Privacy policy

This privacy policy applies to the collection, processing and use of your personal data (“data processing”) when using the Oezgoeren Aesthetik Academy (operated by Dr. med. Oezgoeren Aesthetik GmbH).

The protection of your personal data is of particular concern to us. We therefore collect and process your data exclusively on the basis of the statutory provisions, in particular the provisions of the BDSG and the GDPR. In this data protection information, we inform you about the most important aspects of data processing on our website.

In the following, we would like to inform you in detail about which data we collect, process and use for which purpose and how you can object to this data processing.

1 Name and address of the person responsible

The controller responsible for data processing is:
Dr. med. Oezgoeren Aesthetik GmbH
Sielwall 7
28203 Bremen
E-mail: [email protected]
Phone: 0049 421 52403582

Legal representative:
Dr. med. Bünyamin Özgören

2 Name and contact of the data protection officer

The data protection officer of the controller is:
Dr. med. Bünyamin Özgören
E-mail: [email protected]
Phone: 0049 421 52403582

3 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subjects for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

4 Recipients of the data or categories of recipients

After entering and transmitting your data, it is transferred directly via an encrypted connection to the server of an external service provider (checkdomain GmbH, a dogado group company, Große Burgstraße 27/29, 23552 Lübeck)

Recipients of the data are public bodies that receive data due to legal regulations (e.g. social insurance carriers, tax authorities), internal bodies involved in the execution of the respective business processes (personnel administration, accounting, banking institutions/payment service providers, credit card institutions, accounting, tax consultants, customer service, marketing, sales), sponsoring partners, in the case of shipping products to the transport company/shipping company commissioned by us, contractual partners, business partners to the extent required or permitted by law.

5 Routine deletion and storage of personal data

We process and store personal data of the data subject only for the period necessary to achieve the purpose of storage or if this has been provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.

If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

6 Your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR

and you have the following rights vis-à-vis the controller:

Right to information

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the controller:

the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing
the existence of a right to lodge a complaint with a supervisory authority
all available information about the origin of the data if the personal data is not collected from the data subject;
the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay. Right to restriction of processing Under the following conditions, you may request the restriction of the processing of personal data concerning you:

if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right to erasure

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
The personal data concerning you has been processed unlawfully.
The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. The right to erasure does not exist insofar as the processing is necessary

to exercise the right to freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in para. 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
for the assertion, exercise or defense of legal claims.

Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR
and the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be impaired by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.

Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

is necessary for the conclusion or performance of a contract between you and the controller,
is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or with your explicit consent.

However, these decisions may not be based on special categories of personal data in accordance with Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. With regard to the cases referred to in a. and c., the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

7 Right to information, objection, correction and removal

You can withdraw your consent to the processing of your personal data at any time with effect for the future and have your personal data deleted or amended. If the data is required to fulfill the contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. Requests for information, correction and deletion as well as the revocation or objection regarding the further use of the data possibly given to us can be declared informally as follows:

by post: Dr. med. Oezgoeren Aesthetik GmbH, Sielwall 7, 28203 Bremen

by e-mail: [email protected]

by phone: 0049 421 52403582

8 Protection of minors

Children and persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children, do not collect it and do not pass it on to third parties.

9 Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.

10 Scope of the processing of personal data

In order to ensure the functionality of our website and the provision of our content and services, it is necessary for us to collect and use the personal data of our users. Personal data is stored and processed exclusively on servers in the European Union. All data is encrypted on the basis of the SSL procedure. Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit a (consent) and/or f (legitimate interest) of the GDPR. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing. Any further use will only take place with the express consent of the customer. In detail, data is collected and processed as follows

Contract processing

The data transmitted by you to make use of our range of goods and/or services is processed by us for the purpose of processing the contract and is necessary in this respect. Conclusion and execution of the contract are not possible without the provision of your data. The legal basis for processing is Art. 6 para. 1 lit. b) GDPR. We delete the data once the contract has been fully processed, but must observe the retention periods under tax and commercial law. As part of the contract processing, we pass on your data to the transport company commissioned with the delivery of goods or to the financial service provider, insofar as the transfer is necessary for the delivery of goods or for payment purposes. The legal basis for the transfer of data is then Art. 6 para. 1 lit. b) GDPR.

