Der Franzose Automobiltechnik GmbH - www.franzose.de
Cart
Deutsch Englisch Französisch
Sichere Zahlöungen mit mollie
Back

Privacy and Data Protection

Data Protection Officer

DataGAP GmbH
Markus Altenburg
Bessemerstr. 82, 10th floor, south wing
12103 Berlin
Germany

Telephone: 030 / 577 10 513
Email: info@datagap.de

Data protection at a glance

The following information provides a simple overview of what happens to your personal data when you visit this website. Detailed information can be found in the following sections of this privacy policy.

General information

As the operator of this website and as a company, we come into contact with your personal data. This refers to all data that says something about you and by which you can be identified. In this privacy policy we would like to explain how, for what purpose and on what legal basis we process your data.

The controller responsible for data processing on this website and within our company is:

Der Franzose Media Service GmbH
Osloer Straße 9-11
49377 Vechta
Germany

Telephone: +49 4441 9161910
Email: media@franzose.de

General notes

SSL and TLS encryption

Whenever you enter your data on websites, place online orders or send emails via the Internet, you must always expect that unauthorised third parties may gain access to your data. Complete protection against such access cannot be guaranteed despite technical measures. However, we make every effort to protect your data as best as possible and to close security gaps to the extent we are able to do so.

An important protection mechanism is the SSL and TLS encryption of our website, which ensures that data you transmit to us cannot be read by third parties. You can recognise the encryption by the padlock icon displayed in your browser before the internet address entered and by the fact that our internet address begins with https:// and not with http://.

We would like to point out that data transmission over the Internet can have security vulnerabilities despite technical protective measures and that complete protection of data against access by third parties is not possible.

Encrypted payment transactions

Payment data, such as your bank account or credit card number, requires special protection. For this reason, payment transactions using common payment methods are carried out exclusively via an encrypted SSL and TLS connection.

How long do we store your data?

In some places in this privacy policy we inform you how long we or the companies that process your data on our behalf store your data. If such information is missing, we will store your data until the purpose for the data processing no longer applies, you object to the data processing or you revoke your consent to the data processing.

In the event of an objection or revocation, we may nevertheless continue to process your data if at least one of the following conditions applies:

 

In this case, we will delete your data as soon as the condition(s) no longer apply.

 

Transfer of data to the USA

We also use tools on our website from companies that transfer your data to the USA and store it there and, if necessary, process it further. The European Commission has adopted an adequacy decision for the EU-US Data Privacy Framework. This establishes that the USA ensures an adequate level of protection for personal data from the EU transferred to US companies. This decision is based on new safeguards and measures introduced by the USA to meet data protection requirements. The adequacy decision includes, among other things, limitations and safeguards regarding access by US intelligence services to the data. Binding safeguards have been introduced to limit access by US intelligence services to what is necessary and proportionate to protect national security. In addition, enhanced oversight of the activities of US intelligence services has been established to ensure that the restrictions on surveillance activities are complied with. An independent redress mechanism has also been created to handle and resolve complaints by European citizens regarding access to their data. The EU-US Data Privacy Framework therefore enables European companies to transfer data to certified US companies without having to implement additional data protection safeguards. A list of all certified companies can be viewed at the following link: https://www.datapracyframework.gov/s/participant-search

A change to the European Commission’s decision cannot be ruled out.

Data Protection Officer

We have appointed a Data Protection Officer for our company.

DataGAP GmbH
Markus Altenburg
Bessemerstr. 82, 10th floor, south wing
12103 Berlin
Germany

Email address: info@datagap.de
Telephone number: 030 / 577 10 513

Your rights

Objection to data processing

IF YOU READ IN THIS PRIVACY POLICY THAT WE HAVE LEGITIMATE INTERESTS FOR PROCESSING YOUR DATA AND WE THEREFORE BASE THIS ON ART. 6(1) SENTENCE 1 LIT. (F) GDPR, YOU HAVE THE RIGHT UNDER ART. 21 GDPR TO OBJECT TO THIS. THIS ALSO APPLIES TO PROFILING BASED ON THAT PROVISION. THE PREREQUISITE IS THAT YOU PROVIDE REASONS FOR THE OBJECTION THAT ARISE FROM YOUR PARTICULAR SITUATION. NO REASONS ARE REQUIRED IF THE OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT MARKETING.

