Privacy Policy
Privacy Policy
PRIVACY POLICY
Privacy Information
This page contains information about how we handle personal data on our website.
I. Scope
With this document, the person responsible would like to fulfill his information obligations in accordance with Art. 13 of the General Data Protection Regulation (GDPR) towards those affected. This data protection information is published under https://blog.findeling.de/datenschutzrichtlinie and is valid since January 2022. Due to the further development of our website or due to changed legal or official requirements, it may become necessary to change this data protection information. The amended version will be announced to you here.
II. Who is responsible for data processing?
The one according to Art. 4 No. 7 GDPR, the person responsible for data processing is:
Oliver Bock, Findeling GmbH, Westhafenplatz 1, 60327 Frankfurt, telephone: 049/ 1739977353, e-mail: oliver.bock@findeling.com. Das full legal notice is available under the following link: https://blog.findeling.de/impressum/
III. Why do we process your data?
III.1 Log files / hosting
If you visit our website without registering or otherwise providing us with information, we only collect the following data that your browser transmits to our server (so-called “Server log files”):
The individual pages of our website (URL)
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you accessed the page
Browser used
Operating system used
IP address used (if applicable. in anonymized form)
Our website is stored by a hosting provider and made available for retrieval. The web server used stores the aforementioned server log files.
Purpose of processing: Hosting the website
Legal basis and legitimate interests: Processing is carried out on the basis of our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) on the security and stability of our internet presence by commissioning a service provider to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services
Data recipient: WordPress Ltd., https://wordpress.com/
Privacy information from WordPress Ltd.: https://automattic.com/de/privacy/
Third country transfer: Wix.com Ltd. is based in Israel. In this regard, the European Commission decided that Israel provides adequate protection for personal data of citizens from EU member states.
IV.2 Cookies
IV.2a General
(aa) Definitions
Below you will find extensive information about so-called “cookies” and other storage technologies (“Web Storage”). This is information that is often stored in databases on your device. Any type of “cookie” or “Web storage” may contain personal data. In many cases, however, the data is pseudonymized. The following terms may be used: used below:
First-party cookie: This cookie is stored or modified by the website you are currently surfing
Third-party cookie: This cookie is stored or modified by third parties with which the website operator is connected (e.g. b an advertising network, a social media platform, etc.ä)
Session cookie: This cookie is deleted from your device when you close the browser. A session cookie often only stores a session ID in order to assign multiple requests from a user on a page to their session
Persistent cookie: This cookie is stored on your device until its validity expires or you delete it manually or automatically Delete browser
Strictly necessary: Without this cookie and web storage, the service you have requested cannot be provided
Optional: This cookie and web storage enables us to use additional functions and is only used if you Give your consent to this
Local Storage: Belongs to the so-called “Web Storage” This information is also stored in your web browser until manually deleted.
Session Storage: Belongs to the so-called “Web Storage” This information is also stored in your web browser until you close the browser window.
(bb) Legal basis
Strictly necessary cookies and web storage: The storage of information and access to it are based on the legal basis of Section 25 (2) No. 2 TTDSG.
Optional cookies and web storage: The storage of information and access to it are based on the legal basis of your individual personal and voluntary consent in accordance with Section 25 (1) TTDSG in conjunction with.vm Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect. Data processing remains lawful until revocation. Please note that if you do not accept optional cookies, individual functions of our website may be restricted
(cc) Data recipient / access option
First-party cookies: Only we as the data controller and site operator have access to these.
Third-party cookies: Only the third party who has set these cookies themselves has access to this. For example, only Google has access to a cookie set by Google and can read or change it.
Web storage: Only we as those responsible for data processing and site operators have access to this.
(dd) Storage period
Session cookies: These only remain temporarily stored in your browser until the end of the browser session or can be deleted by you beforehand.
Persistent cookies: These remain stored on your device for as long as specified for the respective cookie or can be deleted by you beforehand.
Local storage: This remains stored until manually deleted.
Session storage: This remains stored until the browser window is closed.
The exact storage period is specified under “Cookies used and web storage”.
(ee) Deletion options / objection
Please note that you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or not to accept cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/
A general objection to the use of cookies used for online marketing purposes can be made for a large number of services, especially in the case of tracking, via the US website https://www.aboutads.info/choices/ or the EU website https://www.youronlinechoices.com/ can be explained.
