data privacy

Data privacy

As of August 2022

Table of contents

Name and address of the person responsible
Contact details of the data protection officer
General information on data processing
Your rights as a data subject
Provision of the website and creation of log files
Use of cookies
Webshop
Payment options
Shipping service provider
Newsletter
E-mail contact
Corporate appearances
Plugins used
Integration of plugins via external service providers

Name and address of the person responsible

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:

Hannes Roether GmbH

Erdinger Strasse 43

85652 Pliening

Germany

089 820 75 26 0

shop@hannesroether.de

https://hannesroether.de/

Contact details of the data protection officer

The data protection officer of the person responsible is:

DataCo GmbH

Dachauer Strasse 65

80335 Munich

Germany

+49 89 7400 45840

www.dataguard.de

General information on data processing

Scope of processing personal data

In principle, we only process personal data of our users to the extent that this is necessary to provide a functional website and our content and services. The processing of our users' personal data regularly only takes place with the user's consent. An exception applies in cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is required by legal regulations.

Legal basis for processing personal data

To the extent that we obtain the consent of the data subject for processing personal data, Art. 6 Paragraph 1 Sentence 1 Letter a GDPR serves as the legal basis.

When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Art. 6 Paragraph 1 Sentence 1 Letter b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 Paragraph 1 Sentence 1 Letter c GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 Sentence 1 Letter d GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR serves as the legal basis for the processing.

Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data to conclude or fulfill a contract.

Your rights as a data subject

If we process your personal data, you can assert the following rights against us:

The right to information (Article 15 GDPR)

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to access this data and the following information:

Processing purposes
Categories of personal data
Recipients or categories of recipients
Planned storage period or the criteria for determining this period
The existence of the rights to rectification, deletion or limitation or opposition
Right to lodge a complaint with the responsible supervisory authority
Origin of data (if collected from a third party)
Existence of automated decision-making including profiling with meaningful information about the logic involved, the scope and the expected effects
Transfer of personal data to a third country or international organization

Right to rectification (Article 16 GDPR)

If your personal data is incorrect or incomplete, you have the right to request immediate correction or addition of the personal data.

Right to deletion (“right to be forgotten”) (Art. 17 GDPR)

If one of the following reasons applies, you have the right to request that your personal data be deleted immediately:

Your data is no longer necessary for the processing purposes for which it was originally collected
You revoke your consent and there is no other legal basis for the processing
You object to the processing and there are no overriding legitimate reasons for the processing or you object in accordance with Article 21 Para. 2 GDPR
Your personal data is being processed unlawfully
Deletion is necessary to fulfill a legal obligation under Union law or the law of the member state to which we are subject
The personal data were collected in relation to information society services offered in accordance with Article 8(1).

Please note that the above reasons do not apply if processing is necessary

To exercise the right to freedom of expression and information
To fulfill a legal obligation or to carry out a task that is in the public interest and to which we are subject
For reasons of public interest in the field of public health
For archival purposes in the public interest, scientific or historical research purposes or for statistical purposes
To assert, exercise or defend legal claims

Right to restriction of processing (Article 18 GDPR)

If one of the following conditions is met, you have the right to request a restriction on the processing of your personal data:

You contest the accuracy of your personal data for a period enabling us to verify the accuracy of the personal data.
In the event of unlawful processing, you refuse to delete the personal data and instead request that the use of the personal data be restricted.
We no longer need your personal data for the purposes of processing, but you need your personal data to assert, exercise or defend your legal claims or
After you have objected to the processing, for the duration of the review whether our legitimate reasons outweigh your reasons.

Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, common and machine-readable format or to request that it be transmitted to another person responsible.

Right to object to certain data processing (Article 21 GDPR)

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 Paragraph 1 Sentence 1 Letter e or f of the GDPR. This also applies to profiling based on these provisions.

If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.

Right to complain to a supervisory authority (Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

You can find a list of the locally responsible supervisory authorities in Germany on the website of the Federal Commissioner for Data Protection at the following link: https://www.bfdi.bund.de/DE/Service/Anschrift/Laender/Laender-node.html

Use of cookies
Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

language settings

Articles in shopping cart

We also use cookies on our website that enable analysis of users' surfing behavior.

