Privacy Policy
1. Privacy at a Glance
The following gives you a simple overview of what happens to your personal data when you visit our website. Personal data are all data that can be used to identify you, personally. You will find detailed information on the topic of privacy in the privacy policy below this text.
The processing on this website is carried out by the website operator. You can find their contact information in the section titled “Notes on the party”.
Generally, we collect the data you give us on purpose. For example, you could enter your name and in our contact form.
Other data is collected automatically or after your consent by our IT systems when you visit our website. This is mostly technical data (i.e. your browser, operating system or time of visit). The collection of this data happens automatically when you visit this website.
Part of your data is collected to ensure that the website is provided without problems. Other data can be used to analyse user behavior.
At any time you have the right to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the responsible regulatory authority.
You can contact us at any time with regard to these and other questions on the subject of data protection.
When visiting this website, your browsing behavior may be statistically analyzed. This is done mainly with so-called analysis programs.
Detailed information about these analysis programs can be found in the following privacy policy.
2. Hosting
We host the contents of our websites using the following providers:
The provider is Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter “Shopify”).
Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address and information about the device and browser you are using. Shopify also analyzes visitor numbers, visitor sources, and customer behavior, and generates user statistics. When you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment information, and other data related to the purchase (e.g., phone number, amount of sales made, etc.). For analytics, Shopify stores cookies in your browser.
For details, see Shopify’s privacy policy: https://www.shopify.de/legal/datenschutz.
The use of Shopify is based on section 6 (1 f) GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If a respective consent was requested, the processing is exclusively based on section 6 (1 a) GDPR und section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) in the sense of the TTDSG. The consent can be revoked at any time.
The provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter “Strato”). When you visit our
website, Strato collects various log files including your IP addresses. For more information, please refer to Strato’s privacy policy:
https://www.strato.de/datenschutz/.
The use of Strato is based on section 6 (1 f) GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If a respective consent was requested, the processing is exclusively based on section 6 (1 a) GDPR und section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) in the sense of the TTDSG. The consent can be revoked at any time.
This website is additionally hosted by Kinsta. The personal data collected on this website are stored on the servers of the hoster(s). This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website.
External hosting is carried out for the purpose of contract fulfillment vis-à-vis our potential and existing customers (section 6 (1b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (section 6 (1f) GDPR). If a respective consent was requested, the processing is exclusively based on section 6 (1 a) GDPR und section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) in the sense of the TTDSG. The consent can be revoked at any time.
Our host(s) will process your data only to the extent necessary to fulfill its service obligations and to follow our instructions with respect to such data.
We use the following host(s):
Kinsta Inc, 8605 Santa Monica Blvd #92581, West Hollywood, CA 90069, USA Order Processing.
In doing so, we use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany (Cloudflare) to increase the security and delivery speed of our website. This is in accordance with our legitimate interest (section 6 (1f) GDPR). A CDN is a network of [weltweit] distributed servers capable of delivering optimized content to the website user. For this purpose, personal data may be processed in server log files by Cloudflare.
Cloudflare is a recipient of your personal data and acts as a processor for us. This is in accordance with our legitimate interest (section 6 (1) f) GDPR, not to operate a content delivery network ourselves.
You have the right to object to the processing.
The processing of the data provided under this section is not required by law or contract. The functionality of the website is not guaranteed without this processing.
Your personal data will be stored by Cloudflare for as long as necessary for the purposes described.
For more information on objection and removal options vis-à-vis Cloudflare, please visit: Cloudflare DPA
Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf
We have entered into a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that they process the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
3. General Notes and Mandatory Information
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how this is done and for what purpose.
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security risks. Complete protection of data against access by third parties is impossible.
The responsible party for data processing on this website is: ReSartus GmbH, CEO: Mr. Armin Deiri, Wagenburgstrasse 94, 70186 Stuttgart.
Phone: +49 (0) 711 – 995 22 22 0 E-mail: mail@resartus.de
The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.