THE CONSEQUENCE OF THE OBJECTION IS THAT WE MAY NO LONGER PROCESS YOUR DATA. THIS DOES NOT APPLY ONLY IF ONE OF THE FOLLOWING CONDITIONS EXISTS:

 

THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS DIRECTED AGAINST DIRECT MARKETING OR AGAINST PROFILING CONNECTED WITH IT.

 

Further rights

Withdrawal of your consent to data processing

Many data processing operations are carried out on the basis of your consent. You give this, for example, by ticking a corresponding box in online forms before submitting the form, or by allowing certain cookies when you visit our website. You may withdraw your consent at any time without giving reasons (Art. 7(3) GDPR). From the time of withdrawal, we may no longer process your data. The only exception is where we are legally obliged to retain the data for a certain period. Such retention periods exist in particular under tax and commercial law.

Right to lodge a complaint with the competent supervisory authority

If you believe that we are violating the General Data Protection Regulation (GDPR), you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority. You may contact a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. The right to lodge a complaint exists in addition to administrative or judicial remedies.

Right to data portability

Data that we process automatically on the basis of your consent or in fulfilment of a contract must be provided to you or to a third party in a commonly used, machine-readable format if you request it. We can only transfer the data to another controller insofar as this is technically feasible.

Right of access, erasure and rectification

Under Art. 15 GDPR you have the right to obtain, free of charge, information about which personal data we have stored about you, where the data comes from, to whom we transfer the data and for what purpose it is stored. If the data is incorrect, you have a right to rectification (Art. 16 GDPR) and, under the conditions of Art. 17 GDPR, you may request that we delete the data.

Right to restriction of processing

In certain situations you may request that we restrict the processing of your data under Art. 18 GDPR. The data may then, apart from storage, only be processed as follows:

 

The right to restriction of processing exists in the following situations:

 

 

Hosting and Content Delivery Networks (CDN)

 

External hosting

Our website is hosted on a server provided by the following internet service provider (host):

prohost networks GmbH
Wilhelm-Külz-Str. 69
14532 Stahnsdorf (near Berlin)
Germany

Has a data processing agreement been concluded with the host or are Standard Contractual Clauses (SCC) used?

Yes

How do we process your data?

The host stores all data relating to our website. This also includes all personal data that is collected automatically or through your input. This may include in particular: your IP address, pages accessed, names, contact details and enquiries, as well as meta and communication data. When processing data, our host follows our instructions and processes the data only to the extent necessary to fulfil its performance obligations towards us.

On what legal basis do we process your data?

As we approach potential customers via our website and maintain contacts with existing customers, the data processing by our host serves the initiation and performance of contracts and is therefore based on Art. 6(1)(b) GDPR. In addition, it is our legitimate interest as a company to provide a professional online presence that meets the necessary requirements in terms of security, speed and efficiency. In this respect, we also process your data on the basis of Art. 6(1)(f) GDPR.

Data collection on this website

Use of cookies

Our website places cookies on your device. These are small text files that serve different purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are needed to be able to carry out certain actions or functions on the site (functional cookies). For example, without cookies it would not be possible to use the benefits of a shopping basket in an online shop. Other cookies are used to analyse user behaviour or to optimise advertising measures. If we use third-party services on our website, e.g. to process payment transactions, these companies may also place cookies on your device when you access the website (so-called third-party cookies).

How do we process your data?

Session cookies are stored on your device only for the duration of a session. As soon as you close your browser, they disappear automatically. Persistent cookies, on the other hand, remain on your device unless you delete them yourself. This can lead, for example, to your user behaviour being analysed permanently. You can influence how your browser handles cookies via your browser settings:

 

If you disable or do not allow cookies, the functionality of the website may be restricted.