Server data

When you visit our website, log file data is automatically collected on our server and stored in an internal log file, which is transmitted to us via your browser. This is the following data:

Type and version of the browser you are using,
Type and version of the operating system you are using,
URL of the page from which you reached us,
Search words you used to find our site,
Date and time of access to our website,
Names of the subpages you have accessed.

We collect and process this data in anonymized form, i.e. it cannot be assigned to a specific person. The purpose of data collection and processing is evaluation for internal system-related and statistical purposes. Furthermore, for the purpose of technical security, in particular to defend against attempted attacks on our web server; also to monitor misuse in the event of suspicion and to clarify any suspicion of criminally relevant use. The IP address is only analyzed in the event of attacks on our network infrastructure.

Cookies

a) Session cookies/session cookies

We use so-called cookies on our website. Cookies are small text files or other storage technologies that are placed and stored on your end device by the Internet browser you use. These cookies process certain information from you, such as your browser or location data or your IP address, to an individual extent.

This processing makes our website more user-friendly, effective and secure, as the processing enables, for example, the reproduction of our website in different languages or the offer of a shopping cart function.

The legal basis for this processing is Art. 6 para. 1 lit. b.) GDPR, insofar as these cookies process data for contract initiation or contract processing.

If the processing does not serve to initiate or execute a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 para. 1 lit. f) GDPR.

These session cookies are deleted when you close your Internet browser.

b) Third-party cookies

Our website may also use cookies from partner companies with whom we cooperate for the purposes of advertising, analysis or the functionalities of our website.

Please refer to the following information for details, in particular the purposes and legal basis for processing such third-party cookies.

c) Possibility of elimination

You can prevent or restrict the installation of cookies by changing the settings of your Internet browser. You can also delete cookies that have already been saved at any time. However, the steps and measures required for this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. In the case of so-called Flash cookies, however, processing cannot be prevented via the browser settings. Instead, you must change the settings of your Flash player. The steps and measures required for this also depend on the specific Flash player you are using. If you have any questions, please also use the help function or documentation of your Flash player or contact the manufacturer or user support.

However, if you prevent or restrict the installation of cookies, this may mean that not all functions of our website can be used to their full extent.

You can change your cookie settings on our website at any time by clicking here:
[borlabs-cookie type=”btn-cookie-preference” title=”Change cookie settings” element=”link” /]

d) Legal information

We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience. Personal data may be processed (e.g. IP addresses), e.g. for personalized ads and content or ad and content measurement. There is no obligation to consent to the processing of your data in order to use this offer. You can change your selection at any time at [borlabs-cookie type=”btn-cookie-preference” title=”Change cookie settings” element=”link” /] revoke or adjust your consent. Please note that not all functions of the website may be available due to individual settings. If you are under the age of 16 and wish to give your consent to voluntary services, you must ask your parent or guardian for permission.

Some services process personal data in the USA. By consenting to the use of these services, you also consent to the processing of your data in the USA in accordance with Art. 49 (1) lit. a GDPR. The ECJ classifies the USA as a country with inadequate data protection according to EU standards. For example, there is a risk that US authorities will process personal data in surveillance programs without Europeans having any legal recourse.

e) Cookies used
The following cookies are used on our website:

[borlabs-cookie type="cookie-list"/]

Borlabs Cookie

This website uses Borlabs Cookie, which sets a technically necessary cookie(borlabs-cookie) to store your cookie consent. Borlabs Cookie does not process any personal data. In the cookie borlabs-cookie stores the consent you gave when you entered the website. If you wish to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked for your cookie consent again.

