Privacy Policy

This Privacy Policy describes how Storemoods GmbH & Co. KG collects, uses, and shares information in connection with your use of our website, services and applications. 

1. An overview of data protection

General information

The fol­low­ing infor­ma­tion will pro­vide you with an easy to nav­i­gate overview of what will happen with your per­sonal data when you visit this web­site. The term “per­sonal data” com­prises all data that can be used to per­son­ally iden­tify you. For detailed infor­ma­tion about the sub­ject matter of data pro­tec­tion, please con­sult our Data Pro­tec­tion Dec­la­ra­tion, which we have included beneath this copy.

Data recording on this website

Who is the responsible party for the recording of data on this website (i.e., the “controller”)?

The data on this web­site is processed by the oper­a­tor of the web­site, whose con­tact infor­ma­tion is avail­able under sec­tion “Infor­ma­tion about the respon­si­ble party (referred to as the “con­troller” in the GDPR)” in this Pri­vacy Policy.

How do we record your data?

We col­lect your data as a result of your shar­ing of your data with us. This may, for instance be infor­ma­tion you enter into our con­tact form.

Other data shall be recorded by our IT sys­tems auto­mat­i­cally or after you con­sent to its record­ing during your web­site visit. This data com­prises pri­mar­ily tech­ni­cal infor­ma­tion (e.g., web browser, oper­at­ing system, or time the site was accessed). This infor­ma­tion is recorded auto­mat­i­cally when you access this website.

What are the purposes we use your data for?

A por­tion of the infor­ma­tion is gen­er­ated to guar­an­tee the error free pro­vi­sion of the web­site. Other data may be used to ana­lyze your user patterns.

What rights do you have as far as your information is concerned?

You have the right to receive infor­ma­tion about the source, recip­i­ents, and pur­poses of your archived per­sonal data at any time with­out having to pay a fee for such dis­clo­sures. You also have the right to demand that your data are rec­ti­fied or erad­i­cated. If you have con­sented to data pro­cess­ing, you have the option to revoke this con­sent at any time, which shall affect all future data pro­cess­ing. More­over, you have the right to demand that the pro­cess­ing of your data be restricted under cer­tain cir­cum­stances. Fur­ther­more, you have the right to log a com­plaint with the com­pe­tent super­vis­ing agency.

Please do not hes­i­tate to con­tact us at any time if you have ques­tions about this or any other data pro­tec­tion related issues.

2. Hosting and Content Delivery Networks (CDN)

We are host­ing the con­tent of our web­site at the fol­low­ing provider:

External Hosting

This web­site is hosted exter­nally. Per­sonal data col­lected on this web­site are stored on the servers of the host. These may include, but are not lim­ited to, IP addresses, con­tact requests, meta­data and com­mu­ni­ca­tions, con­tract infor­ma­tion, con­tact infor­ma­tion, names, web page access, and other data gen­er­ated through a web site.

The exter­nal host­ing serves the pur­pose of ful­fill­ing the con­tract with our poten­tial and exist­ing cus­tomers (Art. 6(1)(b) GDPR) and in the inter­est of secure, fast, and effi­cient pro­vi­sion of our online ser­vices by a pro­fes­sional provider (Art. 6(1)(f) GDPR). If appro­pri­ate con­sent has been obtained, the pro­cess­ing is car­ried out exclu­sively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, inso­far the con­sent includes the stor­age of cook­ies or the access to infor­ma­tion in the user’s end device (e.g., device fin­ger­print­ing) within the mean­ing of the TTDSG. This con­sent can be revoked at any time.

Our host(s) will only process your data to the extent nec­es­sary to fulfil its per­for­mance oblig­a­tions and to follow our instruc­tions with respect to such data.

We are using the fol­low­ing host(s):

Dig­i­talO­cean, LLC
101 Avenue of the Americas
New York, New York 10013
USA

More infor­ma­tion: https://www.digitalocean.com/legal/gdpr/

Data processing

We have con­cluded a data pro­cess­ing agree­ment (DPA) with the above-men­tioned provider. This is a con­tract man­dated by data pri­vacy laws that guar­an­tees that they process per­sonal data of our web­site vis­i­tors only based on our instruc­tions and in com­pli­ance with the GDPR.

