Privacy Policy


As of October 1, 2022

 

1. INTRODUCTION

We know that you care how your personal data is used and shared. We take the protection of your personal data very seriously.
This Privacy Policy describes how we collect and process your personal data and for what purposes it is processed when you visit our website, create an account in our online shop, place an order in our online shop, subscribe to our email newsletter, visit our social media pages, apply for a job with us etc.
The personal data we collect consists of (i) information provided to us by you directly, e.g. when you create an account in our online shop; (ii) information collected automatically, e.g. information collected via cookies on our website; and (iii) information from other sources, such as our fulfillment provider DFTBA in the context of processing your orders.
We always treat your personal data in accordance with the statutory data protection regulations, including, but not limited to the General Data Protection Regulation (GDPR), and this Privacy Policy.

 

2. CONTROLLER AND DATA PROTECTION OFFICER

Controller is In a nutshell – kurzgesagt GmbH, Landwehrstraße 39, 80336 Munich, Germany, Phone +49 (0)89 9545 730 20, eMail info@kurzgesagt.org (hereinafter „KGS“).
Our data protection officer is LS Sport GmbH, E-Mail datenschutz@lssport.eu. If you have any questions about data protection, you can contact our data protection officer at any time.
Regarding the placement of an order and the respective fulfillment DFTBA Europe B.V., Maskaade 159 A, 3071 NR Rotterdam, the Netherlands (hereinafter “DFTBA”), eMail hello@dftba.com, is the controller


3. VISITING OUR WEBSITE
3.1 Log Files

Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is logged:

  • IP address of the calling computer
  • Operating system of the calling computer
  • Browser version of the calling computer
  • Name of the retrieved file/website
  • Date and time of retrieval
  • Transferred amount of data
  • Referring URL

This data is processed in order to be able to present the website, to ensure the security, availability and integrity of the website (e.g., detection and defense against DoS attacks or access by bots), to improve the quality and presentation of the website, to be able to identify and correct errors and for statistical purposes.
This data is regularly deleted after a few days.

Our website is hosted by a service provider on the basis of a data processing agreement pursuant to Art. 28 GDPR. This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate safeguards (Standard Contractual Clauses) at any time upon request.
The legal basis for this data processing is Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the above purposes.


4. ONLINE SHOP
4.1 Shopify


Our online shop is provided and hosted by Shopify International Ltd. In Ireland (“Shopify”) on the basis of a data processing agreement pursuant to Art. 28 GDPR. The processing of data by Shopify may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate safeguards (Standard Contractual Clauses) at any time upon request.


4.2 Creating an Account


You do not have to create an account but can shop as a guest in our online shop. However, creating an account for our online shop can make future shopping easier and provide a more customized, simpler shopping experience. For example, your address data and payment methods may be pre-selected for your next order with our online shop.
If you create an account for our shop, we will process the data provided in the context of the account registration and in the context of orders placed via your account (last name, first name, email address, postal address, login data, purchase information).

Your data will be processed for as long as you use your account. You can, of course, delete your account and any data stored therein at any time by contacting us at the contact data provided above. If you delete your account, the data processed via your account will be deleted (subject to any retention obligations, see below under "Retention and Deletion").

The legal basis for this storage and processing is the fulfillment of the contract or the implementation of pre-contractual measures in accordance with Art. 6 (1) lit. b) GDPR.


4.3 Placing Orders and Fulfillment


If you place an order in our online shop, we will transfer your data to our fulfillment provider DFTBA in the Netherlands. DFTBA will be your contractual partner for the purchasing of any goods via our online shop and will fulfill all orders placed via our online shop. We will transfer all data required for the conclusion of the contract and the fulfillment of your order to DFTBA, who will process such data as an independent controller for the purpose of performing the contract with you.

For details on DFTBA’s processing of your personal data pleased refer to the DFTBA Privacy Policy at https://store.dftba.com/pages/privacy-policy or contact DFTBA at hello@dftba.com.


