We are very pleased about your interest in our company. Data protection is of particular importance to the management of uNaice. The use of the internet pages of uNaice is possible without any indication of personal data. However, if a data subject wishes to use special services of our company via our website, processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, shall always be carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations. By means of this data protection declaration, our company wishes to inform the public about the nature, scope and purpose of the personal data we collect, use and process. In addition, data subjects are informed about their rights by means of this data protection declaration.
As the controller, uNaice has implemented numerous technical and organisational measures to ensure the most complete protection of the personal data processed via this website. However, Internet-based data transfers can generally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, each data subject is free to transmit personal data to us in alternative ways, such as by telephone.
a) personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter ‘data subject’). Identifiable is a natural person who, directly or indirectly, directly or indirectly, by means of an identifier such as a name, identification number, location data, an online identifier or one or more special characteristics, which are of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b) the data subject
The data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing is any operation or series of operations carried out with or without the aid of automated procedures in connection with personal data such as the collection, collection, organisation, ordering, storage, adaptation or modification, the reading, querying, use, disclosure by transmission, distribution or any other form of provision, reconciliation or linking, restriction, deletion or destruction.
d) restriction of the processing
Restriction of the processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling is any type of automated processing of personal data consisting in the use of such personal data to assess certain personal aspects relating to a natural person, in particular to address aspects of the to analyse or predict this natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
g) responsible person or controller
The person responsible or controller for the processing is the natural or legal person, authority, body or other body that decides alone or jointly with others on the purposes and means of the processing of personal data. Where the purposes and means of such processing are specified by Union law or the law of the Member States, the controller or the specific criteria for his designation may be laid down in accordance with Union law or the law of the Member States. to become.
Processor is a natural or legal person, authority, body or other body that processes personal data on behalf of the controller.
The recipient is a natural or legal person, authority, body or other body to which personal data are disclosed, whether or not it is a third party. However, authorities which may receive personal data under a particular investigation under Union or Member State law shall not be deemed to be recipients.
j) third party
A third party is a natural or legal person, authority, body or other body other than the data subject, the controller, the processor and the persons who are under the direct responsibility of the controller or processor is authorised to process the personal data.
Consent is any expression of will voluntarily made by the data subject in an informed and unequivocal manner in the form ofa declaration or other unambiguous affirmative act by which the data subject indicates that he/she agrees to the processing of personal data concerning him or her.
2. Name and address of the controller
The person responsible for the General Data Protection Regulation, other data protection laws in force in the Member States of the European Union and other provisions of a data protection law nature is:
Tel.: +49 5203 99 88 010
Some of the websites use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies are used to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When disabling cookies, the functionality of this website may be limited.
Please make a selection. For more information on the effects of your selection, see Help.
Your selection has been saved!
To continue, you must make a cookie selection. Below you will find an explanation of the different options and their meaning.
- Allow all cookies:
Any cookie, such as for tracking and analysis
- Only allow first-party cookies:
Only cookies from this website.
- Do not allow cookies:
No cookies are set unless they are technically necessary cookies.
You can change your cookie setting at any time here: Privacy.
4. Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type/ browser version
- operating system used
- Referrer URL
- Host name of the accessing machine
- Time of server request
This data cannot be allocated to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use.
5. Newsletter distribution via Campaigns by Pipedrive
The newsletter is sent by the external service provider “Campaigns by Pipedrive”, a CRM system with limited liability and registered in the Commercial Register of the Republic of Estonia, number 11958539.
In order to receive the newsletter, each user must register using the so-called double-opt-in procedure.
The email addresses of our newsletter recipients, as well as their other data described in the context of this notice, are stored on Pipedrive’s servers in Estonia. Pipedrive uses this information to send and evaluate the newsletters on our behalf. Furthermore, according to its own information, Pipedrive may use this data to optimize or improve its own services, for example, to technically optimize the dispatch and presentation of the newsletters or for economic purposes to determine from which countries the recipients come. However, Pipedrive does not use the data of our newsletter recipients to write to them itself or pass the data on to third parties.
6. Newsletter tracking
The newsletters of uNaice contain so-called tracking pixels. A tracking pixel is a thumbnail that is embedded in such emails, which are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Using the embedded tracking pixel, the uNaice can detect if and when an email was opened by a data subject and which links in the e-mail were accessed by the data subject.
Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the controller in order to optimize the sending of newsletters and to improve the content of future newsletters even better the interests of the data subject. This personal data will not be passed on to third parties. Affected persons are entitled at any time to revoke the relevant separate declaration of consent, which is given via the double opt-in procedure. After a revocation, this personal data will be deleted by the controller. The unsubscribe from receipt of the newsletter automatically means the uNaice as a revocation.
7. Possibility of contact via the website
Due to legal regulations, the website of uNaice contains information that enables a quick electronic contact to our company as well as direct communication with us, which is also a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller via e-mail or a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller shall be stored for the purpose of processing or contacting the data subject. This personal data will not be passed on to third parties.
8. Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or if this is the case by the European legislator or another legislator has been provided for in laws or regulations to which the controller is subject.
If the purpose of the storage expires or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be processed routinely and in accordance with the legal requirements of the regulations are blocked or deleted.
9. Rights of the data subject
a) Right to confirmation
Each data subject shall have the right granted by the European legislator to require the controller to confirm whether personal data concerning him/her are being processed. If a data subject wishes to avay themselves of this right of confirmation, he or she may at any time contact an employee of the controller.
b) Right to information
Any person concerned by the processing of personal data shall have the right granted by the European legislator to provide, at any time free of charge, information from the controller of the information stored about him/her personal data and a copy of this information. In addition, the European legislator has provided the data subject with information on the following information:
- The processing purposes
- the categories of personal data that are processed
- the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular to recipients in third countries or to international organisations
- where possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration
- the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right of objection to such processing
- the existence of a right of appeal with a supervisory authority
- if the personal data are not collected from the data subject: all available information on the origin of the data
- the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of a such processing for the data subject.
- In addition, the data subject has a right of access as to whether personal data have been transferred to a third country or to an international organisation. In so far as this is the case, the data subject is also entitled to obtain information on the appropriate guarantees in connection with the transmission.
- If a data subject wishes to avay themselves of this right of access, he or she may at any time contact an employee of the controller.
c) Right to rectification
- Any person concerned by the processing of personal data shall have the right granted by the European legislator to request the immediate rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
- If a data subject wishes to avay themselves of this right of rectification, he or she may at any time contact an employee of the controller.
d) Right to erasure (right to be forgotten)
- Any person concerned by the processing of personal data shall have the right granted by the European legislator to require the controller to delete the personal data concerning him/her without delay, provided that: one of the following reasons and to the extent that processing is not necessary:
- The personal data have been collected for such purposes or processed in any other way for which they are no longer necessary.
- The data subject withdraws his consent, which is the subject of the processing in accordance with Article 6(4) of the 1 letter a GDPR or Article 9(3) 2 (a) GDPR and there is no other legal basis for processing.
- In accordance with Article 21(21) of the 1 GDPR objected to the processing and there are no primary legitimate grounds for processing, or the data subject submits in accordance with Article 21(4) of the 2 GDPR objection to processing.
- The personal data were processed unlawfully.
- The erasure of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data were collected in relation to information society services offered in accordance with Article 8(4) of the 1 GDPR.
- If one of the aforementioned reasons applies and a data subject wishes to request the deletion of personal data stored by uNaice, he or she may at any time contact an employee of the controller. The employee of uNaice will arrange for the deletion request to be complied with immediately.
- If the personal data has been made public by uNaice and our company is the controller in accordance with Art. 1 GDPR obliged to erase the personal data, uNaice shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, in order to other data controllers who are responsible for data processing, process the published personal data, inform that the data subject is aware of the deletion of all links to such personal data or of copies or copies of the data. replication of this personal data, insofar as the processing is not required. The employee of uNaice will arrange the necessary measures in individual cases.
- Any person concerned by the processing of personal data shall have the right granted by the European legislator to require the controller to delete the personal data concerning him/her without delay, provided that: one of the following reasons and to the extent that processing is not necessary:
e) Right to restrict processing
Any person concerned by the processing of personal data shall have the right granted by the European legislator to require the controller to restrict the processing if one of the following conditions is met:
- The accuracy of the personal data is disputed by the data subject for a period of time which enables the controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject refuses to delete the personal data and instead demands the restriction of the use of the personal data.
