PRIVACY POLICY

1. GENERAL NOTES AND MANDATORY INFORMATION

Storage duration
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.

General information on the legal basis for data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR and Art. 9 para. 2 lit. a GDPR, insofar as special categories of data pursuant to Art. 9 para. 1 GDPR are processed. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is also carried out on the basis of § 25 para. 1 TTDSG. Consent can be revoked at any time. If your data is required to fulfill the contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR must take place. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.

Recipients of personal data
As part of our business activities, we work together with various external bodies. In some cases, it is also necessary to transfer personal data to these external bodies. We only pass on personal data to external bodies if this is necessary in the context of fulfilling a contract, if we are legally obliged to do so (e.g. passing on data to tax authorities), if we have a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR or if another legal basis permits the transfer of data. When using processors, we only pass on our customers’ personal data on the basis of a valid contract for order processing. In the case of joint processing, a joint processing agreement is concluded.

Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. All you need to do is send us an informal message by e-mail. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the collection of data in special cases and to
Direct marketing (Art. 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED,
PLEASE REFER TO THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.
LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING.
THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS ASSOCIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right to lodge a complaint with the competent supervisory authority
In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right of appeal exists without prejudice to other administrative or judicial remedies.

Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

Information, correction and deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction or deletion of this data. You can contact us at any time if you have further questions on the subject of personal data.

Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

• If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
  If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure
• If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
• If you file an objection pursuant to Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
• If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses an SSL-encrypted connection. TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website
If there is an obligation to provide us with your payment data (e.g. account number for direct debit authorization) after the conclusion of a fee-based contract, this data is required for payment processing.

Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

With encrypted communication, the payment data you transmit to us cannot be read by third parties.

Objection to advertising e-mails
We hereby object to the use of contact data published in the context of the imprint obligation to send unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

2. HOSTING

We host the content of our website at Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner). Details can be found in Hetzner’s privacy policy.

The use of Hetzner is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our data protection regulations.
instructions and in compliance with the GDPR.

3. DATA COLLECTION ON THIS WEBSITE

3.1 Cookies

3.2 Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address
• This data is not merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.

3.3 Contact form

If you send us inquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.

3.4 Request by e-mail, telephone, fax

If you contact us by e-mail, telephone or fax, we will store and process your request, including all personal data (name, request), for the purpose of processing your request. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

3.5 Comment function on this website

For the comment function on this page, in addition to your comment, information about the time the comment was created, your e-mail address and, if you are not posting anonymously, the user name you have chosen will be saved.

Storage of the IP address
Our comment function stores the IP addresses of users who post comments. As we do not check comments on this website before they are activated, we need this data in order to be able to take action against the author in the event of legal violations such as insults or propaganda.

Storage duration of the comments
The comments and the associated data are stored and remain on this website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments).

Legal basis
The comments are stored on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. All you need to do is send us an informal message by e-mail. The legality of the data processing operations already carried out remains unaffected by the revocation.

3.6 Registration on this website

In order to provide you with the greatest possible convenience, we offer the permanent storage of your personal data in a password-protected customer account.

The creation of a customer account is generally voluntary. If you create a customer account, your data collected here will be processed on the basis of Art. 6 para. 1 b) GDPR. Once a customer account has been set up, it is not necessary to enter data again. You can also view and change the stored data in your customer account at any time.

Only if you wish to place orders via our website is it necessary to open a customer account in order to process the contract.

In addition to the data requested when placing an order, you must enter a password of your choice to set up a customer account. This is used together with your e-mail address to access your customer account. Please treat your personal access data confidentially and in particular do not make it accessible to unauthorized third parties. Please note that you will automatically remain logged in even after leaving our website, unless you actively log out.

You have the option of deleting your customer account at any time. Please note that this does not mean that the data visible in the customer account will be deleted once you have placed an order with us. Your data will be deleted automatically after expiry of the retention obligations under commercial and tax law or the applicable limitation periods. Further information on this can be found in section 1. The legal basis for this further data processing is Art. 6 para. 1 c) GDPR and Art. 6 para. 1 f) GDPR. We have a legitimate interest in the assertion, exercise or defense of legal claims.

3.7 Data processing upon conclusion of a contract

If you register with one of our services and/or conclude a further contract with us (e.g. purchase a product from us), we process the data required for the establishment, performance and/or termination of the contract. These include:

• Salutation
• First name, last name
• Billing and delivery address
• E-mail address
• Invoice and payment data
• Date of birth
• Phone number
• Information about orders placed
• Store settings

The legal basis for this is Art. 6 b) GDPR, i.e. you provide us with the information on the basis of the respective contractual relationship (e.g. management of the customer/user account, processing of a purchase contract) between you and us. We are also obliged to process your e-mail address in the event of a purchase via our website due to legal requirements in the German Civil Code (“BGB”) to send an electronic order confirmation (Art. 6 para. 1 c) GDPR).

