Privacy Policy

Privacy Policy

Overview

Data protection is of paramount importance to us. You do not need to provide any personal data to use our website; however, if you wish to use certain specific business services through our website, your personal data may need to be processed. If we must process your personal data and there is no other legal basis, we will generally obtain your consent.

The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always in compliance with the General Data Protection Regulation (GDPR) and the data protection regulations applicable to our specific countries. Through this data protection policy, we aim to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this data protection statement will inform data subjects of their rights.

As a data controller, we have implemented numerous technical and organizational measures to ensure the most comprehensive protection of personal data processed through this website. However, internet-based data transmission is inherently vulnerable, and therefore absolute security cannot be guaranteed.

Name and Address of the Controller

In accordance with the General Data Protection Regulation (GDPR), other applicable data protection laws of EU Member States, and other data protection-related regulations, the data controller is:

Definitions

This Data Protection Statement is based on the terminology used by European legislatures in adopting the GDPR. Our Data Protection Statement is intended to be clear and understandable not only to the general public but also to our customers and business partners. To ensure this, we first explain the terminology used.

In this Data Protection Statement, we use the following terms:

A.) Personal Data

Personal data means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified directly or indirectly, particularly by identifiers such as name, identity card number, location data, online identifier, or by one or more specific factors relating to that natural person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

B.) Data Subject

A Data Subject is any identified or identifiable natural person whose personal data is processed by a controller responsible for processing it.

C.) Processing

Processing refers to any operation or series of operations performed on personal data or personal datasets, whether or not through automated means, such as collection, recording, organizing, constructing, storing, adapting or altering, retrieving, accessing, using, disclosing by transmission, dissemination or other means, arranging or combining, restricting, erasing or destroying.

D.) Processing Restriction

Restricted processing refers to tagging stored personal data with the aim of restricting its future processing.

E.) Profiling

Analysis refers to any form of automated processing of personal data, including using personal data to assess certain personal aspects relating to a natural person, particularly analyzing or predicting aspects relating to that natural person’s performance at work, economic status, health, personal preferences, interests, reliability, behavior, location or mobility.

F.) Pseudonymization

Pseudonymization refers to processing personal data in such a way that, without the use of additional information, the personal data can no longer be associated with a specific data subject, provided that such additional information is stored separately and subject to technical and organizational measures to ensure that the personal data cannot be associated with an identified or identifiable natural person.

G.) Controller or Controller Responsible for Processing

A controller or controller responsible for processing is a natural or legal person, public body, agency, or other body that, alone or jointly with others, determines the purpose and manner of processing personal data; if the purpose and manner of such processing are determined by EU or Member State law, the specific criteria for the controller or their appointment may be prescribed by EU or Member State law.

H.) Processor

A processor is a natural or legal person, public body, agency, or other body that processes personal data on behalf of the controller.

I. Recipient

A recipient is a natural or legal person, public body, agency, or other entity, whether or not a third party, who is considered a recipient as long as personal data is disclosed. However, public bodies that may receive personal data within a specific investigative framework under EU or Member State law should not be considered recipients; such public bodies’ processing of this data must comply with applicable data protection rules and be consistent with the purpose of processing.

J.) Third Party

A third party is a natural or legal person, public body, agency, or body other than the data subject, controller, or processor, and a person authorized to process personal data under the direct authorization of the controller or processor.

K.) Consent

Data subject consent means that a data subject freely, specifically, informed, and explicitly expresses their consent to the processing of their personal data by declaring or clearly affirming their consent.

Cookies

Our website uses cookies. Cookies are text files stored on a computer system through a web browser.

Many websites and servers use cookies. Many cookies contain a cookie ID. A cookie ID is a unique identifier for a cookie, consisting of a string that associates a webpage and server with the specific browser that stored the cookie. This allows visited websites and servers to distinguish a data subject’s browser from other browsers containing different cookies. A specific browser can be identified through the unique cookie ID.

By using cookies, we can provide more personalized services to users of this website, services that would not be possible without cookies.