- The controller no longer needs the personal data for the purposes of processing, but the data subject needs it to assert, exercise or defend legal claims.
- The data subject has objected to the processing in accordance with Art. 1 GDPR filed and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.
If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by the uNaice, he or she may at any time contact an employee of the responsible. The employee of uNaice will arrange the restriction of processing.
f) Right to data portability
Any person concerned by the processing of personal data shall have the right granted by the European legislator, the personal data relating to him or her, which have been made available to a controller by the data subject, in a structured, common and machine-readable format. It also has the right to transfer such data to another controller without hindrance by the controller to whom the personal data have been provided, provided that the processing is subject to the consent given in accordance with Article 6(4) of the 1 letter a GDPR or Article 9(3) 2 Letter a GDPR or on a contract pursuant to Article 6(s) 1 letter b GDPR is based and the processing is carried out by means of automated procedures, provided that the processing is not necessary for the performance of a task which is in the public interest or in the exercise of official authority, which is transferred to the responsible persons.
In addition, in the exercise of his right to data portability in accordance with Article 20(20) of the case, the data subject must exercise the right to data portability. 1 GDPR has the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and if this does not affect the rights and freedoms of other persons to become.
In order to assert the right to data portability, the data subject may at any time contact an employee of uNaice.
g) Right to object
Any person concerned by the processing of personal data shall have the right granted by the European legislator to, for reasons arising from his particular situation, at any time against the processing of personal data concerning him or her. Data resulting from Article 6(6) 1 letter e or f GDPR, to appeal. This also applies to profiling based on these provisions.
uNaice will no longer process the personal data in the event of an objection, unless we can prove compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing of the data subject serves to assert, exercise or defend legal claims.
If the uNaice processes personal data in order to conduct direct marketing, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to uNaice’s processing for direct marketing purposes, the uNaice will no longer process the personal data for these purposes.
In addition, the data subject has the right, for reasons arising from his particular situation, to oppose the processing of personal data concerning him or her which is used by uNaice for scientific or historical research purposes or for statistical purposes. pursuant to Article 89(4) 1 GDPR shall be effected to object, unless such processing is necessary to perform a task in the public interest.
In order to exercise the right to object, the data subject may directly contact any employee of uNaice or any other employee. The data subject is also free to exercise his right of opposition in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures in which technical specifications are used.
h) Automated decisions on a case-by-case basis, including profiling
Any person concerned by the processing of personal data shall have the right granted by the European legislator, not a decision based solely on automated processing, including profiling. which has legal effect on it or which similarly significantly affects it, provided that the decision (1) does not apply to the conclusion or performance of a contract between the data subject and the controller. (2) is permitted by Union or Member State legislation to which the controller is subject, and that legislation is appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject or (3) with the express consent of the data subject.
If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) it is made with the express consent of the data subject, the uNaice shall take appropriate measures to ensure that the rights and freedoms and the legitimate interests of the data subject, including at least the right to the intervention of a person on the part of the controller, to express his or her point of view and to challenge the decision.
If the data subject wishes to exercise rights relating to automated decisions, he or she may at any time contact an employee of the controller.
i) Right to revoke consent under data protection law
Any person affected by the processing of personal data has the right granted by the European legislator to revoke consent to the processing of personal data at any time.
If the data subject wishes to exercise his right to withdraw consent, he or she may at any time contact an employee of the controller.
10. Sharing buttons
On the website we use privacy-proof “Shariff” buttons. “Shariff” was developed by specialists of the computer magazine c’t to provide more privacy on the net and to replace the usual “share” buttons of social networks. You can find more information about the Shariff project here: https://www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im-Einsatz-2470103.html
(1) We currently use the following social media plug-ins: Facebook, Google+, Twitter, Xing, LinkedIn. We use a data protection-friendly implementation technique (2-click method OR Shariff). This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the mark on the box above its initial letter or logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online offer. In addition, the data referred to in Section 5 of this declaration will be transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.
(2) We have no influence on the collected data and data processing operations, nor are we aware of the full scope of the data collection, the purposes of the processing, the storage periods. We also do not have any information on the deletion of the collected data by the plug-in provider.
(3) The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins, we pursue our interest in offering you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting and attractive for you as a user. The legal basis for the use of the plug-ins is Art. 1 p. 1 lit. f GDPR.
