Privacy Policy

Privacy Policy

Preamble

With the following privacy policy, we want to inform you about the types of your personal data (hereinafter also briefly referred to as "data") we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").

The terms used are not gender-specific.

Status: February 3, 2025

Table of Contents

Controller

Mr. Novic Aleksandar Radomir
Saatlenstrasse 170
8050 Zurich
Switzerland

Email address: info@yugomaniac.com

Imprint: www.yugomaniac.com

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Data Processed

  • Inventory data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.
  • Log data.

Categories of Data Subjects

  • Service recipients and clients.
  • Prospects.
  • Communication partners.
  • Users.
  • Business and contractual partners.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Tracking.
  • Office and organizational procedures.
  • Target group formation.
  • Organizational and administrative procedures.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.
  • Public relations.
  • Sales promotion.
  • Business processes and business management procedures.

Relevant Legal Bases

Relevant Legal Bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the GDPR regulations, national data protection provisions in your or our country of residence or establishment may apply. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you about them in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains specific provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transfer and automated decision-making in individual cases including profiling. Furthermore, state data protection laws of the individual federal states may apply.

National Data Protection Regulations in Austria: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Austria. This includes, in particular, the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Datenschutzgesetz – DSG). The Data Protection Act contains specific provisions on the right to information, the right to rectification or erasure, the processing of special categories of personal data, processing for other purposes, and transfer and automated decision-making in individual cases.

Relevant Legal Bases under the Swiss Data Protection Act: If you are located in Switzerland, we process your data on the basis of the Federal Act on Data Protection (FADP). Unlike the GDPR, for example, the Swiss FADP generally does not require a legal basis for the processing of personal data to be stated, and the processing of personal data must be carried out in good faith, lawfully and proportionately (Art. 6 para. 1 and 2 of the Swiss FADP). In addition, we only collect personal data for a specific purpose recognizable to the data subject and process it only in a manner compatible with this purpose (Art. 6 para. 3 of the Swiss FADP).

Note on the applicability of GDPR and Swiss FADP: This privacy policy serves to provide information both under the Swiss FADP and under the General Data Protection Regulation (GDPR). For this reason, we ask you to note that due to the broader spatial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms "processing" of "personal data", "overriding interest" and "particularly sensitive personal data" used in the Swiss FADP, the terms "processing" of "personal data" as well as "legitimate interest" and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms will continue to be determined according to the Swiss FADP within the scope of its applicability.

Security Measures

In accordance with legal requirements and considering the state of the art, implementation costs, the nature, scope, context and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

Measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, ensuring availability and its separation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data already during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions comply with the highest security standards. If a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Disclosure of Personal Data

In the course of our processing of personal data, it may happen that this data is transferred or disclosed to other entities, companies, legally independent organizational units or persons. These recipients may include, for example, service providers entrusted with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or disclosing/transferring data to other persons, entities or companies, this will only be done in accordance with legal requirements. If the data protection level in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers will only take place if the data protection level is otherwise secured, in particular through standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or in the case of contractual or legally required transmission (Art. 49 para. 1 GDPR). Furthermore, we will inform you about the bases of third country transfer for the individual third-country providers, whereby adequacy decisions shall apply preferentially as bases. Information on third-country transfers and existing adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de. Within the framework of the "Data Privacy Framework" (DPF), the EU Commission has also recognized the data protection level for certain companies from the USA as secure in the adequacy decision of July 10, 2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We will inform you within the privacy policy which of our service providers are certified under the Data Privacy Framework.

Disclosure of personal data abroad: According to the Swiss FADP, we only disclose personal data abroad if adequate protection for the data subjects is ensured (Art. 16 Swiss FADP). If the Federal Council has not found adequate protection (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we will take alternative security measures. These may include international agreements, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (FDPIC), or corporate privacy policies pre-approved by the FDPIC or a competent data protection authority of another country. According to Art. 16 of the Swiss FADP, exceptions for the disclosure of data abroad may be allowed if certain conditions are met, including the consent of the data subject, contract performance, public interest, protection of life or physical integrity, publicly disclosed data, or data from a legally provided register. These disclosures are always made in compliance with legal requirements. Within the framework of the "Data Privacy Framework" (DPF), Switzerland has recognized the data protection level for certain companies from the USA as secure in the adequacy decision of June 07, 2024. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We will inform you within the privacy policy which of our service providers are certified under the Data Privacy Framework.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal provisions as soon as the underlying consents are revoked or no further legal bases for processing exist. This applies to cases where the original processing purpose ceases to apply or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our privacy policy contains additional information on the retention and deletion of data that specifically apply to certain processing procedures.