The following data can be transmitted in this way:

Search terms entered

Frequency of page views

Use of website functions

The user data collected in this way is pseudonymized using technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the users.

Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

We need cookies for the following applications:

shopping cart

Adopting language settings

Remember search terms

The user data collected through technically necessary cookies is not used to create user profiles.

The analysis cookies are used to improve the quality of our website and its content and for marketing purposes. Through the analysis cookies we learn how the website is used and can therefore continually optimize our offering.

Legal basis for data processing

Cookies are set when you visit our website. Cookies are files that are stored in the Internet browser or by the Internet browser on the user's computer system. This storage of information on the user's device can be done using unique identifiers (UID), which allows us to identify or assign it to a natural person.

The provisions of the Telecommunications Telemedia Data Protection Act (TTDSG) are relevant for the storage of information in the end user's device and/or access to information already stored in the end user's device. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, cookies are stored and accessed on your device on the basis of Section 25 Paragraph 2 No. 2 TTDSG. This storage and access to the information in your device serves to make it easier for you to use our website and to be able to offer you our services as you wish. Some functions of our website do not work without the use of these cookies and therefore cannot be offered. The cookies are generally deleted after the session has ended (e.g. logging out or closing the browser) or after a specified period has expired. Information about different storage periods for cookies can be found in the following sections of this data protection declaration.

If cookies are used that are not technically necessary, this is based on your express consent, which you can give via the cookie banner. The basis for storing and accessing information in this case is Section 25 Paragraph 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a), Article 7 GDPR. You can revoke your consent at any time with effect for the future or subsequently grant it again by configuring your cookie settings accordingly. Alternatively, you can prevent the storage of cookies by making the appropriate settings in your browser software. Please note that the browser settings you make only apply to the browser used.

If personal data is processed subsequent to storing and accessing the information on your device, the provisions of the GDPR apply. You can find information about this in the following sections of this data protection declaration.

Duration of storage, possibility of objection and removal

The user has the option to revoke his consent to the processing of personal data at any time.

Registration on the website
Description and scope of data processing

On our website we offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. A transfer of data to third parties does not take place. The following data is collected as part of the registration process:

E-mail address

Surname

First name

address

IP address of the accessing computer

Date and time of registration

Purpose of data processing

User registration is required to provide certain content and services on our website. This content includes ordering and purchasing via the customer account, the ability to view customer history and the management of all orders.

Legal basis for data processing

The legal basis for processing the data, if the user has given his consent, is Article 6 Paragraph 1 Sentence 1 Letter a GDPR.

Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

This is the case for the data collected during the registration process if the registration on our website is canceled or changed.

Possibility of revocation and removal

As a user, you have the option to cancel your registration at any time. You can change the data stored about you at any time. You can revoke your consent to data processing at any time with future effect.

Webshop

We offer a web shop on our website. For this we use the Software as a Service (SaaS) rental shop system of a service provider commissioned by us.

The name of our rental shop system and the name and address of the service provider are:

Shopify from the provider Shopify International Limited, 1-2 Haddington Road, D04 XN32, Dublin, Ireland (hereinafter referred to as Shopify).

Further information can be found in the provider's data protection declaration:
https://www.shopify.de/legal/datenschutz

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is:

Browser type and browser version

Operating system used

Referrer URL

Host name of the accessing computer

Date and time of the server request

IP address

This data will not be merged with other data sources. This data is collected on the basis of Article 6 Paragraph 1 Letter f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website - for this purpose the server log files must be recorded.

The website server is geographically located in the United States of America.

Payment options

Description and scope of data processing

We offer our customers various payment options to process their orders. To do this, we redirect customers to the platform of the relevant payment service provider depending on their payment option. After completing the payment process, we receive the customers' payment data from the payment service providers or our house bank and process them in our systems for the purposes of invoicing and accounting.

payment with credit card

It is possible to complete the payment process by credit card.

