rectification
You have the right to have the personal data concerning you rectified and/or completed by the controller if the personal data concerning you that are processed are incorrect or incomplete. The controller must carry out the rectification immediately.
13.3 Right to Restriction of Processing
You may request the restriction of the processing of your personal data under the following conditions:
if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of their use;
the controller no longer needs the personal data for the purposes of the processing, but you require them to assert, exercise, or defend legal claims, or if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds. If the processing of your personal data has been restricted, these data – apart from their storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted according to the above-mentioned requirements, you will be informed by the controller before the restriction is lifted.
13.4 Right to erasure
Obligation to erase
You can request that the controller erase the personal data concerning you immediately, and the controller is obliged to erase this data immediately if one of the following reasons applies:
The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
The personal data concerning you were processed unlawfully.
The erasure of personal data concerning you is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, the controller shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform the controllers who process the personal data that you, as the data subject, have requested the erasure of all links to these personal data or of copies or replications of these personal data.
Exceptions
The right to erasure does not apply if the processing is necessary
for exercising the right to freedom of expression and information; for fulfilling a legal obligation requiring processing by Union or Member State law to which the controller is subject, or for performing a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health pursuant to Art. 9 (2)(h) and (i) and Art. 9 (3) GDPR; to assert, exercise, or defend legal claims.
13.5 Right to information
If you have asserted your right to rectification, erasure, or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you was disclosed of this rectification, erasure, or restriction of processing, unless doing so proves impossible or involves disproportionate effort. You have the right to be informed by the controller of these recipients.
13.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common, and machine-readable format. You are entitled to this right if the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR, and the processing is carried out using automated procedures.
You also have the right to transmit this data to another controller without hindrance from us, provided that this is technically feasible and does not adversely affect the freedoms and rights of others. If you request the direct transfer of the data to another controller, we will only do so if this is technically feasible.
The data will be provided in a machine-readable format that allows you to easily use the information and share it with third parties.
13.7 Right of Objection
You have the right to object at any time to the processing of personal data concerning you based on Art. 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions. The controller will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. In connection with the use of information society services, you have the option of exercising your right of objection by means of automated procedures that use technical specifications, regardless of Directive 2002/58/EC.
13.8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Some data processing operations are only possible with your express consent. You can revoke your previously granted consent at any time. An informal notification by email is sufficient for the revocation.
The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
13.9 Automated decision-making in individual cases, including profiling
You have the right not to be subjected to a decision based exclusively on automated processing – including profiling – that has legal consequences for you or significantly affects you in a similar way. This does not apply if the decision is necessary for entering into or fulfilling a contract between you and the controller, is permitted by Union or Member State law to which the controller is subject, and this law contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or is made with your explicit consent. However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures to protect your rights and freedoms as well as your legitimate interests have been taken.
13.10 Right to lodge a complaint with a supervisory authority
As a data subject, you have the right to lodge a complaint with the competent supervisory authority in the event of a data protection violation. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.
The competent supervisory authority for data protection issues is the State Data Protection Commissioner of the federal state in which our company is headquartered. You can view a list of data protection officers and their contact details via the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
The supervisory authority with which the complaint was submitted will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
14. SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content that you send to us as the website operator, our website uses SSL or TLS encryption. This ensures that data you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address bar in your browser and the lock symbol in the browser bar.
15. Server Log Files
The website provider automatically collects and stores information that your browser automatically transmits to us in server log files. This includes:
- Page visited on our domain
- Date and time of the server request
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- IP address
This data is not merged with other data sources. The basis for data processing is Art. 6 (1) (b) GDPR, which permits the processing of data to fulfill a contract or to take pre-contractual measures.
16. Google CDN
Type and Scope of Processing
We use Google CDN to properly deliver the content of our website. Google CDN is a service provided by Google Ireland Limited, which acts as a Content Delivery Network (CDN) on our website.
A CDN helps to deliver the content of our online offering, especially files such as graphics or scripts, more quickly using regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the purposes stated above and to maintain the security and functionality of Google CDN.