 

If we use cookies from other companies or for analysis purposes, we will inform you of this within the scope of this privacy policy. We also request your consent in this regard when you access our website.

Below you will find an overview of the cookies and similar technologies used on our website. The overview contains information on the type, purpose, storage period and legal basis of the respective cookies.

 

Technically necessary cookies (shop function)

 

Domain

Name

Description

Storage period

www.franzose.de

cipereadfirstCookie

Stores the status of the modal window (e.g. 0 = stored permanently, 1 = deleted when the browser is closed) in order to control whether the window is displayed again.

approx. 12 months

www.franzose.de

FlexxTradeuserSID

Long-term cookie – used for long-term identification of visitors in order, for example, to keep the shopping basket available for visitors over a longer period of time. This cookie restores the session cookie.

approx. 3 months

www.franzose.de

flexxtrsid

Session cookie – is automatically deleted when the browser is closed. Used to identify the visitor on all shop pages.

until the end of the session (max. approx. 14 days)

 

You can find detailed information about the cookies and comparable technologies used at any time in the cookie settings or in the consent manager of this website.

 

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our online services can be used by visitors without technical problems and that all desired functions are available to them. The storage of technically necessary cookies is based on Art. 6(1)(f) GDPR and Section 25(2) No. 2 TTDSG. All other cookies are used exclusively on the basis of your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TTDSG. You may withdraw any consent you have given at any time with effect for the future.

Server log files

Server log files record all requests and access to our website and log error messages. They also include personal data, in particular your IP address. However, this is anonymised by the provider after a short time, so that we cannot attribute the data to your person. The data is automatically transmitted to our provider by your browser.

How do we process your data?

Our provider stores the server log files in order to trace activities on our website and to identify errors. The files contain the following data:

 

We do not combine this data with other data; we use it only for statistical evaluation and to improve our website.

 

On what legal basis do we process your data?

We have a legitimate interest in ensuring that our website runs without errors. We also have a legitimate interest in obtaining an anonymised overview of access to our website. The data processing is therefore lawful pursuant to Art. 6(1)(f) GDPR.

Zammad (ticket system)

We use the email ticket system provided by Zammad GmbH, Marienstraße 11, 10117 Berlin, Germany (“Zammad”) to process customer enquiries. If users of our website send enquiries by email, these are stored and organised in the ticket system to enable chronological processing and to improve the service experience. Users can use the individually assigned ticket number to view the current status of the processing of their request at any time.
This also applies accordingly to enquiries submitted via the contact form on our website.
Solely for the organisation of enquiries and their processing, personal data is collected to the extent provided in the enquiry, in any event however name, first name and email address, transmitted to Zammad, stored there and accessed.
The legal basis for processing this data is our legitimate interest in the efficient organisation of our customer service, in responding to your request as quickly as possible and in optimising our service offering pursuant to Art. 6(1)(f) GDPR.
We have concluded a data processing agreement with Zammad, under which we oblige Zammad to protect our customers’ data and not to pass it on to third parties.
Your data will be deleted after your enquiry has been conclusively processed. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that no statutory retention obligations prevent this.
Further information on Zammad’s data protection can be found at https://zammad.com/en/company/privacys

Contact form

You can send us a message via the contact form on this website.

How do we process your data?

We store your message and the information from the form in order to process your enquiry, including any follow-up questions. This also includes the contact details you provide. We do not pass the data on to other persons without your consent.

How long do we store your data?

We delete your data as soon as one of the following occurs:

 

This does not apply if we are legally obliged to retain the data.

 

On what legal basis do we process your data?

If your enquiry is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. In all other cases, it is our legitimate interest to process enquiries addressed to us effectively. The legal basis for data processing is therefore Art. 6(1)(f) GDPR. If you have consented to the storage of your data, Art. 6(1)(a) GDPR is the legal basis. In this case, you may withdraw your consent at any time with effect for the future.

Enquiries by email, telephone or fax

You can send us a message by email or fax or call us.