4.4 Payment


Payments in our online shop will be processed by the chosen payment service provider for our fulfillment provider DFTBA, who is the seller and contractual partner for your purchases via the online shop. We don’t process your payment information.


5. NEWSLETTER
5.1 Registration


On our website, you can register to receive a newsletter by email. During registration, the data from the input mask, the IP address of the calling computer and the date and time of registration are transmitted to us. For the processing of the data, your consent is obtained during registration and reference is made to this Privacy Policy.

In order to verify that a registration for the sending of a newsletter is made by the actual owner of an email address, we use the so-called "double opt-in" procedure. In this process, after registration of an email address, a confirmation email is sent to the registered email address. Registration for the newsletter is only completed when a confirmation link contained in the confirmation e-mail is activated. The IP address of the calling computer and the date and time of activation of the confirmation link are also transmitted to us.

The registration for the newsletter can be terminated at any time by using the unsubscribe link contained in each newsletter or by contacting us at the above contact details.

The legal basis for the processing of data after registration for the newsletter is your consent pursuant to Art. 6 (1) lit. a) GDPR.

5.2 eMail Newsletter for Existing Customers


If you create an account for our online shop and/or purchase our products (via our fulfillment provider DFTBA) and provide your email address, this may subsequently be used by us to send you an email newsletter if you have not objected to such use. In such a case, the email newsletter will only be used to send direct advertising for our own similar goods or services. You can object to the use of your email address at any time, without incurring any costs other than the transmission costs according to the basic rates, by using the unsubscribe link contained in every newsletter or by contacting us at the above-mentioned contact details.

The legal basis for sending the newsletter as a result of the sale of goods or services is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR.


5.3 Newsletter Analytics/Tracking


A statistical analysis of usage data may be carried out for our newsletters. For this purpose, we may record both the openings of the e-mail and the internal clicks. This information serves the purpose of measuring and optimizing the success of our newsletter campaigns by making the newsletter content more relevant to our target group.
The legal basis for this analysis is your consent pursuant to Art. 6 (1) lit. a) GDPR.


5.4 Newsletter Service Provider


We use an external service provider as a data processor for sending and analyzing our newsletter on the basis of a data processing agreement pursuant to Art. 28 GDPR.

This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate safeguards (Standard Contractual Clauses) at any time upon request.


6. COOKIES AND THIRD-PARTY TOOLS/FUNCTIONS


Our website uses cookies and implements third-party tools and functions.
Cookies are pieces of information that are transferred from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies may be small files or other types of information storage. Information is stored in cookies that is related to the specific end device used. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. A cookie also contains information about its origin and the storage period. However, this does not mean that we gain immediate knowledge of your identity.
We also use third-party functionalities, plug-ins and tools, for example, to expand the functional scope of the website, to analyze the use of the website, and to optimize the content accordingly.
When integrating tools and functionalities from third-party providers, personal data may be transmitted to the providers of the integrated tools and functionalities in order to be able to provide the tools and functionalities.
Cookies and tools and functionalities from third-party providers are referred to uniformly as "cookies" in the following for the sake of simplicity.


6.1 Cookie Banner/Consent Management Service (Usercentrics)


We use the consent management service Usercentrics of Usercentrics GmbH in Germany (hereinafter „Usercentrics“). This enables us to obtain and document the consent of visitors to our website.
The following data is processed in the process: Date and time of access Browser information Device information Geographic location Cookie preferences URL of the page visited.
The data is deleted after a period of 1 year.

The functionality of the website is not guaranteed without the processing. The data processing is necessary for the fulfillment of a legal obligation (Art. 7 (1) GDPR), the legal basis is accordingly Art. 6 (1) lit. c) GDPR.
Usercentrics acts for us as a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.
The processing takes place in the European Union.
For more information on objection and removal options vis-à-vis Usercentrics, please visit: https://usercentrics.com/de/datenschutzerklaerung/

6.2 Necessary/Essential Cookies and Tools/Functions


When visiting our website, cookies are set that are necessary for the operation of the website. These necessary/essential cookies may be, for example, cookies that are required for the display of the website with a content management system, which are used to recognize language settings, or which are used to document whether you have consented to the setting of further (non-essential) cookies or whether you have rejected them.
These necessary/essential cookies, including their purpose and storage period or deletion period, are explained to you in our cookie banner, which is displayed when you access the website.
The legal basis for the processing of personal data using necessary/essential cookies is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest are the operation and provision of our website.


6.3 Non-Essential Cookies and Tools/Functions


We also use non-essential cookies, for example to collect additional information about the interests of visitors to our websites or about their usage behavior, in order to analyze and optimize our website and generally our customer interactions on this basis.
Non-essential cookies, including their purpose and storage period or deletion period, are also explained to you in our cookie banner, which is displayed when you access the website.
Non-essential cookies are only set if you have expressly consented to the setting of non-essential cookies. You can also select different categories of non-essential cookies that you wish to allow in the cookie banner.
The legal basis for the processing of personal data using such non-essential cookies is your explicit consent pursuant to Art. 6 (1) lit. a) GDPR.


6.4 Google Tag Manager


On our website we use the tool Google Tag Manager. Google Tag Manager is provided by Google Ireland Limited in Ireland. Through this tool, website tags can be managed via an interface. Google Tag Manager only implements tags, but no cookies are used, and no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data, but Google Tag Manager does not access this data.


6.5 Web Analytics und Marketing


We use web analytics services to understand how our website and our Platform are used by their visitors or users and to optimize the website and the Platform in terms of content and technology.


6.5.1 Google Analytics


We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited ("Google").

JavaScript tags allow us to collect information about your use of the website and the Platform. Google Analytics also regularly uses cookies to collect information about a user's interactions with the website or Platform.
Within the scope of the use of Google Analytics, your IP address and information about the use of the website or Platform, browser type and version, operating system used, the previously visited page and the time of the server request are transferred to Google servers and processed there.

Within the scope of IP anonymization, the collected IP addresses of users within the European Economic Area are shortened before being transmitted to the USA. Only in exceptional cases, in the event of technical malfunctions in Europe, will the unabbreviated IP address be transmitted to Google in the USA and shortened there. The transmitted IP addresses are not merged with other data from Google.

Google will act for us as a processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.
As explained, this may involve the transfer of personal data to a third country without an adequate level of data protection. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate safeguards (Standard Contractual Clauses) at any time upon request.
The legal basis for this data processing is your express consent pursuant to Art. 6 (1) lit. a) GDPR.


6.5.2 Google Optimize


The Google Optimize web analytics and optimization service is used on our website (hereinafter referred to as “Google Optimize”). The service is made available by Google Ireland Limited (“Google”).

We use the Google Optimize service to enhance the presentation, content, and functionality of our website by displaying new functions and content to a percentage of our users, and statistically analyzing their changing usage. Google Optimize is a sub-service from Google Analytics. Google Optimize uses cookies that enable the optimization and analysis of your use of our website. The information relating to your usage of our website generated by these cookies is generally transferred to a server in the USA and stored there. In this process, we use Google Optimize with activated IP anonymization, with the result that your IP address is truncated in advance by Google, within member states of the European Union or in other states that are signatories to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a server in the USA and truncated there. Google will use this information to analyze your usage of our website, compile reports on the optimization test and associated website activities and provide us with further services related to website usage and internet usage.

Google will act for us as a processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.
As explained, this may involve the transfer of personal data to a third country without an adequate level of data protection. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate safeguards (Standard Contractual Clauses) at any time upon request.
The legal basis for this data processing is your express consent pursuant to Art. 6 (1) lit. a) GDPR.

6.5.3 Heatmap (Hotjar)


We use the web analytics service Hotjar provided by Hotjar Ltd. in Malta. Hotjar enables an analysis of the use of the website and the platform by collecting and processing data on the use of the website or platform and on the behavior of users and on the end devices used via cookies and a script (in particular, the IP address of the end device (in anonymized form), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language). Hotjar stores this information in a pseudonymized user profile. The information is neither used by Hotjar nor by us to identify individual users nor is it merged with further data about individual users. The collected data can be used to analyze the users' interactions with the website or Platform, for example by creating heat maps.
Details on data processing by Hotjar can be found here: https://www.hotjar.com/privacy/
Hotjar acts for us as a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.
This may involve the transfer of personal data to a third country without an adequate level of data protection. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate safeguards (Standard Contractual Clauses) at any time upon request.
The legal basis for this data processing is your express consent pursuant to Art. 6 (1) lit. a) GDPR.

6.5.4 Tracking Pixel


Tracking pixels from various providers are used on our website to track website usage and the actions of website visitors for the purpose of conversion tracking. Tracking pixels from the following providers may be used: LinkedIn, Bing, Meta, Google Ads, Outbrain, Pinterest, Snapchat, Taboola, TikTok, Twitter, Yahoo Native (Gemini).
Tracking pixels are a code snippet that allows us to track the actions of website visitors, which further allows us to personalize and improve our advertisements and measure their success. This allows us to evaluate our website for statistical and market research purposes and optimize advertising campaigns.
The data collected via the tracking pixels may be used by the providers of the respective pixels for their own tracking and advertising purposes. For further details, please refer to the privacy statements of the providers of the respective pixels.
If you are a member of a social media platform of one of the providers of the tracking pixels and have allowed the respective provider to do so via the settings of your user account with the social media network, the provider of the social media network or the tracking pixel may link the information collected about your visit to our website to your user account with the respective social media network and use it for the targeted placement of advertisements.
We can also measure the effectiveness of advertisements on the respective social media networks and see whether a user was redirected to our website via such ads (conversion measurement).
The integration of such tracking pixels may result in the transfer of personal data to a third country without an adequate level of data protection. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will gladly provide you with proof of the appropriate guarantees (standard contractual clauses) at any time upon request.
The legal basis for this data processing is your express consent pursuant to Art. 6 (1) lit. a) GDPR.


6.6 Fonts (Google Fonts)


In order to display the content of our website correctly and graphically appealing across browsers, we use the font library Web Fonts of Google Ireland Ltd. in Ireland (hereinafter “Google”). When you call up a website on which a font library is integrated, the required font is loaded into the browser cache in order to display texts and fonts correctly. In doing so, the operator receives the information that the font required for our website or platform was called up from your IP address.
You can prevent the use of such libraries and the associated data transmission by installing a JavaScript blocker (e.g. www.noscript.net). If the use of Web Fonts is not supported or prevented, a default font will be used by your computer.
Google acts for us as a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.
This may involve the transfer of personal data to a third country without an adequate level of data protection. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate safeguards (Standard Contractual Clauses) at any time upon request.
The legal basis for this data processing is your express consent pursuant to Art. 6 (1) lit. a) GDPR.


6.7 Videos (YouTube)


YouTube videos are embedded on our website. These are provided, via a plugin, by Google Ireland Ltd. in Ireland ("YouTube").
We use the "extended data protection settings" for embedded YouTube videos, this means that YouTube does not set any cookies.
Nevertheless, when you visit a website with the YouTube plugin, a connection to YouTube is inevitably established and your IP address is transmitted to YouTube in the process.
When using YouTube, personal data is transferred to a third country outside the EU. We ensure that suitable guarantees are provided for the transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. To do so, please contact us using the contact details above.
Further information on data protection at YouTube can be found in YouTube's Data Protection and Security Centre:
https://support.google.com/youtube/topic/2803240?hl=de&ref_topic=6151248
The legal basis for this data processing when using YouTube is Art. 6 (1) lit. f) GDPR. Our legitimate interest is the integration of videos and the associated optimization of the interactivity of our website and our customer interactions.


