🍃 CO2 compensated

Privacy policy

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used.

This data protection declaration applies to the website of GREENBOX GmbH & Co. KG, which can be accessed under the domain www.biologischverpacken.de/en and the various subdomains ("our website").

Who is responsible and how can I reach you?

Responsible

for the processing of personal data within the meaning of the EU General Data Protection Regulation (DSGVO)

GREENBOX GmbH & Co. KG
Schwachhauser Heerstraße 266 b
28359 Bremen
Germany
Phone +49 (0) 421 / 246 87 87 0
Fax +49 (0) 421 / 246 87 87 8
E-mail contact@greenbox.bio

Data Protection Officer

secom IT GmbH
Nienburger Straße 9a
27232 Sulingen
Germany
Phone +49 (0) 4271 / 9473 800
E-mail datenschutz@secom-it.de

What is it about?

This privacy statement fulfils the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour when visiting a website. Information for which we cannot (or can only with disproportionate effort) establish a link to your person, e.g. through anonymisation, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data are deleted as soon as the purpose of the processing has been achieved and there are no legitimate grounds for further storage of the data. We inform you about the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defence of legal claims and if there are statutory retention obligations.

Who gets my data?

We only pass on your personal data that we process on our website to third parties if this is necessary for the fulfilment of the purposes and is covered by the legal basis in the individual case (e.g. consent or safeguarding legitimate interests). In addition, we disclose personal data to third parties in individual cases if this serves the assertion, exercise or defence of legal claims. Possible recipients may then be, for example, law enforcement agencies, lawyers, auditors, courts, etc.

Insofar as we use service providers for the operation of our website who process personal data on our behalf within the scope of commissioned processing pursuant to Art. 28 DSGVO, they may be recipients of your personal data. For more information on the use of processors and web services, please refer to the overview of individual processing operations.

Credit assessment

  1. Purposes of data processing and legitimate interests of GREENBOX
    GREENBOX processes personal data in individual cases in order to obtain creditworthiness information from approved credit agencies, which provide GREENBOX with information for assessing the creditworthiness of natural and legal persons. Score values may also be calculated and transmitted for this purpose - the data protection provisions of the respective credit agency apply. GREENBOX only collects the information if there is a justified interest in the individual case and this can be credibly demonstrated and processing is permissible after weighing up all interests. The legitimate interest is given in particular before entering into transactions with a financial default risk. The creditworthiness check serves to protect GREENBOX from losses in the credit business. The data is also processed for fraud prevention, integrity checks, money laundering prevention, identity and age checks, address determination, customer care or risk management.
  2. Legal basis for data processing
    GREENBOX processes personal data on the basis of the provisions of the General Data Protection Regulation. Processing is carried out on the basis of consents and on the basis of Article 6(1)(f) of the GDPR, insofar as the processing is necessary to protect our legitimate interests or those of a third party and the interests or fundamental rights and freedoms of the data subject which require the protection of personal data do not override these interests. Consent may be revoked at any time vis-à-vis GREENBOX. The withdrawal of consent shall not affect the lawfulness of the personal data processed until the withdrawal.
  3. Categories of personal data processed
    Personal data, e.g. surname, first name, date of birth, place of birth, address, any previous addresses, job title; payment data (bank details).
  4. Recipients of personal data
    Recipients are credit agencies such as SCHUFA, Creditreform etc.. GREENBOX does not pass on data to third countries.
  5. Right of objection
    Pursuant to Art. 21 (1) DSGVO, the processing of data may be objected to for reasons arising from the particular situation of the data subject. The objection can be made form-free and is to be addressed to GREENBOX GmbH & Co KG, Schwachhauser Heerstraße 266 b, 28359 Bremen, e-mail: contact[at]greenbox.bio.

Do you use cookies?

Cookies are small text files that are sent by us to the browser of your end device when you visit our website and are stored there. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, however, enable us to carry out various analyses, so that we are able, for example, to recognise the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.

We provide information about the respective services for which we use cookies in the individual processing procedures. If you wish to deactivate the cookies on our www.biologischverpacken.de/en site, go to the lower area of the website under "Cookie settings". Here you can deactivate the respective cookies.

SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.

What rights do I have?