How do we process your data?

We store your message as well as the contact information you provide or the transmitted telephone number in order to process your enquiry, including any follow-up questions. We do not pass the data on to other persons without your consent.

How long do we store your data?

We delete your data as soon as one of the following occurs:

 

This does not apply if we are legally obliged to retain the data.

 

On what legal basis do we process your data?

If your enquiry is related to our contractual relationship or serves the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. In all other cases, it is our legitimate interest to process enquiries addressed to us effectively. The legal basis for data processing is therefore Art. 6(1)(f) GDPR. If you have consented to the storage of your data, Art. 6(1)(a) GDPR is the legal basis. In this case, you may withdraw your consent at any time with effect for the future.

Registration function

In order to use certain functions or offers on our website, you must register. This requires you to provide your email address and, where applicable, other personal data.

How do we process your data?

We store the data you provide during registration and use it to provide you with the function or offer for which you registered. If there are changes relating to the offer or function, we will use your email address to inform you. In addition, we may use your email address to make you further contractual offers, where applicable.

How long do we store your data?

We delete your data as soon as one of the following occurs:

 

This does not apply only if we are legally obliged to retain the data.

 

On what legal basis do we process your data?

We store and use your data in order to fulfil the user relationship established upon registration and, where applicable, to initiate further contracts. The legal basis is therefore Art. 6(1)(b) GDPR.

Analysis tools and advertising

We use the following tools to analyse the behaviour of our website visitors and to show you advertising.

Google Tag Manager

What is Google Tag Manager?

Tag management system for integrating tracking codes and conversion pixels of Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google Tag Manager?

https://policies.google.com/privacy

On what basis do we transfer your data to the USA?

On the basis of the European Commission’s adequacy decision and the company’s corresponding certification.

How do we process your data?

We use Google Tag Manager. The tool helps us to integrate tracking codes and conversion pixels into our website, manage them and deploy them. Google Tag Manager itself does not create user profiles, does not place cookies on your device and does not analyse your behaviour as a user. However, it records your IP address and transfers it to Google servers in the USA.

On what legal basis do we process your data?

We have a legitimate interest in the quick and uncomplicated integration and management of various tools on our website. The use of Google Tag Manager is therefore lawful under Art. 6(1)(f) GDPR. If you have consented to the disclosure of your IP address, we process your data exclusively on the basis of Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.

Google Analytics

What is Google Analytics?

Tool for analysing user behaviour by Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Has a data processing agreement been concluded with Google Analytics?

Yes

Where can you find more information about data protection at Google Analytics?

https://support.google.com/analytics/answer/6004245?hl=en

On what basis do we transfer your data to the USA?

On the basis of the European Commission’s adequacy decision and the company’s corresponding certification.

How can you prevent data collection?

Among other things, with a browser plugin: https://tools.google.com/dlpage/gaoptout?hl=en

How do we process your data?

We are always interested in optimising our web offering for visitors to our website and placing advertising in the best possible way. Google Analytics helps us with this by analysing user behaviour and thus providing the necessary data basis for adjustments. Through the tool we receive information about the origin of our visitors, their page views and the time they spend on pages, as well as the operating system they use.

Standard processing

To collect the data, Google Analytics uses cookies, device fingerprinting or other technologies to recognise users. The data is transferred to Google servers in the USA and, together with the IP address also collected, combined into a profile that can be assigned to you or your device.

You can prevent Google from processing your data by installing a browser plugin made available by Google: https://tools.google.com/dlpage/gaoptout?hl=en.

IP anonymisation

We have activated the “IP anonymisation” function within Google Analytics. This means that Google truncates your IP address (from the EU or the EEA) before it is transferred to the USA. Only in exceptional cases does Google transfer the full IP address to servers in the USA and truncate it only there.

How long do we store your data?

According to Google, data stored at user and event level that is linked to cookies, user identifiers (e.g. user IDs) or advertising IDs is deleted or anonymised after 14 months (see https://support.google.com/analytics/answer/7667196?hl=en).

On what legal basis do we process your data?

As the website operator, we have a legitimate interest in analysing user behaviour for the purpose of optimising our web offering and the advertising placed there. The data processing is therefore lawful under Art. 6(1)(f) GDPR. If you have, for example, consented to the storage of cookies or otherwise consented to data processing by Google Analytics, Art. 6(1)(a) GDPR is the sole legal basis. You may withdraw your consent at any time with effect for the future.

 

Newsletter

 

Cleverreach

What is Cleverreach?

Service for sending newsletters and analysing recipient behaviour

Who processes your data?

Cleverreach GmbH & Co. KG, //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany

Has a data processing agreement been concluded with Cleverreach?

Yes

Where can I find more information about data protection at Cleverreach?

https://www.cleverreach.com/en-de/gdpr-compliant-newsletter-tool/ and https://www.cleverreach.com/en-de/privacy-policy/

How do we process your data?

We use Cleverreach to send our newsletter. The service manages the data of newsletter subscribers for us, sends our newsletter and analyses our newsletter campaigns.

If you would like to receive our newsletter, we require your email address. We will also verify, using a confirmation email (double opt-in procedure), that you are indeed the owner of this email address. We do not collect any further data, or only on a voluntary basis. We use your data exclusively for sending the newsletter.

If we send a newsletter via Cleverreach and you open it, a file contained in the newsletter automatically connects to Cleverreach’s servers. This informs the service that the newsletter has been opened and registers all clicks on the links contained in it. In addition, Cleverreach collects technical information such as the time of retrieval, the IP address, browser type and operating system.

You can unsubscribe from the newsletter at any time.

How long do we store your data?

After you unsubscribe, the data is deleted from the newsletter distribution list. In some circumstances, we may also add your email address to a blacklist; this is necessary, for example, if we receive an objection to advertising from you. Storage then takes place on the basis of Art. 6(1)(f) GDPR.

Furthermore, we reserve the right to delete the data at any time after the purpose of collection no longer applies or at our discretion.

On what legal basis do we process your data?

By being added to the subscribers list, you consent to data processing by Cleverreach. This is therefore lawful on the basis of Art. 6(1)(a) GDPR. You may withdraw your consent by unsubscribing from the newsletter or by an informal notice to us. This means that from that point on we may no longer send you newsletters.

YouTube (with enhanced privacy mode)

What is YouTube?

Video platform

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at YouTube?

https://www.youtube.com/intl/ALL_de/howyoutubeworks/our-commitments/protecting-user-data/?gclid=EAIaIQobChMIztKuysSW-gIVjgwGAB0euwPlEAAYASAAEgLBXfD_BwE

How do we process your data?

You can watch YouTube videos on our website. In doing so, Google as the provider of YouTube collects and stores certain information about you. However, as we use YouTube in enhanced privacy mode, this only happens once you start a video. Specifically, the following happens in this case:

  1. Google’s servers are informed which of our pages were visited from your device. If you are logged into your YouTube account while browsing, Google can associate your browsing behaviour directly with your personal profile. If you do not want this, you must log out of your YouTube account before continuing to browse the internet.
  2. Google receives information via cookies, device fingerprinting or similar recognition technologies about visitors to our website. On this basis, the company then creates video statistics, makes its application more attractive for users and prevents fraud attempts.
  3. Your data may also be processed beyond this. However, we have no knowledge of the details. We also have no influence over the processing.

 

Even if you do not start a YouTube video on our website, Google establishes a connection to its DoubleClick network and possibly also to other partners. Enhanced privacy mode therefore does not mean that Google does not process any of your data when you visit our website.

 

On what legal basis do we process your data?

By embedding YouTube videos, we want to make our website and our services and offers more appealing. This is our legitimate interest as a company and is therefore lawful under Art. 6(1)(f) GDPR.

If you have consented to data processing, we process your data exclusively on the basis of Art. 6(1)(a) GDPR. You may withdraw your consent at any time. From the time of withdrawal, we may no longer process your data.