We store the data collected for contract processing – unless we use it for our own marketing purposes – for the duration of the respective contract and until the expiry of the respective statutory or possible contractual warranty and guarantee rights and applicable limitation periods. After expiry of this period, we shall retain the information required under commercial and tax law relating to the contractual relationship for the periods specified by law. For this period, the data will be processed again solely in the event of a review by the tax authorities. Further information on this can be found in section 6. The legal basis for this further data processing is Art. 6 para. 1 c) GDPR and Art. 6 para. 1 f) GDPR. We have a legitimate interest in the assertion, exercise or defense of legal claims.

The following data processing is also required to process a purchase contract via our services:

Payment data will be passed on to payment service providers commissioned by us to process the payment(s). The respective data will only be transmitted for the respective purpose and will not be used for other purposes after delivery and will be deleted after the expiry of existing commercial and tax retention obligations.

3.8 Google Calendar

We use Google’s online calendar for the services we offer. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

Google also processes your data in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information here.

In addition, Google uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the resolution and the corresponding standard contractual clauses, for example here.

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found here.

You can find out more about the data processed through the use of Google Calendar in the privacy policy.

4. PAYMENT PROVIDER

4.1 PayPal

When paying via PayPal, your payment data will be forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”) as part of payment processing. The legal basis for the transfer is the execution of the contract, Art. 6 para. 1 b) GDPR.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, these are based on a scientifically recognized mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values. For further data protection information, including information on the credit agencies used, please refer to Paypal’s privacy policy. PayPal acts as the controller within the meaning of data protection law.

4.2 Klarna

In cooperation with Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (“Klarna”), we offer the following payment options. Payment is made to Klarna in each case:

Invoice: The payment period is 30 days from dispatch of the goods/ticket/ or, in the case of other services, the provision of the service. The complete billing conditions for the countries in which this payment method is available can be found here.

Direct debit/instant bank transfer: Available in Germany, Austria, Belgium, Italy, Spain, Poland and the Netherlands. Your account will be debited immediately after placing the order.

Installment purchase: With Klarna installment purchase, you can divide the cost of your order into up to 36 monthly installments. The payment plan is created after successful payment/order and the first monthly installment is due one month after this date. You will receive notifications and reminders about automatic debits on payment dates throughout the entire payment plan.

The use of the payment methods invoice, installment purchase and direct debit/immediate transfer requires a positive credit check. If you choose a Klarna payment option, we will forward your data to Klarna for the purpose of address and credit checks as part of the purchase initiation and processing of the purchase contract. Please understand that we can only offer you those payment methods that are permitted based on the results of the credit check. Further information and Klarna’s terms of use can be found here.

Your personal data will be treated by Klarna in accordance with the applicable data protection regulations and in accordance with the information in Klarna’s privacy policy. Klarna acts as the controller within the meaning of data protection law.

4.3 stripe

On our website we offer payment by credit card, Google Pay and Apple Pay in cooperation with stripe. The provider of this payment service is Stripe Payments Europe, Ltd., a private limited company organized under the laws of Ireland with company number 513174 and offices at The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland (hereinafter “Stripe”).

If you select payment via Stripe, the payment data you enter will be transmitted to Stripe.

The data is transmitted to Stripe on the basis of Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). You have the option of withdrawing your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations that took place in the past. You can find more information about Stripe’s data protection at https://stripe.com/de/privacy.

5. SOCIAL MEDIA

5.1 Instagram

Functions of the Instagram service are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook or Instagram. The after forwarding
processing by Facebook or Instagram is not part of the joint responsibility. The obligations incumbent on us jointly were set out in an agreement on joint processing. You can find the wording of the agreement
here
.
According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the secure implementation of the tool on our website in accordance with data protection law. For the
Facebook is responsible for the data security of Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

• 
  EU Data Transfer Addendum
  ,
• Standard contractual clauses

You can find further information on this in the
Instagram privacy policy
.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. You can obtain further information from the provider here.

5.2 Fan pages

Max Lang maintains social media profiles on the social networks Facebook and Instagram (“Fanpages”), services of Meta Platforms Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland (“Meta”), on which we regularly publish and share content and offers. When you interact with our fan pages or other Facebook or Instagram websites, Meta uses cookies and similar technologies to record your usage behavior. Max Lang can view general statistics on the interests and demographic characteristics (such as age, gender, region) of users for its fan pages. If you use social networks, the type, scope and purposes of data processing in the social networks are primarily determined by the operators of the social networks. An exception applies to so-called Page Insights, for which we are jointly responsible with Meta and which are explained below.

Processing of your data by Meta

Meta also processes your data when you use fan pages for its own purposes, which are not shown in this data protection information and over which we have no influence. You can find further information on this in the respective social networks:

• Data protection information from Facebook
• Data protection information from Instagram

Usage analysis (page insights)

When you interact with our fan pages, Meta uses cookies and similar technologies to record your usage behavior. In this context, Max Lang receives “page insights” that contain statistical, depersonalized (anonymized) information about visitors. It is not possible for us to identify you personally. The selection and preparation of Page Insights information is carried out exclusively by Meta. Page insights help us to understand how our fan pages are used, what interests visitors have and which topics and content are particularly popular. We use this information to offer relevant content to visitors to our fan pages and to better respond to the interests and usage habits of our visitors.