Under the conditions of the statutory provisions of the General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG), you have the following rights as a data subject:

  • Information pursuant to Art. 15 DSGVO, § 34 BDSG about the data stored about you in the form of meaningful information about the details of the processing as well as a copy of your data;
  • Correction pursuant to Art. 16 DSGVO of incorrect or incomplete data stored by us;
  • Erasure pursuant to Art. 17 DSGVO of the data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
  • Restriction of processing pursuant to Art. 18 DSGVO, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you object to their deletion because you need them for the assertion, exercise or defence of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO.
  • Data portability pursuant to Art. 20 DSGVO, insofar as you have provided us with personal data within the scope of consent pursuant to Art. 6 (1) a DSGVO or on the basis of a contract pursuant to Art. 6 (1) b DSGVO and these have been processed by us with the aid of automated procedures. You will receive your data in a structured, common and machine-readable format or we will transfer the data directly to another responsible party, insofar as this is technically feasible.
  • Objection pursuant to Art. 21 DSGVO against the processing of your personal data, insofar as this is carried out on the basis of Art. 6 Para. 1 lit. e, f DSGVO and there are reasons for this which arise from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding compelling legitimate grounds for the processing can be demonstrated or the processing is carried out for the assertion, exercise or defence of legal claims. Where the right to object does not exist for individual processing operations, this is indicated there.
  • Revocation pursuant to Art. 7 (3) DSGVO of your granted consent with effect for the future.
  • Complaint pursuant to Art. 77 DSGVO to a supervisory authority if you are of the opinion that the processing of your personal data violates the DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

Processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

How is my data processed in detail?

In the following, we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.

Provision of the website

Type and scope of processing

When you call up and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

  • IP address of the requesting computer
  • Date and time of accesss
  • Name and URL of the file accessed
  • Website from which access was made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider.

Our website is not hosted by ourselves, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 DSGVO for the purpose of providing the website.

Purpose and legal basis

The processing is carried out to protect our overriding legitimate interest in displaying our website and ensuring its security and stability on the basis of Art. 6 para. lit. f DSGVO. The collection of data and storage in log files is absolutely necessary for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 (1) DSGVO. Insofar as the further storage of log files is required by law, the processing is carried out on the basis of Art. 6 para. 1 lit. c DSGVO. There is no legal or contractual obligation to provide the data, however, calling up our website is not technically possible without providing the data.

Storage period

The aforementioned data is stored for the duration of the website display and, for technical reasons, for a maximum of 7 days beyond that.

Contact form

If you contact us by e-mail or contact form regarding questions of any kind, you give us your voluntary consent for the purpose of contacting you. In order to process the enquiries, we use the "Freshdesk" service. The provider of this service is Freshworks Inc, 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066 (hereinafter "Freshdesk"). Website: https://freshdesk.com/

When you open a support ticket via Freshdesk, the data you provide in each case is transmitted to Freshworks and stored on their servers in the USA. Freshworks also transmits this data to external service providers in order to offer Freshdesks services.

The transmission of your data to Freshdesk is based on Art. 6 para. 1 lit. a DSGVO (consent). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations  https://www.freshworks.com/privacy/.

Newsletter

Type and scope of processing

If you register on our website to receive our newsletter, we collect your e-mail address and store this information together with the date of registration and your IP address. You will then receive an e-mail in which you must confirm your registration for the newsletter (double opt-in). If you do not confirm the registration within 7 days, it will automatically expire and the data will not be processed for the newsletter dispatch.

To send the newsletter, we use a service of Sendinblue GmbH (Newsletter2Go), which processes your personal data on our behalf in accordance with Art. 28 DSGVO. Your data will not be passed on to third parties.

Purpose and legal basis

We process your data for the purpose of sending the newsletter on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO. By unsubscribing from the newsletter, you can declare your revocation in accordance with Art. 7 (3) DSGVO at any time with effect for the future. There is no legal or contractual obligation to provide your data, but it is not possible to send the newsletter without providing your data.

Storage period

After registration for the newsletter, we store the data for a maximum of 7 days until the registration is confirmed. After successful confirmation, we store your data until revocation of your consent (unsubscription from the newsletter), and for technical reasons beyond that for a maximum of 4 weeks.

Registration of a customer account

Type and scope of processing

Within the scope of order processing, we collect your personal data for the registration of a customer account. In the case of registration of a permanent user account, we also collect a password determined by you. Furthermore, you may voluntarily provide additional information that you consider necessary for the processing of the order.

