Get in touch

Privacy policy

NAME AND ADDRESS OF THE PERSON RESPONSIBLE:

Hubert Schmitz GmbH
Düsseldorfer Str. 4
52525 Heinsberg

Phone: +49(0)2452 9909-0
Fax: +49(0)2452 9909-20

E-mail: info(at)s-gard.de

Represented by the managing directors:

Dipl.-Ing. Hubert Schmitz
Business graduate Bruno Schmitz

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally.

This privacy policy explains what data we collect, what we use it for and for what purpose.

We would like to point out that data transmission over the Internet may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

1. GENERAL NOTES AND MANDATORY INFORMATION

How do we collect your data?

Some data is collected by the IT systems automatically or with your consent when you visit the website. This is technical data (internet browser, time of page view, etc.), which is collected automatically when you visit the website.

Other data is collected when you provide it to us, for example by filling out the contact form.

What do we use your data for?

We collect and use your personal data primarily only to guarantee the error-free provision of the website. Some data may also be used to analyse your user behaviour.

What rights do you have?

You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time. You also have the right to have this data corrected or deleted. If you have given your consent to data processing, you can revoke this at any time. You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or a third party in a commonly used, machine-readable format. You also have the right to lodge a complaint with the competent supervisory authority.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you lodge an objection, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims (objection pursuant to Art. 21 (1) GDPR). If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Information, rectification and erasure

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if necessary, a right to correction or deletion of this data at any time. You can contact us at any time regarding this and other questions on the subject of personal data. Right to restriction of processing You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do this. The right to restriction of processing exists in the following cases

  • If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
  • If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.
  • If you have lodged an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

HOSTING

External hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

Our hoster will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

We use the following hoster(s):

CDD GmbH & Co KG, Wurmstr. 4, 52525 Heinsberg, Germany

We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the hoster processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

STORAGE PERIOD

Unless a specific storage period has been specified, we will store your personal data until the purpose for processing no longer applies. If you request a justified deletion of your data or revoke your consent, your data will be deleted unless there are other legally permissible reasons for storing your personal data.

SSL ENCRYPTION

For security reasons and to protect the transmission of confidential content, this site uses SSL encryption. You can recognise an encrypted connection by the fact that the address line of your browser changes from http:// to https:// and by the lock symbol in the browser line.

OBJECTION TO ADVERTISING E-MAILS

We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of the site reserve the right to take legal action in the event of the unsolicited sending of advertising information.

Picture sources / picture credits
The images used on this website are from

  • JP Gansewendt Photography, https://www.jp-gansewendt-photography.de/
  • Per Schorn Photography, https://perschorn.com/
  • Veritas Media, https://veritas-medien.de/
  • Own photos
  • Platform e.g. Adobe Stock https://stock.adobe.com/de/

DATA PROTECTION OFFICER

If you have any questions about the processing of your personal data or your rights in relation to data protection, please contact

ITU
Innovative Technologie und Unternehmensberatung GmbH & Co KG
Mr Michael Errens
Zechenring 10

41836 Hückelhoven

Telephone 0 24 33 – 80 50 20
E-mail: info@itu-beratung.de

2. DATA COLLECTION ON OUR WEBSITE

COOKIES

Our website partly uses so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called „session cookies“. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services.

If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); consent can be revoked at any time. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. You can find out which cookies and services are used on this website in this privacy policy.

SERVER LOG FILES

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

  • Browser type and browser version
  • Operating system used
  • referrer URL
  • Host name of the accessing computer
  • Time of the server enquiry
  • IP address

This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – the server log files must be recorded for this purpose.

ENQUIRY BY E-MAIL, TELEPHONE OR FAX

If you contact us by e-mail, telephone or fax, your enquiry including all personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

CONTACT FORM

If you send us enquiries and messages via the contact form, your details from the form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The data entered in the contact form is therefore processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains. Mandatory statutory provisions – in particular retention periods – remain unaffected.

ONLINE JOB APPLICATION

In the case of online job applications, the application data is collected and processed electronically by Hubert Schmitz GmbH for the purpose of handling the application process. This also includes the internal forwarding of the applicant profile to the responsible department.