If you have consented to data processing, we process your personal data on the basis of section 6 (1 a) GDPR or section 9 2 a) GDPR, if special categories of data according to section 9 (1) GDPR are being processed. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also carried out on the basis of section 49 (1 a) GDPR. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of section 25 (1) TTDSG. The consent can be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of section 6 (1 b) GDPR. Furthermore, we process your data insofar as this is necessary for the fulfillment of a legal obligation on the basis of section 6 (1 c) GDPR. The data processing may further be based on our legitimate interest according to section (1 f) GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. When these tools are active, your personal data can be transferred to and processed in these third countries. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, U.S. companies are obligated to release personal data to security authorities without you, the data subject, being able to take legal action against this. It can therefore not be ruled out that U.S. authorities (e.g. intelligence agencies) process, evaluate and permanently store your data located on U.S. servers for monitoring purposes. We have no influence on these processing activities.
Many data processing operations are only possible with your explicit consent. You can revoke an already given consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
If the data processing is based on section 6 (1 e or f) GDPR you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims (objection under section 21(1) of the GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to section 21 (2) GDPR).
In the event of breaches of the GDPR, subjects have a right of appeal to a regulatory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
Within the framework of the applicable legal provisions, you have the right at any time to free of charge Information about your stored personal data, their origin and recipients and the purpose of data processing and, if applicable, a right to correction or deletion of this data. You can contact us at any time with regard to this and other questions on the subject of personal data.
You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restrict processing exists in the following cases:
If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data happened/is happening unlawfully, you may request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
If you file an objection pursuant to section 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser address bar changes from “http://” to “https://” and by the lock symbol in your browser bar.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
The use of contact data published within the scope of the impressum obligation for the sending of not explicitly requested advertising and information material is hereby rejected. The operators of the pages explicitly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
4. Data Collection on this Website
Our websites use so-called “cookies”. Cookies are small data packages and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to analyze user behavior or display advertising.
Cookies that are necessary to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of section (1 f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically correct and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing section 6 (1 a) GDPR and section 25 (1) TTDSG); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When cookies are disabled, the functionality of this website may be limited.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this privacy policy and, if necessary, request your consent.
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
Browser type and version Operating system used Referrer URL
Host name of the accessing computer Time of the server request IP address
This data is not merged with other data sources.
The collection of this data is based on section 6 (1 f) GDPR. The website operator has a legitimate interest in the correct technical presentation and optimization of his website – for this purpose, the server log files must be recorded.
If you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact data you enter there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.
The processing of this data is based on section 6 (1 b) GDPR, provided that your request is related to the performance of a contract or for the implementation of pre-contractual measures . In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (section 6 (1f) GDPR) or on your consent (section 6 (1a) GDPR) if this has been requested; the consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.
If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not share this data without your consent.
The processing of this data is based on section 6 (1 b) GDPR, provided that your request is related to the performance of a contract or is necessary for the fulfillment of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (section 6 (1f) GDPR) or on your consent (section 6 (1a) GDPR) if this has been requested; the consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
5. Social Media
Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.
An overview of Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website on your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please see Facebook’s privacy policy at:
https://de-de.facebook.com/privacy/explanation.
Insofar as consent has been obtained, the aforementioned service is used on the basis of section 6 (1 a) GDPR and section 25 TTDSG. The consent can be revoked at any time. Unless consent has been obtained, the use of the service is based on our legitimate interest in achieving the greatest possible visibility on social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (section 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing by Facebook that takes place after the forwarding is not part of the joint responsibility. The obligations we share were set out in a joint processing agreement. The text of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for implementing the tool on our website in a secure manner in terms of data protection. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. information requests) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and
https://www.facebook.com/policy.php.
Functions of the Twitter service are integrated on this website. These functions are offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
When the social media element is active, a direct connection is established between your device and the Twitter server. Twitter thereby receives information about your visit to this website. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. We would like to point out that we
as the provider of the pages do not receive knowledge of the content of the transmitted data and its use by Twitter. For more information, please see Twitter’s privacy policy at: https://twitter.com/de/privacy.