Your personal data will only be passed on to third parties (e.g. shipping service providers / forwarding agents) and order processors in accordance with Art. 28 DSGVO if this is necessary for the processing of the order.

Purpose and legal basis

We process your personal data for the purpose of registering a customer account to fulfil a contract with you pursuant to Art. 6 para. 1 lit. b DSGVO. There is a contractual obligation to provide your data as far as it relates to the mandatory fields, as this information is necessary to identify you as well as for the fulfilment of the contract on our part. There is no legal obligation to provide the data. Without the provision of this information, the order in our online shop and thus the conclusion of a contract is not possible. There is no obligation to provide additional information voluntarily. It is also possible to place an order in our online shop without disclosing the voluntary information.

The supplementary processing of your password for the registration of the permanent user account is carried out for the purpose of providing a customer account and for the presentation of your previous purchases as well as for the storage of your purchase-related data (e.g. storage of invoice address, various delivery addresses) on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO. By deleting your customer account, you can declare your revocation in accordance with Art. 7 Para. 3 DSGVO at any time with effect for the future.

Storage period

If you order as a guest, your personal data will be stored until the complete processing of your order (end of contract). If you register for a permanent customer account, we will store your purchase-related data beyond the end of the contract until you revoke your consent (deletion of the customer account). In both cases, your data will only be stored further if there are legal obligations to retain it (e.g. tax and commercial law).

Data transmission DPD for the purpose of parcel notification

As part of the shipping process, we transmit your data (name, address, e-mail address and/or mobile phone number, if applicable, as well as other shipment-related data) to our shipping partner DPD Deutschland GmbH on the basis of the EU General Data Protection Regulation Article 6(1f). You can object to the transmission of additional information such as email or mobile phone number at DPD widerspruch_predictbenachrichtigung@dpd.de or with each parcel information via a link at any time.

Comment function

Type and scope of processing

If you use the comment function on our website, we collect your e-mail address(es), user name or similar, comment / message and store this data together with the IP address and date.

Purpose and legal basis

Your personal data is processed for the purpose of commenting on the content of our website on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO. By informal communication (deletion of your comments), you can declare your revocation at any time with effect for the future pursuant to Art. 7 para. 3 DSGVO. There is no legal or contractual obligation to provide your data, but it is not possible to use the comment function without disclosing your data.

Storage period

We store your personal data until you revoke your consent , but no longer than the termination of your user account.

Presence on social media platforms

We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to also provide you with information and offers within social networks and to offer you further ways of contacting us and finding out about our offers. In the following, we will inform you about which data we or the respective social network process from you in connection with calling up and using our fan pages/accounts.

Data that we process from you

If you wish to contact us via messenger or direct message via the respective social network, we generally process your user name via which you contact us and, if applicable, store further data provided by you insofar as this is necessary to process/respond to your request.

The legal basis is Art. 6 para. 1 sentence 1 f) DSGVO (processing is necessary to protect the legitimate interests of the controller).

(Static) usage data we receive from social networks

We receive automatically provided statistics regarding our accounts via Insights functionalities. The statistics include, among other things, the total number of page views, likes, details of page activities and post interactions, reach, video views and details of the proportion of men/women among our fans/followers.

The statistics only contain aggregated data that cannot be related to individual persons. You are not identifiable to us through this.

What data the social networks process from you

In order to view the contents of our fan pages or accounts, you do not have to be a member of the respective social network and to this extent no user account is required for the respective social network.

Please note, however, that when you call up the respective social network, the social networks also collect and store data from website visitors without a user account (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies, over which we have no control. Details of this can be found in the data protection provisions of the respective social network (see the corresponding links above).

Insofar as you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our postings/contributions and/or contact us via messenger functions, prior registration with the respective social network and the provision of personal data is required.

We have no influence on the data processing by the social networks within the scope of their use by you. To our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behaviour (using cookies, pixels/web beacons and similar technologies), on the basis of which advertising based on your interests is played both within and outside the respective social network. It cannot be ruled out that your data will be stored by the social networks outside the EU/EEA and passed on to third parties.