If several indications for the retention period or deletion periods of data are provided, the longest period is always decisive.

If a period does not expressly begin on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in which data is stored, the event triggering the period is the effective date of termination or other termination of the legal relationship.

Data that is no longer used for its originally intended purpose but is retained due to legal requirements or other reasons will only be processed by us for the reasons justifying its retention.

Further information on processing processes, procedures and services:

  • Retention and deletion of data: The following general periods apply to retention and archiving under German law:
    • 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, and the related work instructions and other organizational documents (§ 147 para. 1 no. 1 in conjunction with para. 3 AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 in conjunction with para. 4 HGB).
    • 8 years - Accounting vouchers, such as invoices and expense receipts (§ 147 para. 1 no. 4 and 4a in conjunction with para. 3 sentence 1 AO and § 257 para. 1 no. 4 in conjunction with para. 4 HGB).
    • 6 years - Other business documents: received commercial or business letters, reproductions of dispatched commercial or business letters, other documents insofar as they are relevant for taxation, e.g., hourly wage slips, cost accounting sheets, calculation documents, price labels, but also payroll documents, unless they are already booking vouchers, and cash register receipts (§ 147 para. 1 no. 2, 3, 5 in conjunction with para. 3 AO, § 257 para. 1 no. 2 and 3 in conjunction with para. 4 HGB).
    • 3 years – data required to address potential warranty and damage claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and common industry practices, will be stored for the duration of the regular statutory limitation period of three years (Sections 195, 199 BGB).
  • Data Retention and Deletion: The following general periods apply to data retention and archiving under Austrian law:
    • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, booking vouchers and invoices, as well as all necessary work instructions and other organizational documents (Federal Fiscal Code (BAO §132), Commercial Code (UGB §§190-212)).
    • 6 years – Other business documents: Received commercial or business letters, copies of sent commercial or business letters, and other documents, provided they are relevant for tax purposes. This includes, for example, hourly wage slips, operating cost sheets, calculation documents, price markings, and payroll records, provided they are not already booking vouchers and cash register receipts (Federal Fiscal Code (BAO §132), Commercial Code (UGB §§190-212)).
    • 3 years – Data required to address potential warranty and damage claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and common industry practices, will be stored for the duration of the regular statutory limitation period of three years (Sections 1478, 1480 ABGB).
  • Data Retention and Deletion: The following general periods apply to data retention and archiving under Swiss law:
    • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, booking vouchers and invoices, as well as all necessary work instructions and other organizational documents (Art. 958f of the Swiss Code of Obligations (OR)).
    • 10 years – Data necessary to consider potential damage claims or similar contractual claims and rights, as well as for processing related inquiries, based on previous business experience and usual industry practices, will be stored for the period of the statutory limitation period of ten years, unless a shorter period of five years is applicable, which applies in certain cases (Art. 127, 130 OR). Claims for rent, lease and capital interest as well as other periodic payments, from the supply of food, for board and for tavern debts, as well as from artisanal work, small sales of goods, medical care, professional work of lawyers, legal agents, procurators and notaries and from the employment relationship of employees expire after five years (Art. 128 OR).

Rights of the Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, particularly those arising from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1) lit. e or f GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to withdraw consent: You have the right to withdraw given consent at any time.
  • Right of access: You have the right to request confirmation as to whether data concerning you are being processed and to information about these data, as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: You have the right, in accordance with legal requirements, to request the completion of the data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to demand that data concerning you be erased without undue delay, or, alternatively, in accordance with legal requirements, to demand a restriction of the processing of the data.
  • Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, in accordance with legal requirements, or to request their transmission to another controller.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

Rights of data subjects under the Swiss DPA:

As a data subject, you have the following rights in accordance with the provisions of the Swiss DPA:

  • Right of access: You have the right to request confirmation as to whether personal data concerning you are being processed, and to receive the information necessary to enable you to exercise your rights under this law and to ensure transparent data processing.
  • Right to data disclosure or transfer: You have the right to request the disclosure of your personal data that you have provided to us in a common electronic format.
  • Right to rectification: You have the right to request the rectification of inaccurate personal data concerning you.
  • Right to object, erasure and destruction: You have the right to object to the processing of your data, and to request that personal data concerning you be erased or destroyed.