7. SOCIAL MEDIA
7.1 Social Media Buttons


Social media buttons of various social media networks (e.g. Linkedin, Instagram, Twitter and Facebook) are integrated on our website.
If you click on one of these social media buttons, you will be redirected to our pages on the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective social media network or are not logged in there. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account with the social media network.
For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and setting options for data protection, please refer to the respective privacy policy of the providers of the social media networks. The legal basis for the integration and use of social media buttons is Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the marketing of our offers and our website.

7.2 Social Media Pages


We maintain a publicly accessible profile on various social media networks (e.g. Linkedin, Instagram, Twitter and Facebook).

If you visit our social media pages and are logged in to the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account with the social media network and enrich it there. Even if you are not logged in or if you do not have an account with the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.

The operators of the social media networks can use this data to create user profiles. Based on your user profile, you can then be shown interest-based advertisements both on the websites of the social media network and on other websites.
If you visit one of our social media pages, we are jointly responsible with the provider of the social media network for the collection and processing of your personal data that takes place there. For information on the collection and processing of your personal data that takes place there, we refer you to the privacy policy of the respective social media network.
You can assert your data subject rights in accordance with Chapter III. of the GDPR (right to information, correction, deletion, restriction of processing, data portability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of data subject rights within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.

The legal basis for our use of social media pages is Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the presence and marketing of our products and services on the Internet.


8. PROSPECTS, CUSTOMERS AND SERVICE PROVIDERS (CRM)


If you contact us, e.g. by email, via a contact form or via live chat, the information you provide will be stored for the purpose of processing the request.

We need the information requested in a contact form or live chat to process your request, to address you correctly and to send you a reply.

The legal basis for this data processing is Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the communication with prospects, visitors, and customers. If the purpose of the contact is to conclude a contract, legal basis for processing is Art. 6 (1) lit. b) GDPR.

We process the data of our customers, service providers and suppliers as part of the provision of our contractual services. In this context, inventory data (for example, surname and first name of the contact person(s), address), contact data (for example, e-mail address, telephone number), contract data (for example, subject matter of the contract, term), payment data and data collected in the context of the provision of services and/or required for the provision of services are processed, if applicable.

Inquiries and customer relations are regularly stored and processed in our CRM system. The data processed in this context (surname, first name, title, postal address, date of birth if applicable, your specific interest with regard to our products and services and your interactions with us) may also be used by us for direct marketing purposes, in particular for postal advertising, in compliance with the legal requirements.

The legal basis for this storage and processing is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the marketing of our products and services and the maintenance of our prospect, customer and service provider relationships.

9. COMPETITIONS/SWEEPSTAKES


When participating in one of our offline or online competitions/sweepstakes, we collect and process the personal data provided by the participant as part of the participation in the competition, usually first name, address and e-mail address.
We collect this data in order to enable participation in the competition, to carry out the competition, to inform the participant of a prize, if applicable, and to send the participant a possible prize.

We process the participants' personal data to conduct the competition and to determine and notify the winners.
Insofar as participants provide information as part of their participation that is not required for participation in the respective competition, this is done on a voluntary basis.

If you do not provide us with the data required to participate in a competition, it will not be possible to participate in the competition or to contact you regarding notification of a prize.

The legal basis for data collection and data processing is Art. 6 (1) lit. b) GDPR or your consent pursuant to Art. 6 (1) lit. a) GDPR.

10. JOB APPLICATIONS

We collect and process personal data of applicants for the purpose of processing the application process. If an applicant submits his or her application documents to us electronically, they are processed electronically.

If we conclude an employment contract with an applicant, the data transmitted will be processed in order to carry out the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted immediately after completion of the application procedure, provided that deletion does not conflict with any overriding legitimate interest, such as the defence of claims or a preservation of evidence function according to the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).