Insofar as consent has been obtained, the aforementioned service is used on the basis of section 6 (1 a) GDPR and section 25 TTDSG. The consent can be revoked at any time. Unless consent has been obtained, the use of the service is based on our legitimate interest in achieving the greatest possible visibility on social media.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
You can change your privacy settings on Twitter in your account settings at https://twitter.com/account/settings.
On this website, functions of the service Instagram are integrated. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
When the social media element is active, a direct connection is established between your end device and the Instagram server. Instagram thereby receives information about your visit to this website.
If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.
Insofar as consent has been obtained, the aforementioned service is used on the basis of section 6 (1 a) GDPR and section 25 TTDSG. The consent can be revoked at any time. Unless consent has been obtained, the use of the service is based on our legitimate interest in achieving the greatest possible visibility on social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (section 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the forwarding is not part of the joint responsibility. The obligations we share were set out in a joint processing agreement. You can find the wording of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for implementing the tool on our website in a manner that is secure from a data protection perspective. Facebook is responsible for the data security of the Facebook or Instagram products. Data subject rights
(e.g. request for information) regarding the data processed by Facebook or Instagram can be asserted directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For more information, please see Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.
This website uses buttons and other elements of the Tumblr service. The provider is Tumblr, Inc, 35 East 21st St, 10th Floor, New York, NY 10010, USA.
When the social media element is active, a direct connection is established between your device and the Tumblr server. Tumblr thereby receives information about your visit to this website.
The Tumblr buttons allow you to share a post or page on Tumblr or follow the provider on Tumblr. When you visit one of our websites with a Tumblr button, the browser establishes a direct connection with Tumblr’s servers. We have no influence on the scope of the data that Tumblr collects and transmits with the help of this plugin. According to the current status, the IP address of the user and the URL of the respective website are transmitted.
Insofar as consent has been obtained, the aforementioned service is used on the basis of section 6 (1 a) GDPR and section 25 TTDSG. The consent can be revoked at any time. Unless consent has been obtained, the use of the service is based on our legitimate interest in achieving the greatest possible visibility on social media.
For more information, please see Tumblr’s privacy policy at: https://www.tumblr.com/privacy/de.
On this website, we use elements of the social network Pinterest, which is operated by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
When you visit a page that contains such an element, your browser establishes a direct connection to Pinterest’s servers. This social media element transmits log data to the Pinterest server in the USA. This log data may include your IP address, the address of websites you visit that also contain Pinterest features, browser type and settings, the date and time of the request, how you use Pinterest, and cookies.
Insofar as consent has been obtained, the aforementioned service is used on the basis of section 6 (1 a) GDPR and section 25 TTDSG. The consent can be revoked at any time. Unless consent has been obtained, the use of the service is based on our legitimate interest in achieving the greatest possible visibility on social media.
For more information on the purpose, scope and further processing and use of the data by Pinterest, as well as your rights in this regard and options for protecting your privacy, please refer to the Pinterest privacy policy:
https://policy.pinterest.com/de/privacy-policy.
6. Analysis-Tools und Advertisement
This website uses the WP Statistics analysis tool to statistically evaluate visitor traffic. Provider is Veronalabs, ARENCO Tower, 27th Floor, Dubai Media City, Dubai, Dubai 23816, UAE ( https://veronalabs.com).
WP Statistics allows us to analyze the use of our website. WP Statistics collects log files (IP address, referrer, browser used, origin of the user, search engine used) and actions that website visitors have taken on the page (e.g. clicks and views).
The data collected with WP Statistics is stored exclusively on our own server.
The use of this analysis tool is based on section 6 (1 f) GDPR. We have a legitimate interest in the anonymized analysis of user behavior in order to optimize both our website and our advertising. If a respective consent was requested, the processing is exclusively based on section 6 (1 a) GDPR und section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) in the sense of the TTDSG. The consent can be revoked at any time.
This website uses Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website will be transmitted to and stored by Google on servers in the United States.
In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
The use of this analysis tool is based on section 6 (1 f) GDPR. We have a legitimate interest in the anonymized analysis of user behavior in order to optimize both our website and our advertising. If a respective consent was requested, the processing is exclusively based on section 6 (1 a) GDPR und section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) in the sense of the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
7. Newsletter
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (section 6 (1a) GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to exist. We reserve the right to remove or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant section 6 (1 f) GDPR.
Data that has been stored by us for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of section 6 (1f) GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
8. Plugins and Tools
This website embeds videos from the website YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our websites on which YouTube is embedded, a connection to YouTube’s servers is established. This tells the YouTube server which of our pages you have visited.
Furthermore, YouTube may store various cookies on your device or use similar technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user experience, and prevent fraud attempts.
If you are logged into your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of section 6 (1 f) GDPR. If a respective consent was requested, the processing is exclusively based on section 6 (1 a) GDPR und section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) in the sense of the TTDSG. The consent can be revoked at any time.
For more information on the handling of user data, please see YouTube’s privacy policy at:
https://policies.google.com/privacy?hl=de.
This website uses plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages equipped with a Vimeo video, a connection to Vimeo’s servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
If you are logged into your Vimeo account, you allow Vimeo to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.
Vimeo uses cookies or similar recognition technologies (e.g. device fingerprinting) to recognize website visitors.
The use of Vimeo is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of section 6 (1 f) GDPR. If a respective consent was requested, the processing is exclusively based on section 6 (1 a) GDPR und section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) in the sense of the TTDSG. The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy.
For more information on how we handle user data, please see Vimeo’s privacy policy at:
https://vimeo.com/privacy.
This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to Google’s servers. This gives Google knowledge that this website was accessed via your IP address. The use of Google Fonts is based on section 6 (1 f) GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on his website. If a respective consent was requested, the processing is exclusively based on section 6 (1 a) GDPR und section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) in the sense of the TTDSG. The consent can be revoked at any time.
If your browser does not support Google Fonts, a default font is used by your computer.
For more information on Google Fonts, please visit https://developers.google.com/fonts/faq and see Google’s privacy policy: https://policies.google.com/privacy?hl=de.
This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is enabled, Google may use Google Fonts for the purpose of uniform font display. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of section 6 (1 f) GDPR. If a respective consent was requested, the processing is exclusively based on section 6 (1 a) GDPR und section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) in the sense of the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to verify whether the data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not made aware that an analysis is taking place.
The storage and analysis of the data is based on section 6 (1 f) GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. If a respective consent was requested, the processing is exclusively based on section 6 (1 a) GDPR und section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) in the sense of the TTDSG. The consent can be revoked at any time.
For more information about Google reCAPTCHA, please see the Google Privacy Policy and the Google Terms of Service at the following links:
https://policies.google.com/privacy?hl=de und
https://policies.google.com/terms?hl=de.
We use hCaptcha (hereinafter “hCaptcha”) on this website. The provider is Intuition Machines Inc 2211 Selig Dr, Los Angeles, CA 90026, United States (hereinafter “IMI”).
The purpose of hCaptcha is to verify whether the data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, hCaptcha analyzes the behavior of the website visitor based on various characteristics.
This analysis starts automatically as soon as the website visitor enters a website with hCaptcha enabled. For analysis purposes, hCaptcha evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to IMI. If hCaptcha is used in “invisible mode”, the analyses run completely in the background. Website visitors are not made aware that an analysis is taking place.
The storage and analysis of the data is based on section 6 (1 f) GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. If a respective consent was requested, the processing is exclusively based on section 6 (1 a) GDPR und section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) in the sense of the TTDSG. The consent can be revoked at any time.
Data processing is based on the Standard Contractual Clauses (SCC) contained in the Data Processing Addendum to IMI’s General Terms and Conditions or Data Processing Contracts.
For more information about hCaptcha, please see the Privacy Policy and Terms of Use at the following links:
https://www.hcaptcha.com/privacy und
https://hcaptcha.com/terms.
9. Own services
We have integrated Google Drive on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Drive allows us to include an upload area on our website where you can upload content. When you upload content, it is stored on Google Drive servers. When you visit our website, a connection to Google Drive is also established so that Google Drive can determine that you have visited our website.