Information on the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use of the social networks can be found in the data protection regulations/cookie guidelines of the social networks. There you will also find information on your rights and objection options

Facebook page

When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as operators of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more detailed information on this under the following link: https://de-de.facebook.com/help/pages/insights.

It is not possible for us to draw conclusions about individual users by means of the statistical information transmitted. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We only collect your data via our fan page in order to make it available for communication and interaction with us. This collection usually includes your name, message content, comment content and the profile information you provide "publicly".

The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 para. 1 f) DSGVO. Should you, as a user, have given your consent to the data processing vis-à-vis the respective provider of the social network, the legal basis of the processing extends to Art. 6 para. 1 a), Art. 7 DSGVO.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorised to fully access your data. Because of this, only the provider can directly take and implement appropriate measures to fulfil your user rights (information request, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effective directly against the respective provider.

We are jointly responsible with Facebook for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Limited as well as with us. The primary responsibility for the processing of Insights data lies with Facebook under the GDPR and Facebook fulfils all obligations under the GDPR with regard to the processing of Insights data, Meta Platforms Ireland Limited provides the essence of the Page Insights supplement to data subjects. We do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 GDPR, including legal basis, identity of the controller and storage period of cookies on user terminals. You can find further information directly from Facebook (Supplementary Agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

Instagram page

When you visit our Instagram page, Instagram collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides more detailed information on this under the following link: http://de-de.facebook.com/help/pages/insights.

It is not possible for us to draw conclusions about individual users by means of the statistical information transmitted. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We only collect your data via our fan page in order to make it available for communication and interaction with us. This collection usually includes your name, message content, comment content and the profile information you provide "publicly".

The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 para. 1 f) DSGVO. Should you, as a user, have given your consent to the data processing vis-à-vis the respective provider of the social network, the legal basis of the processing extends to Art. 6 para. 1 a), Art. 7 DSGVO.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorised to fully access your data. Because of this, only the provider can directly take and implement appropriate measures to fulfil your user rights (information request, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effective directly against the respective provider.

We are jointly responsible with Instagram for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Limited as well as with us. The primary responsibility for the processing of insights data lies with Instagram under the GDPR and Instagram complies with all obligations under the GDPR with regard to the processing of insights data, Meta Platforms Ireland Limited provides the essence of the page insights supplement to data subjects. We do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 GDPR, including legal basis, identity of the controller and storage period of cookies on user terminals. Further information can be found directly at Instagram (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

Live chat function

We use the live chat Freshchat of the company Freshworks Inc, 2950 S. Delaware Street, Suite 201, San Mateo CA 94403, USA ("Freshworks"). You can use the live chat like a contact form to chat with our staff in near real time.

Depending on the course of the conversation with our employees, personal data may be collected in the chat and entered by you. The nature of this data depends largely on your enquiry or the problem you are describing to us. The purpose of processing all this data is to provide you with a quick and efficient means of contacting us and thus to improve our customer service.

By using Freshchat, the data you provide in each case is transmitted to Freshworks and stored on their servers in the USA. Freshworks also transmits this data to external service providers in order to provide Freshchat's services.

Freshchat uses "cookies", text files that are stored on your computer and enable you to conduct personal real-time chats on biologischverpacken.de/en. This serves the purpose of sparing you extensive explanations about the history of your enquiry under certain circumstances as well as for the constant quality control of our live chat service. The processing is therefore permitted in accordance with Art. 6 (1) (b) and (f) DSGVO. If you do not wish this, you are welcome to inform us of this using the contact details below. Saved live chats will then be deleted by us immediately. If you wish to object to the storage of cookies on biologischverpacken.de/en, you can do so directly in the lower section of our website under "Cookie settings".

The storage of chat data also serves the purpose of ensuring the security of our information technology systems. This is also our legitimate interest, which is why the processing is permitted under Art. 6 (1) f DSGVO.

You can find more information about Freshworks and data protection here: https://www.freshworks.com/privacy/.

Hotjar

This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

Hotjar is a tool used to analyse your user behaviour on this website. Hotjar allows us to record, among other things, your mouse movements, scrolling movements and clicks. Hotjar can also determine how long you have stayed on a certain spot with the mouse pointer. From this information, Hotjar creates so-called heat maps, which can be used to determine which website areas are viewed preferentially by the website visitor.

Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).

In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.

Hotjar uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or use of device fingerprinting).