Max Lang and Meta are jointly responsible for the processing of your data for the provision of Page Insights (Art. 26 GDPR). There is an agreement between Max Lang and Meta that specifies which company fulfills which data protection obligations under the GDPR with regard to the processing of Page Insights data.

The agreement with Meta is available here.

Meta has summarized the main contents of this agreement (including a list of the Page Insights data) here.

Insofar as you have consented to Meta with regard to the creation of Page Insights as described above, the legal basis is Art. 6 para. 1 a) GDPR.

6. NEWSLETTER

6.1 Newsletter data

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose no longer applies. We reserve the right to delete e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to delete or block it. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can follow the
storage if your interests outweigh our legitimate interest.

6.2 Brevo

This website uses Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Brevo is a service that can be used to organize and analyze the sending of newsletters, among other things. The data you enter for the purpose of subscribing to the newsletter will be stored on the servers of Sendinblue GmbH in Germany.

Data analysis by Brevo
With the help of Brevo, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked on. In this way, we can determine which links have been clicked on particularly often.
We can also recognize whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can recognize whether you have made a purchase after clicking on the newsletter.
Brevo also enables us to divide newsletter recipients into different categories (“clustering”). The newsletter recipients can be subdivided according to age, gender or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups.
If you do not wish to be analyzed by Brevo, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.
You can find detailed information on the functions of Brevo
here
.

Legal basis
The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage duration
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
For more information, please refer to Brevo’s privacy policy at: Data protection overview and Privacy Policy.

7. PLUGINS AND TOOLS

7.1 Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis purposes, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links: Privacy Policy and Terms of Service.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. You can obtain further information from the provider here.

7.2 Spotify

We use Spotify, a tool for music and podcasts, on our website. The service provider is the Swedish company Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden.

You can find out more about the data that is processed through the use of Spotify on Spotify Privacy Policy

8. ANALYSIS TOOLS AND ADVERTISING

8.1 Google Tag Manager

Google Tag Manager is used on this website. Google Tag Manager is a solution from Google LLC that allows companies to manage website tags via a single interface. The Google Tag Manager is a cookie-free domain that does not collect any personal data. The Google Tag Manager triggers other tags, which in turn may collect data. We hereby draw your attention to this separately. The Google Tag Manager does not access this data. If a deactivation has been made by the user at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. Google uses pseudonyms for this purpose. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can find more information about Google Tag Manager here.

8.2 Meta Pixel

We use a so-called tracking pixel from Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Facebook Inc. 1601, Willow Road Menlo Park, CA 94025, USA, on our website. We use Facebook Pixel to track the success of our own Facebook advertising campaigns and to optimize the delivery of Facebook advertising campaigns to interested target groups.

After clicking on a Facebook ad or visiting our website, a cookie is stored on your device using the pixel on our website. The cookie processes data about whether you have reached our website via a Facebook ad and makes it possible to analyze the user’s behavior until the purchase is completed. This allows us to track the success rate of our Facebook advertising campaigns. In addition, the pixel processes data about the fact that you have visited our website and makes it possible to adapt the advertising displayed on Facebook to your interests.

The Facebook pixel integrated on our website establishes a direct connection to the Facebook servers when you visit our website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to Facebook in the USA.

There is no adequacy decision by the EU Commission for data transfers to the USA. Facebook ensures an adequate level of data protection via the EU standard contractual clauses. You can download a copy of the contractual clauses
here
here.

The data collected is anonymous for us and does not allow us to draw any conclusions about the user. If you are registered with Facebook, Facebook can assign the information collected to your account. Even if you do not have a Facebook account or are not logged in when you visit our website, your IP address and other identification data may be processed and stored by Facebook.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 a) GDPR.

You can revoke your consent to data processing by Facebook Pixel for our web domain at any time with effect for the future by adjusting your preferences in our cookie settings. Furthermore, you can prevent the setting of cookies by adjusting the corresponding settings in your Facebook account under
Ads Tab
tab.

8.3 Facebook Conversion API

We use the Facebook Conversion API tracking tool from Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Facebook Inc. 1601, Willow Road Menlo Park, CA 94025, USA.

This is a data interface through which we transmit data about your behavior on our website to Facebook for evaluation. This enables us to show you advertisements on our website that match your user behavior.

We use the following data in connection with the Conversion API:

• e-mail address
• Phone number
• Gender
• Date of birth
• First and last name
• City, state and country
• Zip code
• User IDs
• IP address
• Client User Agent (the browser you are using and your operating system)
• Click IDs
• Browser ID
• Product IDs
• Advertising ID
• Facebook login ID

We transmit the data to Facebook. The data is also transmitted to Facebook in the USA.

There is no adequacy decision by the EU Commission for data transfers to the USA. Facebook ensures an adequate level of data protection via the EU standard contractual clauses. You can download a copy of the contractual clauses
here
here.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 a) GDPR.

You can revoke your consent to data processing by Facebook Pixel for our web domain at any time with effect for the future by adjusting your preferences in our cookie settings.