Purpose and Legal Basis
The use of the Content Delivery Network is based on our legitimate interests, i.e., our interest in the secure and efficient provision and optimization of our online offering in accordance with Art. 6 (1) (f) GDPR.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision exists from the European Commission (e.g., in the USA), we have agreed on other appropriate guarantees with the recipients of the data in accordance with Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of
June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
Storage period
The specific storage period of the processed data cannot be influenced by us; it is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google CDN: https://policies.google.com/privacy.
17. Google reCAPTCHA
Type and scope of processing
We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service provided by Google Ireland Limited and enables us to distinguish whether a contact request originates from a natural person or is automated using a program. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Your IP address and, if applicable, browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user's time spent on the site and mouse movements to distinguish automated requests from human requests. This data is processed exclusively for the purposes stated above and to maintain the security and functionality of Google reCAPTCHA.
Purpose and Legal Basis
Google reCAPTCHA is used based on your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision exists from the European Commission (e.g., in the USA), we have agreed on other appropriate safeguards with the data recipients within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are the EU Commission's standard contractual clauses pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before such a third-country transfer, we will obtain your consent in accordance with Art. 49 (1) Sentence 1 (a) GDPR, which you grant via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that transfers to third countries may involve risks that are unknown in detail (e.g., data processing by security authorities in the third country, the exact scope of which and its consequences for you are unknown to us, over which we have no influence, and of which you may not be aware).
Storage Period
The specific storage period of the processed data is beyond our control; it is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.
18. Google DoubleClick
Type and Scope of Processing
We have integrated components of DoubleClick by Google on our website. DoubleClick is a Google brand under which specialized online marketing solutions are primarily marketed to advertising agencies and publishers. DoubleClick by Google transfers data with every impression, click, or other activity to the DoubleClick server.
Each of these data transfers triggers a cookie request to the data subject's browser. If the browser accepts this request, DoubleClick places a cookie in your browser.
DoubleClick uses a cookie ID, which is required to process the technical process. The cookie ID is required, for example, to display an ad in a browser. DoubleClick can also use the cookie ID to record which ads have already been displayed in a browser to avoid duplicate ads. Furthermore, the cookie ID enables DoubleClick to track conversions. Conversions are recorded, for example, when a user has previously been shown a DoubleClick ad and subsequently makes a purchase on the advertiser's website using the same internet browser.
A DoubleClick cookie does not contain any personal data, but may contain additional campaign identifiers. A campaign identifier is used to identify the campaigns you have already been in contact with on other websites. As part of this service, Google receives data that Google also uses to create commission statements. Among other things, Google can see that you have clicked on certain links on our website. In this case, your data is passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable data protection provisions of DoubleClick by Google can be found at https://policies.google.com/privacy.
Purpose and Legal Basis
We process your data using the DoubleClick cookie for the purpose of optimizing and displaying advertising based on your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG. You grant your consent by configuring the use of cookies (cookie banner/consent manager), which you can also revoke at any time with future effect in accordance with Art. 7 (3) GDPR. Among other things, the cookie is used to place and display user-relevant advertising and to create or improve reports on advertising campaigns. Furthermore, the cookie is used to prevent the same advertisement from being displayed multiple times. Each time you access a single page on our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purposes of online advertising and the settlement of commissions. There is no legal or contractual obligation to provide your data. If you do not grant us your consent, you can visit our website without restrictions, but not all functions may be fully available.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision exists from the European Commission (e.g. in the USA), we have agreed on other suitable guarantees with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before such a third country transfer, we will obtain your consent in accordance with Art. 49 (1) Sentence 1 (a) GDPR. GDPR, which you grant via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that transfers to third countries may involve risks that are unknown in detail (e.g., data processing by security authorities in the third country, the exact scope and consequences of which we do not know, over which we have no influence, and of which you may not be aware).
Storage period
The specific storage period of the processed data cannot be influenced by us; it is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google DoubleClick: https://policies.google.com/privacy.
19. Google Tag Manager
Type and scope of processing
We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website.
This allows us to flexibly integrate additional services to evaluate user access to our website.