The legal basis for the collection and processing of the data is based on a legal basis for the stated purposes (§ 26 BDSG n.F.; Art. 88 DSGVO, Art. 6 para. 1 lit. b), DSGVO, Art. 9 para. 2 lit. b) DSGVO) and is necessary for the implementation of the selection procedure.

If the job application is rejected, the transmitted data will be deleted automatically two months after notification of the rejection. This does not apply if a longer storage period of up to four months or the conclusion of legal proceedings is required due to legal requirements (burden of proof under the General Equal Treatment Act, AGG).

The legal basis for this is Art. 6 para. 1 lit. f GDPR or § 24 para. 1 no. 2 BDSG.
The provider has a legitimate interest in legal defence.

If explicit consent has been given for the data to be stored for a longer period in a database of interested parties, the data will continue to be processed on the basis of this consent and will be deleted after 12 months at the latest.

The legal basis is Art. 6 para. 1 lit. a GDPR. Consent to this can be revoked at any time for the future in accordance with Art. 7 para. 3 GDPR by notifying the provider.

EVENTS/INVITATIONS

We use the services of taptic GmbH, a ticketing software, to register for events.

The service provider is taptic GmbH, Alter Wall 32, 20457 Hamburg. The company has committed itself to the General Data Protection Regulation and thus fulfils all current legal requirements for data protection. The data protection provisions of taptic GmbH can be accessed at: taptic | Datenschutz.

In addition to the information provided by you when you voluntarily participate in the event, information on:

  • Surname and first name
  • e-mail address
  • your address
  • Date and time of your visit,
  • referrer URL
  • IP address

recorded.

The purpose of the processing is to provide tickets for events. The legal basis for the use and the associated processing and storage of your personal data is based on Art. 6 para. 1 lit b) and f) GDPR.

By registering for our events, you consent to the collection, storage and use of the above personal data.
By registering, you expressly agree that Hubert Schmitz GmbH may also pass on the participant’s personal data to third parties commissioned to organise the event. Hubert Schmitz GmbH will ensure that the rights of the participant are safeguarded.

The email address can only be used for sending information material from Hubert Schmitz GmbH and information relevant to the event. In this case, sending invitations electronically is equivalent to sending them by post.
You can revoke this consent at any time with effect for the future.
Please send your cancellation to Hubert Schmitz GmbH in good time before the event.

The legal basis for processing is Art. 6 Para. 1 lit b (implementation and fulfilment of pre-contractual obligations); lit c (legal obligations) and lit f (legitimate interest).

Information on photographs and their use

Photographs are regularly taken at our events, some of which are published on our homepage and on our social media channels.

If you do not wish to be photographed, please speak to the photographer directly on site.

We will inform you again on the day of the event about your options to object.

Legal basis: The processing is based on the legitimate interest of the controller to document the event organised by it in pictures and to report positively on it to a wider public (Art. 6 para. 1 lit. f GDPR) and on your consent to processing in accordance with Art. 6 para. 1 lit. a GDPR.

Events organised by partner companies

On our website you will find links to events organised by our partner companies. If you click on such a link, you will leave our website and be forwarded directly to the website of the respective partner company.

Please note that registration for these events takes place directly via the partner company’s website. The processing of your personal data in the context of registration and participation in the event is the sole responsibility of the respective partner company.

We have no influence on the processing of your personal data by the partner companies. Please inform yourself directly on the partner’s website about their data protection regulations. The relevant data protection guidelines can usually be found on the partner website to which you are redirected.

We do not transmit any personal data to the partner companies unless you have given us your express consent to do so or there is a legal basis for doing so. You will only be forwarded by clicking on the respective link.

3. ANALYSIS TOOLS AND ADVERTISING

GOOGLE ANALYTICS

We use Google Analytics to analyse website usage. The data obtained from this is used to optimise our website and advertising measures.

Google Analytics is a web analysis service operated and provided by Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the confidentiality of the processed data.

The following data is recorded during your visit to the website:

  • Pages accessed
  • The achievement of „website goals“
  • Your behaviour on the pages (length of stay, clicks, scrolling behaviour, etc.)
  • Your approximate location (country and city)
  • Your IP address (in abbreviated form, so that no clear assignment is possible)
  • Technical information such as browser, internet provider, end device and screen resolution
  • Source of origin of your visit (i.e. via which website or advertising medium you came to us)

This data is transferred to Google servers in the USA. We would like to point out that the same level of protection under data protection law cannot be guaranteed in the USA as within the EU.