Cloudflare

We use the “Cloud­flare” ser­vice pro­vided by Cloud­flare Inc., 101 Townsend St., San Fran­cisco, CA 94107, USA. (here­inafter referred to as “Cloud­flare”).

Cloud­flare offers a con­tent deliv­ery net­work with DNS that is avail­able world­wide. As a result, the infor­ma­tion trans­fer that occurs between your browser and our web­site is tech­ni­cally routed via Cloudflare’s net­work. This enables Cloud­flare to ana­lyze data trans­ac­tions between your browser and our web­site and to work as a filter between our servers and poten­tially mali­cious data traf­fic from the Inter­net. In this con­text, Cloud­flare may also use cook­ies or other tech­nolo­gies deployed to rec­og­nize Inter­net users, which shall, how­ever, only be used for the herein described purpose.

The use of Cloud­flare is based on our legit­i­mate inter­est in a pro­vi­sion of our web­site offer­ings that is as error free and secure as pos­si­ble (Art. 6(1)(f) GDPR).

Data trans­mis­sion to the US is based on the Stan­dard Con­trac­tual Clauses (SCC) of the Euro­pean Com­mis­sion. Details can be found here: https://www.cloudflare.com/privacypolicy/.

For more infor­ma­tion on Cloudflare’s secu­rity pre­cau­tions and data pri­vacy poli­cies, please follow this link: https://www.cloudflare.com/privacypolicy/.

Data processing

We have con­cluded a data pro­cess­ing agree­ment (DPA) with the above-men­tioned provider. This is a con­tract man­dated by data pri­vacy laws that guar­an­tees that they process per­sonal data of our web­site vis­i­tors only based on our instruc­tions and in com­pli­ance with the GDPR.

3. General information and mandatory information

Data protection

The oper­a­tors of this web­site and its pages take the pro­tec­tion of your per­sonal data very seri­ously. Hence, we handle your per­sonal data as con­fi­den­tial infor­ma­tion and in com­pli­ance with the statu­tory data pro­tec­tion reg­u­la­tions and this Data Pro­tec­tion Declaration.

When­ever you use this web­site, a vari­ety of per­sonal infor­ma­tion will be col­lected. Per­sonal data com­prises data that can be used to per­son­ally iden­tify you. This Data Pro­tec­tion Dec­la­ra­tion explains which data we col­lect as well as the pur­poses we use this data for. It also explains how, and for which pur­pose the infor­ma­tion is collected.

We here­with advise you that the trans­mis­sion of data via the Inter­net (i.e., through e‑mail com­mu­ni­ca­tions) may be prone to secu­rity gaps. It is not pos­si­ble to com­pletely pro­tect data against third-party access.

Information about the responsible party (referred to as the “controller” in the GDPR)

The data pro­cess­ing con­troller on this web­site is:

Store­moods GmbH & Co. KG
Im Licht­en­hain 5
10317 Berlin

Phone: +49 (0)30 / 629 390 99 – 0
E‑mail: [email protected]

The con­troller is the nat­ural person or legal entity that single-hand­edly or jointly with others makes deci­sions as to the pur­poses of and resources for the pro­cess­ing of per­sonal data (e.g., names, e‑mail addresses, etc.).

Storage duration

Unless a more spe­cific stor­age period has been spec­i­fied in this pri­vacy policy, your per­sonal data will remain with us until the pur­pose for which it was col­lected no longer applies. If you assert a jus­ti­fied request for dele­tion or revoke your con­sent to data pro­cess­ing, your data will be deleted, unless we have other legally per­mis­si­ble rea­sons for stor­ing your per­sonal data (e.g., tax or com­mer­cial law reten­tion peri­ods); in the latter case, the dele­tion will take place after these rea­sons cease to apply.