If you have chosen to pay by credit card, payment data will be passed on to payment service providers for payment processing. All payment service providers comply with the “Payment Card Industry (PCI) Data Security Standards” and have been certified by an independent PCI Qualified Security Assessor.

When paying by credit card, the following data is regularly transmitted:

Purchase amount

Date and time of purchase

First name and surname

address

E-mail address

Credit card number

Credit card validity period

Security code (CVC)

IP address

Telephone number / mobile number

Payment data is passed on to the following payment service providers:

Shopify Payments

Further information on the data protection guidelines as well as cancellation and removal options for payment service providers can be found here:

Payment via PayPal

It is possible to process the payment process with the payment service provider PayPal. In addition to a direct payment method, PayPal also offers purchases on account, by direct debit, by credit card and by installment payment.

The European operating company of PayPal is PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg.

If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal.

This particularly involved the following data:

Surname

address

E-mail address

Telephone/mobile number

IP address

Bank details

Card number

Validity date and CVC code

Item count

item number

Data on goods and services

Transaction amount and tax charges

Information on previous purchasing behavior

The data transmitted to PayPal may be transmitted by PayPal to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness.

PayPal may also pass on your data to third parties if this is necessary to fulfill contractual obligations or if the data is to be processed on behalf of you. When transferring your personal data within companies affiliated with PayPal, the Binding Corporate Rules approved by the relevant supervisory authorities apply. You can find them here: https://www.paypal.com/de/webapps/mpp/ua/bcr Other data transfers may be based on contractual protection provisions. For further information please contact PayPal.

All PayPal transactions are subject to PayPal's privacy policy. You can find this at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full/ .

payment via immidate transfer

It is possible to pay via instant transfer. In this case, the data is collected by Sofort GmbH, Theresienhöhe 12, 80339 Munich.

The person responsible does not collect or store the data himself.

By issuing an instant transfer, you instruct Sofort GmbH to automatically check whether your account covers the amount to be transferred (account coverage check), and any instant transfers from your account in the last 30 days have been successfully carried out, and after a positive check, the transfer order approved by you in electronic form to your bank and to inform us, as the payment recipient (online provider) you have selected, about the successful completion of the transfer.

To do this, Sofort GmbH needs the IBAN as well as the PIN and TAN of your online banking account. As part of the ordering process, you will automatically be redirected to Sofort GmbH's secure payment form.

Immediately afterwards you will receive confirmation of the transaction. We will then receive the transfer credit directly.

Anyone who has an activated online banking account with a PIN/TAN procedure can use Sofortüberweisung as a payment method.

Please note that a few banks do not yet support payment via instant transfer.

You can find more information about this via the following link: https://www.klarna.com/sofort/ .

Further information on the stored data can be found at https://www.klarna.com/sofort/#cq-0 .

Purpose of data processing

The transmission of payment data to payment service providers is used to process the payment, for example when you purchase a product and/or use a service.

Legal basis for data processing

The legal basis for data processing is Article 6 Paragraph 1 Sentence 1 Letter b GDPR, as the processing of the data is necessary for the processing of the concluded purchase contract.

Duration of storage

All payment data as well as data on any chargebacks that may occur are only stored for as long as they are needed for payment processing and possible processing of chargebacks and debt collection as well as to combat misuse.

Furthermore, the payment data can be stored beyond this if and as long as this is necessary to comply with legal retention periods or to pursue a specific case of misuse.

Your personal data will be deleted when the statutory retention period expires, i.e. after 10 years at the latest.

Possibility of elimination

You can revoke your consent to the processing of your payment data at any time by notifying the person responsible or the payment service provider used. However, the payment service provider used may still be entitled to process your payment data if and as long as this is necessary for contractual payment processing.

Shipping service provider

Description and scope of data processing

If you order products or services on our website for the delivery of which a shipping service provider is used, you will receive your order and shipping confirmation via your email address and, depending on the shipping service provider in question, notification that your shipment has arrived and/or the notification of the package announcement and possible delivery options.

The data is transmitted to the following service providers:

DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

The data transmitted usually includes:

Surname

address

E-mail address

Purpose of data processing

The purpose of processing personal data is to give shipping service providers the opportunity to inform recipients about the shipment progress via email and thus increase the likelihood of successful delivery.