Google Fonts (local hosting)

We use fonts from the US company Google on our website. We have installed the fonts locally, so that no connection to Google’s servers takes place when you visit our website.

Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

Font Awesome (local hosting)

We use icons from the Font Awesome icon library on our website. The library is provided by Fonticons Inc. The icons have been installed locally, so that no connection to the company’s servers takes place when you visit our website.

Further information about Font Awesome can be found at https://fontawesome.com/ and specifically in their privacy policy: https://fontawesome.com/privacy.

jQuery

What is jQuery?

Service enabling access to a JavaScript library for use on this website

Who processes your data?

The OpenJS Foundation, 548 Market St, PMB 57274, San Francisco, California, USA

Where can you find further information about data protection at jQuery?

https://openjsf.org/privacy

On what basis do we transfer your data to the USA?

jQuery complies with the European Commission’s Standard Contractual Clauses (see https://openjsf.org/privacy)

How do we process your data?

We use jQuery services on our website. jQuery is a JavaScript library. It simplifies JavaScript programming by providing an easy-to-use interface for many common tasks. With jQuery, users can make their websites faster and more interactive. When you visit our website, a direct connection is established between your browser and the jQuery servers. This informs jQuery that our website was accessed via your IP address.

On what legal basis do we process your data?

The scripts of jQuery ensure a consistent appearance of our websites. As a company we have a legitimate interest in this. The data processing is therefore lawful under Art. 6(1)(f) GDPR.

If you have consented to the data processing, we process your data exclusively on the basis of Art. 6(1)(a) GDPR. You may withdraw your consent at any time. From the time of withdrawal, we may no longer process your data.

eCommerce and payment providers

Customer and contract data

How do we process your data?

When we conclude a contract with you, we require certain personal data from you. We collect, process and use this data only insofar as it is necessary to establish our legal relationship, structure its content or amend it. If you can only use our services via our website or the services are billed via the website, we also collect usage data insofar as this is necessary to enable you to use our services or to bill for the service used.

How long do we store your data?

We store your data until our legal relationship ends, unless we are legally obliged to retain the data for longer.

On what legal basis do we process your data?

We store your data in order to fulfil the contract with you or to carry out pre-contractual measures. The legal basis for data processing is therefore Art. 6(1)(b) GDPR.

Data transfer for shipment of goods

How do we process your data?

If you order goods from us, we transfer your data to companies that we commission with delivery and/or through which we process payment. Only data that is required for the commissioned company to carry out the specific order is transferred. If we wish to transfer additional data, we will obtain your consent. We do not pass your data on for advertising purposes.

On what legal basis do we process your data?

We transfer your data in order to fulfil the contract we have concluded with you. The legal basis for data processing is therefore Art. 6(1)(b) GDPR.

Disclosure of personal data to shipping service providers

DHL

If delivery of the goods is carried out by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany), we pass on the recipient’s name and delivery address to DHL for the purpose of delivery pursuant to Art. 6(1)(b) GDPR. The transfer is made only to the extent necessary for the delivery of the goods.
If you have given your express consent during the ordering process, we will additionally pass on your email address to DHL pursuant to Art. 6(1)(a) GDPR before delivery of the goods for the purpose of delivery notification and/or to arrange a delivery date. Without this consent, delivery notification or arranging a date via DHL is not possible.
The consent may be withdrawn at any time with effect for the future vis-à-vis the controller or vis-à-vis DHL.

DPD

If delivery of the goods is carried out by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany), we pass on the recipient’s name and delivery address to DPD for the purpose of delivery pursuant to Art. 6(1)(b) GDPR. The transfer is made only to the extent necessary for the delivery of the goods.
If you have given your express consent during the ordering process, we will additionally pass on your email address and/or telephone number to DPD pursuant to Art. 6(1)(a) GDPR before delivery of the goods for the purpose of delivery notification and/or to arrange a delivery date. Without this consent, delivery notification or arranging a date via DPD is not possible.
The consent may be withdrawn at any time with effect for the future vis-à-vis the controller or vis-à-vis DPD.