The legal basis for this storage and processing is the performance of the contract or the implementation of pre-contractual measures pursuant to Art. 6 (1) lit. b) GDPR, in Germany § 26 BDSG.


11. MERGERS AND ACQUISITIONS (M&A)


If we are involved in a restructuring, acquisition, asset sale, merger, financing, transfer of services to another provider, due diligence, insolvency or receivership, your personal data may be transferred to third parties to the extent legally permitted in connection with and as part of the relevant legal process, subject to the basic principles of data protection law.


12. RECIPIENTS OF DATA


Within our company, those internal departments or organizational units receive your data which they need to fulfill their tasks, to fulfill contracts with you if necessary, for data processing with your consent or to safeguard our overriding legitimate interests.

Data will only be passed on to third parties within the framework of legal requirements. We will only pass on your data to third parties if, for example, this is necessary for contractual purposes on the basis of Art. 6 (1) lit. b) GDPR or to safeguard our overriding legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in the effective conduct of our business operations.

Insofar as we use service providers within the framework of the provision of the website and/or Platform or other services, we take appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of your personal data.


13. YOUR RIGHTS


You have the rights explained below with regard to the personal data processed by us concerning you:


13.1 Right of Access


You can request information in accordance with Art. 15 GDPR about your personal data that we process.


13.2 Right to Rectification


If the information concerning you is not (or no longer) accurate, you may request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you may request that it be completed.


13.3 Right to Erasure


You may request the erasure of your personal data in accordance with Art. 17 GDPR.


13.4 Right to Restriction of Processing


In accordance with Art. 18 GDPR you have the right to request restriction of processing of your personal data.


13.5 Right to Object to Processing.


You have the right to object at any time on grounds relating to your particular situation to the processing of your personal data which is carried out on the basis of Art. 6 (1) lit. e) or lit. f) GDPR in accordance with Art. 21 (1) GDPR. In this case, we will not further process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert and exercise or defend against legal claims (Art. 21 (1) GDPR).

In addition, according to Art. 21 (2) GDPR, you have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing; this also applies to any profiling, insofar as it is related to such direct marketing.


13.6 Right to Withdraw Consent


Insofar as you have given your consent for processing, you have a right to withdraw your consent pursuant to Art. 7 (3) GDPR.


13.7 Right to Data Portability


You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format ("data portability") as well as the right to have this data transferred to another controller if the conditions of Art. 20 (1) lit. (a) and (b) GDPR are met.


13.8 Exercise of Rights


You can exercise your rights by notifying the above contact details for the data controller or the data protection officer.


13.9 Right to Complain to the Data Protection Authorities


If you believe that our processing of your personal data violates data protection law, you also have the right to complain to a data protection supervisory authority of your choice pursuant to Article 77 of the GDPR.


14. COMPULSORY DATA AND PROFILING


The provision of personal data is neither required by law nor by contract, and you are not obliged to provide personal data, although the provision of personal information is required for the conclusion of a contract to the extent that certain details are required in order to conclude (and perform) a contract.
We do not perform automated decision making, including profiling.


15. RETENTION AND DELETION


We adhere to the principles of data avoidance and data economy and only store your personal data for as long as is necessary to achieve the respective purpose of the data processing purposes or as stipulated by the storage periods provided by law.

If the purpose of storage no longer applies or if a storage period provided for by law expires, the personal data will be routinely anonymized or deleted in accordance with the statutory provisions.


16. INFORMATION SECURITY


We take appropriate technical and organizational measures in accordance with the state of the art to ensure a level of protection for the personal data we process that is appropriate to the risk of the respective processing and to protect the data we process against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries or payment data that you send to us.

Our employees receive regular training on data protection and information security and are committed to confidentiality and data protection.

A restrictive rights and roles concept on a "need to know" basis ensures that employees only have access to the personal data they absolutely need to perform their duties.