Business Services

We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as "contractual partners"), within the scope of contractual and similar legal relationships, as well as related measures and with regard to communication with contractual partners (or pre-contractual), for example, to answer inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedies for warranty and other performance disruptions. Furthermore, we use the data to safeguard our rights and for the purpose of administrative tasks associated with these obligations, as well as for corporate organization. We also process the data based on our legitimate interests in proper and economically sound business management, as well as in security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information, and rights (e.g., for the involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within the framework of applicable law, we only pass on data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about further forms of processing, e.g., for marketing purposes, within the framework of this privacy policy.

We inform contractual partners, before or during data collection, e.g., in online forms, by special marking (e.g., colors) or symbols (e.g., asterisks or similar), or personally, which data are required for the aforementioned purposes.

We delete the data after the expiry of legal warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal archiving reasons (e.g., for tax purposes, generally ten years). Data disclosed to us by the contractual partner in the context of an order will be deleted by us in accordance with the specifications and generally after the end of the order.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or phone numbers); contract data (e.g., subject of contract, term, customer category); usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, involved persons).
  • Data subjects: Service recipients and clients; prospective customers. Business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures. Business processes and commercial procedures.
  • Retention and deletion: Deletion according to information in the section "General information on data storage and deletion".
  • Legal bases: Performance of contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR); Legal obligation (Art. 6(1) sentence 1 lit. c) GDPR). Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Online shop, order forms, e-commerce and delivery: We process our customers' data to enable them to select, purchase, or order the chosen products, goods, and associated services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, freight, and shipping companies, to carry out the delivery or execution for our customers. For payment processing, we use the services of banks and payment service providers. The required information is marked as such within the order or comparable acquisition process and includes the details required for delivery or provision and billing, as well as contact information to enable any consultation; Legal bases: Performance of contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b) GDPR).

Provision of the Online Offer and Web Hosting

We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, involved persons). Log data (e.g., log files regarding logins or data retrieval or access times).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers etc.)). Security measures.
  • Retention and deletion: Deletion according to information in the section "General information on data storage and deletion".
  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". Server log files may include the address and name of the accessed web pages and files, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to prevent overloading of the servers (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure the utilization and stability of the servers; Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is necessary for evidentiary purposes are excluded from deletion until the final clarification of the respective incident.

Use of Cookies

The term "cookies" refers to functions that store information on users' devices and read it from them. Cookies can also be used for various purposes, such as the functionality, security, and convenience of online offerings, and the creation of analyses of visitor flows. We use cookies in accordance with legal regulations. If necessary, we obtain the users' consent in advance. If consent is not necessary, we rely on our legitimate interests. This applies when the storage and reading of information is essential to provide expressly requested content and functions. This includes, for example, the storage of settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We clearly inform about their scope and which cookies are used.

Information on legal bases under data protection law: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage period: With regard to the storage period, the following types of cookies are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved and preferred content can be displayed directly when the user revisits a website. Similarly, user data collected using cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., within the scope of obtaining consent), they should assume that these are permanent and the storage duration can be up to two years.

General notes on revocation and objection (opt-out): Users can revoke their given consents at any time and also declare an objection to the processing in accordance with legal requirements, also by using their browser's privacy settings.

  • Types of data processed: Meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, involved persons).
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f) GDPR). Consent (Art. 6(1) sentence 1 lit. a) GDPR).