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future visits to the website.

The recorded data is stored together with the randomly generated user ID, which makes it possible to analyse pseudonymous user profiles.

If you do not agree to the collection of data, you can prevent this by installing the browser add-on to deactivate Google Analytics or by opting out in our cookie notice banner.

The legal basis for the processing of personal data described here is Art. 6 para. 1 lit. f) GDPR. Our necessary legitimate interest lies in the great benefit that the functions described above have for our website. The statistical analysis of user behaviour enables us in particular to respond and optimise our offering in line with the interests of our users.

GOOGLE TAG MANAGER

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

With the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA), we can manage so-called website tags via an interface. The Tag Manager tool itself, which implements the tags, is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. The Google Tag Manager system does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

The privacy policy can be found at: https://policies.google.com/privacy. Further information: https://privacy.google.com/businesses/adsservices

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

CLOUDFLARE CAPTCHA

We use Cloudflare Captcha on our website to check and prevent interactions on our website by automated access, e.g. by so-called bots. This is an anti-spam service provided by Cloudflare Germany GmbH, Rosental 7 c/o Mindspace, 80331 Munich.

You can find Cloudflare’s privacy policy at: https://www.cloudflare.com/privacypolicy/

The legal basis is Art. 6 para. 1 lit.f) GDPR. Our legitimate interest lies in the security of our website and in the defence against unwanted, automated access in the form of spam or similar.

4. PLUGINS, TOOLS AND SOCIAL MEDIA

GOOGLE MAPS

The website uses the map service Google Maps to visualise geographical information. When using Google Maps, Google collects, processes and uses data about the use of the Maps function. You can find detailed information about data processing by Google in Google’s privacy policy: https://policies.google.com/privacy?hl=de

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includesthe storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

LINKEDIN

Our website uses a function of the LinkedIn network. The provider is LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA; hereinafter: LinkedIn).

If you click on the LinkedIn button (plug-in), you will be redirected to our LinkedIn website in a separate browser window. This establishes a direct connection between your browser and the LinkedIn server. LinkedIn receives the information that you have visited our website with your IP address.

If you click on the „LinkedIn“ button while you are logged into your own LinkedIn user account, you can link the content of our website to your user account. This allows LinkedIn to associate your visit to our website with your user account. We would like to point out that we have no knowledge of the content of the transmitted data or its use by LinkedIn. Further information can be found in LinkedIn’s privacy policy(http://www.linkedin.com/legal/privacy-policy).

LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law(https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

If you do not want LinkedIn to be able to associate your visit to our website, please log out of your LinkedIn user account.

The use of LinkedIn Insight is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures including social media. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

INSTAGRAM

Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website. If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram. The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time. If personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram after forwarding is not part of the joint responsibility. The joint obligations incumbent on us have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum

https://privacycenter.instagram.com/policy/

https://de-de.facebook.com/help/566994660333381

Further information can be found in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.

The company is certified in accordance with the „EU-US Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link:

Data Privacy Framework

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

FACEBOOK

Our website uses so-called social plugins („plugins“) of the social network Facebook, which is operated by Meta Platforms Inc. or, for the European area, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour Dublin2, Ireland („Facebook“).

You can recognise the Facebook plugins by the Facebook logo or the „Like“ button on our website. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/. When you visit our website, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook „Like“ button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook.

If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

You can find more information on this in Facebook’s privacy policy at https://de-de.facebook.com/policy.php

The company is certified in accordance with the „EU-US Data Privacy Framework“ (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link:

Data Privacy Framework

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

TIKTOK

Our website uses social plugins („plugins“) from the social network TikTok. For the European Economic Area, the network is operated by TikTok Technology Limited Ireland.

You can recognise the TikTok plugins by the TikTok logo on our site.