The use of Google Drive is based on sec. 6 (1 f) GDPR. The website operator has a legitimate interest in a reliable upload area on its website. If a respective consent was requested, the processing is exclusively based on section 6 (1 a) GDPR; the consent can be revoked at any time.
Files uploaded by users on this website remain online for 30 days and are then automatically deleted. For order processing, the files are stored internally for a maximum of 12 months and are then automatically deleted. The user explicitly agrees to the storage of his voluntarily uploaded and entered data as well as their electronic storage and processing.
10. Carrying out Credit Checks and Debt Collection Measures.
If we make advance payments (e.g. delivery on account), we reserve the right to carry out a credit check on the basis of mathematical-statistical procedures in order to safeguard our legitimate interest in determining the solvency of our customers. The same applies to the implementation of collection measures against customers for invoices for which reminders have already been sent.
We transmit the personal data required for a credit check or debt collection measures in accordance with sec. 6 (1 f) GDPR to the following service provider:
Creditreform Stuttgart Strahler KG Theodor-Heuss-Str. 2
70174 Stuttgart
The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. We use the result of the credit assessment with regard to the statistical probability of default for the purpose of deciding on the establishment, performance or termination of a contractual relationship.
You can object to this processing of your data at any time by sending a message to the data processor or to the aforementioned credit agency. However, we may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
11. Contacting you for Rating Reminders
If you have given us your explicit consent for this during or after your order in accordance with sec. 6 (1 a) GDPR, we will send your e-mail address to the eKomi rating platform of eKomi Ltd, Markgrafenstraße 11, 10969 Berlin, (www.ekomi.de), so that they can send you a rating reminder by e-mail.
You may withdraw your consent at any time by sending a message to the data processor or to the rating platform.
If you have given us your explicit consent for this during or after your order in accordance with sec. 6 (1 a) GDPR, we will send your e-mail address to the rating platform Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www.trustedshops. de), so that they can send you a rating reminder by e-mail.
You may withdraw your consent at any time by sending a message to the data processor or to the rating platform.
If you have given us your explicit consent for this during or after your order in accordance with sec. 6 (1 a) GDPR, we will send your e-mail address to the rating platform Trustami GmbH, Friedrich-Wilhelm-Straße 68, 12103 Berlin, (www.trustami. com), so that they can send you a rating reminder by e-mail.
You may withdraw your consent at any time by sending a message to the data processor or to the rating platform.
12. Use of Payment Service Providers
If you choose a payment method of the payment service provider Stripe, the payment is processed via the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, to whom we transfer your information provided during the ordering process together with information about your order (name, address, account number, bank routing number, credit card number (if applicable), invoice amount, currency and transaction number) in accordance with sec. 6 (1 b) GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. For more information about Stripe’s privacy policy, please visit the URL https://stripe.com/de/terms.
13. CRM Systems
- First name
- Last name
- Title
- Company name
- Address (business)
- Internet address
- E-mail address
- Phone number
- Fax number
- Customer number
- Customer type
- Contact details
- Contact history
- Appointment details
- Data on interests
- Data on purchased goods or services
- Contract data
- Communication data
- Photos
- Occupation details
- Employees
- Customers
- Interested parties
- CRM service provider
- Employees in the company
- Processor
For the CRM system, a software system of a service provider in a third country (here: USA) is used. There is an order processing contract with the service provider. The appropriate level of data protection is guaranteed by the conclusion of the new EU standard contractual clauses of the EU Commission (as of 04.06.2021) in conjunction with an individual risk assessment.
In the case of personal data in the CRM system, a check is made after two years at the end of the respective calendar year to determine whether further storage is necessary. If there is no necessity, the data will be deleted.
Excluded from this are data that are to be classified as business letters within the meaning of the German Commercial Code (HGB) or as accounting-relevant data. The respective statutory retention obligations apply here.
We use various customer relationship management (CRM) systems on our website and in our operations.