(4) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the plug-in provider.
(5) For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the privacy statements of these providers, which are provided below. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.
- a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; more information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- d) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
- e) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
The controller has integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service. Web analysis is the collection, collection and analysis of data on the behaviour of visitors to websites. A web analysis service collects, among other things, data on which website a data subject has come to a website (so-called referrers), which subpages of the website have been accessed or how often and for which length of stay a data subject has been underside. A web analysis is mainly used for optimizing a website and for cost-benefit analysis of Internet advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the addition “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this addendum, the IP address of the internet connection of the data subject is shortened by Google and anonymised if access to our Internet pages from a Member State of the European Union or from another Contracting State of the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse visitor flows on our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us, which show the activities on our website, and to further with the use of our website. website related services.
Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google will be able to analyse the use of our website. Each call-up to one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the Internet browser is displayed on the information technology system of the automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical procedure, Google becomes aware of personal data, such as the IP address of the data subject, which, among other things, serves To help Google understand the origin of the visitors and clicks and subsequently to pay commission sever to make possible.
The cookie is used to store personal information, such as the time of access, the place from which access was provided and the frequency of visits to our website by the data subject. Each time you visit our website, this personal data, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties.
The data subject can at any time prevent the setting of cookies by our website, as already shown above, by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
12. Lead feeder
Simultaneously with the use of Google Analytics, this website uses the Leadfeeder service, which is operated by Liidio Oy, Mikonkatu 17, 0100 Helsinki, Finland. Leadfeeder uses proprietary tracking technology to access the IP addresses of website visitors and links the list of IP addresses to information about the companies that can be found on the Internet at those IP addresses. Leadfeeder also uses Google Analytics to enrich this information. Due to the shortening of the IP addresses of the website visitors, which is also carried out by Leadfeeder, a direct personal reference is not established. A personal reference may arise from the review of the linked company information on the basis of presumption.
13. Appointment via Calendly
This website uses the service provider Calendly.com for the online appointment booking we offer. Calendly.com offers a external platform for IT-Seal employees and business partners to manage joint appointments. The appointment booking service is embedded in the source code of our website. You automatically use Calendly.com’s service when you use scheduling. Data is transferred to IT-Seal for documentation purposes. The data collected includes the registered name, which IP address at the time of the booked appointment, the date and time. This data, which is used exclusively for the management of business appointments, will not be passed on to third parties. By using the appointment booking service you agree to this. You can find more information at https://calendly.com/pages/privacy.
14. Document delivery via Beacon
uNaice uses the tool Beacon Publishing Ltd, 6 Trossachs Gardens, Belfast, Northern Ireland, BT10 0HX to deliver documents sent via links. Opening rates of documents and user behavior are tracked and stored. You automatically use the service of beacon.by when you access our documents. In the process, data is transferred to Beacon for documentation purposes. The data collected includes the registered name and mail address. This data used exclusively for documentation will not be passed on to third parties. By using the documents you agree to this. For more information please visit https://beacon.by/assets/docs/Privacy_Policy_Updated.pdf .
15. Use of hotjar
Our website uses hotjar’s hotjar web analytics service, Level 2, on some of our websites
St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, +1 (855) 464-6788, email@example.com
This tool records movements on the observed web pages in so-called heat maps. This allows us to anonymously identify where visitors click and how far they scroll. This allows us to make our website better and more customer-friendly.
The protection of your personal data is very important to us when using this tool. All data is collected without us being able to assign it to specific users. We can only understand how the mouse moves, where clicked and how far scrolled. It also captures the screen size of the device, the device type, browser information, the country accessed by the device, and the preferred language. If personal data is displayed on a website, Hotjar automatically hides it. They are therefore incomprehensible to us.
A “Do Not Track header” can prevent the use of the hotjar tool. Then no data will be collected about the visit to our website. To do this, the browser must set accordingly. A guide to this can be found at: http://www.akademie.de/wissen/do-not-track-datenschutz. The hotjjar tool alone can also be used by using the opt-out switch under https://www.hotjar.com/opt-out disable.
16. CRM System Pipedrive
Your data will be deleted from our CRM tool Pipedrive when we have processed your request and the purpose of the storage has ceased to exist and there are no other legal exceptions to the contrary. You can inform yourself at any time about the data stored about your person.