Legal basis for data processing

The legal basis for the transmission of the email address to the respective shipping service provider and its use is consent in accordance with Article 6 (1) (a) GDPR.

Duration of storage

The transmitted data will be deleted by the respective shipping service provider once the package has been delivered.

Possibility of revocation and removal

The notification service provided by the shipping service provider can be canceled at any time by the affected user. For this purpose, there is a corresponding opt-out link in every email.

Newsletter
Description and scope of data processing

It is possible to subscribe to a free newsletter. When you register for the newsletter, the following data is transmitted to us from the input mask:

E-mail address

Your consent will be obtained for the processing of data as part of the registration process and reference will be made to this data protection declaration.

In connection with data processing for sending newsletters, the data will not be passed on to third parties. The data is used exclusively for sending the newsletter.

Purpose of data processing

The purpose of collecting the user's email address is to deliver the newsletter.

Legal basis for data processing

The legal basis for the processing of data after the user has registered for the newsletter is Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR if the user has given their consent.

Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address is therefore stored for as long as the subscription to the newsletter is active.

The other personal data collected as part of the registration process is usually deleted after a period of seven days.

Possibility of revocation and removal

The subscription to the newsletter can be canceled by the affected user at any time. For this purpose, there is a corresponding link in every newsletter.

This also makes it possible to revoke your consent to the storage of personal data collected during the registration process.

E-mail contact
Description and scope of data processing

You can contact us on our website using the email address provided. In this case, the user's personal data transmitted with the email will be stored.

The data is used exclusively for processing the conversation.

Purpose of data processing

If you contact us via email, this also represents the necessary legitimate interest in processing the data.

Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an email is Article 6 (1) (f) GDPR. Our legitimate interest is to optimally answer your inquiry that you send by email.

If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Letter b GDPR.

Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be seen from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

Possibility of revocation and removal

If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot continue.

We send our customers advertising by post if they have purchased from us. The advertising is personalized. It is based on customers' purchases.

As a result, the following personal data from our customers is processed:

Surname
Address details

We process our customers' data on the basis of a legitimate interest in direct advertising and our own advertising purposes in accordance with Article 6 Paragraph 1 Letter f of the GDPR. In addition to us, the recipients of the data are the shipping service providers.

If you do not wish to receive advertising from Hannes Roether GmbH, you can object to the further use of your data at any time by sending a text message to Hannes Roether GmbH at the above address or by email at the address [...].

Use of company presence in social networks
1. Instagram

Scope of data processing

Instagram, Part of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2 Ireland

On our company page we provide information and offer Instagram users the opportunity to communicate. If you carry out an action on our Instagram company website (e.g. comments, posts, likes, etc.), you may make personal data (e.g. real name or photo of your user profile) public. However, since we generally or largely have no influence on the processing of your personal data by the Instagram company jointly responsible for Hannes Roether GmbH's corporate identity, we cannot provide any binding information on the purpose and scope of the processing of your data.

Our company presence in social networks is used for communication and information exchange with (potential) customers. In particular, we use the company presence for: Products

The publications about the company's presence can contain the following content:

Information about products

Every user is free to publish personal data through activities.

Legal basis for data processing

As far as we process your personal data in order to evaluate your online behavior, offer you competitions or carry out lead campaigns, this is done on the basis of your express declaration of consent, Article 6 Paragraph 1 Sentence 1 Letter a, Article 7 GDPR.

The legal basis for the processing of personal data for the purpose of communicating with customers and interested parties is Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. Our legitimate interest is to optimally answer your inquiry or to be able to provide the requested information.

If the purpose of contacting you is to conclude a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Sentence 1 Letter b GDPR.

Transfer of personal data to a third country

For the processing of your personal data in third countries, we have provided suitable guarantees in the form of standard data protection clauses in accordance with Article 46 (2) (c) GDPR. We have concluded these standard data protection clauses with the above-mentioned social network providers. A copy of the standard data protection clauses can be requested from us.

Possibility of elimination

You can object to the processing of your personal data that we collect as part of your use of our Instagram company presence at any time and assert your data subject rights listed under IV. of this data protection declaration. To do this, send us an informal email to shop@hannesroether.de. You can find further information about the processing of your personal data by Instagram and the corresponding objection options here:

Instagram: https://help.instagram.com/519522125107875

Plugins used

We use plugins for various purposes. The plugins used are listed below:

Use of Facebook pixels

Scope of processing personal data

On our online presence we use the Facebook pixel of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA and its representatives in the Union Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal H, D2 Dublin, Ireland (hereinafter referred to as Facebook). This allows us to track users' actions after they have seen or clicked on a Facebook ad. This allows personal data to be stored and evaluated, in particular the user's activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the advertisements displayed (in particular which advertisements were displayed and whether the user clicked on them) and also data from advertising partners (in particular pseudonymized user IDs). This allows us to record the effectiveness of Facebook advertisements for statistical and market research purposes.

Data can be transmitted to Facebook servers in the USA.
The data collected in this way is anonymous to us, which means we do not see the personal data of individual users. However, this data is stored and processed by Facebook. Facebook can connect this data to your Facebook account and also use it for its own advertising purposes, in accordance with Facebook's data usage policy. Further information on how Facebook processes data can be found here: https://de-de.facebook.com/policy.php

Purpose of data processing

The use of the Facebook pixel is used to analyze and optimize advertising measures.

Legal basis for processing personal data

The legal basis for the processing of users' personal data is generally the user's consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR.

Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes.

Transfer of personal data to a third country

Possibility of revocation and removal

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.
You can prevent the collection and processing of your personal data by Facebook by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, or deactivating the execution of script code in your browser or install a script blocker such as NoScript ( https://noscript.net/ ) or Ghostery ( https://www.ghostery.com ) in your browser. Further information on objection and removal options for Facebook can be found at:
https://de-de.facebook.com/policy.php

Use of Google AdWords

Scope of processing personal data

We use Google AdWords from Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). We use this service to place advertising. Google places a cookie on your computer. This allows personal data to be stored and evaluated, in particular the user's activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the advertisements displayed (in particular which advertisements were displayed and whether the user clicked on them) and also data from advertising partners (in particular pseudonymized user IDs).
Further information on how Google processes data can be found here:
https://policies.google.com/privacy?gl=DE&hl=de

Purpose of data processing

We only know the total number of users who responded to our ad. No information will be shared that would enable us to identify you. It is not used for tracking purposes.

Legal basis for processing personal data

The legal basis for the processing of users' personal data is generally the user's consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR.

Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes.

Transfer of personal data to a third country

Possibility of revocation and removal

You can deactivate Google's use of your personal data using the following link: https://adssettings.google.de

Further information on objection and removal options against Google can be found at: https://policies.google.com/privacy?gl=DE&hl=de

Use of Google Analytics

Description and scope of data processing

For the purpose of needs-based design and ongoing optimization of our pages, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de), on our website https://www.hotel-muenchen-palace.de/ /intl/de/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymized usage profiles are created and cookies (see above) are used. The information generated by the cookie about your use of this website such as

Browser type/version,
operating system used,
Referrer URL (the previously visited page),
Host name of the accessing computer (IP address),
time of server request,

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for the purposes of market research and the needs-based design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of you.

Particularly important: The IP addresses are immediately anonymized, so that it is no longer possible, in our opinion, to assign the user data relating to you using reasonable means (IP masking). This happens at the latest on Google's servers in the USA, but usually before then.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics help under the link: https://support.google.com/analytics/answer/6004245? .

Legal basis for data processing

The tracking measures listed below and used by us are carried out on the basis of Article 6 Paragraph 1 Sentence 1 Letter a GDPR.

The legal basis for the transfer of users' personal data to a third country is the user's consent in accordance with Article 49 Paragraph 1 Letter a of the GDPR.

Purpose of data processing

With the tracking measures used under Google Analytics, we want to ensure a needs-based design and the ongoing optimization of our website. On the other hand, we use tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offering for you. These interests are to be viewed as legitimate within the meaning of the aforementioned provision.

Duration of storage, possibility of objection and removal

We would like to refer you to the comments above on other cookies, which also apply here.

You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on ( https: //tools.google.com/dlpage/gaoptout?hl=de ).

Danger notice

It cannot be ruled out that your personal data will also be transferred to the USA. There is no adequacy decision for the USA in accordance with Article 45 (3) GDPR. In addition, there are no suitable guarantees according to Art. 46 GDPR. We would like to point out that data transfer without an adequacy decision and without suitable guarantees involves certain risks, which we would like to inform you about below:

U.S. intelligence agencies use certain online identifiers (such as IP addresses or unique identification numbers) as a starting point for monitoring individuals. In particular, it cannot be ruled out that these intelligence services have already collected information about you, with the help of which the data transmitted here can be traced back to you.

Electronic communications service providers headquartered in the United States are subject to surveillance by U.S. intelligence agencies pursuant to 50 U.S. Code § 1881a (“FISA 702”). Accordingly, providers of electronic communications services headquartered in the USA have an obligation to provide personal data to the US authorities in accordance with 50 US Code § 1881a.

Even encryption of the data in the data centers of the electronic communications service provider cannot provide adequate protection, since an electronic communications service provider has a direct obligation to provide access to the imported data in its possession, custody or control to grant or release them. This obligation can also expressly extend to the cryptographic keys, without which the data cannot be read.

The fact that this is not just a “theoretical danger” is shown by the ECJ ruling of July 16, 2020, C - 311/18.

Use of Google web fonts

Scope of processing personal data

We use Google web fonts from Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). The web fonts are transferred to the browser's cache when the page is accessed so that they can be used to display various information in a visually improved manner. If the browser does not support Google Web Fonts or prevents access, the text will be displayed in a standard font. When the site is accessed, no cookies are stored for the visitor. Data transmitted in connection with the page view is sent to resource-specific domains such as https://fonts.googleapis.com or https://fonts.gstatic.com . This allows personal data to be stored and evaluated, especially the user's activity (in particular which pages have been visited and which elements have been clicked on) and device and browser information (in particular the IP address and the operating system).

The data will not be associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. Further information on how Google processes data can be found here: https://policies.google.com/privacy?gl=DE&hl=de

Purpose of data processing

The use of Google Webfonts serves to present our texts in an appealing way. If your browser does not support this function, a standard font from your computer will be used for display.

Legal basis for processing personal data

The legal basis for the processing of users' personal data is generally the user's consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR.

Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes.

Possibility of objection and removal

You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, or deactivating the execution of script code in your browser or install a script blocker such as NoScript ( https://noscript.net/ ) or Ghostery ( https://www.ghostery.com ) in your browser. You can deactivate Google's use of your personal data using the following link: https://adssettings.google.de

Further information on objection and removal options against Google can be found at: https://policies.google.com/privacy?gl=DE&hl=de

Use of Google Ads Remarketing

Scope of processing personal data

We use Google Ads Remarketing from Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). Google Remarketing is used to re-target visitors to the online presence for advertising purposes via Google Ads ads. With the help of Google Ads Remarketing, target groups (“similar target groups”) can be created that, for example, have accessed certain pages. This makes it possible to identify the user on other online presences and display targeted advertising. Google places a cookie on the user's computer. This allows personal data to be stored and evaluated, in particular the user's activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data about the advertisements displayed (in particular which advertisements were displayed and whether the user clicked on them) and also data from advertising partners (in particular pseudonymized user IDs). Further information on how Google processes data can be found here: https://policies.google.com/privacy?gl=DE&hl=de

Purpose of data processing

The purpose of processing personal data is to specifically address a target group. The cookies stored on the user's device recognize them when they visit an online presence and can therefore show them advertising tailored to their interests.

Legal basis for processing personal data

The legal basis for the processing of users' personal data is generally the user's consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR.

Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes.

Transfer of personal data to a third country

Possibility of revocation and removal

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the online presence (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install:
https://tools.google.com/dlpage/gaoptout?hl=de

You can deactivate Google's use of your personal data using the following link: https://adssettings.google.de . Further information on objection and removal options against Google can be found at:
https://policies.google.com/privacy?gl=DE&hl=de

Use of Outbrain

Scope of processing personal data

We use functions of Outbrain UK Limited, 5 New Bridge Street, London, EC4V 6JA, UK (hereinafter: Outbrain). On parts of our online presence we use the technology of the provider Outbrain, with which our users are informed about further content within our online presence and the online presence of third parties that may also be of interest to them. The additional reading recommendations integrated by Outbrain, for example below an article, are determined based on the content the user has read so far. To display this interest-based additional content, Outbrain uses cookies, which are stored on the user's device. This allows personal data to be stored and evaluated, especially the user's activity (in particular which pages have been visited and which elements have been clicked on) and device and browser information (in particular the IP address and the operating system). The content displayed in the Outbrain widget is automatically controlled and delivered by Outbrain in terms of content and technology. Outbrain displays reading recommendations using cookies on a pseudonymized basis.
Further information on how Outbrain processes data can be found here:
https://www.outbrain.com/de/legal/privacy

Purpose of data processing

The use of the Outbrain plug-in serves to improve the user-friendliness of our online presence and services. We use this plug-in to offer article recommendations.

Legal basis for processing personal data

The legal basis for the processing of users' personal data is generally the user's consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR.

Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes.

Possibility of revocation and removal

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.
You can prevent the collection and processing of your personal data by Outbrain by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, or deactivating the execution of script code in your browser or install a script blocker such as NoScript ( https://noscript.net/ ) or Ghostery ( https://www.ghostery.com ) in your browser. You can deactivate the use of your personal data by Outbrain under point 2 (d) using the following link: https://www.outbrain.com/de/legal/privacy
Further information on objection and removal options against Outbrain can be found at: https://www.outbrain.com/de/legal/privacy

Use of appointment country

Scope of processing personal data

We use functions of Schulz & Löw Consulting GmbH, Kreuzberger Ring 44a, 65205 Wiesbaden (hereinafter referred to as appointment country). Basically, the following information is required to book an appointment via Terminland (appointment information (date and time), name, telephone number and email address). The specific data required for your appointment may require further information not included in this list. The information required for the appointment is not determined by the appointment country, but by the respective service provider. Once you have completed your appointment booking, you will receive a confirmation email to your email address, which you can use to change or cancel the booked appointment. When booking an appointment, you can choose whether the confirmation email should be sent. The confirmation email is sent unencrypted and contains recorded appointment data to the extent set by the service provider. The appointment data can be sent in plain text or partially anonymously. Further information on the processing of data by Terminland can be found here: https://www.terminland.de/datenschutz/

Purpose of data processing

The use of the Terminland plug-in is used to make appointments.

Legal basis for processing personal data

The legal basis for the processing of users' personal data is generally the user's consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR.

Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes. You can also exercise your right to early deletion.

Possibility of revocation and removal

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.
You can prevent the collection and processing of your personal data by Terminland by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, or deactivating the execution of script code in your browser or install a script blocker such as NoScript ( https://noscript.net/ ) or Ghostery ( https://www.ghostery.com ) in your browser. Further information on objection and removal options towards Terminland can be found at: https://www.terminland.de/datenschutz/

Use of Google Tag Manager

Scope of processing personal data

We use the Google Tag Manager ( https://www.google.com/intl/de/tagmanager/ ) from Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). With the Google Tag Manager, tags from Google and third-party services can be managed and bundled and embedded into an online presence. Tags are small code elements on an online presence that are used, among other things, to measure visitor numbers and behavior, measure the impact of online advertising and social channels, use remarketing and target group targeting, and test and optimize online presences. When a user visits the online presence, the current tag configuration is sent to the user's browser. It contains instructions on which tags should be triggered. Google Tag Manager triggers other tags, which in turn may collect data. You can find information on this in the passages on the use of the relevant services in this data protection declaration. Google Tag Manager does not access this data. Further information about Google Tag Manager can be found at https://www.google.com/intl/de/tagmanager/faq.html and in Google's data protection declaration: https://policies.google.com/privacy?hl=de

Purpose of data processing

The purpose of processing personal data is to collect and manage them clearly and to efficiently integrate third-party services.