Contact us via contact form / e-mail / fax / mail
- When contacting us via contact form, fax, mail or e-mail, your information will be processed for the purpose of handling the contact request.
- The legal basis for the processing of the data is, if you have given your consent, sec. 6 (1) p. 1 (a) GDPR. The legal basis for the processing of data transmitted in the course of a contact request or e-mail, letter or fax is sec. 6 (1) p. 1 (f) GDPR. The responsible party has a legitimate interest in processing and storing the data in order to be able to answer user inquiries, to preserve evidence for liability reasons and, if necessary, to be able to comply with its statutory retention obligations for business letters. If the contact is intended to conclude a contract, the additional legal basis for the processing is sec. 6 (1) (b) GDPR.
- We may store your information and contact request in our customer relationship management system (“CRM System”) or similar system. For this purpose, we use the services of SevDesk [SevDesk GmbH, Hauptstraße 115, 77652 Offenburg, Germany], among others. All persons entrusted with the processing of your personal data are bound in writing to data secrecy and the duty of confidentiality according to sec. 203 German Criminal Code (StGB).
- The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with you has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. We store requests from users who have an account or contract with us until two years after termination of the contract. In the case of legal archiving obligations, deletion takes place after their expiry: end of commercial law (6 years) and tax law (10 years) retention obligation.
- At any time you can withdraw your consent to the processing of personal data according to sec 6 (1) (a) GDPR. If you contact us by e-mail, you can object to the storage of personal data at any time.
For more information on data handling at SevDesk, see:
https://sevdesk.de/datenschutz/
DATA PROCESSING IN THE ONLINE STORE
To provide our online store on our site, we use the Shopify store solution, a service provided by Shopify Inc, 126 York Street, Suite 200, Ottawa, ON, Canada. If you initiate an order through our store, the following data is being processed by Shopify’s servers: Name, email, details of your order, shipping and billing address, payment details, company name, phone number, IP address, device information. This data processing is based on section 6 (b) GDPR and is necessary to ensure the smooth processing of your order. Shopify processes data exclusively in accordance with the “Privacy Shield Framework” standards and thus meets the European standards for legally compliant commissioned data processing.
For more information on Shopify’s data processing practices, see:
https://www.shopify.com/legal/privacy
The system is offered and operated by Hubspot, Inc, 25 First Street, Cambridge, MA 02141, USA. HubSpot allows us to centrally coordinate and manage various communication channels. We use HubSpot for the following channels:
• Contact (aposocial.de as well as our social media channels)
• Registration
• Chat
• Making appointments
• Newsletter
By integrating the CRM, HubSpot as the operator collects information (including personal data) and processes it. In the process, this data is transmitted to a third country (USA).
HubSpot is committed to complying with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework on the collection, use, and retention of personal data from member states of the EU and Switzerland, respectively. HubSpot has declared through certification that it complies with the Privacy Shield Principles.
In addition, we have entered into an order processing agreement with HubSpot pursuant to sec. 28 GDPR as well as an EU standard “Controller-to-Processor” contract regarding the export of data to the United States. By doing so, we obligate HubSpot, among other things, to process personal data according to our specifications and ensure enforceable rights of data subjects. The contract is available at https://legal.hubspot.com/de/dpa.
For more information about HubSpot’s data processing practices, see:
https://legal.hubspot.com/de/privacy-policy
The legal basis for the processing of your personal data via HubSpot is sec. 6 (1 f) GDPR. Our legitimate interest lies in handling contact and communication with customers and interested parties faster and more efficiently via a uniform system. In connection with the respective communication channels, we will inform you of the extent to which the provision of personal data is not required by law or contract. With regard to the integration of various communication channels in HubSpot, there is no legal obligation or contractual requirement.
Other Notes
Files uploaded by users on this website remain online for 30 days and are then automatically deleted. For order processing, the files are stored internally for a maximum of 12 months and are then automatically deleted. The user explicitly agrees to the storage of his voluntarily uploaded and entered data as well as their electronic storage and processing.
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to file a complaint with the competent supervisory authority.
You can contact us at any time with regard to this and other questions on the subject of data protection.