The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Deactivating Hotjar

If you would like to deactivate the data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/opt-out.

Please note that deactivating Hotjar must be done separately for each browser or end device.

For more information about Hotjar and the data it collects, please see Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy

Contract on order processing

We have concluded an order processing contract with Hotjar in order to implement the strict European data protection regulations.

Use of IntelliAd

This website uses the web analysis service with bid management of intelliAd Media GmbH, Sendlinger Str. 7, 80331 Munich. Anonymised usage data is processed and stored in aggregated form and usage profiles are created from this data in order to design and optimise this website in line with requirements. When intelliAd tracking is used, cookies are stored locally. You have the right to object to the processing of your usage data. To do so, use the intelliAd opt-out function (https://login.intelliad.com/optout.php).

Use of Google Analytics

Our website uses Google Analytics, a web analysis service provided by Google Inc (hereinafter: Google). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: Browser Add On to deactivate Google Analytics.

In addition or as an alternative to the browser add-on, you can install the tracking by Google Analytics on your device. This will prevent the collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser.

Use of Google Optimize

Our website also uses Google Optimize. Google Optimize analyses the use of different variants of our website in order to improve the user experience on the website. Google Optimize is a sub-service of Google Analytics. See section Use of Google Analytics.

Google Tag Manager

This website uses Google Tag Manager. The Tag Manager does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. Google's privacy policy for this tool can be found here: https://www.google.com/tagmanager/use-policy.html

Use of script libraries (Google Webfonts)

In order to display our content correctly and graphically appealing across browsers, we use script libraries and font libraries such as Google Webfonts on this website. Google Web Fonts are transferred to your browser's cache to avoid multiple loading. If the browser does not support Google Web Fonts or prevents access, content is displayed in a standard font.

Calling up script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible - although it is currently unclear whether and, if so, for what purposes - that the operators of such libraries collect data.

The privacy policy of the library operator Google can be found here (https://www.google.com/policies/privacy/).

Google AdWords

Our website uses Google Conversion Tracking. If you have reached our website via an ad placed by Google, Google AdWords will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognise that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked across AdWords customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in the tracking, you can reject the setting of a cookie required for this - for example, by means of a browser setting that generally deactivates the automatic setting of cookies or by setting your browser in such a way that cookies from the domain "googleleadservices.com" are blocked.

Please note that you may not delete the opt-out cookies as long as you do not want any measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.

Use of Adobe Typekit

We use Adobe Typekit for the visual design of our website. Typekit is a service provided by Adobe Systems Software Ireland Ltd. that gives us access to a font library. To integrate the fonts we use, your browser must establish a connection to an Adobe server in the USA and download the font required for our website. This provides Adobe with the information that our website was accessed from your IP address. You can find more information about Adobe Typekit in Adobe's privacy policy (https://www.adobe.com/privacy/policies/adobe-fonts.html).

Google DoubleClick

Type and scope of processing

We have integrated components of DoubleClick by Google on our website. DoubleClick is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transfers data to the DoubleClick server with each impression as well as with clicks or other activities.

Each of these data transfers triggers a cookie request to the browser of the data subject. If the browser accepts this request, DoubleClick sets a cookie in your browser.

DoubleClick uses a cookie ID, which is required to process the technical procedure. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplicate placements. Furthermore, the cookie ID enables DoubleClick to record conversions. Conversions are recorded, for example, when a DoubleClick ad has previously been displayed to a user and the user subsequently makes a purchase on the advertiser's website using the same internet browser.

A DoubleClick cookie does not contain any personal data, but may contain additional campaign identifiers. A campaign identifier serves to identify the campaigns with which you have already been in contact on other websites. As part of this service, Google obtains knowledge of data that Google also uses to generate commission statements. Among other things, Google can track that you have clicked on certain links on our website. In this case, your data will be passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable data protection provisions of DoubleClick by Google can be found at https://policies.google.com/privacy.

Purpose and legal basis

We process your data with the help of the Double-Click cookie for the purpose of optimizing and displaying advertising based on your consent pursuant to Art. 6 (1) lit. a DSGVO. You give your consent by setting the use of cookies (cookie banner / Consent Manager), with which you can also declare your revocation at any time with effect for the future pursuant to Art. 7 (3) DSGVO. The cookie is used, among other things, to place and display user-relevant advertising and to create reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid multiple displays of the same advertising. Each time you call up one of the individual pages of our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the settlement of commissions. There is no legal or contractual obligation to provide your data. If you do not give us your consent, it is possible to visit our website without restriction, but not all functions may be fully available.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google DoubleClick: https://policies.google.com/privacy.