With the help of cookies, we can optimize information and offers on the website based on user needs. As mentioned above, cookies enable us to identify website users. This identification is for the purpose of facilitating users’ use of our website. For example, website users who use cookies do not need to enter access data every time they visit the website, because this data is automatically obtained by the website and stored in cookies on the user’s computer system. Another example is shopping cart cookies in online stores. Online stores use cookies to remember items that customers add to their virtual shopping carts.

Data subjects can permanently refuse the setting of cookies by configuring their internet browser settings at any time to block this website from setting cookies. Furthermore, cookies that have already been set can be deleted at any time through internet browsers or other software programs. All major internet browsers support this function. If a data subject disables cookie settings in their internet browser, they may not be able to fully use all the functions of this website.

General Data and Information Collection

When a data subject or automated system accesses this website, this website collects a range of general data and information. This general data and information is stored in server log files. The information collected may include: (1) the type and version of the browser used; (2) the operating system used by the accessing system; (3) the source website from which the accessing system accessed this website (i.e., the so-called referring website); (4) sub-websites; (5) the date and time of access to this website; (6) the Internet Protocol address (IP address); (7) the Internet service provider of the accessing system; and (8) any other similar data and information that may be used in the event of an attack on our information technology systems.

In using this general data and information, we do not infer any information about the data subject. Instead, this information is used for the following purposes: (1) to correctly present the content of our website; (2) to optimize the content of our website and its advertisements; (3) to ensure the long-term availability of our information technology systems and website technology; and (4) to provide information required for criminal proceedings to law enforcement agencies in the event of a cyberattack. Therefore, we conduct statistical analysis on the anonymously collected data and information to improve our corporate data protection and data security levels and to ensure that the personal data we process is optimally protected. Anonymous data in server log files is stored separately from all personal data provided by the data subject.

Data Subject Rights

A.) Right to Confirmation

According to European legislators, every data subject has the right to confirm with the data controller whether their personal data is being processed. If a data subject wishes to exercise this right, they can contact any employee of the data controller at any time.

B.) Right to Access

According to European legislators, every data subject has the right to obtain, at any time, free of charge, their stored personal data and a copy thereof from the data controller. In addition, European directives and regulations grant data subjects the right to access the following information:

The purpose of the processing;
The category of the personal data in question;
The recipient or category of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations;
If possible, the expected period of retention of the personal data; if not, the criteria for determining that period;
The right of data subjects to request the controller to correct or delete their personal data, or to restrict the processing of their personal data, or to object to the processing of their personal data;
The right to file a complaint with a regulatory authority;
If the personal data was not collected directly from the data subject, any available information about its origin should be provided;
The existence of automated decision-making (including analytics) referred to in Articles 22(1) and (4) of the GDPR, and, at least in these cases, meaningful information about the logic involved, and the significance and expected consequences of such processing for the data subject.

Furthermore, data subjects have the right to know whether their personal data has been transferred to a third country or international organization. In this case, the data subject has the right to know the appropriate safeguards relating to such transfer.

If a data subject wishes to exercise this right of access, he or she may contact any employee of the controller at any time.

C.) Right of Correction

According to European legislators, every data subject has the right to request the data controller to immediately correct any inaccurate personal data relating to him or her. Considering the purpose of the data processing, the data subject has the right to request supplementary personal data, including by providing a supplementary statement.

If a data subject wishes to exercise the right of correction, he or she may contact any employee of the controller at any time.

D.) Right of Erasure (Right to Be Forgotten)

According to European legislators, every data subject has the right to request the controller to immediately erase personal data relating to him or her; the controller is obligated to immediately erase personal data, but processing is not necessary, if one of the following conditions exists:

The personal data is no longer necessary for the purposes for which it was collected or processed.

The data subject withdraws his or her consent to processing given under Article 6, paragraph 1(a) or Article 9, paragraph 2(a) of the GDPR, and there is no other legitimate reason for processing.

The data subject objects to processing under Article 21(1) of the GDPR, and there is no legitimate reason superseding the data subject’s interests; or the data subject objects to processing under Article 21(2) of the GDPR.

The personal data has been illegally processed.

Under EU or Member State law, the data controller is legally obligated to delete the personal data.

The personal data was collected in connection with the provision of information society services as described in Article 8(1) of the GDPR.

If either of the above applies, and the data subject wishes to request the deletion of their stored personal data, they may contact any employee of the data controller at any time. The employee should immediately ensure that the deletion request is fulfilled.

If the controller has made the personal data public and is obligated to delete it under Article 17(1), the controller should, taking into account available technology and implementation costs, take reasonable steps (including technical measures) to notify other controllers processing the personal data that the data subject has requested these controllers to delete any links or copies pointing to the personal data, except where processing is not necessary. The relevant staff will arrange the necessary measures as appropriate.

E.) Right to Restrict Processing

According to European legislators, each data subject has the right to request a controller to restrict the processing of their personal data in the following circumstances:

The data subject objects to the accuracy of their personal data, with the objection period being the time limit for the data controller to verify the accuracy of the personal data.

The processing is unlawful, and the data subject objects to the deletion of their personal data and requests a restriction on its use.

The controller no longer needs to use the personal data for processing purposes, but the data subject needs the data to establish, exercise, or defend legal claims.

The data subject has objected to processing under Article 21, paragraph 1 of the GDPR, awaiting verification that the controller’s legitimate grounds supersede the data subject’s grounds.

If one of the above conditions is met, and the data subject wishes to request a restriction on our processing of their stored personal data, they may contact any employee of the data controller at any time. That employee will arrange for the restriction of processing.

F.) Right to Data Portability

According to European legislators, each data subject has the right to receive their personal data provided to a controller in a structured, commonly used, and machine-readable format. Data subjects have the right to transfer such data to another controller without hindrance from the controller who has already received their personal data, provided that processing is based on consent under Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation (GDPR), or a contract under Article 6(1)(b) of the GDPR, and the processing is automated and not necessary for the performance of a public interest task or the exercise of official powers granted to the controller.

Furthermore, under Article 20(1) of the GDPR, data subjects, in exercising their right of data portability, have the right to request the direct transfer of their personal data from one controller to another, provided it is technically feasible and that doing so would not adversely affect the rights and freedoms of others.

To exercise their right of data portability, data subjects can contact any employee at any time.

G.) Right of Objection

According to European legislators, each data subject has the right, based on their specific circumstances, to object at any time to processing of their personal data pursuant to Article 6(1)(e) or (f) of the General Data Protection Regulation (GDPR). This right also applies to profiling based on the foregoing provisions.

If an objection is raised, we will cease processing personal data unless we can demonstrate a compelling and legitimate reason for processing that supersedes the interests, rights, and freedoms of the data subject, or is necessary to establish, exercise, or defend a legal claim.

If we process personal data for direct marketing purposes, the data subject has the right to object at any time to our processing of their personal data for such marketing purposes. This also applies to any form of user profiling related to such direct marketing. If a data subject objects to the processing of their personal data for direct marketing purposes, we will cease processing that data for that purpose.

Personal Data.

Furthermore, a data subject has the right to object to the processing of their personal data under Article 89(1) of the GDPR for scientific or historical research or statistical purposes, based on grounds specific to their circumstances, unless such processing is necessary to fulfill a public interest mandate.

To exercise this right, a data subject may contact any employee. Additionally, when using information society services, a data subject has the right to exercise this right automatically through technical specifications (even in violation of Directive 2002/58/EC).

H.) Automated Personal Decision-Making, Including User Profiling

According to European legislators, each data subject has the right to be free from decisions based solely on automated processing (including analysis) that have legal effect on them or similarly significant impact, except where: (1) it is necessary to enter into or perform a contract between the data subject and the data controller; (2) it is not authorized by EU or Member State law to which the data controller is bound, and such law provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject; or (3) it is not based on the data subject’s explicit consent.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is based on the data subject’s explicit consent, we will take appropriate measures to protect the data subject’s rights, freedoms, and legitimate interests, including at least the right to human intervention from the data controller, the right to express their views, and the right to object to the decision.

If a data subject wishes to exercise rights related to automated personal decision-making, he/she can contact any employee at any time.

I. Right to Withdraw Consent for Data Protection

According to European legislators, each data subject has the right to withdraw their consent to the processing of their personal data at any time.

If a data subject wishes to exercise the right to withdraw consent, he/she can contact any employee at any time.