Data transfer when using services and digital content

How do we process your data?

For payment processing, we transfer your data to a payment service provider or the credit institution commissioned with payment processing. We only pass on data that is strictly necessary for the payment transaction. If we wish to transfer additional data, we will obtain your consent.

On what legal basis do we process your data?

We transfer your data in order to fulfil the contract we have concluded with you. The legal basis for data processing is therefore Art. 6(1)(b) GDPR. If you have consented to the transfer of your data, the data processing is based on Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.

Payment services

So that you can pay conveniently for your purchases on our website, we use the services of payment service providers, i.e. external companies that process payments for us. Which providers these are specifically can be found in the list at the end of this section.

How do we process your data?

For the payment transaction, you must provide certain personal data, e.g. your name, your bank details or credit card number. We pass this data on to the respective payment service provider. The respective contractual and data protection provisions of the respective service apply to the transaction itself.

On what legal basis do we process your data?

We pass on your data in order to fulfil the contract we have concluded with you. The legal basis for data processing is therefore Art. 6(1)(b) GDPR. In addition, we have a legitimate interest in processing purchases as quickly, conveniently and securely as possible. In this respect, the legal basis is also Art. 6(1)(f) GDPR. If you have consented to the transfer of your data, the data processing is based on Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.

Which payment services do we use?

PayPal
What is PayPal?

Online payment service

Who processes your data?

PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg

Where can you find more information about data protection at PayPal?

https://www.paypal.com/de/legalhub/paypal/privacy-full?locale.x=en_DE

On what basis do we transfer your data to the USA?

PayPal complies with the European Commission’s Standard Contractual Clauses (see https://www.paypal.com/de/legalhub/paypal/pocpsa-full?locale.x=en_DE)

Mollie
What is Mollie?

Online payment service

Who processes your data?

Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands

Where can you find more information about data protection at Mollie?

hhttps://www.mollie.com/gb/legal/privacy

Apple Pay
What is Apple Pay?

Mobile payment service provided by Apple Inc.

Who processes your data?

Apple Inc., Infinite Loop, Cupertino, CA 95014, USA

Where can you find more information about data protection at Apple Pay?

https://www.apple.com/legal/privacy/en-ww/

On what basis do we transfer your data to the USA?

Apple Pay complies with the European Commission’s Standard Contractual Clauses (see https://www.apple.com/legal/privacy/en-ww/)

Sofortüberweisung
What is Sofortüberweisung?

Online payment method that works like a bank transfer, but with an intermediary third-party company that confirms the payment to us as the seller

Who processes your data?

Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (Sofort GmbH is part of the Klarna Group)

Where can you find more information about data protection at Sofortüberweisung?

https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/

Our own services / Other

Handling applicant data

If you would like to work for us, we are happy to receive your application. All personal data submitted will be treated as strictly confidential. This also applies to data that we only collect later in the course of the application process.

How do we process your data?

We store all data collected during the application process and use it insofar as this is necessary to decide on establishing an employment relationship. This includes contact and communication data as well as application documents and, for example, notes that we make during interviews. We pass your data within our company exclusively to persons involved in processing your application.

If the application is successful, we store the data necessary to carry out the employment relationship in our data processing systems.

How long do we store your data?

If we are unable to offer you a position, if you reject a job offer or if you withdraw your application, we reserve the right to retain your documents and other applicant data for up to 6 months after the end of the application process. The reason is that we may need the data as evidence in the event of a legal dispute. After the period has expired, we delete the data and destroy the documents. If a legal dispute is actually imminent or is already pending, we delete the data and documents when they are no longer needed for evidential purposes.

The deletion of your data always presupposes that we are not legally obliged to retain it for longer.

On what legal basis do we process your data?

We process your applicant data on the basis of Section 26 BDSG (initiation of an employment relationship) and Art. 6(1)(b) GDPR (general initiation of a contract).

The same applies if your application is successful.