Customer account, order and registration function

We use your e-mail address to complete a registration process on our website via a confirmation e-mail and to send you confirmation e-mails about the orders you have placed. The legal basis for the processing of the data is Art. 6 para. 1 lit. b (necessary for the performance of the contract) of the GDPR.

If you create a customer account with us via our website, we will collect and store the data you enter during registration (e.g. your name, your address or your e-mail address) exclusively for pre-contractual services, for contract fulfillment or for the purpose of customer care (e.g. to provide you with an overview of your previous orders with us or to be able to offer you the so-called notepad function). At the same time, we store the IP address and the date and time of your registration. Of course, this data will not be passed on to third parties.

As part of the further registration process, your consent to this processing is obtained and reference is made to this privacy policy. The data collected by us will be used exclusively for the provision of the customer account.

If you consent to this processing, Art. 6 para. 1 lit. a) GDPR is the legal basis for the processing.

If the opening of the customer account also serves pre-contractual measures or the fulfillment of the contract, the legal basis for this processing is also Art. 6 para. 1 lit. b) GDPR.

You can revoke your consent to the opening and maintenance of the customer account at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. All you have to do is inform us of your revocation.

The data collected in this respect will be deleted as soon as processing is no longer necessary. However, we must comply with retention periods under tax and commercial law.

Payment, credit check and scoring

Payment data – account or credit card data are used for the processing of orders subject to a charge. The legal basis for the processing of the data is Art. 6 para. 1 lit. b (necessary for the performance of the contract) of the GDPR.

If we offer you the basic option of paying by invoice as part of our range of goods or services and you make use of this option, we reserve the right to obtain credit information from a credit agency (such as Creditreform, Schufa, Bürgel or infoscore) on the basis of mathematical-statistical procedures. For this purpose, your data will be forwarded to the credit agency if it is relevant to the contract, such as your name and address. We use the subsequent information on the statistical probability of a payment default to decide whether to offer you payment by invoice.

The legal basis for this processing is our legitimate interest in the security of the claim in accordance with Art. 6 para. 1 lit. f) GDPR.

We are entitled, in order to protect against bad debt losses and the risk of improper use of our services by third parties, to transmit personal contract data as well as information on non-contractual processing (e.g. termination due to late payment) to CRIF GmbH, Victor-Gollancz-Straße, Karlsruhe, GERMANY; Experian GmbH, Rheinstraße, Baden-Baden, GERMANY. CRIF GmbH, Victor-Gollancz-Straße 5, 76137 Karlsruhe, GERMANY; Experian GmbH, Rheinstraße 99, 76532 Baden-Baden, GERMANY; SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, GERMANY, Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, GERMANY, and Experian Austria GmbH, Gumpendorfer Straße 19-21, 1060 Vienna, AUSTRIA, and to obtain corresponding information on payment behavior and creditworthiness information on the basis of mathematical-statistical procedures, also using address data. Insofar as such data is obtained from CRIF, Experian, SCHUFA, Creditreform Boniversum or Experian Austria from other customer relationships during the customer relationship, we will receive information about this. The respective data transfer only takes place insofar as this is necessary to safeguard our legitimate interests and the customer’s interests worthy of protection are not impaired.

Newsletter / Sendinblue

If you subscribe to our company’s newsletter, the data in the respective input mask will be transmitted to the controller. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the data subject’s email address. The data is not passed on to third parties. An exception is made if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. Subscription to the newsletter can be terminated by the data subject at any time. Consent to the storage of personal data can also be revoked at any time. There is a corresponding link for this purpose in every newsletter. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG. If you have consented to the use of your email address for the receipt of our newsletter and the sending of offers, you have given us the following declaration of consent.

“Yes, I would like to receive the e-mail newsletter and be informed about new courses, discounts and promotions. be informed! You can unsubscribe at any time. We use the Newsletter provider sendinblue.com. You can find more information about this in our Privacy policy. (optional)”

We have recorded your declaration of consent.

We use Sendinblue to send newsletters. Sendinblue is a service provided by Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, hereinafter referred to as “Sendinblue”.
If you register to receive our newsletter, the data requested during the registration process (your email address) will be processed by Sendinblue. In addition, your IP address and the date and time of your registration will be stored. As part of the further registration process, your consent to the sending of the newsletter is obtained, the content is described in detail and reference is made to this privacy policy.

Sendinblue also offers

https://www.newsletter2go.de/datenschutz/
https://de.sendinblue.com/legal/privacypolicy/
https://www.newsletter2go.de/informationen-newsletter-empfaenger/
https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go

further data protection information.

The newsletters sent by Sendinblue contain technologies that enable us to recognize in the analyses whether and when an email has been opened and whether and which links contained in the newsletter have been followed. We store this data in addition to the technical data (system data and IP address) so that the respective newsletter can be optimally tailored to your wishes and interests. The data collected in this way is therefore used to constantly improve the quality of our newsletter.
The legal basis for sending the newsletter and the analysis is Art. 6 para. 1 lit. a.) GDPR.

You can revoke your consent to receive the newsletter at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. All you have to do is inform us of your revocation or click on the unsubscribe link contained in every newsletter.

Contact requests

If you contact us via contact form or e-mail, the data you provide will be used to process your request. The provision of the data is necessary for processing and answering your inquiry – without it we cannot answer your inquiry or can only answer it to a limited extent.

The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR.

Your data will be deleted if your request has been conclusively answered and the deletion does not conflict with any statutory retention obligations, such as in the case of any subsequent contract processing.

Google reCAPTCHA

We use Google reCAPTCHA on our website to check and prevent interactions on our website through automated access, e.g. by so-called bots. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

This service enables Google to determine from which website a request is sent and from which IP address you are using the so-called reCAPTCHA input box. In addition to your IP address, Google may also collect other information that is necessary for the provision and guarantee of this service.

The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the security of our website and in the prevention of unwanted, automated access in the form of spam or similar.

Google offers under

https://policies.google.com/privacy

further information on the general handling of your user data.

Google Fonts

We use Google Fonts on our website to display external fonts. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

In order to enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.

The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the optimization and economic operation of our website.

The connection to Google established when you access our website enables Google to determine from which website your request has been sent and to which IP address the display of the font is to be transmitted.

Google offers under

https://adssettings.google.com/authenticated

https://policies.google.com/privacy

further information, in particular on the options for preventing the use of data.

Facebook

We operate a company presence on the Facebook platform to advertise our products and services and to communicate with interested parties or customers.

On this social media platform, we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Facebook’s data protection officer can be contacted via a contact form:

https://www.facebook.com/help/contact/540977946302970

We have regulated the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the mutual obligations, is available at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the processing of personal data that takes place as a result and is described below is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, communication, sales and advertising of our products and services.

The legal basis may also be the user’s consent to the platform operator in accordance with Art. 6 para. 1 lit. a GDPR. The user can revoke this consent for the future at any time by notifying the platform operator in accordance with Art. 7 para. 3 GDPR.

When our online presence is accessed on the Facebook platform, user data (e.g. personal information, IP address, etc.) is processed by Facebook Ireland Ltd. as the operator of the platform in the EU.

This user data is used for statistical information about the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create user profiles. Based on these profiles, Facebook Ireland Ltd. is able, for example, to advertise users within and outside of Facebook based on their interests. If the user is logged into their Facebook account at the time of access, Facebook Ireland Ltd. can also link the data to the respective user account.

If the user contacts us via Facebook, the personal data entered by the user on this occasion will be used to process the inquiry. The user’s data will be deleted by us if the user’s inquiry has been conclusively answered and there are no statutory retention obligations to the contrary, e.g. in the case of subsequent contract processing.

Facebook Ireland Ltd. may also set cookies to process the data.

If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the browser settings, but by the corresponding setting of the Flash player. If the user prevents or restricts the installation of cookies, this may mean that not all Facebook functions can be used to their full extent.

Further information on the processing activities, their prevention and the deletion of data processed by Facebook can be found in Facebook’s data policy:

https://www.facebook.com/privacy/explanation

It cannot be ruled out that processing by Facebook Ireland Ltd. also takes place via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Instagram

We operate a company presence on the Instagram platform to promote our products and services and to communicate with interested parties or customers.

On this social media platform, we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Instagram’s data protection officer can be contacted via a contact form:

https://www.facebook.com/help/contact/540977946302970

https://www.facebook.com/legal/terms/page_controller_addendum

When our online presence is accessed on the Instagram platform, user data (e.g. personal information, IP address, etc.) is processed by Facebook Ireland Ltd. as the operator of the platform in the EU.

This user data is used for statistical information about the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create user profiles. Based on these profiles, Facebook Ireland Ltd. is able, for example, to advertise users within and outside Instagram based on their interests. If the user is logged into their Instagram account at the time of access, Facebook Ireland Ltd. can also link the data to the respective user account.

If the user contacts us via Instagram, the user’s personal data entered on this occasion will be used to process the request. The user’s data will be deleted by us if the user’s inquiry has been conclusively answered and there are no statutory retention obligations to the contrary, e.g. in the case of subsequent contract processing.

Facebook Ireland Ltd. may also set cookies to process the data.

If the user does not agree to this processing, it is possible to prevent the installation of cookies by setting the browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the browser settings, but by the corresponding setting in the Flash player. If the user prevents or restricts the installation of cookies, this may mean that not all Facebook functions can be used to their full extent.

Further information on the processing activities, their prevention and the deletion of the data processed by Instagram can be found in Instagram’s data policy:

https://help.instagram.com/519522125107875

It cannot be ruled out that processing by Facebook Ireland Ltd. also takes place via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

Social media link via graphic or text link

We also advertise presences on the social networks listed below on our website. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents the automatic establishment of a connection to the respective server of the social network when a website with a social media advertisement is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic is the user forwarded to the service of the respective social network.

After the user has been forwarded, the respective network collects information about the user. It cannot be ruled out that the data collected in this way will be processed in the USA.

This is initially data such as IP address, date, time and page visited. If the user is logged into their user account on the respective network during this time, the network operator may be able to assign the information collected about the user’s specific visit to the user’s personal account. If the user interacts via a “Share” button of the respective network, this information can be stored in the user’s personal user account and published if necessary. If the user wishes to prevent the information collected from being directly assigned to their user account, they must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social networks are integrated into our site through links:

facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.

YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

Instagram

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.

“Facebook” social plug-in

We use the plug-in of the social network Facebook on our website. Facebook is an internet service of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is in turn operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter both referred to as “Facebook”.

The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website.

Facebook provides further information about the possible plug-ins and their respective functions at

https://developers.facebook.com/docs/plugins/

ready for you.

If the plug-in is stored on one of the pages you visit on our website, your internet browser will download a representation of the plug-in from the Facebook servers in the USA. For technical reasons, it is necessary for Facebook to process your IP address. The date and time of your visit to our website are also recorded.

If you are logged in to Facebook while you visit one of our websites with the plug-in, the information collected by the plug-in about your specific visit will be recognized by Facebook. Facebook may assign the information collected in this way to your personal user account there. If you use the Facebook “Like” button, for example, this information will be stored in your Facebook user account and may be published via the Facebook platform. If you wish to prevent this, you must either log out of Facebook before visiting our website or use an add-on for your internet browser to prevent the Facebook plug-in from loading.

Further information about the collection and use of data as well as your rights and protection options in this regard can be found on Facebook at

https://www.facebook.com/policy.php

available in the data protection information.

“Shariff” social media buttons

We use the plug-ins of the following social networks on our website. We use the “Shariff” plug-in to integrate these plug-ins.

The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website

Shariff is an open source program developed by c’t and heise. By integrating this plug-in, linked graphics prevent the social network plug-ins named in more detail below from automatically establishing a connection to the respective server of the social network plug-in when you visit our website(s), on which the respective social network plug-in is integrated. Only when you click on one of these linked graphics will you be redirected to the service of the respective social network. Only then will the respective social network collect information about the usage process. This information includes, for example, your IP address, the date and time and the page you visited on our website.

If you are logged in to one of the social network services while you visit one of our websites with the corresponding plug-in, the provider of the respective social network may be able to recognize the information collected about your specific visit and assign it to your personal user account or publish it. If, for example, you use the “Share” button of the respective social network, this information may be stored in your user account there and published via the platform of the respective social network provider. If you wish to prevent this, you must either log out of the respective social network before clicking on the graphic or make the appropriate settings in your social network user account.

Further information about “Shariff” is available from heise at

http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

ready.

The following social networks are integrated into our website:

Google+ of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection information can be found at https://policies.google.com/privacy

Facebook of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA, operated within the EU by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Data protection information can be found at https://www.facebook.com/policy.php

Twitter of Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

Data protection information can be found at https://twitter.com/privacy

Google Analytics

We use Google Analytics on our website. This is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

The Google Analytics service is used to analyze the usage behavior of our website. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization and economic operation of our website.

Usage and user-related information, such as IP address, location, time or frequency of visits to our website, is transmitted to a Google server in the USA and stored there. However, we use Google Analytics with the so-called anonymization function. This function allows Google to shorten the IP address within the EU or EEA.

The data collected in this way is in turn used by Google to provide us with an evaluation of the visit to our website and the usage activities there. This data can also be used to provide other services related to the use of our website and the use of the Internet.

Google states that it will not associate your IP address with any other data. In addition, Google keeps under

https://www.google.com/intl/de/policies/privacy/partners

We provide you with further information on data protection law, for example on the options for preventing the use of data.

Google also offers

https://tools.google.com/dlpage/gaoptout?hl=de

a so-called deactivation add-on together with further information on this. This add-on can be installed with the most common Internet browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs the JavaScript (ga.js) of Google Analytics that information about your visit to our website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analysis services. Of course, you can also find out whether and which other web analysis services we use in this privacy policy.

YouTube

We use YouTube on our website. This is a video portal of YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”.

YouTube is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

We use YouTube in connection with the “extended data protection mode” function in order to be able to show you videos. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website. According to YouTube, the “extended data protection mode” function means that the data described in more detail below is only transmitted to the YouTube server when you actually start a video.

Without this “extended data protection”, a connection to the YouTube server in the USA is established as soon as you access one of our Internet pages on which a YouTube video is embedded.

This connection is necessary in order to be able to display the respective video on our website via your internet browser. In the course of this, YouTube will at least record and process your IP address, the date and time and the website you have visited. In addition, a connection to Google’s “DoubleClick” advertising network is established.

If you are logged in to YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

For the purpose of functionality and analysis of user behavior, YouTube permanently stores cookies on your end device via your Internet browser. If you do not agree to this processing, you have the option of preventing the storage of cookies by changing the settings in your Internet browser. You can find more information on this above under “Cookies”.

Google provides further information on the collection and use of data as well as your rights and protection options in this regard in the privacy policy available at

https://policies.google.com/privacy

available in the data protection information.

Vimeo

We use “Vimeo” on our website to display videos. This is a service provided by Vimeo, LL C, 555 West 18 th Street, New York, New York 10011, USA, hereinafter referred to as “Vimeo”.

Some of the user data is processed on Vimeo servers in the USA.

The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website.

If you visit a page of our website in which a video is embedded, a connection to the Vimeo servers in the USA is established in order to display the video. For technical reasons, it is necessary for Vimeo to process your IP address. In addition, the date and time of your visit to our website are also recorded.

If you are logged in to Vimeo at the same time as you visit one of our websites in which a Vimeo video is embedded, Vimeo may assign the information collected in this way to your personal user account there. If you wish to prevent this, you must either log out of Vimeo before visiting our website or configure your Vimeo user account accordingly.

Vimeo uses the web analysis service Google Analytics for the purpose of functionality and usage analysis. Google Analytics stores cookies on your end device via your Internet browser and sends information about the use of our Internet pages in which a Vimeo video is embedded to Google. It cannot be ruled out that Google processes this information in the USA.

If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. Details on this can be found above under “Cookies”.

The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the quality improvement of our website and in the legitimate interest of Vimeo to statistically analyze user behavior for optimization and marketing purposes.

Vimeo offers under

http://vimeo.com/privacy

further information on the collection and use of data and on your rights and options for protecting your privacy.

Google AdWords with conversion tracking

We use the Google AdWords advertising component on our website, including conversion tracking. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

We use conversion tracking to advertise our website in a targeted manner. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization and economic operation of our website.

If you click on an ad placed by Google, the conversion tracking we use stores a cookie on your end device. These so-called conversion cookies lose their validity after 30 days and are not used for your personal identification.

If the cookie is still valid and you visit a specific page of our website, both we and Google can evaluate that you have clicked on one of our ads placed on Google and that you have subsequently been redirected to our website.

Google uses the information collected in this way to compile statistics for us about visits to our website. We also receive information about the number of users who have clicked on our ad(s) and about the pages of our website that were subsequently accessed. However, neither we nor third parties who also use Google AdWords will be able to identify you in this way.

You can also prevent or restrict the installation of cookies by making the appropriate settings in your Internet browser. At the same time, you can delete cookies that have already been saved at any time. However, the steps and measures required for this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support.

Google also offers

https://services.google.com/sitestats/de.html

https://www.google.com/policies/technologies/ads/

http://www.google.de/policies/privacy/

provides further information on this topic and in particular on the options for preventing the use of data.

PayPal
We offer the option of processing the payment transaction via the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR). In this context, we pass on the following data to PayPal insofar as it is necessary for the fulfillment of the contract (Art. 6 para. 1 lit. b. GDPR).

First name
Last name
Address
E-mail address
Telephone number

The processing of the data specified in this section is neither legally nor contractually required. Without the transmission of your personal data, we cannot process a payment via PayPal. [You have the option of choosing a different payment method.]

PayPal carries out a credit check for various services such as payment by direct debit in order to ensure your willingness and ability to pay. This corresponds to PayPal’s legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the execution of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). For this purpose, your data (name, address and date of birth, bank account details) will be passed on to credit agencies. We have no influence on this process and only receive the result of whether the payment has been made or rejected or whether a check is pending.

Further information on objection and removal options vis-à-vis PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Your data will be stored until payment processing has been completed. This also includes the period required for processing refunds, claims management and fraud prevention.

Stripe
We offer the option of processing the payment transaction via the payment service provider Stripe, ℅ Legal Process, 510 Townsend St., San Francisco, CA 94103 (Stripe). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR). In this context, we pass on the following data to Stripe insofar as it is necessary for the fulfillment of the contract (Art. 6 para. 1 lit. b. GDPR).

Name of the cardholder
E-mail address
Customer number
Order number
Bank details
Credit card details
Credit card expiry date
Credit card verification number (CVC)
Date and time of the transaction
Transaction amount
Name of the provider
Location

The processing of the data specified in this section is neither legally nor contractually required. Without the transmission of your personal data, we cannot process a payment via Stripe. [You have the option of choosing a different payment method.]

Stripe assumes a dual role as controller and processor for data processing activities. As the controller, Stripe uses your transmitted data to fulfill regulatory obligations. This corresponds to Stripe’s legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the performance of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). We have no influence on this process.

Stripe acts as a processor in order to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively in accordance with our instructions and has been contractually obliged to comply with the data protection regulations within the meaning of Art. 28 GDPR.

Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

Further information on objection and removal options vis-à-vis Stripe can be found at: https://stripe.com/privacy-center/legal

Your data will be stored by us until payment processing has been completed. This also includes the period required for processing refunds, receivables management and fraud prevention.

Address: Stripe Payments Europe Limited 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland Attention: Stripe Legal

Klarna
If you choose the Klarna payment method, your personal data will be transmitted to the operator of Klarna. The legal basis for the transfer of data is Article 6(1)(a) GDPR (consent) and Article 6(1)(b) GDPR (processing for the performance of a contract).

The operator of the Klarna payment service is:
Klarna Bank AB (publ)
Sveavägen46
111 34 Stockholm
Sweden

Phone: 0046 8-120 120 00
Fax: 0046 8-120 120 99
Contact: [email protected]

Klarna collects the following data:

Name, date of birth, title, billing and delivery address, e-mail address, cell phone number
Information about ordered products
Information on income, credit obligations and payment notes
Location-related information
IP address

You can find detailed information on Klarna Bank AB (publ)’s privacy policy at https://www.klarna.com/de/datenschutz/

Sofortüberweisung
We offer the option of processing the payment transaction via Sofortüberweisung from the payment service provider Klarna GmbH, Theresienhöhe 12, 80339 Munich, Germany (Klarna). This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR). In this context, we pass on the following data to Klarna insofar as it is necessary for the fulfillment of the contract (Art. 6 para. 1 lit. b. GDPR).

[First name]
[Last name]
Transfer amount

[We are obliged under [§ / money laundering regulations] to carry out an identity check before making the payment to ensure that the payment is not made by a third party.

In this case, before the actual transfer is made, the name you enter is compared with the name stored in your online banking and, if the check is successful, the instant transfer is then initiated. We have no influence on this process and only receive the result as to whether the name check was successful or not].

Depending on how your bank manages online accounts, different verification steps are necessary: If your bank only accepts transfer orders if there are sufficient funds in the account, Klarna will not carry out an account coverage check. In all other cases, Klarna checks whether the sum of the account balance and the overdraft facility, less any transactions that have not been posted, covers the amount to be transferred.

Klarna reserves the right, in cases with an increased risk of abuse, to check instant transfers from the last 30 days to see whether they have been successfully executed. There are no credit checks based on historical payment data.

The check is carried out either via the HBCI interface of your bank or via the user interface of your online banking – as if you were logging in yourself. If you manage several accounts, information about unselected accounts will not be saved.

Klarna also stores your online banking user identification (login name/account number) as a hash value. PIN and TAN codes are not stored.

We have no influence on this process and only receive the result of whether the payment was made or rejected, your account number, sort code, subject, amount and date.

You can find further information on objection and removal options vis-à-vis Klarna at: https://www.sofort.com/payment/wizard/getCmsContent/data_protection/DE/0/de

Klarna stores your name, account number, bank code, subject, date and transfer amount for billing purposes within the statutory retention periods. The basis for this is § 28 para. 1 sentence 1 no. 1 BDSG.

Your data will be stored by us until payment processing has been completed. This also includes the period required for processing refunds, receivables management and fraud prevention.

Cloudflare (content delivery network and security)

Our website uses services of Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA, to increase the security and loading speed of the website (Content Delivery Network and Web Application Firewall).

Technically necessary data, such as your IP address in particular, is transferred to Cloudflare servers and processed there. Cloudflare operates servers distributed worldwide, whereby a transfer to third countries (in particular the USA) cannot be ruled out. Cloudflare undertakes to comply with the applicable data protection laws and is certified in accordance with the EU Standard Contractual Clauses (SCC).

Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR – the legitimate interest in the secure and high-performance provision of our website.

Further information can be found in Cloudflare’s privacy policy at:
https://www.cloudflare.com/privacypolicy/

Partial excerpt from the sample data protection declaration of the law firm Weiß & Partner

Privacy policy

Cloudflare (content delivery network and security)

Convenient payment