Legal Basis for Processing

Pursuant to Article 6, paragraph 1(a) of the General Data Protection Regulation (GDPR), we may perform certain processing operations only after obtaining the data subject’s consent, and the legal basis for such processing operations is Article 6, paragraph 1(b) of the GDPR. If the processing of personal data is necessary to fulfill a contract in which the data subject is a party, such as to provide goods or other services, the legal basis for processing is Article 6, paragraph 1(b) of the GDPR. Similarly, the foregoing applies to processing necessary for pre-contractual actions, such as upon receiving inquiries about our products or services. If our company has a legal obligation to process personal data, such as to fulfill tax obligations, the legal basis for processing is Article 6, paragraph 1(c) of the GDPR. In rare cases, processing of personal data may be necessary to protect the vital interests of the data subject or other natural persons. For example, if a visitor is injured at our company and their name, age, health insurance information, or other important information needs to be transmitted to a doctor, hospital, or other third party, such processing will be pursuant to Article 6, paragraph 1(d) of the General Data Protection Regulation (GDPR). Furthermore, processing may also be pursuant to Article 6, paragraph 1(f) of the GDPR. If the processing does not fall under any of the foregoing legal bases and is necessary for the legitimate interests of our company or a third party, this legal basis may be applied, provided that the data subject’s interests or fundamental rights and freedoms do not supersede those interests and that the personal data needs to be protected. Such processing is particularly legal because it has been explicitly mentioned by European legislators. Legislators hold that a legitimate interest can be presumed if the data subject is a client of the controller (Article 47, paragraph 2 of the GDPR).

Routine Erasure and Masking of Personal Data

Data controllers shall process and store the personal data of data subjects only for the period necessary to achieve the storage purpose, or to the extent permitted by European or other legislators under the laws or regulations to which they are bound.

If the storage purpose is no longer applicable, or the storage period prescribed by European or other competent legislators expires, the personal data shall be routinely blocked or erased as required by law.

Legitimate Interests Pursued by Controllers or Third Parties

If the processing of personal data is based on Article 6(1), paragraph f of the GDPR, our legitimate interest is to conduct business for the good of all employees and shareholders.

Period of Personal Data Storage

The standard for determining the duration of personal data storage is the corresponding statutory retention period. Upon the expiration of this period, the relevant data shall be routinely deleted as long as it is no longer needed for the performance or conclusion of contracts.

Providing Personal Data as Required by Law or Contract; Necessary Requirements for Entering into a Contract; Obligations of Data Subjects to Provide Personal Data; Possible Consequences of Failure to Provide Such Data

We clarify here that providing personal data is partly required by law (e.g., tax law requirements) and partly due to contractual terms (e.g., information about a contracting partner). Sometimes, in order to enter into a contract, a data subject may need to provide us with personal data, which must then be processed by us. For example, when our company enters into a contract with a data subject, the data subject is obligated to provide us with personal data. If the data subject does not provide personal data, a contract cannot be entered into with the data subject. Before a data subject provides personal data, one of our employees must be contacted.

The employee explains to the data subject whether providing personal data is required by law or contract, or necessary for entering into a contract, whether there is an obligation to provide personal data, and the consequences of not providing personal data.

Contact Us via Website

Our website contains information that allows you to quickly contact our company electronically, as well as information that allows you to contact us directly by email. If a data subject contacts the data controller by email or a contact form, the personal data transmitted by the data subject will be automatically stored. Personal data voluntarily transferred by a data subject to the data controller will be stored for data processing or communication with the data subject. We will not transfer this personal data to any third party.

Subscribing to the Newsletter

Users can subscribe to our company’s newsletter on our website. An input box for this purpose determines which personal data is transferred and when to subscribe to the newsletter from the data controller.

We regularly send corporate offers to our clients and business partners via newsletters. A data subject will only receive a corporate newsletter if: (1) the data subject has a valid email address; and (2) the data subject has registered to receive the newsletter. For legal reasons, we will send a confirmation email to the email address of a data subject registering to receive the newsletter for the first time, under a double-verification mechanism. This confirmation email verifies that the owner of the email address (i.e., the data subject) has been authorized to receive the newsletter.

When a user registers to subscribe to the newsletter, we also store the IP address of the computer system used by the user at the time of registration (assigned by the Internet Service Provider (ISP)) and the registration date and time. This data is collected to understand whether the user’s email address has been misused, thereby protecting the legitimate rights and interests of the data controller. The personal data you provide when you register for our newsletter subscription will only be used to send our newsletter. Additionally, we may notify subscribers via email if the newsletter service or related registrations require it, such as changes to newsletter content or technical conditions. We will not transfer the personal data collected by the newsletter service to any third party. You can unsubscribe from our newsletter at any time. You can withdraw your previous consent to the data storage of your personal information for receiving the newsletter at any time. Each newsletter contains a link to withdraw consent. You can also unsubscribe at any time directly on the data controller’s website or by notifying the data controller through other means.

Newsletter Tracking

Our newsletter emails include tracking pixels. Tracking pixels are tiny images embedded in emails sent in HTML format to record and analyze log files. This allows us to perform statistical analysis on the success or failure of online marketing campaigns. Based on the embedded tracking pixels, we can understand whether and when a data subject opened an email, and which links in the email the data subject clicked.

The data controller stores and analyzes this type of personal data collected from tracking pixels included in newsletters to optimize newsletter delivery and better tailor future newsletter content based on the data subject’s interests. This personal data is not transferred to third parties. Data subjects have the right to withdraw their consent to receive newsletters at any time.

Upon withdrawal of consent, the data controller will delete this personal data. Unsubscribing from newsletters constitutes a withdrawal of consent.

Register on our website

Data subjects can register on the controller’s website by providing personal data. The specific personal data transferred to the controller depends on the corresponding input form used during registration. The personal data entered by the data subject is for the controller’s internal use and for its own purposes only. The controller may request that data be transferred to one or more data processors (such as courier companies), which also use the personal data for internal purposes related to the controller.

When a user registers on this website, their IP address assigned by their Internet Service Provider (ISP), registration date, and time are also stored. This data is stored to prevent misuse of our services and, if necessary, to investigate any illegal activities that have occurred. Furthermore, storing this data is essential for ensuring the security of this website. Unless otherwise provided by law or for the purpose of pursuing criminal liability, this data will not be transferred to third parties.

Data subjects voluntarily register by providing personal data to enable data controllers to offer certain content or services to them, which, due to their special nature, may only be available to registered users. Registered users may change the personal data provided during registration at any time or request the data controller to completely delete it from the database.

Data controllers shall provide information regarding the storage of personal data at any time upon request from data subjects. Furthermore, data controllers shall correct or delete personal data upon the request or instruction of the data subject, unless otherwise provided by law. All employees of the data controller may act as contacts to the data subject in this regard.

Payment Methods: Data Protection Terms Regarding the Use of PayPal as a Payment Processor

This website integrates the PayPal component. PayPal is an online payment service provider. Payments are processed through PayPal accounts, which represent virtual personal or business accounts. Even if a user does not have a PayPal account, PayPal can process virtual payments via credit card. PayPal accounts are managed via email addresses, therefore there are no traditional account numbers. PayPal supports initiating or receiving online payments to or from third parties. In addition, PayPal offers escrow services and buyer protection.

If a data subject selects PayPal as their payment method when placing an order on an online store, we will automatically transfer the data subject’s data to PayPal. Selecting this payment method indicates the data subject’s consent to the transfer of personal data required for payment processing.

Personal data transferred to PayPal typically includes name, address, email address, IP address, phone number, mobile phone number, or other data required for payment processing. Such personal data related to the corresponding order is also required to process the purchase contract.

Data transfer is intended for payment processing and fraud prevention. Data controllers transfer personal data to PayPal, especially where there is a legitimate interest. Personal data exchanged between PayPal and data controllers for data processing will be transferred by PayPal to economic credit agencies. This transfer is intended for identity and credit checks.

If necessary, PayPal may transfer personal data to affiliated companies, service providers, or subcontractors, but only to data required to fulfill contractual obligations or process orders.

Data subjects may withdraw their consent to PayPal’s processing of their personal data at any time. Withdrawal of consent does not affect the processing, use, or transfer of personal data required under the (contractual) payment processing rules.