If we are unable to offer you a position, if you reject a job offer or if you withdraw your application, we have a legitimate interest in using your data as evidence in a possible legal dispute. The data processing is therefore based on Art. 6(1)(f) GDPR.

If you have expressly consented to the storage of your data, we process your data on the basis of Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.

Data processing on social media

What is social media?

By social media we mean the social networks on which we have created publicly accessible profiles. Which social networks these are can be found below.

Who processes your data?

The respective operating companies of the social networks. The individual operators are listed below for each network.

How is your data processed?

Operators of social networks are generally able to collect and evaluate extensive data about the behaviour of visitors and users of the network. It is not possible for us to track all processing operations in the social networks we use, which is why additional processing operations that are not listed here may be carried out by the operators of the social networks. You can find further information on this in the terms of use and privacy policies of the respective social networks.

Data processing by the social networks takes place in particular if you visit the respective platform yourself or access our profiles there via a link from our website.
If you are a user of the social network and logged into your user account, your visit to our profile page may be associated with your account by the operator of the social network. Even if you have not registered a user account yourself or are not logged in, it is possible that the network operator nevertheless collects your personal data, e.g. by recording your IP address or setting cookies. Using this data, the operators can create user profiles tailored to your behaviour and interests and show you interest-based advertising within and outside the network. If you are a registered user of the network, interest-based advertising can also be displayed on all devices on which you are logged in or have been logged in.

On what legal basis is your data processed?

Our profiles on social networks are intended to ensure the broadest possible presence of our company on the Internet. We have a legitimate interest in this as a company. The data processing is therefore lawful under Art. 6(1)(f) GDPR.

The data processing operations and analyses carried out by the operators of the social networks themselves may be based on other legal bases. These must be stated by the operators of the social networks.

Who is responsible for processing your data and how can you exercise your rights?

When you visit our social media profiles, the respective platform operators process personal data under their own responsibility. Insofar as the platform operators provide us with statistical evaluations (“insights”) in connection with our profiles, this processing may take place under joint controllership with the respective platform operator pursuant to Art. 26 GDPR. In principle, you may exercise your rights both against us and against the platform operator.

However, despite joint responsibility with the operators of the social networks, our influence on the data processing operations of the respective operator is limited and primarily depends on the operator’s specifications.

How long is your data stored?

Insofar as we process personal data via our social media profiles (e.g. in the case of messages or comments), we generally delete it as soon as the purpose of the processing no longer applies, you request deletion or you withdraw consent; statutory retention obligations remain unaffected.

We have no influence over how long the operators of the social networks store your data that they collect for their own purposes. Information about this can be obtained directly from the operator of the respective social network, e.g. in the respective privacy policy.

Which social media do we use?

Facebook

What is Facebook?
A social network

Who processes your data?
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Will your data be transferred to third countries?
A transfer to third countries (e.g. the USA) cannot be ruled out.

Where can you find more information about data protection at Facebook?
https://www.facebook.com/about/privacy/

Where can you adjust your advertising settings as a Facebook user?
As a registered Facebook user, you can adjust your advertising settings in your user account. Click the following link and log in:
https://www.facebook.com/settings?tab=ads.

Instagram

What is Instagram?
A social network specialising in photos and videos

Who processes your data?
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Will your data be transferred to third countries?
A transfer to third countries (e.g. the USA) cannot be ruled out.

Where can you find more information about data protection at Instagram?
https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram-Hilfebereich&bc[1]=Richtlinien%20und%20Meldungen

Where can you adjust your privacy settings as a user?
As a registered Instagram user, you can adjust your privacy settings in your user account. Click the following link and log in:
https://www.instagram.com/accounts/privacy_and_security/

YouTube

What is YouTube?
A social network in the form of an online video portal

Who processes your data?
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Will your data be transferred to third countries?
Yes

Where can you find more information about data protection at YouTube?
https://policies.google.com/privacy?hl=en

Where can you adjust your data protection settings as a user?
https://policies.google.com/privacy?hl=en#infochoices