Further information on processing processes, procedures and services:

  • Processing of cookie data based on consent: We use a consent management solution that obtains users' consent to the use of cookies or to the procedures and providers mentioned in the consent management solution. This procedure serves to obtain, log, manage, and revoke consent, particularly with regard to the use of cookies and similar technologies that are used to store, read, and process information on users' end devices. Within the framework of this procedure, users' consent is obtained for the use of cookies and the associated processing of information, including the specific processing operations and providers mentioned in the consent management procedure. Users also have the option to manage and revoke their consent. The consent declarations are stored to avoid re-querying and to be able to provide proof of consent in accordance with legal requirements. Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies to be able to assign the consent to a specific user or their device. If no specific information is available regarding the providers of consent management services, the following general information applies: The storage period of consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of consent (e.g., relevant categories of cookies and/or service providers) as well as information about the browser, system, and the end device used; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, telephone, or via social media) and within the framework of existing user and business relationships, the data of the inquiring persons are processed to the extent necessary to answer contact inquiries and any requested measures.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., text or image messages and posts and related information, such as authorship or time of creation); Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Affected persons: Communication partners.
  • Purposes of processing: Communication; Organizational and administrative procedures; Feedback (e.g., collecting feedback via online form). Provision of our online offer and user-friendliness.
  • Retention and deletion: Deletion according to information in the "General information on data retention and deletion" section.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Performance of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing processes, procedures and services:

  • Contact form: When contacting us via our contact form, by e-mail or other communication channels, we process the personal data transmitted to us to answer and process the respective request. This usually includes details such as name, contact information and, if applicable, other information provided to us that is necessary for appropriate processing. We use this data exclusively for the stated purpose of contact and communication; Legal bases: Performance of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Newsletter and electronic notifications

We send newsletters, e-mails and other electronic notifications (hereinafter "newsletters") only with the consent of the recipients or on the basis of a legal permission. If the content of a newsletter is described during registration, this content is decisive for the users' consent. For registration to our newsletter, usually providing your e-mail address is sufficient. However, to provide you with a personalized service, we may ask for your name for a personal address in the newsletter or for further information if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to be able to prove a previously given consent. The processing of this data will be limited to the purpose of a potential defense against claims. An individual deletion request is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the case of obligations to permanently observe contradictions, we reserve the right to store the email address for this purpose alone in a block list (so-called "blocklist").

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper course. Insofar as we commission a service provider with the sending of e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

Contents:

Information about us, our services, promotions, and offers.

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons). Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Affected persons: Communication partners.
  • Purposes of processing: Direct marketing (e.g., by email or postal mail).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).
  • Right to object (Opt-Out): You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to continued receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options given above, preferably email, for this purpose.

Further information on processing processes, procedures and services:

  • Measurement of open and click rates: The newsletters contain a so-called "web beacon", i.e., a pixel-sized file that is retrieved from our server, or that of our shipping service provider, when the newsletter is opened. As part of this retrieval, technical information, such as details of the browser and your system, as well as your IP address and the time of retrieval, are collected. This information is used for the technical improvement of our newsletter based on technical data or target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or access times. This analysis also includes determining whether and when the newsletters are opened and which links are clicked. The information is assigned to the individual newsletter recipients and stored in their profiles until deletion. The evaluations serve to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of open and click rates and the storage of the measurement results in the user profiles - This text area needs to be unlocked with a premium license. - premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext ; Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Commercial communication via email, postal mail, fax, or telephone

We process personal data for the purpose of commercial communication, which can take place via various channels, such as email, telephone, postal mail, or fax, in accordance with legal requirements.

Recipients have the right to revoke granted consents at any time or to object to commercial communication at any time.

After revocation or objection, we will store the data required to prove previous authorization for contact or sending for up to three years after the end of the year of revocation or objection, based on our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. Based on the legitimate interest to permanently observe the users' revocation or objection, we also store the data necessary to prevent renewed contact (e.g., depending on the communication channel, the email address, phone number, name).

  • Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Contact data (e.g., postal and email addresses or telephone numbers). Content data (e.g., text or image messages and posts and related information, such as authorship or time of creation).
  • Affected persons: Communication partners.
  • Purposes of processing: Direct marketing (e.g., by email or postal mail); Marketing. Sales promotion.
  • Retention and deletion: Deletion according to information in the "General information on data retention and deletion" section.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Online Marketing

We process personal data for the purpose of online marketing, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as "content") based on potential user interests, as well as the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called "cookie") or similar procedures are used, by means of which the information relevant for the display of the aforementioned content is stored about the user. This may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used, and information on usage times and functions used. If users have consented to the collection of their location data, this data may also be processed.