As the operator of our profile on TikTok, we receive anonymised statistical data from TikTok. We cannot use this data to draw any conclusions about the respective visitor. Nor can this statistical data be linked to the profile data of our users. We use the data contained in the statistics exclusively to analyse user behaviour so that we can better tailor our TikTok profile and our offer to the needs and interests of our users. We only use the data provided to us by TikTok that is required for the purposes stated here.

If you do not want TikTok to be able to associate your visit to our pages with your TikTok user account, please log out of your user account.

You can find further information on this in TikTok’s privacy policy at https://www.tiktok.com/legal/page/eea/privacy-policy/de

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG as well as our legitimate interest in accordance with Art.6 para.1 lit.f GDPR.

Consent can be revoked at any time.

We are not aware of the complete data collection, which data of a visitor TikTok collects in total and for which purposes these are processed by TikTok.

We would like to point out that the operators of the platform are mostly companies based in the USA and that their data may therefore also be processed outside the European Union and the European Economic Area. This may give rise to risks, for example because it could make it more difficult to enforce users‘ rights. According to its privacy policy, TikTok uses service providers and host providers that are certified under the Privacy Shield and are committed to complying with EU data protection standards.

Further information on this can be found in TikTok’s privacy policy at https://www.tiktok.com/legal/page/eea/privacy-policy/de

YOUTUBE

We use components (videos) of YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA (hereinafter: „YouTube“), a company of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: „Google“), on our website on the basis of consent pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

We use the „extended data protection mode“ option provided by YouTube.

When you access a page that has an embedded video, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser.

According to YouTube, in „extended data protection mode“ your data – in particular which of our websites you have visited and device-specific information including the IP address – is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission.

If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

Google observes the data protection provisions of the „US Privacy Shield“ and is registered with the „US Privacy Shield“ programme of the US Department of Commerce.

You can find more information at

https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy/

https://policies.google.com/privacy

The use of YouTube is in the interest of an appealing presentation of our online offering. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the end device of the user within the meaning of the TTDSG. Consent can be revoked at any time.

MY FONTS

This site uses so-called MyFonts, which are provided by Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA, for the standardised display of fonts. When you call up a page, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to the servers of Monotype Imaging Holdings Inc. As a result, Monotype Imaging Holdings Inc. becomes aware that this website has been accessed via your IP address.

The use of MyFonts is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

If your browser does not support MyFonts, a standard font will be used by your computer.

You can find more information about MyFonts at https://www.myfonts.com/de/a/font/legal/website-use-privacy-policy

5. ONLINE SHOP

ORDER PROCESS/CUSTOMER ACCOUNT

All data entered by customers in the course of order processing is stored. This includes

  • Surname, first name
  • address
  • payment details
  • e-mail address
  • Telephone number

Data that is absolutely necessary for delivery or order processing is passed on to third-party service providers. The processed data will only be stored for as long as necessary for the intended purpose or as required by law.

The legal basis for this is Art. 6 para. 1 lit b) GDPR.

PAYMENT

Payment data is collected as part of the ordering process. For orders on our website, you have the option of choosing between different payment methods.

PAYPAL

We offer the option of processing the payment process via the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg).

In this context, we pass on the following data to PayPal insofar as it is necessary for the fulfilment of the contract (Art. 6 para. 1 lit b. GDPR).

First name
Surname
Your address
e-mail address
Telephone number

The processing of the data provided in this section is neither legally nor contractually required. We cannot process a payment via PayPal without the transmission of your personal data.

You have the option of choosing another payment method. (prepayment, cash on collection and, if applicable, on account)

PayPal carries out a credit check for various services such as payment by direct debit to ensure your willingness and ability to pay. This corresponds to PayPal’s legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the fulfilment of the contract (pursuant to Art. 6 para. 1 lit. b GDPR). For this purpose, your data (name, address and date of birth, bank account details) will be passed on to credit agencies. We have no influence on this process and only receive the result of whether the payment has been made or rejected or whether a check is pending.

Further information on objection and cancellation options vis-à-vis PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Your data will be stored until the payment has been processed. This also includes the period required for processing refunds, claims management and fraud prevention.

The use of PayPal corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR).

CREDIT CARD

You will be asked to enter your credit card details in the payment window. The data entered will then be checked and verified. Once the data has been approved, you can print or save the summarised transaction details if you wish.