The controller has integrated components from PayPal on this website. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which represent virtual private or business accounts. PayPal also allows you to process virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is maintained via an email address, so there is no classic account number. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also assumes fiduciary functions and offers buyer protection services.
The European operator of PayPal is PayPal (Europe) S.A.R.L. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the data subject selects “PayPal” as a payment option during the ordering process in our online shop, data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.
The personal data transmitted to PayPal is usually first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data necessary for payment processing. In order to process the purchase contract, such personal data that are related to the respective order are also necessary.
The purpose of the transfer of data is to process payments and prevent fraud. The controller will transfer personal data to PayPal, in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the controller may be transmitted by PayPal to business information agencies. The purpose of this transmission is to verify identity and creditworthiness.
PayPal may share the personal data with affiliated companies and service providers or subcontractors to the extent necessary to fulfil the contractual obligations or to process the data on behalf.
The data subject has the possibility to revoke the consent to the handling of personal data to PayPal at any time. A revocation does not affect personal data, which must be processed, used or transmitted for (contractual) payment processing.
The applicable data protection regulations of PayPal can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
18. Legal basis of processing
Article 6 I lit. a GDPR serves as the legal basis for our company for processing operations where we obtain consent for a specific processing purpose. Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, in the case of processing operations necessary for the supply of goods or the provision of any other performance or consideration, the processing is based on Article 6 I lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Article 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or any other natural person. This would be the case, for example, if a visitor to our company were injured and his name, age, health insurance data or other vital information were then passed on to a doctor, hospital or other third party. Should. The processing would then be based on Article 6 I lit. d GDPR. Ultimately, processing operations could be based on Article 6 I lit. f GDPR. This legal basis is the basis for processing operations which are not covered by any of the above legal bases where the processing is necessary to safeguard the legitimate interest of our company or a third party, provided that the interests of the fundamental rights and freedoms of the person concerned. We are allowed to process such processing operations in particular because they have been specifically mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, second sentence, GDPR).
19. Legitimate interests in the processing pursued by the controller or a third party
Where the processing of personal data is based on Article 6 I lit. f GDPR is our legitimate interest in conducting our business for the benefit of all our employees and shareholders.
20. Duration for which the personal data are stored
The criterion for the duration of the storage of personal data is the respective legal retention period. After the expiry of the period, the corresponding data is routinely deleted, provided that it is no longer necessary for the performance of the contract or the initiation of the contract.
21. Legal or contractual regulations for the provision of personal data
Required for the conclusion of the contract; obligation on the data subject to provide the personal data; possible consequences of non-provisioning
We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that a data subject provides us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data when our company enters into a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before the data subject has provided personal data, the data subject must contact one of our employees. Our employee shall inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or whether it is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data. data and the consequences of non-provision of personal data.
22. Existence of automated decision making
As a responsible company, we do not require automatic decision-making or profiling.
Objection advertising emails
The use of contact data published within the scope of the imprint obligation for sending unsolicited advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, e.g. by spam e-mails.
We shall only be liable for damages, no matter what, in the event of intent and gross negligence as well as in the event of a breach of an essential contractual obligation (cardinal obligation). We shall be liable, with the limitation of compensation for the foreseeable typical damage, for such damages, which are based on a slightly negligent breach of cardinal duties by us. We shall not be liable in the event of a slightly negligent breach of ancillary obligations that are not cardinal duties.
Information on online dispute resolution
The EU Commission provides a platform for online dispute resolution on the Internet at the following link: https://ec.europa.eu/consumers/odr/.
This platform serves as a contact point for the out-of-court settlement of disputes arising from online purchase or online service contracts involving a consumer.
Where did we get your data from?
Due to the General Data Protection Regulation (GDPR), which came into force 25 May 2018, we hereby inform you that we have manually entered your personal data (full name, email address, telephone number and job position), as far as can be found, into our CRM (Customer Relation Management Tool) and store it there.
Your data will only be used for direct marketing, which according to the GDPR is considered a “legitimate interest”. You have the following rights in relation to your data: 1. You can ask us to delete all your data and not to store any data about you anymore. 2. You can ask for a copy of all data about you that we have stored. 3. You can ask us to update your data if we have stored incorrect data about you. If you wish to make use of one or more of these options, please reply to the email you have received with your request regarding your stored data.