Purpose and Legal Basis
Google Tag Manager is used on the basis of your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision exists from the European Commission (e.g., in the USA), we have agreed on other appropriate safeguards with the data recipients within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are the EU Commission's standard contractual clauses pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, prior to such a third-country transfer, we will obtain your consent in accordance with Art. 49 (1) Sentence 1 (a) GDPR, which you grant via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that transfers to third countries may involve risks that are unknown in detail (e.g., data processing by security authorities in the third country, the exact scope of which and the consequences for you that we do not know, over which we have no influence, and of which you may not be aware).
Storage Period
The specific storage period of the processed data cannot be influenced by us; it is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
20. Pinterest Plugin
Our website uses features of the social network Pinterest. The provider is Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA.
When you visit a page with Pinterest features, your browser establishes a direct connection to the Pinterest servers. Log data is transmitted to the Pinterest servers. The servers are located in the USA. The log data may allow conclusions to be drawn about your IP address, websites visited, browser type and settings, the date and time of the request, your use of Pinterest, and cookies.
You can find details in Pinterest's privacy policy: https://about.pinterest.com/de/privacy-policy.
21. Google Ads
Type and Scope of Processing
We have integrated Google Ads on our website. Google Ads is a service provided by Google Ireland Limited to display targeted advertising to users. Google Ads uses cookies and other browser technologies to evaluate user behavior and recognize users.
Google Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. Furthermore, Google Ads delivers targeted advertising based on behavioral profiles and geographical location. Your IP address and other identifiers, such as your user agent, are transmitted to the provider.
If you are registered with a Google Ireland Limited service, Google Ads can assign the visit to your account. Even if you are not registered with Google Ireland Limited or are not logged in, it is possible that the provider will find and store your IP address and other identifiers.
In this case, your data will be transferred to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose and Legal Basis
Google Ads is used on the basis of your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG. We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision exists from the European Commission (e.g., in the USA), we have agreed on other appropriate safeguards with the data recipients within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are the EU Commission's standard contractual clauses pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, prior to such a third-country transfer, we will obtain your consent in accordance with Art. 49 (1) Sentence 1 (a) GDPR, which you grant via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that transfers to third countries may involve risks that are unknown in detail (e.g., data processing by security authorities in the third country, the exact scope of which and the consequences for you that we do not know, over which we have no influence, and of which you may not be aware).
Storage Period
The specific storage period of the processed data cannot be influenced by us; it is determined by Google Ireland Limited. Further information can be found in the Google Ads privacy policy: https://policies.google.com/privacy.
22. Google AdSense
Our website uses Google AdSense. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google AdSense is used to integrate advertisements and uses cookies. Cookies are small text files that your web browser stores on your device to analyze website usage. Google AdSense also uses web beacons. Web beacons are invisible graphics that enable analysis of visitor traffic on our website.
Information generated by cookies and web beacons is transmitted to Google servers and stored there. The server is located in the USA. Google may share this information with contractual partners. However, Google will not combine your IP address with other data stored about you.
AdSense cookies are stored on the basis of Art. 6 (1) (f) GDPR. As website operators, we have a legitimate interest in analyzing user behavior in order to optimize our website and our advertising.
With a modern web browser, you can monitor, restrict, and prevent the use of cookies. Deactivating cookies may result in limited functionality on our website. By using our website, you consent to the processing of the data collected about you by Google in the manner and for the purposes described above.
23. Google Web Fonts
Type and scope of processing
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service for providing fonts for our online offering. To access these fonts, you establish a connection to Google Ireland Limited's servers, whereby your IP address is transmitted.
Purpose and legal basis
Google Fonts is used on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. GDPR and Section 25 (1) TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where no adequacy decision by the European Commission exists (e.g. in the USA), we have agreed on other appropriate safeguards with the recipients of the data within the meaning of Articles 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before such a third country transfer, we will obtain your consent in accordance with Article 49 (1) sentence 1 lit. a. GDPR, which you grant via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that transfers to third countries may involve risks that are unknown in detail (e.g., data processing by security authorities in the third country, the exact scope of which and its consequences for you are unknown to us, over which we have no influence, and of which you may not be aware).
Storage period
The specific storage period of the processed data is beyond our control; it is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.
Status: July 2023