Optionally, a security enquiry via SecureSMS may be necessary before initiating the payment process.

Identification with SecureSMS

When identifying yourself with SecureSMS, you will be asked to enter your mobile phone number in the payment window. Within the next few seconds, we will send you a unique and non-manipulable TAN by SMS to your mobile phone. This process is free of charge for you. Depending on your telephone provider, further steps may be necessary. By entering the TAN received in the payment window, you authorise the purchase and payment by credit card.

The following data is collected and stored when you pay by credit card:

  • Credit card type
  • Credit card number
  • Credit card expiry date
  • Security code
  • Transaction details
  • IP address

The technical processing of your credit card payment is carried out with the involvement of Heinsberger Volksbank, Siemensstraße 5, 52525 Heinsberg, Germany

Information on data protection at Heinsberger Volksbank can be found at

https://www.volksbank-heinsberg.de/service/rechtliche-hinweise/datenschutzhinweis-zur-website.html

The collection, storage, processing and transfer of your data is based on Art. 6 para. 1 lit. a GDPR and Art. 6 para. 1 lit. b GDPR

LINK from STRIPE

We offer the option of processing the payment transaction via the payment service provider Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02H210 (Stripe).

This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f GDPR).

In this context, we pass on the following data to Stripe insofar as it is necessary for the fulfilment of the contract:

  • Name of the cardholder
  • e-mail address
  • customer number
  • order number
  • Bank details
  • Credit card details
  • Credit card expiry date
  • Credit card verification number (CVC)
  • Date and time of the transaction
  • Transaction amount
  • Name of the provider

The processing of the data specified in this section is neither legally nor contractually required. Without the transmission of your personal data, we cannot process a payment via the Stripe link. You have the option of choosing a different payment method.

Stripe assumes a dual role as controller and processor for data processing activities. As the controller, Stripe uses your transmitted data to fulfil regulatory obligations.

This corresponds to Stripe’s legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR) and serves the fulfilment of the contract (pursuant to Art. 6 para. 1 lit. b GDPR).

We have no influence on this process.

Link by Stripe acts as a processor in order to be able to complete transactions within the payment networks. Within the scope of the order processing relationship, Stripe acts exclusively in accordance with our instructions and has been contractually obliged to comply with the data protection regulations within the meaning of Art. 28 GDPR.

Link by Stripe has implemented compliance measures for international data transfers. These apply to all global activities where Stripe processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

You can find more information about Stripe’s link here:

https://link.com/de/privacy

Your data will be stored by us until payment processing has been completed. This also includes the period required for the processing of refunds, receivables management and fraud prevention.

The legal basis for this is Art. 6 para. 1 lit b) GDPR

KLARNA

You have the option of using the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; „Klarna“) on our website. By selecting and using payment via Klarna, the data required for payment processing will be transmitted to Klarna in order to fulfil the contract with you using the selected payment method.

This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

Cookies may be stored that enable your browser to be recognised.

The resulting data processing takes place on the basis of Art. 6 para. 1 lit. f GDPR from our overriding legitimate interest in a customer-oriented offer of various payment methods.

For individual payment methods such as „invoice“, „payment by direct debit“ or „instalment purchase“, Klarna reserves the right to obtain credit information on the basis of mathematical-statistical procedures using credit agencies.
For this purpose, Klarna transmits the personal data required for a credit check, such as

  • First name and surname
  • your address
  • gender
  • e-mail address
  • IP address
  • Data in connection with the order

This data is used for the purpose of identity and credit checks with a credit agency. The information received provides information on the statistical probability of a payment default for a balanced decision on the establishment, execution or termination of the contractual relationship. The credit report may contain probability values (score values), which are calculated on the basis of scientifically recognised mathematical-statistical procedures and include address data, among other things, in their calculation. Your interests worthy of protection are taken into account in accordance with the statutory provisions.

The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR out of our overriding legitimate interest in protection against payment default if Klarna makes advance payment.

The provision of the data is necessary for the conclusion of the contract with the payment method you have requested. Failure to provide the data means that the contract cannot be concluded with the payment method you have selected.

Further information about Klarna can be found at:

https://www.klarna.com/de/datenschutz/