In addition, users' IP addresses are stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) for user protection. Generally, in the context of online marketing procedures, no clear data of users (such as email addresses or names) are stored, but pseudonyms. This means that neither we nor the providers of the online marketing procedures know the actual user identity, but only the information stored in their profiles.

The statements in the profiles are generally stored in cookies or by means of similar procedures. These cookies can later generally also be read on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content, as well as supplemented with further data and stored on the server of the online marketing procedure provider.

In exceptional cases, it is possible to assign clear data to the profiles, primarily when users are, for example, members of a social network whose online marketing procedure we use and the network links the user profiles with the aforementioned information. We ask you to note that users can make additional agreements with the providers, for example, through consent during registration.

We generally only gain access to aggregated information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a conclusion of a contract with us. The conversion measurement is used solely for the success analysis of our marketing measures.

Unless otherwise specified, please assume that cookies used are stored for a period of two years.

Information on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Information on revocation and objection:

We refer to the privacy policies of the respective providers and the objection options (so-called "Opt-Out") indicated for the providers. If no explicit opt-out option has been provided, it is possible to disable cookies in your browser settings. However, this may restrict functions of our online offering. We therefore also recommend the following opt-out options, which are collectively offered for respective areas:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://www.youradchoices.ca/choices.

c) USA: https://www.aboutads.info/choices.

d) Cross-regional: https://optout.aboutads.info.

  • Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); Tracking (e.g., interest-/behavior-based profiling, use of cookies); Audience targeting; Marketing. Profiles with user-related information (creation of user profiles).
  • Retention and deletion: Deletion according to information in the "General information on data retention and deletion" section. Storage of cookies for up to 2 years (Unless otherwise specified, cookies and similar storage methods may be stored on users' devices for a period of two years.).
  • Security measures: IP masking (pseudonymization of the IP address).

Social network presences (Social Media)

We maintain online presences within social networks and, in this context, process user data to communicate with active users there or to offer information about ourselves.

We point out that user data may be processed outside the European Union. This can lead to risks for users, as, for example, the enforcement of user rights could be made more difficult.

Furthermore, user data within social networks is typically processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and resulting interests. These profiles may then be used to display advertisements both within and outside the networks that presumably match the users' interests. Therefore, cookies are usually stored on users' computers, storing their usage behavior and interests. In addition, data independent of the devices used by users can also be stored in the usage profiles (especially if they are members of the respective platforms and logged in there).

For a detailed description of the respective processing methods and opt-out options, please refer to the privacy policies and information provided by the operators of the respective networks.

Also, in the case of requests for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the latter have access to the user data and can directly take appropriate measures and provide information. Should you still need assistance, you can contact us.

  • Types of data processed: Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or visual messages and posts and related information, such as authorship or creation time). Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Communication; Feedback (e.g., collecting feedback via online form). Public relations.
  • Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Instagram: Social network, allows sharing photos and videos, commenting on and liking posts, sending messages, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland).
  • Facebook Pages: Profiles within the social network Facebook - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called "Fanpage"). This data includes information about the types of content users view or interact with, or actions they take (see "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, so-called "Page Insights", to page operators so that they can gain insights into how people interact with their pages and with the content associated with them. We have entered into a special agreement with Facebook ("Page Insights Information", https://www.facebook.com/legal/terms/page_controller_addendum), which, in particular, regulates what security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e., users can, for example, address requests for information or deletion directly to Facebook). The rights of users (in particular to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Page Insights Information" (https://www.facebook.com/legal/terms/information_about_page_insights_data). The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which particularly concerns the transfer of data to the parent company Meta Platforms, Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland).

Plugins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the users, as they would not be able to send the content to their browser without the IP address. The IP address is therefore necessary for the display of this content or functions. We endeavor to use only such content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Through the "pixel tags", information such as visitor traffic on the pages of this website can be evaluated. The pseudonymized information can also be stored in cookies on the user's device and, among other things, contain technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offering, but can also be linked to such information from other sources.

Information on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g., IP addresses, time information, identification numbers, involved persons).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness.
  • Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years.).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke