Information
Privacy policy
Privacy Policy Tobi GmbH&Co.KG
All personal data will be treated confidentially. Our privacy practices comply with the Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GDPR). Below, we inform you about the details of data protection:
Controller in accordance with the GDPR and the BDSG:
Tobi GmbH&Co.KG
Christian Pihale Wildmoos 2, 82266 Inning am Ammersee
Fax: 08143/99949-199
Email: info@babybay.de
The controller is solely or jointly responsible with others for processing personal data (e.g., names, contact details, etc.).
Data Protection Officer:
You can reach the Data Protection Officer at:
Tobi GmbH&Co. KG
Christian Pihale
Wildmoos 2, 82266 Inning am Ammersee
Email: datenschutz@babybay.de
Fax: 08143/99949-199
1. The reasons for data collection
We collect and process your data to provide our website and to offer you the best possible service by granting convenient access to our services.
2. What data is collected, processed, or used?
2.1 Visiting our website
When you access our website, our servers automatically collegeneral information, particularly for of establishing a connection, ensuring functionality, and system security. This includes the type of browser used, the operating system used, the domain name of the Internet service provider, the connection data of the computer used (IP address), the website from which you visit us (Referrer URL), the pages you visit on our website, as well as the date and duration of the visit. Inferences about specific individuals based on this data are not possible for us due to pseudonymization.
2.2 Contact Form
Personal data will be collected when you contact us via a contact form. The data collected can be seen from the contact form. This data is stored for the purpose of processing your inquiry. Mandatory information is marked with an asterisk (*), while all other information is voluntary. The data collected in connection with the contact form will be deleted as soon as the storage is no longer necessary, or we will restrict processing if there are legal retention obligations.
The legal basis for the processing of your personal data is Article 6(1)(b) of the General Data Protection Regulation (GDPR) if your contact is related to the conclusion of a contract. Otherwise, it is our legitimate interest to respond to your inquiries, and in this case, the legal basis is Article 6(1)(f) of the GDPR.
Data transmitted via the contact form, including your contact details, will be stored to process your request or to be available for follow-up questions. Without your consent, this data will not be disclosed to third parties.
The processing of data entered into the contact form is based solely on your consent in accordance with Article 6(1)(a) of the GDPR. You have the right to revoke your consent at any time. A revocation can be made informally via email. The legality of data processing operations carried out until the revocation remains unaffected by the revocation.
The data transmitted via the contact form will remain with us until you request us to delete it, revoke your consent for storage, or there is no longer a need for data storage. Mandatory legal provisions - especially retention periods - remain unaffected.
2.3 Newsletter Subscription and Dispatch
You can subscribe to our free email newsletter to stay informed about current and interesting offers. The subscription to the newsletter is based on your consent in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR). You have the right to revoke your consent at any time. You can unsubscribe from the newsletter at any time by sending a message to the controller, as indicated at the beginning of our privacy policy, for example, by emailing info@babybay.de.
If you have provided us with your email address during the purchase of goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email. This is based on our legitimate interest in transmitting personalized direct advertising in accordance with Article 6(1)(f) of the GDPR. If you initially objected to the use of your email address for this purpose, no email dispatch will take place for this purpose by us. Even if you did not initially object, you have the right to object to the use of your email address for this advertising purpose at any time with effect for the future. To do this, a message to the controller, as indicated at the beginning of our privacy policy, is sufficient. Only transmission costs according to the basic tariffs will be incurred. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.
2.4 Newsletter Data
In order to send you the newsletter, we require your email address. This address will be verified, and receiving the newsletter requires your consent. No further data will be collected unless provided voluntarily. The data will be used solely for the purpose of sending the newsletter.
The data provided during the newsletter subscription will be processed based solely on your consent in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR). You have the right to revoke your consent at any time. To do so, a simple notification via email or using the "Unsubscribe" link in the newsletter is sufficient. The legality of data processing operations carried out before the revocation remains unaffected by the revocation.
The data entered during the setup of the newsletter subscription will be deleted in case of unsubscribing. If these data have been transmitted to us for other purposes and in other places, they will remain with us.
2.5 Data Processing for Opening a Customer Account / Registration
When you open a customer account or register on our website, we collect and process the personal data you provide to us during this process. The legal basis for this data processing is Article 6(1)(b) of the General Data Protection Regulation (GDPR), as it is necessary for the performance of the contract or for opening a customer account.
The data you provide can be found in the respective input forms. You can delete your customer account at any time by sending a message to the contact address of the controller. We use the data you provide for the processing of the contract between you and us. After the contract has been fully processed or your customer account has been deleted, your data will be blocked considering tax and commercial retention periods and will be deleted after the expiration of these periods, unless you have expressly consented to further use of your data or if we reserve the right to use your data for other legally permissible purposes, about which we inform you in this privacy policy.
For using certain functions of our website, registration is required. The data you transmit will be used solely for the purpose of using the respective offer or service. It is important that you provide the mandatory information requested during registration in full, as otherwise, we may have to reject the registration.
In case of important changes, for example due to technical reasons, concerning the registration, we will inform you via email. The email will be sent to the address you provided during registration.
The processing of data entered during registration is based on your consent in accordance with Article 6(1)(a) of the GDPR. You have the right to revoke your consent at any time. A revocation can be made informally via email. The legality of data processing operations carried out until the revocation remains unaffected by the revocation.
We store the data collected during registration for the duration you are registered on our website. Your data will be deleted as soon as you cancel your registration. Legal retention periods remain unaffected by this.
2.6 Data Processing for Guest Order
You have the option to place an order without registering a customer account. Even in this case, personal data will be collected and processed in accordance with Article 6(1)(b) of the General Data Protection Regulation (GDPR). The data collected and processed can be seen from the respective input forms. We store and use the data you provide for the purpose of processing the guest order. After the contract has been fully processed, your data will be blocked considering tax and commercial retention periods and will be deleted after the expiration of these periods unless you have expressly consented to further use of your data or if we reserve the right to use your data for other legally permissible purposes, about which we inform you in this privacy policy.
2.7 Data Processing for Order Processing - Data Transfer to Third Parties
Personal data will only be transferred to third parties if it is necessary for the processing of the contract for the purchase and shipment of goods. These third parties may include shipping service providers such as DHL Deutsche Post AG, DPD Deutschland GmbH, or other designated carriers responsible for the delivery.
The transmission of your personal data to the transport company is only carried out to the extent necessary for the proper delivery of the goods. In the case of freight items, we also provide the transport company with your phone number to facilitate the arrangement of the delivery date.
Further transmission of your data to third parties does not take place unless you have expressly consented to it.
The legal basis for this data processing is Article 6(1)(b) of the General Data Protection Regulation (GDPR), which allows the processing of data for the performance of a contract or pre-contractual measures, and Article 6(1)(f) of the GDPR, which permits the processing for the protection of legitimate interests.
Data transfer to payment service providers and credit checks.
PayPal:
We have integrated components from PayPal, an online payment service provider, on our website. PayPal allows payments through so-called PayPal accounts, which are virtual private or business accounts. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., with its registered office in Luxembourg.
If you choose the payment option "PayPal" during the checkout process in our online shop, data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of personal data required for payment processing. The transmitted data typically includes first name, last name, address, email address, IP address, phone number, mobile phone number, or other data necessary for payment processing, including data related to the respective order.
The transmission is for payment processing and fraud prevention purposes. We will transmit personal data to PayPal, especially when there is a legitimate interest for the transmission. PayPal may use personal data in collaboration with credit agencies for identity and credit checks.
If necessary, PayPal may share the personal data with affiliated companies and service providers or subcontractors to the extent required for the fulfillment of contractual obligations or when the data is to be processed on behalf.
You have the option to revoke your consent for the processing of personal data at any time with PayPal. Please note that revoking consent does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing.
The transmission of your payment data to PayPal is based on your consent in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR) and the processing for the performance of a contract in accordance with Article 6(1)(b) of the GDPR. Revoking your consent is possible at any time, while data processing that has already taken place remains unaffected.
You can access the applicable privacy policy of PayPal at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
PayPal Checkout:
This website uses PayPal Checkout, an online payment system provided by PayPal, which consists of PayPal's own payment methods and local payment methods from third-party providers. When paying via PayPal, credit card via PayPal, direct debit via PayPal, or, if offered, "Pay Later" via PayPal, we will transmit your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The transmission is carried out in accordance with Article 6(1)(b) of the General Data Protection Regulation (GDPR) and only to the extent necessary for payment processing.
For the payment methods credit card via PayPal, direct debit via PayPal, or, if offered, "Pay Later" via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be transmitted to credit agencies by PayPal in accordance with Article 6(1)(f) of the GDPR, based on PayPal's legitimate interest in determining your creditworthiness. PayPal uses the result of the credit check regarding the statistical probability of payment default for the purpose of deciding on the provision of the respective payment method. The credit check result may include probability values (so-called score values). If score values are included in the credit check result, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of score values, but not exclusively. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.
When selecting the PayPal payment method "Invoice Payment," your payment data will be initially transmitted to PayPal to prepare the payment, after which PayPal will forward this data to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") to carry out the payment. The legal basis is Article 6(1)(b) of the GDPR. In this case, RatePay conducts an identity and credit check in its own name to determine creditworthiness in accordance with the principle mentioned above and, based on the legitimate interest in determining creditworthiness according to Article 6(1)(f) of the GDPR, forwards your payment data to credit agencies. A list of the credit agencies that Ratepay can access can be found here: https://www.ratepay.com/legal-payment-creditagencies/
When using the payment method of a local third-party provider, your payment data will be initially transmitted to PayPal in accordance with Article 6(1)(b) of the GDPR to prepare the payment. Depending on your selection of an available local payment method, PayPal will then transmit your payment data to the corresponding provider for the purpose of carrying out the payment in accordance with Article 6(1)(b) of the GDPR:
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
For further data protection information, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
3. Integration of YouTube Videos
On our website, we have embedded YouTube videos that are stored on http://www.YouTube.com and can be played directly from our website. These videos are all embedded in "privacy-enhanced mode," which means that no data about you as a user will be transmitted to YouTube unless you play the videos. Only when you play the videos, certain data will be transferred.
By visiting our website, YouTube receives the information that you have accessed the corresponding subpage of our website. This data transmission includes your IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred, website from which the request comes, browser, operating system, and its interface, language, and version of the browser software. This data transmission occurs regardless of whether you are logged into YouTube or whether you have a user account.
We have no control over this data transmission. If you are logged into your Google account, your data will be directly associated with your account. If you do not wish to be associated with your YouTube profile, you must log out before activating the button.
YouTube stores your data as usage profiles and uses them for advertising, market research, and/or customizing its website. Such evaluations are also carried out for users who are not logged in to enable targeted advertising and inform other users of the social network about your activities on our website.
You have the right to object to the creation of these user profiles. To do so, you must directly contact YouTube.
For more information about the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy at https://www.google.com/intl/en/policies/privacy. Google also processes your personal data in the United States and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR).
4. Integration of Google Maps
Nature and Scope of Processing:
We use the map service Google Maps from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to display interactive maps. When you access this content on our website, data such as your IP address and, if applicable, browser data (e.g., user agent) will be transmitted to servers of Google Ireland Limited. This data is processed solely for the purpose of providing directions and maintaining the security and functionality of Google Maps.
Purpose and Legal Basis:
The use of Google Maps is based on your consent in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR) and Section 25(1) of the German Federal Data Protection Act (BDSG).
Data Transfer to Third Countries:
We intend to transfer personal data to third countries outside the European Economic Area, especially the USA. In case there is no adequacy decision by the European Commission (e.g., for the USA), we have agreed on appropriate safeguards with the recipients of the data in accordance with Articles 44 ff. of the GDPR. Unless otherwise indicated, these safeguards are based on the standard contractual clauses of the European Commission as per Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
Furthermore, we obtain your consent in accordance with Article 49(1)(a) of the GDPR before such transfer to a third country, which you provide via the consent manager (or other forms, registrations, etc.). We would like to inform you that there may be specific unknown risks associated with transfers to third countries (e.g., data processing by security authorities of the third country, the precise scope of which and the consequences for you are unknown to us and beyond our control, and of which you may not be aware).
Storage Duration:
The specific storage duration of the processed data is not within our sphere of influence but is determined by Google Ireland Limited. For further information, please refer to the privacy policy for Google Maps: https://policies.google.com/privacy.
5. Raffles/Contests
From time to time, you have the opportunity to participate in raffles or contests on our website. In the context of these raffles, personal data such as email address, name, address, and, if necessary, other data necessary for the raffle may also be collected and stored. The personal information you provide to us will be used exclusively for the purpose of conducting the raffle (e.g., for determining the winners, notifying the winners, and delivering the prize). In the context of the raffle, we will inform each participant specifically about the data processing related to the respective raffle. After the conclusion of our raffles, the data of the participants will be deleted.
6. Deletion
Personal data will be deleted or blocked as soon as the purpose of storage ceases to exist or if you request deletion. Data will also be deleted when a storage period required by law expires, unless there is a need for further storage of the data for contract conclusion or fulfillment or if you have given your consent for such storage.
7. Cookies
Our website uses cookies to make the use of the website attractive and to take into account the preferences of website visitors. Cookies are small text files that your web browser stores on your device and allow the identification of the browser when you revisit the website.
Some cookies are called "session cookies" and are automatically deleted when you end your browser session. Other cookies remain on your device until you delete them and help us recognize you when you return to our website.
You have the option to monitor, restrict, or block the setting of cookies. Most web browsers can be configured to automatically delete cookies when you close the program. However, please note that disabling cookies may result in limited functionality of our website.
The legal basis for processing cookies necessary for the execution of electronic communication processes or for providing certain functions you desire (e.g., shopping cart) is Art. 6(1)(f) of the GDPR. As the operator of this website, we have a legitimate interest in storing these cookies to provide our services technically error-free and smoothly. If other cookies (e.g., for analytical functions) are set, they will be treated separately in this privacy policy.
You can prevent the storage of cookies on your hard drive by adjusting the browser settings accordingly. Already set cookies can be deleted at any time. Information on this can be found in the respective browser's instructions.
8. Data integrity
We take measures to secure our website and other systems against loss, destruction, access, alteration, or dissemination of your data by unauthorized individuals. The transmission of data depends on the browser used and is encrypted using SSL encryption ranging from 128-bit to 256-bit. Despite regular checks and continuous improvement of our security measures, complete protection against all dangers is not possible.
9. Google AdWords Remarketing
Our website utilizes the features of Google AdWords Remarketing to advertise this website in Google search results as well as on third-party websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). For this purpose, Google places a cookie in your browser, which enables interest-based advertising automatically through a pseudonymous cookie ID, based on the pages you have visited. The processing is carried out on the basis of our legitimate interest in the optimal marketing of our website in accordance with Art. 6 para. 1 lit. f) GDPR.
Further data processing will only occur if you have consented to Google linking your internet and app browsing history with your Google account and using information from your Google account to personalize ads that you view on the web. If you are logged into Google during your visit to our website in such a case, Google uses your data together with Google Analytics data to create and define target audience lists for cross-device remarketing. Your personal data will be temporarily linked with Google Analytics data by Google for this purpose, to create target audiences. You can permanently disable the setting of cookies for ad preferences by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/
Alternatively, you can obtain information about setting cookies and make changes to your preferences at the Digital Advertising Alliance's website: www.aboutads.info. Lastly, you can configure your browser to inform you about the setting of cookies and individually decide on their acceptance or block cookies for specific cases or altogether. The functionality of our website may be restricted if you do not accept cookies.
Google LLC, based in the USA, is certified under the US-European data protection agreement "Privacy Shield," which ensures compliance with the data protection standards applicable in the EU. For more information and Google's privacy policy concerning advertising, you can visit: http://www.google.com/policies/technologies/ads/
10. Use of Google Analytics for Web Analysis
Type and Scope of Processing:
To statistically analyze our online offering, we use Google Analytics by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This involves analyzing data such as the number of page views, visited subpages, and the duration of visitors' stays. Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users. This information is used, among other things, to create reports about website activity.
Purpose and Legal Basis:
The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.
Data Transfer to Third Countries:
We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. In cases where there is no adequacy decision by the European Commission (e.g., for the USA), we have agreed on appropriate safeguards with the data recipients in accordance with Art. 44 ff. GDPR. Unless otherwise indicated, these safeguards are based on the EU Commission's standard contractual clauses according to Implementing Decision (EU) 2021/914 of 4 June 2021. You can access a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.
Furthermore, we obtain your consent pursuant to Art. 49 para. 1 sentence 1 lit. a GDPR before transferring data to such a third country. You can provide this consent through the consent manager (or other forms, registrations, etc.). We would like to inform you that there may be unknown risks associated with transfers to third countries (e.g., data processing by security authorities of the third country, the exact extent of which and its consequences for you we do not know, over which we have no control, and which you may not become aware of under certain circumstances).
Storage Duration:
The specific storage duration of the processed data is not within our control but is determined by Google Ireland Limited. For more information, please refer to the Privacy Policy for Google Analytics: https://policies.google.com/privacy.
11. Use of Social Media Plug-ins
11.1 Which providers do we use?
Currently, we use the following social media plug-ins: Facebook, Instagram, Google+, Pinterest. We employ the so-called two-click solution. This means that when you visit our site, no personal data is initially transmitted to the providers of these plug-ins. You can recognize the provider of the plug-in by the marking on the box displaying its initial letter or logo. We provide you with the option to communicate directly with the plug-in provider through the button. Only when you click on the marked field and activate it, does the plug-in provider receive the information that you have accessed the corresponding website of our online offering. Additionally, the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, data volume transferred, website from which the request originates, browser, operating system, and its interface, language, and version of the browser software are transmitted.
According to the respective providers, in Germany, the IP address is anonymized immediately after collection in the case of Facebook. By activating the plug-in, your personal data is thus transmitted to the respective plug-in provider and stored there (for US-based providers, this may be in the USA). As the plug-in provider collects data primarily through cookies, we recommend that you delete all cookies from your browser's security settings before clicking on the grayed-out box.
(Note: The original text refers to Google+ which is no longer available as a social media platform. You may want to update the text to include other relevant platforms like Twitter or LinkedIn, based on your actual usage.)
11.2 No Influence by Us
We have no control over the data collected and the data processing operations carried out by the social media plug-in providers. We are also not aware of the full extent of data collection, the purposes of processing, or the storage periods. Furthermore, we do not have information about the deletion of data collected by the plug-in providers. As a result, we recommend that you refer to the privacy policies of the respective plug-in providers to obtain more information about their data processing practices and how they handle the data collected through their plug-ins.
11.3 Use by Providers
The plug-in provider stores the data collected about you as usage profiles and uses them for advertising, market research, and/or to tailor their website to meet specific user needs. Such analysis is carried out, particularly for users who are not logged in, to display targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and to exercise this right, you must contact the respective plug-in provider. Through the use of these plug-ins, we offer you the opportunity to interact with social networks and other users, allowing us to improve our offering and make it more interesting for you as a user. The legal basis for using the plug-ins is Art. 6 para. 1 sentence 1 lit. f) GDPR.
11.4 Data Sharing
The data is shared regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider's account, the data collected by us will be directly associated with your existing account with the plug-in provider. When you activate the button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it with your contacts publicly. We recommend that you regularly log out of social media networks, especially before activating the button, as this can prevent the association of data with your profile at the plug-in provider.
11.5 Privacy Policies of the Providers
Further information on the purpose and scope of data collection and its processing by the plug-in providers can be found in the privacy policies of these providers, as indicated below. There, you will also find additional information about your rights and options for protecting your privacy.
Addresses of the respective plug-in providers and URLs with their privacy policies:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications, and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is certified under the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA; https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy.
Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google is certified under the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA; https://about.pinterest.com/de/privacy-policies.
11.6 Facebook Pixel
On our website, we use the Facebook Pixel, a Facebook Business tool provided by Facebook Ireland Limited (Ireland, EU), and Facebook Ads by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can find information about the contact details of Facebook Ireland and Meta Platforms Ireland Limited, as well as the contact details of the data protection officer of Facebook Ireland, in Facebook Ireland's data policy at https://www.facebook.com/about/privacy and Meta Platforms Ireland Limited's privacy policy at https://www.facebook.com/privacy/explanation.
The Facebook Pixel is a JavaScript code snippet that allows us to track the activities of visitors on our website, known as Conversion Tracking. The Facebook Pixel collects and processes various information, such as information about actions and activities of visitors on our website, specific pixel information such as the pixel ID and the Facebook cookie, information about buttons clicked by visitors on the website, as well as information present in HTTP headers, such as IP addresses, information about the web browser, the location of the page, and the referrer, and information about the status of deactivation/restriction of ad tracking.
Some of this event data consists of information stored on your used device. Furthermore, cookies are also used via the Facebook Pixel to store information on your used device. Such storage of information by the Facebook Pixel or access to information already stored on your device is only done with your consent.
Facebook Ads allows us to create Custom Audiences, segmenting groups of visitors of our online offering, determining conversion rates, and subsequently optimizing them, especially when you interact with advertisements that we have placed with Meta Platforms Ireland Limited.
The event data collected through the Facebook Pixel and Facebook Ads is used for targeting our advertisements and improving ad delivery, personalizing features and content, and enhancing and securing Facebook products.
The processing of event data through the Facebook Pixel and Facebook Ads only takes place if you have given your prior consent. The legal basis for the collection and transmission of personal data by us to Facebook Ireland and Meta Platforms Ireland Limited is therefore Art. 6 para. 1 lit. a GDPR. You can withdraw your consent via our consent management.
This collection and transmission of event data is carried out by us, Facebook Ireland, and Meta Platforms Ireland Limited as joint controllers. We have concluded agreements with Facebook Ireland and Meta Platforms Ireland Limited, respectively, concerning the processing as joint controllers, which determine the distribution of data protection obligations between us and the companies.
For the subsequent processing of the transmitted event data, Facebook Ireland, and Meta Platforms Ireland Limited are solely responsible. For more information on how Facebook Ireland and Meta Platforms Ireland Limited process personal data, including the legal bases on which they rely, and the options for exercising your rights with respect to the companies, please refer to Facebook Ireland's data policy at https://www.facebook.com/about/privacy and Meta Platforms Ireland Limited's privacy policy at https://www.facebook.com/privacy/explanation.
In addition, we have also commissioned Facebook Ireland to create reports on the effectiveness of our advertising campaigns and other online content (campaign reports), as well as to create analyses and insights about users and their use of our website, products, and services (analyses) based on the event data collected via the Facebook Pixel. For this purpose, we transmit personal data contained in the event data to Facebook Ireland and Meta Platforms Ireland Limited. The transmitted personal data is processed by Facebook Ireland and Meta Platforms Ireland Limited as our processors to provide us with the campaign reports and analyses.
The processing of personal data for the creation of analyses and campaign reports only takes place if you have given your prior consent. The legal basis for this processing of personal data is therefore Art. 6 para. 1 lit. a GDPR. The transfer of data to Facebook Inc. in the USA cannot be ruled out. The legal basis for this transfer is the Standard Contractual Clauses for the transfer of personal data to processors in third countries. Please refer to the section "Data Transfer to Third Countries" for more information. The specific storage period of the processed data is not within our control but is determined by Facebook Ireland and Meta Platforms Ireland Limited. For more information, please refer to the privacy policy for Facebook Pixel: https://www.facebook.com/privacy/explanation.
11.7 TikTok Pixel
On our website, we use the TikTok Pixel, a TikTok advertiser tool provided by both TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both collectively referred to as "TikTok" hereinafter).
The TikTok Pixel is a JavaScript code snippet that allows us to understand and track the activities of visitors on our website. The TikTok Pixel collects and processes information about the visitors of our website or the devices they use (so-called event data).
The event data collected through the TikTok Pixel is used for targeting our advertisements and improving ad delivery and personalized advertising. For this purpose, the event data collected on our website via the TikTok Pixel is transmitted to TikTok.
Some of this event data consists of information stored on your used device. Furthermore, cookies are also used via the TikTok Pixel to store information on your used device. Such storage of information by the TikTok Pixel or access to information already stored on your device is only done with your consent. The legal basis for the collection and transmission of personal data by us to TikTok is therefore Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time via our consent management tool.
This collection and transmission of event data is carried out by us and TikTok as joint controllers. We have concluded an agreement with TikTok concerning the processing as joint controllers, which determines the distribution of data protection obligations between us and TikTok. In this agreement, we and TikTok have agreed, among other things, that we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR about the joint processing of personal data, and that TikTok is responsible for enabling the rights of data subjects pursuant to Art. 15 to 20 GDPR regarding the personal data stored by Facebook Ireland after the joint processing. You can access the agreement concluded between us and TikTok at https://ads.tiktok.com/i18n/official/article?aid=300871706948451871.
For the subsequent processing of the transmitted event data, TikTok is solely responsible. For more information on how TikTok processes personal data, including the legal basis on which TikTok relies, and the options for exercising your rights against TikTok, please refer to TikTok's data policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE.
12. Job Applications
We also collect and process personal data from job applicants for the purpose of handling the application process conducted by us. This processing may also take place electronically. This is the case whenever the applicant submits application documents to us electronically, such as via email or through a web form implemented on our website.
If we enter into an employment contract with an applicant, the data transmitted will be stored for the purpose of handling the employment relationship in compliance with legal regulations. However, if no employment contract is concluded between us and the applicant, the application documents will be deleted four months after the decision to reject the application, provided that there are no other legitimate interests of the data controller that would oppose the deletion. Another legitimate interest in this sense, for example, would be the need to provide evidence in a legal proceeding under the General Equal Treatment Act (AGG).
We aim to evaluate all applicants solely based on their qualifications and therefore kindly request that applicants refrain from providing information regarding racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the unique identification of a natural person, health data, or data concerning sexual life or sexual orientation in their application.
13. Rights of the data subject
If your personal data is processed by us, you are a data subject within the meaning of the General Data Protection Regulation (GDPR), and you have the following rights vis-à-vis the data controller:
13.1 Right to information
You have the right to request confirmation from the data controller whether personal data concerning you is being processed by us.
If such processing is taking place, you can request the following information from the data controller:
- The purposes for which the personal data is being processed.
- The categories of personal data being processed.
- The recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed.
- The planned duration of storage of the personal data concerning you or, if specific information about this is not possible, the criteria used to determine the storage period.
- The existence of the right to rectify or erase the personal data concerning you, the right to restrict processing by the data controller, or the right to object to such processing.
- The existence of the right to lodge a complaint with a supervisory authority.
- All available information about the source of the data if the personal data was not collected from the data subject.
(Note: This translation includes the relevant rights based on the context of data protection and privacy regulations. The specific rights may vary depending on the applicable laws and regulations in your jurisdiction.)
13.2 Right to rectification
You have the right to request the data controller to correct and/or complete any personal data concerning you if it is inaccurate or incomplete. The data controller must make the correction without undue delay.
13.3 Right to restriction of processing
Under the following conditions, you can request the restriction of processing of your personal data:
1. If you contest the accuracy of your personal data, the processing will be restricted for a period during which the data controller can verify the accuracy of the personal data.
2. If the processing is unlawful, and you oppose the erasure of the personal data, but instead, you request the restriction of its use.
3. If the data controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims, or if you have objected to processing pursuant to Article 21(1) of the GDPR, pending the verification whether the legitimate grounds of the data controller override your reasons.
When the processing of your personal data is restricted based on the above conditions, except for storage, the data can only be processed with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.
If the processing restriction is applied in accordance with the mentioned conditions, you will be informed by the data controller before the restriction is lifted.
13.4 Right to Erasure
You have the right to request the data controller to promptly erase the personal data concerning you, and the data controller is obligated to delete this data without undue delay if one of the following reasons applies:
1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
2. You withdraw your consent on which the processing was based according to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
3. You object to the processing pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
4. The personal data concerning you has been unlawfully processed.
5. The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the data controller is subject.
6. The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
Information to Third Parties
If the data controller has made your personal data publicly available and is obligated to delete it according to Article 17(1) of the GDPR, the data controller shall take reasonable steps, including technical measures, with consideration to available technology and implementation costs, to inform other data controllers processing the personal data about your request for the erasure of any links to, or copies or replications of, this personal data.
Exceptions
The right to erasure does not apply in situations where the processing is necessary:
1. For exercising the right of freedom of expression and information.
2. For compliance with a legal obligation that requires processing according to the laws of the European Union or its member states, to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
3. For reasons of public interest in the area of public health, as outlined in Article 9(2)(h) and (i), and Article 9(3) of the GDPR.
4. For the establishment, exercise, or defense of legal claims.
13.5 Right to information
If you have exercised your right to rectification, erasure, or restriction of processing with the data controller, the data controller is obligated to communicate these corrections or deletions of data or restrictions of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves isproportionate deffort. You have the right to be informed about these recipients by the data controller.
13.6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. This right applies if the processing is based on your consent according to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or on a contract according to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means.
Additionally, you have the right to transmit this data to another data controller without hindrance from us, where technically feasible, and provided that it does not adversely affect the rights and freedoms of others. However, we will only implement such direct transmission to another data controller if it is technically feasible.
The data will be provided in a machine-readable format that allows you to easily use and transmit the information to third parties.
13.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. The data controller shall no longer process the personal data concerning you unless they demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, including profiling related to such direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes. If you object to the processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
You have the option to exercise your right to object in relation to the use of information society services, notwithstanding Directive 2002/58/EC, through automated means using technical specifications.
13.8 Right to withdraw consent
You have the right to withdraw your consent to the processing of your personal data at any time. Some data processing operations can only be carried out with your explicit consent. You can revoke your previously given consent at any time. To do so, a simple notification by email is sufficient.
The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The legality of data processing carried out before the withdrawal remains unaffected by the revocation.
13.9 Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way. This does not apply if the decision is necessary for entering into or performing a contract between you and the data controller, is authorized by Union or Member State law to which the data controller is subject, and that law includes appropriate measures to safeguard your rights, freedoms, and legitimate interests, or if you have explicitly consented to the decision.
However, these decisions cannot be based on special categories of personal data according to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies, and adequate measures to safeguard your rights, freedoms, and legitimate interests have been taken.
13.10 Right to lodge a complaint with a supervisory authority
As a data subject, you have the right to lodge a complaint with the competent supervisory authority in the event of a violation of data protection regulations. Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, especially in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.
The competent supervisory authority for data protection matters is the data protection officer of the federal state in which our company is located. You can find a list of data protection officers and their contact details at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
The supervisory authority to which the complaint has been submitted will inform you about the progress and the outcome of the complaint, including the possibility of a judicial remedy according to Article 78 of the GDPR.
14. SSL/TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as the website operator, our website uses SSL/TLS encryption. This ensures that data you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line in your browser and the padlock symbol in the browser bar.
15. Server log files
The provider of the website automatically collects and stores information in server log files that your browser automatically transmits to us. This information includes:
• Visited page on our domain
• Date and time of the server request
• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• IP address
These data are not merged with other data sources. The basis for data processing is Article 6(1)(b) of the GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
16. Google CDN (Content Delivery Network)
Type and scope of processing:
We use Google CDN to ensure the proper delivery of content on our website. Google CDN is a service provided by Google Ireland Limited that functions as a Content Delivery Network (CDN) on our website. A CDN helps to deliver content of our online offering, especially files like graphics or scripts, faster by utilizing servers distributed regionally or internationally. When you access these contents, you establish a connection to servers operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and your IP address and, if applicable, browser data such as your user-agent, are transmitted. These data are processed solely for the purposes mentioned above and to maintain the security and functionality of Google CDN.
Purpose and legal basis:
The use of the Content Delivery Network is based on our legitimate interests, namely the interest in providing a secure and efficient delivery and optimization of our online offering, according to Article 6(1)(f) of the GDPR.
We intend to transfer personal data to third countries outside the European Economic Area, particularly the United States. In cases where no adequacy decision by the European Commission exists (e.g., for the United States), we have entered into other appropriate safeguards with the data recipients in accordance with Articles 44 et seq. of the GDPR. These are, unless otherwise specified, the EU Commission's Standard Contractual Clauses as per Implementing Decision (EU) 2021/914 of 4 June 2021. You can access a copy of these Standard Contractual Clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
Storage duration:
The specific storage duration of the processed data is not influenced by us but determined by Google Ireland Limited. Further information can be found in the privacy policy for Google CDN: https://policies.google.com/privacy.
17. Google reCAPTCHA
Type and scope of processing: We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service provided by Google Ireland Limited, which allows us to distinguish whether a contact request is made by a natural person or automated by a program. When you access these contents, you establish a connection to servers operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and your IP address and, if applicable, browser data such as your user-agent are transmitted. Additionally, Google reCAPTCHA records the duration of user interactions and mouse movements to distinguish automated requests from human interactions. These data are processed solely for the purposes mentioned above and to maintain the security and functionality of Google reCAPTCHA.
Purpose and legal basis:
The use of Google reCAPTCHA is based on your consent according to Article 6(1)(a) of the GDPR and § 25(1) of the TTDSG (German Telemedia Act).
We intend to transfer personal data to third countries outside the European Economic Area, particularly the United States. In cases where no adequacy decision by the European Commission exists (e.g., for the United States), we have entered into other appropriate safeguards with the data recipients in accordance with Articles 44 et seq. of the GDPR. These are, unless otherwise specified, the EU Commission's Standard Contractual Clauses as per Implementing Decision (EU) 2021/914 of 4 June 2021. You can access a copy of these Standard Contractual Clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
Furthermore, before any such transfer to a third country, we will obtain your consent according to Article 49(1)(a) of the GDPR, which you provide via the Consent Manager (or other forms, registrations, etc.). We want to highlight that Dritland transfers may involve risks that are unknown in detail (e.g., data processing by security authorities of the third country, the exact scope of such processing, and its consequences for you, of which we have no knowledge and no control, and you may not be aware of).
Storage duration:
The specific storage duration of the processed data is not influenced by us but determined by Google Ireland Limited. Further information can be found in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.
18. Google DoubleClick
Type and scope of processing:
We have integrated components of DoubleClick by Google on our website. DoubleClick is a brand of Google that primarily offers special online marketing solutions to advertising agencies and publishers. DoubleClick by Google transfers data to its servers with each impression, click, or other activities. Each of these data transmissions triggers a cookie request to the browser of the individual concerned. If the browser accepts this request, DoubleClick sets a cookie in your browser. DoubleClick uses a cookie ID that is required for the technical process, such as displaying an advertisement in a browser. DoubleClick can also use the cookie ID to determine which advertisements have already been displayed in a browser to avoid duplicate advertisements. Furthermore, through the cookie ID, DoubleClick can track conversions. Conversions are recorded, for example, when a user has previously been shown a DoubleClick advertisement and subsequently makes a purchase on the advertiser's website using the same internet browser. A DoubleClick cookie does not contain personal data, but it may contain additional campaign identifiers. A campaign identifier serves to identify campaigns with which you have already interacted on other websites. As part of this service, Google obtains knowledge of data that is also used to create commission settlements. Among other things, Google can track that you have clicked on certain links on our website. Your data will be forwarded to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, in this case. Further information and the applicable privacy policy for DoubleClick by Google can be accessed at https://policies.google.com/privacy.
Purpose and legal basis:
We process your data using the DoubleClick cookie for the purpose of optimizing and displaying advertisements based on your consent in accordance with Article 6(1)(a) of the GDPR and § 25(1) of the TTDSG (German Telemedia Act). You give your consent through the setting for the use of cookies (cookie banner / consent manager) and you can revoke it with future effect at any time in accordance with Article 7(3) of the GDPR. The cookie is used, among other things, to display and present user-relevant advertising and to create or improve reports on advertising campaigns. Furthermore, the cookie serves to avoid multiple displays of the same advertisement. With each access to one of the individual pages of our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data for the purpose of online advertising and commission settlements to Google. There is no legal or contractual obligation to provide your data. If you do not give us your consent, you can still visit our website without any restrictions, but some features may not be fully available.
We intend to transfer personal data to third countries outside the European Economic Area, particularly the United States. In cases where no adequacy decision by the European Commission exists (e.g., for the United States), we have entered into other appropriate safeguards with the data recipients in accordance with Articles 44 et seq. of the GDPR. These are, unless otherwise specified, the EU Commission's Standard Contractual Clauses as per Implementing Decision (EU) 2021/914 of 4 June 2021. You can access a copy of these Standard Contractual Clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
Furthermore, before any such transfer to a third country, we will obtain your consent according to Article 49(1)(a) of the GDPR, which you provide via the Consent Manager (or other forms, registrations, etc.). We want to highlight that Dritland transfers may involve risks that are unknown in detail (e.g., data processing by security authorities of the third country, the exact scope of such processing, and its consequences for you, of which we have no knowledge and no control, and you may not be aware of).
Storage duration:
The specific storage duration of the processed data is not influenced by us but determined by Google Ireland Limited. Further information can be found in the privacy policy for Google DoubleClick: https://policies.google.com/privacy.
19. Google Tag Manager
Type and scope of processing:
We use Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through an interface, allowing us to control the precise integration of services on our website. This allows us to flexibly integrate additional services to evaluate users' access to our website.
Purpose and legal basis:
The use of Google Tag Manager is based on your consent in accordance with Article 6(1)(a) of the GDPR and § 25(1) of the TTDSG (German Telemedia Act).
We intend to transfer personal data to third countries outside the European Economic Area, particularly the United States. In cases where no adequacy decision by the European Commission exists (e.g., for the United States), we have entered into other appropriate safeguards with the data recipients in accordance with Articles 44 et seq. of the GDPR. These are, unless otherwise specified, the EU Commission's Standard Contractual Clauses as per Implementing Decision (EU) 2021/914 of 4 June 2021. You can access a copy of these Standard Contractual Clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
Furthermore, before any such transfer to a third country, we will obtain your consent according to Article 49(1)(a) of the GDPR, which you provide via the Consent Manager (or other forms, registrations, etc.). We want to highlight that Dritland transfers may involve risks that are unknown in detail (e.g., data processing by security authorities of the third country, the exact scope of such processing, and its consequences for you, of which we have no knowledge and no control, and you may not be aware of).
Storage duration:
The specific storage duration of the processed data is not influenced by us but determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
20. Pinterest Plugin
Our website uses features of the social network Pinterest, provided by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA.
When you access a page with Pinterest features, your browser establishes a direct connection to Pinterest's servers. Log data is transmitted to Pinterest's servers. The servers are located in the USA. The log data may include your IP address, visited websites, browser type and settings, date and time of the request, your use of Pinterest, and cookies.
For more details, please refer to Pinterest's privacy policy: https://about.pinterest.com/en/privacy-policy.
21. Google Ads
Type and Scope of Processing:
We have integrated Google Ads on our website. Google Ads is a service provided by Google Ireland Limited that displays targeted advertisements to users. Google Ads uses cookies and other browser technologies to analyze user behavior and recognize users.
Google Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of the advertisements. Furthermore, Google Ads delivers targeted advertisements based on behavioral profiles and geographic location. Your IP address and other identification features such as your user-agent are transmitted to the provider.
If you are registered with a Google Ireland Limited service, Google Ads can associate your visit with your account. Even if you are not registered with Google Ireland Limited or not logged in, it is possible for the provider to determine and store your IP address and other identification features.
The data is shared with the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose and Legal Basis:
The use of Google Ads is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, especially the USA. In cases where there is no adequacy decision by the European Commission (e.g., in the USA), we have agreed on other appropriate safeguards with the recipients of the data in accordance with Art. 44 ff. GDPR. These are – unless otherwise indicated – standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, we obtain your consent in accordance with Art. 49 (1) sentence 1 lit. a GDPR before such a transfer to a third country. You can provide this consent via the consent manager (or other forms, registrations, etc.). We would like to point out that there may be unknown risks (e.g., data processing by security authorities of the third country, the exact scope and consequences of which we do not know, over which we have no influence, and which you may not be aware of) in the case of transfers to third countries.
Storage Period:
The specific storage period of the processed data is not determined by us but by Google Ireland Limited. For further information, please refer to the privacy policy for Google Ads: https://policies.google.com/privacy.
22. Google AdSense
Our website uses Google AdSense. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google AdSense is used to integrate advertisements and uses cookies. Cookies are small text files that your web browser stores on your device to analyze the use of the website. Google AdSense also uses web beacons. Web beacons are invisible graphics that enable the analysis of visitor traffic on our website.
Information generated by cookies and web beacons is transmitted to Google's servers and stored there. The server location is the USA. Google may pass on this information to contractual partners. However, Google will not merge your IP address with other data stored about you.
The storage of AdSense cookies is based on Art. 6 (1) lit. f GDPR. As website operators, we have a legitimate interest in analyzing user behavior to optimize our website and advertising.
With a modern web browser, you can monitor, restrict, and prevent the setting of cookies. Disabling cookies may result in limited functionality of our website. By using our website, you agree to the processing of data about you by Google in the manner and for the purposes described above.
23. Google Web Fonts
Art and Scope of Processing:
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To access these fonts, your browser connects to servers of Google Ireland Limited, and your IP address is transmitted.
Purpose and Legal Basis:
The use of Google Fonts is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, especially the USA. In cases where there is no adequacy decision by the European Commission (e.g., in the USA), we have agreed on other suitable safeguards with the recipients of the data in accordance with Art. 44 ff. GDPR. These are, unless otherwise stated, standard contractual clauses of the EU Commission according to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
We also obtain your consent in accordance with Art. 49 (1) sentence 1 lit. a GDPR before such a third-country transfer, which you can give through the consent manager (or other forms, registrations, etc.). We would like to inform you that there may be unknown risks in detail in third-country transfers (e.g., the data processing by security authorities of the third country, the exact scope and consequences of which we do not know, over which we have no control, and of which you may not be aware).
Storage Duration:
The specific storage duration of the processed data is not influenced by us but determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.
As of August 2023