Legal basis for processing personal data

The legal basis for the processing of users' personal data is generally the user's consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR.

Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this privacy policy or as required by law.

Transfer of personal data to a third country

Possibility of revocation and removal

You can deactivate Google's use of your personal data using the following link: https://adssettings.google.de

Further information on objection and removal options against Google can be found at: https://policies.google.com/privacy?gl=DE&hl=de

Use of Usercentrics

Scope of processing personal data

We use the Consent Management Platform Usercentrics from Usercentrics GmbH, Rosental 4, 80331 Munich, Germany (hereinafter referred to as Usercentrics). Usercentrics enables us to obtain user consent for data processing, manage it and document it in a legally compliant manner. For this purpose, Usercentrics sets cookies on the user's device. The following data is processed:

- Date and time of the visit
- Device information
- Browser information
- Anonymized IP address
- Opt-in and opt-out data

The data is processed geographically in the European Union.
Further information on the processing of data by Usercentrics can be found here: https://usercentrics.com/de/datenschutzerklaerung/

Purpose of data processing

The processing of personal data serves to comply with the legal obligations of the GDPR and the BDSG.

Legal basis for processing personal data

The legal basis for the processing of users' personal data is Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. Our legitimate interest lies in the purposes mentioned under 2.

Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy, consent to storage has been withdrawn, or as required by law.

Possibility of objection and removal

You can prevent the collection and processing of your personal data by Usercentrics by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, or deactivating the execution of script code in your browser or install a script blocker such as NoScript ( https://noscript.net/ ) or Ghostery ( https://www.ghostery.com ) in your browser. Further information on objection and removal options against Usercentrics can be found at: https://usercentrics.com/de/datenschutzerklaerung/

Use of Facebook retargeting

Scope of processing personal data

We use functionalities of the Facebook Retargeting advertising plugin from Facebook Ireland Limited, 4 Grand Canal Square, Dublin Dublin 2, Ireland (hereinafter referred to as: Facebook Retargeting).

Facebook retargeting is used to carry out advertising campaigns and interact with them. Facebook retargeting reminds users of products they searched for or viewed but did not purchase. Cookies from Facebook are stored on your device.

In particular, the following personal data is processed by Facebook:
- Information about the user's activities
- Website accessed
- Which products have been displayed
- Which ads were clicked on
- Device information, in particular device type, IP address
- Facebook account of the user if they are logged into Facebook

Data is processed on servers operated by Facebook Inc., Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA. Other recipients of the data are providers and service providers of Facebook Inc., for example for analysis purposes.

Further information on how Facebook processes data can be found here:
https://de-de.facebook.com/privacy/explanation

Purpose of data processing

We use Facebook retargeting to place advertisements on various platforms and analyze how users interact with these advertisements. Our aim is to be able to show users personalized and therefore more relevant advertising.

Legal basis for processing personal data

The legal basis for the processing of users' personal data is generally the user's consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR.

Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes.

Transfer of personal data to a third country

Possibility of revocation and removal

Deactivating personalized advertising for Facebook users is possible for logged in users here: https://www.facebook.com/settings/?tab=ads
Further information on objection and removal options against Facebook can be found at: https://de-de.facebook.com/privacy/explanation

Integration of plugins via external service providers

Description and scope of data processing

We integrate certain plugins on our website via external service providers in the form of content delivery networks. When you access our website, a connection is established to the servers of the providers we use to retrieve content and store it in the cache of the user's browser. This allows personal data to be stored and evaluated in server log files, especially device and browser information (particularly the IP address and the operating system). We use the following services:

Shopify

Purpose of data processing

The use of the functions of these services serves to deliver and accelerate online applications and content.

Legal basis for data processing

This data is collected on the basis of Article 6 Paragraph 1 Letter f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website.

Duration of storage

Your personal information will be retained for as long as necessary to fulfill the purposes described in this privacy policy or as required by law.

Possibility of objection and removal

This data protection declaration was created with the support of DataGuard .