General information on the legal basis for the data processing on this website

If you have con­sented to data pro­cess­ing, we process your per­sonal data on the basis of Art. 6(1)(a) GDPR or Art. 9 (2)(a) GDPR, if spe­cial cat­e­gories of data are processed accord­ing to Art. 9 (1) DSGVO. In the case of explicit con­sent to the trans­fer of per­sonal data to third coun­tries, the data pro­cess­ing is also based on Art. 49 (1)(a) GDPR. If you have con­sented to the stor­age of cook­ies or to the access to infor­ma­tion in your end device (e.g., via device fin­ger­print­ing), the data pro­cess­ing is addi­tion­ally based on § 25 (1) TTDSG. The con­sent can be revoked at any time. If your data is required for the ful­fill­ment of a con­tract or for the imple­men­ta­tion of pre-con­trac­tual mea­sures, we process your data on the basis of Art. 6(1)(b) GDPR. Fur­ther­more, if your data is required for the ful­fill­ment of a legal oblig­a­tion, we process it on the basis of Art. 6(1)© GDPR. Fur­ther­more, the data pro­cess­ing may be car­ried out on the basis of our legit­i­mate inter­est accord­ing to Art. 6(1)(f) GDPR. Infor­ma­tion on the rel­e­vant legal basis in each indi­vid­ual case is pro­vided in the fol­low­ing para­graphs of this pri­vacy policy.

Information on data transfer to the USA and other non-EU countries

Among other things, we use tools of com­pa­nies domi­ciled in the United States or other from a data pro­tec­tion per­spec­tive non-secure non-EU coun­tries. If these tools are active, your per­sonal data may poten­tially be trans­ferred to these non-EU coun­tries and may be processed there. We must point out that in these coun­tries, a data pro­tec­tion level that is com­pa­ra­ble to that in the EU cannot be guar­an­teed. For instance, U.S. enter­prises are under a man­date to release per­sonal data to the secu­rity agen­cies and you as the data sub­ject do not have any lit­i­ga­tion options to defend your­self in court. Hence, it cannot be ruled out that U.S. agen­cies (e.g., the Secret Ser­vice) may process, ana­lyze, and per­ma­nently archive your per­sonal data for sur­veil­lance pur­poses. We have no con­trol over these pro­cess­ing activities.

Revocation of your consent to the processing of data

A wide range of data pro­cess­ing trans­ac­tions are pos­si­ble only sub­ject to your express con­sent. You can also revoke at any time any con­sent you have already given us. This shall be with­out prej­u­dice to the law­ful­ness of any data col­lec­tion that occurred prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to log a complaint with the competent supervisory agency

In the event of vio­la­tions of the GDPR, data sub­jects are enti­tled to log a com­plaint with a super­vi­sory agency, in par­tic­u­lar in the member state where they usu­ally main­tain their domi­cile, place of work or at the place where the alleged vio­la­tion occurred. The right to log a com­plaint is in effect regard­less of any other admin­is­tra­tive or court pro­ceed­ings avail­able as legal recourses.

Right to data portability

You have the right to demand that we hand over any data we auto­mat­i­cally process on the basis of your con­sent or in order to fulfil a con­tract be handed over to you or a third party in a com­monly used, machine read­able format. If you should demand the direct trans­fer of the data to another con­troller, this will be done only if it is tech­ni­cally feasible.

Information about, rectification and eradication of data

Within the scope of the applic­a­ble statu­tory pro­vi­sions, you have the right to at any time demand infor­ma­tion about your archived per­sonal data, their source and recip­i­ents as well as the pur­pose of the pro­cess­ing of your data. You may also have a right to have your data rec­ti­fied or erad­i­cated. If you have ques­tions about this sub­ject matter or any other ques­tions about per­sonal data, please do not hes­i­tate to con­tact us at any time.

Right to demand processing restrictions

You have the right to demand the impo­si­tion of restric­tions as far as the pro­cess­ing of your per­sonal data is con­cerned. To do so, you may con­tact us at any time. The right to demand restric­tion of pro­cess­ing applies in the fol­low­ing cases:

  • In the event that you should dis­pute the cor­rect­ness of your data archived by us, we will usu­ally need some time to verify this claim. During the time that this inves­ti­ga­tion is ongo­ing, you have the right to demand that we restrict the pro­cess­ing of your per­sonal data.
  • If the pro­cess­ing of your per­sonal data was/is con­ducted in an unlaw­ful manner, you have the option to demand the restric­tion of the pro­cess­ing of your data in lieu of demand­ing the erad­i­ca­tion of this data.
  • If we do not need your per­sonal data any longer and you need it to exer­cise, defend or claim legal enti­tle­ments, you have the right to demand the restric­tion of the pro­cess­ing of your per­sonal data instead of its eradication.
  • If you have raised an objec­tion pur­suant to Art. 21(1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been deter­mined whose inter­ests pre­vail, you have the right to demand a restric­tion of the pro­cess­ing of your per­sonal data.

If you have restricted the pro­cess­ing of your per­sonal data, these data – with the excep­tion of their archiv­ing – may be processed only sub­ject to your con­sent or to claim, exer­cise or defend legal enti­tle­ments or to pro­tect the rights of other nat­ural per­sons or legal enti­ties or for impor­tant public inter­est rea­sons cited by the Euro­pean Union or a member state of the EU.

SSL and/or TLS encryption

For secu­rity rea­sons and to pro­tect the trans­mis­sion of con­fi­den­tial con­tent, such as pur­chase orders or inquiries you submit to us as the web­site oper­a­tor, this web­site uses either an SSL or a TLS encryp­tion pro­gram. You can rec­og­nize an encrypted con­nec­tion by check­ing whether the address line of the browser switches from “http://” to “https://” and also by the appear­ance of the lock icon in the browser line.

If the SSL or TLS encryp­tion is acti­vated, data you trans­mit to us cannot be read by third parties.

4. Recording of data on this website

Cookies

Our web­sites and pages use what the indus­try refers to as “cook­ies.” Cook­ies are small data pack­ages that do not cause any damage to your device. They are either stored tem­porar­ily for the dura­tion of a ses­sion (ses­sion cook­ies) or they are per­ma­nently archived on your device (per­ma­nent cook­ies). Ses­sion cook­ies are auto­mat­i­cally deleted once you ter­mi­nate your visit. Per­ma­nent cook­ies remain archived on your device until you actively delete them, or they are auto­mat­i­cally erad­i­cated by your web browser.

In some cases, it is pos­si­ble that third-party cook­ies are stored on your device once you enter our site (third-party cook­ies). These cook­ies enable you or us to take advan­tage of cer­tain ser­vices offered by the third party (e.g., cook­ies for the pro­cess­ing of pay­ment services).

Cook­ies have a vari­ety of func­tions. Many cook­ies are tech­ni­cally essen­tial since cer­tain web­site func­tions would not work in the absence of the cook­ies (e.g., the shop­ping cart func­tion or the dis­play of videos). The pur­pose of other cook­ies may be the analy­sis of user pat­terns or the dis­play of pro­mo­tional messages.

Cook­ies, which are required for the per­for­mance of elec­tronic com­mu­ni­ca­tion trans­ac­tions, or for the pro­vi­sion of cer­tain func­tions you want to use (e.g., for the shop­ping cart func­tion) or those that are nec­es­sary for the opti­miza­tion (required cook­ies) of the web­site (e.g., cook­ies that pro­vide mea­sur­able insights into the web audi­ence), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a dif­fer­ent legal basis is cited. The oper­a­tor of the web­site has a legit­i­mate inter­est in the stor­age of required cook­ies to ensure the tech­ni­cally error free and opti­mized pro­vi­sion of the operator’s ser­vices. If your con­sent to the stor­age of the cook­ies and sim­i­lar recog­ni­tion tech­nolo­gies has been requested, pro­cess­ing occurs exclu­sively on the basis of the con­sent obtained (Art. 6(1)(a) GDPR and § 25 (1) TTDSG); this con­sent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be noti­fied any time cook­ies are placed and to permit the accep­tance of cook­ies only in spe­cific cases. You may also exclude the accep­tance of cook­ies in cer­tain cases or in gen­eral or acti­vate the delete func­tion for the auto­matic erad­i­ca­tion of cook­ies when the browser closes. If cook­ies are deac­ti­vated, the func­tions of this web­site may be limited.

In the event that third-party cook­ies are used or if cook­ies are used for ana­lyt­i­cal pur­poses, we will sep­a­rately notify you in con­junc­tion with this Data Pro­tec­tion Policy and, if applic­a­ble, ask for your consent.

Server log files

The provider of this web­site and its pages auto­mat­i­cally col­lects and stores infor­ma­tion in so-called server log files, which your browser com­mu­ni­cates to us auto­mat­i­cally. The infor­ma­tion comprises:

  • The type and ver­sion of browser used
  • The used oper­at­ing system
  • Refer­rer URL
  • The host­name of the access­ing computer
  • The time of the server inquiry
  • The IP address

This data is not merged with other data sources.

This data is recorded on the basis of Art. 6(1)(f) GDPR. The oper­a­tor of the web­site has a legit­i­mate inter­est in the tech­ni­cally error free depic­tion and the opti­miza­tion of the operator’s web­site. In order to achieve this, server log files must be recorded.

Contact form

If you submit inquiries to us via our con­tact form, the infor­ma­tion pro­vided in the con­tact form as well as any con­tact infor­ma­tion pro­vided therein will be stored by us in order to handle your inquiry and in the event that we have fur­ther ques­tions. We will not share this infor­ma­tion with­out your consent.

The pro­cess­ing of these data is based on Art. 6(1)(b) GDPR, if your request is related to the exe­cu­tion of a con­tract or if it is nec­es­sary to carry out pre-con­trac­tual mea­sures. In all other cases the pro­cess­ing is based on our legit­i­mate inter­est in the effec­tive pro­cess­ing of the requests addressed to us (Art. 6(1)(f) GDPR) or on your agree­ment (Art. 6(1)(a) GDPR) if this has been requested; the con­sent can be revoked at any time.

The infor­ma­tion you have entered into the con­tact form shall remain with us until you ask us to erad­i­cate the data, revoke your con­sent to the archiv­ing of data or if the pur­pose for which the infor­ma­tion is being archived no longer exists (e.g., after we have con­cluded our response to your inquiry). This shall be with­out prej­u­dice to any manda­tory legal pro­vi­sions, in par­tic­u­lar reten­tion periods.

Request by e‑mail, telephone, or fax

If you con­tact us by e‑mail, tele­phone or fax, your request, includ­ing all result­ing per­sonal data (name, request) will be stored and processed by us for the pur­pose of pro­cess­ing your request. We do not pass these data on with­out your consent.

These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the ful­fill­ment of a con­tract or is required for the per­for­mance of pre-con­trac­tual mea­sures. In all other cases, the data are processed on the basis of our legit­i­mate inter­est in the effec­tive han­dling of inquiries sub­mit­ted to us (Art. 6(1)(f) GDPR) or on the basis of your con­sent (Art. 6(1)(a) GDPR) if it has been obtained; the con­sent can be revoked at any time.

The data sent by you to us via con­tact requests remain with us until you request us to delete, revoke your con­sent to the stor­age or the pur­pose for the data stor­age lapses (e.g. after com­ple­tion of your request). Manda­tory statu­tory pro­vi­sions — in par­tic­u­lar statu­tory reten­tion peri­ods — remain unaffected.

5. Newsletter

Newsletter data

If you would like to receive the newslet­ter offered on the web­site, we require an e‑mail address from you as well as infor­ma­tion that allows us to verify that you are the owner of the e‑mail address pro­vided and that you agree to receive the newslet­ter. Fur­ther data is not col­lected or only on a vol­un­tary basis. For the han­dling of the newslet­ter, we use newslet­ter ser­vice providers, which are described below.

Mailjet

This web­site uses Mail­jet for send­ing newslet­ters. The provider is Mail­gun Tech­nolo­gies Inc., 112 E Pecan Sr. #1135, San Anto­nio, Texas 78205, USA.

Mail­jet is a ser­vice with which, among other things, the dis­patch of newslet­ters can be orga­nized and ana­lyzed. The data entered by you for the pur­pose of receiv­ing the newslet­ter will be stored on the servers of Mailjet.

Data analysis by Mailjet

With the aid of Mail­jet we are able to ana­lyze our newslet­ter cam­paigns. For exam­ple, we can see if a newslet­ter mes­sage has been opened and which links have been clicked. In this way, we can deter­mine which links have been clicked par­tic­u­larly often.

We can also see whether cer­tain pre­vi­ously defined actions were per­formed after opening/clicking (con­ver­sion rate). For exam­ple, we can tell if you have made a pur­chase after click­ing on the newsletter.

Mail­jet also allows us to clas­sify newslet­ter recip­i­ents into dif­fer­ent cat­e­gories (“clus­ters”). For exam­ple, the newslet­ter recip­i­ents can be sub­di­vided accord­ing to age, gender, or place of res­i­dence. In this way, the newslet­ters can be better adapted to the respec­tive target groups. If you do not want Mail­jet to ana­lyze you, you must unsub­scribe from the newslet­ter. For this pur­pose, we pro­vide a cor­re­spond­ing link in every newslet­ter mes­sage. Fur­ther­more, you can unsub­scribe from the newslet­ter directly on the website.

For detailed infor­ma­tion on the func­tions of Mail­jet, please refer to the fol­low­ing link: https://www.mailjet.de/funktion/.

Mailjet’s pri­vacy policy can be found at: https://www.mailjet.de/sicherheit-datenschutz/.

Legal Basis

Data pro­cess­ing is based on your agree­ment (Art. 6(1)(a) GDPR). You can revoke this agree­ment at any time. The legal­ity of the data pro­cess­ing oper­a­tions that have already taken place remains unaf­fected by the revocation.

Data trans­fer to the US is based on the stan­dard con­trac­tual clauses of the EU Com­mis­sion. Details can be found here: https://www.mailjet.de/av-vertrag/.

Storage period

The data deposited with us for the pur­pose of sub­scrib­ing to the newslet­ter will be stored by us until you unsub­scribe from the newslet­ter or the newslet­ter ser­vice provider and deleted from the newslet­ter dis­tri­b­u­tion list after you unsub­scribe from the newslet­ter. Data stored for other pur­poses with us remain unaffected.

After you unsub­scribe from the newslet­ter dis­tri­b­u­tion list, your e‑mail address may be stored by us or the newslet­ter ser­vice provider in a black­list, if such action is nec­es­sary to pre­vent future mail­ings. The data from the black­list is used only for this pur­pose and not merged with other data. This serves both your inter­est and our inter­est in com­ply­ing with the legal require­ments when send­ing newslet­ters (legit­i­mate inter­est within the mean­ing of Art. 6(1)(f) GDPR). The stor­age in the black­list is indef­i­nite. You may object to the stor­age if your inter­ests out­weigh our legit­i­mate interest.

Data processing

We have con­cluded a data pro­cess­ing agree­ment (DPA) with the above-men­tioned provider. This is a con­tract man­dated by data pri­vacy laws that guar­an­tees that they process per­sonal data of our web­site vis­i­tors only based on our instruc­tions and in com­pli­ance with the GDPR.

6. Plug-ins and Tools

Wordfence

We have included Word­fence on this web­site. The provider is Defi­ant Inc, Defi­ant, Inc, 800 5th Ave Ste 4100, Seat­tle, WA 98104, USA (here­inafter “Word­fence”).

Word­fence is designed to pro­tect our web­site from unwanted access or mali­cious cyber­at­tacks. To accom­plish this, our web­site estab­lishes a per­ma­nent con­nec­tion with Wordfence’s servers, which check and block their data­bases against access to our website.

The use of Word­fence is based on Art. 6(1)(f) GDPR. The web­site oper­a­tor has a legit­i­mate inter­est in the most effec­tive pro­tec­tion of his web­site against cyber­at­tacks. If appro­pri­ate con­sent has been obtained, the pro­cess­ing is car­ried out exclu­sively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, inso­far the con­sent includes the stor­age of cook­ies or the access to infor­ma­tion in the user’s end device (e.g., device fin­ger­print­ing) within the mean­ing of the TTDSG. This con­sent can be revoked at any time.

Data trans­mis­sion to the USA is based on the stan­dard con­trac­tual clauses of the EU Com­mis­sion. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.

Data processing

We have con­cluded a data pro­cess­ing agree­ment (DPA) with the above-men­tioned provider. This is a con­tract man­dated by data pri­vacy laws that guar­an­tees that they process per­sonal data of our web­site vis­i­tors only based on our instruc­tions and in com­pli­ance with the GDPR.

7. eCommerce and payment service providers

Processing of Customer and Contract Data

We col­lect, process, and use per­sonal cus­tomer and con­tract data for the estab­lish­ment, con­tent arrange­ment and mod­i­fi­ca­tion of our con­trac­tual rela­tion­ships. Data with per­sonal ref­er­ences to the use of this web­site (usage data) will be col­lected, processed, and used only if this is nec­es­sary to enable the user to use our ser­vices or required for billing pur­poses. The legal basis for these processes is Art. 6(1)(b) GDPR.

The col­lected cus­tomer data shall be deleted upon com­ple­tion of the order or ter­mi­na­tion of the busi­ness rela­tion­ship and upon expi­ra­tion of any exist­ing statu­tory archiv­ing peri­ods. This shall be with­out prej­u­dice to any statu­tory archiv­ing periods.

8. Online-based Audio and Video Conferences (Conference tools)

Data processing

We use online con­fer­ence tools, among other things, for com­mu­ni­ca­tion with our cus­tomers. The tools we use are listed in detail below. If you com­mu­ni­cate with us by video or audio con­fer­ence using the Inter­net, your per­sonal data will be col­lected and processed by the provider of the respec­tive con­fer­ence tool and by us. The con­fer­enc­ing tools col­lect all infor­ma­tion that you provide/access to use the tools (email address and/or your phone number). Fur­ther­more, the con­fer­ence tools process the dura­tion of the con­fer­ence, start and end (time) of par­tic­i­pa­tion in the con­fer­ence, number of par­tic­i­pants and other “con­text infor­ma­tion” related to the com­mu­ni­ca­tion process (meta­data).

Fur­ther­more, the provider of the tool processes all the tech­ni­cal data required for the pro­cess­ing of the online com­mu­ni­ca­tion. This includes, in par­tic­u­lar, IP addresses, MAC addresses, device IDs, device type, oper­at­ing system type and ver­sion, client ver­sion, camera type, micro­phone or loud­speaker and the type of connection.

Should con­tent be exchanged, uploaded, or oth­er­wise made avail­able within the tool, it is also stored on the servers of the tool provider. Such con­tent includes, but is not lim­ited to, cloud record­ings, chat/ instant mes­sages, voice­mail uploaded photos and videos, files, white­boards, and other infor­ma­tion shared while using the service.

Please note that we do not have com­plete influ­ence on the data pro­cess­ing pro­ce­dures of the tools used. Our pos­si­bil­i­ties are largely deter­mined by the cor­po­rate policy of the respec­tive provider. Fur­ther infor­ma­tion on data pro­cess­ing by the con­fer­ence tools can be found in the data pro­tec­tion dec­la­ra­tions of the tools used, and which we have listed below this text.

Purpose and legal bases

The con­fer­ence tools are used to com­mu­ni­cate with prospec­tive or exist­ing con­trac­tual part­ners or to offer cer­tain ser­vices to our cus­tomers (Art. 6(1)(b) GDPR). Fur­ther­more, the use of the tools serves to gen­er­ally sim­plify and accel­er­ate com­mu­ni­ca­tion with us or our com­pany (legit­i­mate inter­est in the mean­ing of Art. 6(1)(f) GDPR). Inso­far as con­sent has been requested, the tools in ques­tion will be used on the basis of this con­sent; the con­sent may be revoked at any time with effect from that date.

Duration of storage

Data col­lected directly by us via the video and con­fer­ence tools will be deleted from our sys­tems imme­di­ately after you request us to delete it, revoke your con­sent to stor­age, or the reason for stor­ing the data no longer applies. Stored cook­ies remain on your end device until you delete them. Manda­tory legal reten­tion peri­ods remain unaffected.

We have no influ­ence on the dura­tion of stor­age of your data that is stored by the oper­a­tors of the con­fer­ence tools for their own pur­poses. For details, please directly con­tact the oper­a­tors of the con­fer­ence tools.

Conference tools used

We employ the fol­low­ing con­fer­ence tools:

Google Meet

We use Google Meet. The provider is Google Ire­land Lim­ited, Gordon House, Barrow Street, Dublin 4, Ire­land. For details on data pro­cess­ing, please see the Google pri­vacy policy: https://policies.google.com/privacy?hl=en.

Data processing

We have con­cluded a data pro­cess­ing agree­ment (DPA) with the above-men­tioned provider. This is a con­tract man­dated by data pri­vacy laws that guar­an­tees that they process per­sonal data of our web­site vis­i­tors only based on our instruc­tions and in com­pli­ance with the GDPR.