Retargeting/Remarketing

This website uses retargeting services from the following providers:

  • Google Adwords Remarketing, a retargeting service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Google Adwords Privacy Policy.

The retargeting technology makes it possible to target visitors to our website with personalized, interest-related advertising who have already shown an interest in our store and our products. The advertising material is displayed on the basis of a cookie-based analysis of previous user behavior, but no personal data is stored. In the cases of retargeting technology, a cookie is stored on your computer or mobile device in order to collect anonymized data about your interests and thus adapt the advertising individually to the stored information. These cookies are small text files that are stored on your computer or mobile device. As a result, you will be shown advertising that is most likely to match your product and information interests.

You can permanently object to the setting of cookies for advertising preferences by Google by downloading and installing the browser plug-in available at the following link (https://www.google.com/settings/ads/onweb/).

Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.

Google Fonts

Type and scope of processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you connect to servers of Google Ireland Limited, whereby your IP address is transmitted.

Purpose and legal basis

The use of Google Fonts is based on our legitimate interests, i.e. interest in a uniform provision as well as the optimization of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO.

Storage period

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.

Google reCAPTCHA

Type and scope of processing

We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request originates from a natural person or is automated by means of a program. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user's browsing time and mouse movements in order to distinguish automated requests from human ones. This data is processed solely for the above purposes and to maintain the security and functionality of Google reCAPTCHA.

Purpose and legal basis

The service is used on the basis of our legitimate interests, i.e. for protection when submitting forms in accordance with Art. 6 (1) lit. f. DSGVO.

Storage period

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.

Google Customer Reviews (formerly Google Certified Merchant Program)

We work with Google as part of the "Google Customer Reviews" program. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This program gives us the opportunity to collect customer reviews from users of our website. Here, after making a purchase on our website, you will be asked if you would like to participate in an email survey from Google. If you give your consent in accordance with Art. 6 (1) lit. a DSGVO, we will transmit your email address to Google. You will receive an email from Google Customer Reviews asking you to rate the purchase experience on our website. The rating you provide will then be aggregated with our other ratings and displayed in our Google Customer Reviews logo and in our Merchant Center dashboard. In addition, your review will be used for Google Seller Reviews. As part of the use of Google Customer Reviews, there may also be a transfer of personal data to the servers of Google LLC. in the USA. You can revoke your consent at any time by sending a message to the data controller or to Google.

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google customer reviews: https://policies.google.com/privacy?hl=en-US.

Further information on Google's data protection in connection with the Google Customer Reviews program can be found at the following link: https://support.google.com/merchants/answer/7188525?hl=de.

For more information about Google seller reviews privacy, you can read this link: https://support.google.com/google-ads/answer/2375474.

Embedded YouTube videos

We embed YouTube videos on some of our websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This tells YouTube which pages you are visiting. If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand.

If a YouTube video is started, the provider uses cookies that collect information about user behavior.

Those who have deactivated the storage of cookies for the Google Ad program will not have to deal with such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you would like to prevent this, you must block the storage of cookies in the browser.

For more information on data protection at "YouTube", please refer to the provider's privacy policy (https://policies.google.com/privacy?hl=en).

YouTube NoCookie

Type and scope of processing

We have integrated YouTube NoCookie on our website. YouTube NoCookie is a component of the video platform of YouTube, LLC, on which users can upload content, share it over the Internet and receive detailed statistics. YouTube NoCookie allows us to integrate content from the platform into our website.

YouTube NoCookie uses cookies and other browser technologies to evaluate user behavior, recognize users and create user profiles. This information is used, among other things, to analyze the activity of the content listened to and to generate reports. If a user is registered with YouTube, LLC, YouTube NoCookie can associate the videos played with the profile. When you access this content, you connect to servers of YouTube, LLC, where your IP address and, if applicable, browser data such as your user agent are transmitted.

Purpose and legal basis

The service is used on the basis of our legitimate interests, i.e. interest in a platform-independent provision of content in accordance with Art. 6 para. 1 lit. f. DSGVO.

Storage period

The concrete storage period of the processed data cannot be influenced by us, but is determined by YouTube, LLC. Further information can be found in the privacy policy for YouTube NoCookie: https://policies.google.com/privacy.

YouTube Video

Nature and scope of processing

We have integrated YouTube Video on our website. YouTube Video is a component of the video platform of YouTube, LLC, on which users can upload content, share it over the Internet and receive detailed statistics. YouTube Video allows us to integrate content from the platform into our website.

YouTube Video uses cookies and other browser technologies to evaluate user behavior, recognize users and create user profiles. This information is used, among other things, to analyze the activity of the content listened to and to create reports. If a user is registered with YouTube, LLC, YouTube Video can associate the videos played with the profile. When you access this content, you connect to servers of YouTube, LLC, whereby your IP address and, if applicable, browser data such as your user agent are transmitted.

Purpose and legal basis

The service is used on the basis of our legitimate interests, i.e. interest in a platform-independent provision of content in accordance with Art. 6 para. 1 lit. f. DSGVO.

Storage period

The concrete storage period of the processed data cannot be influenced by us, but is determined by YouTube, LLC. Further information can be found in the privacy policy for YouTube Video: https://policies.google.com/privacy.

Matomo

This website uses the open source web analytics service Matomo.

With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g., IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g., clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g., device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

IP anonymisation

We use IP anonymisation for the analysis with Matomo. This means that your IP address is shortened before it is analysed so that it can no longer be clearly assigned to you.

Hosting

We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

Clarity

This website uses Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity/ (hereinafter ""Clarity""). Clarity is a tool for analyzing user behavior on this website. Clarity particularly records mouse movements and creates a graphical representation of which parts of the website users scroll to most frequently (heatmaps). Clarity can also record sessions, allowing us to view page usage in the form of videos. We also receive information about general user behavior within our website. Clarity uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). Your personal data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA.

If consent has been obtained, the use of the above-mentioned service is based exclusively on Art. 6 para. 1 lit. a GDPR and § 25 TDDDG. The consent can be revoked at any time. If no consent has been obtained, the use of this service is based on Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in effective user analysis.

Further details on Clarity's data protection can be found here: https://docs.microsoft.com/en-us/clarity/faq. The company has a certification according to the ""EU-US Data Privacy Framework"" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active.

Order Processing

We have concluded a contract for order processing (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Newsletter Data

If you wish to receive the newsletter offered on the website, we require an email address from you, as well as information that allows us to verify that you are the owner of the specified email address and agree to receive the newsletter. No additional data is collected or only on a voluntary basis. We use newsletter service providers for handling the newsletter, which are described below.

Brevo

This website uses Brevo for sending newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of receiving the newsletter will be stored on Sendinblue GmbH's servers in Germany.

Data Analysis by Brevo

With the help of Brevo, we can analyze our newsletter campaigns. For example, we can see if a newsletter message has been opened and which links have been clicked. This way, we can determine which links were clicked particularly often.

We can also recognize whether certain previously defined actions were carried out after opening/clicking (conversion rate). We can thus determine, for example, whether you have made a purchase after clicking on the newsletter.

Brevo also allows us to divide the newsletter recipients into various categories (""cluster""). For example, the newsletter recipients can be divided according to age, gender, or place of residence. In this way, the newsletters can be better adapted to the respective target groups.

If you do not want analysis by Brevo, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

Detailed information on the functions of Brevo can be found at the following link: https://www.brevo.com/features/email-marketing/.

Legal Basis

Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage Duration

The data you store with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data stored for other purposes with us remain unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist, if this is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

For more information, please see Brevo's privacy policy at: https://www.brevo.com/legal/privacypolicy/.

Order Processing

We have concluded a contract for order processing (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Newsletter Dispatch to Existing Customers

If you order goods or services from us and provide your email address, we may subsequently use this email address to send newsletters, provided we inform you about this in advance. In such a case, the newsletter will only be used for direct advertising for our own similar goods or services. You can cancel the receipt of this newsletter at any time. For this purpose, a corresponding link can be found in every newsletter. The legal basis for sending the newsletter in this case is Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us in a blacklist to prevent future mailings to you. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

Changes to our privacy policy

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new privacy policy will then apply to your next visit.