IV.2b Cookies used
In the following overview we list the absolutely necessary first-party cookies used on our website and the purpose of data processing:
consent-policy (persistent cookie)
Purpose : Stores the user's cookie preferences
Validity period: 1 year
hs (session cookie)
Purpose: Used for security reasons
Validity period: Until the end of the browser session
smSession (Persistent Cookie)
Purpose: Used to identify logged in website members
Validity period: 2 weeks
ssr-caching (Persistent Cookie)
Purpose: Used to display the system from which the website was rendered
Validity period: 1 min.
svSession (Persistent Cookie)
Purpose: Used in connection with user login
Validity period: 2 years
XSRF TOKEN (Session Cookie)
Purpose : Is used for security reasons
Validity period: Until the end of the browser session
In the following overview we list the optional third-party cookies from Wix used on our website and the purpose of data processing:
bSession (Persistent Cookie)
Purpose: Used to measure system effectiveness
Validity period: 20 minutes
TS* (Session Cookie)
Purpose: Used for security reasons and to combat fraud
Validity: Until the end of the browser session
In the overview below we list the optional third-party cookies from Google used on our website and the purpose of data processing on:
_ga (Persistent Cookie)
Purpose: Registers a unique ID that is used to generate statistical data about how the visitor uses the website.
Validity period: 2 years
_gid (Persistent Cookie)
Purpose: Registers a unique ID that is used to generate statistical data about how the visitor uses the website.
Validity period: 1 day
_gat_gtag_UA (Persistent Cookie)
Purpose: Used by Google Analytics to limit the request rate.
Validity period: 1 minute
IV.3 Contact
If you contact us (e.g. b Personal data is collected via contact form, email, telephone, fax). Which data is collected in the case of a contact form can be seen from the respective contact form. This data is used exclusively for the purpose of answering your request or stored and used for contact and the associated technical administration. Without this mandatory information we cannot process your request. All other details are optional.
Purpose of processing: Answering your request
Legal basis: Art. 6 para. 1 lit. b GDPR for pre- or contractual matters. Art. 6 para. 1 lit. a GDPR for your voluntary information.
Recipient of the data: Email service provider for emails, hosting provider for contact form requests
Storage period: Your data will be deleted after your request has been processed. This is the case if it can be seen from the circumstances that the matter in question has been conclusively clarified and if there are no legal retention obligations to the contrary. For pre- and contractual matters, your request will be stored until the contract is terminated and processing will then be restricted. If there is no longer a legal reason for storage, the data will be deleted.
IV.4 Chat
Intercom by Intercom R&D Unlimited Company
Our website uses technologies from Intercom R&D Unlimited Company. For this purpose, anonymized data is collected and stored for the purpose of web analysis and to operate the live chat system to answer live support requests. Usage profiles can be created from this anonymized data under a pseudonym.
Data recipient: 2nd Floor, Stephen Court, 18-21 Saint Stephen’s Green, Dublin 2; Intercom, Inc. a Delaware corporation with offices at 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA
Data protection declaration from Intercom: https://www.intercom.com/legal/privacy
Legal basis and legitimate interests: The data is passed on based on our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) on the security and stability of a professional live chat system.
Transfer to third countries: The data is processed outside the scope of the European Union, in Israel.
Storage period: Regarding the storage period at Wix, we refer to their data protection declaration. We store your data until your request has been processed. If the inquiry leads to a contract being concluded, the storage period applies to customers.
IV.5 Newsletter
We send newsletters by email to our customers with information about our company, our products, services, promotions and offers. The newsletter is sent out monthly at most.
Purpose of processing: direct marketing, customer communication
Legal basis and legitimate interests: The sending is based on our legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR) on regular customer communication and sales promotion through direct marketing.
Right to object (opt-out): You can object to the sending of our newsletter at any time with effect for the future by informing us by email (see above under responsible person) or by clicking on the link at the end of each newsletter can be found.
Storage period: Your data will be stored until you object. They will then be restricted in processing and blocked from further sending the newsletter.
If named below, we use the following service provider:
Mailchimp
The newsletter service provider uses cookies and other tracking technologies to inform you about the email address and, if necessary. to collect and process the following data in addition to the names of the newsletter recipients:
IP address, device information (hardware, operating system, web browser, unique device identifier), connection information and device locations
The newsletters sent contain so-called. Web beacons that record the recipient's interaction with the newsletter (e.g. b Open the newsletter, click on the links contained there).
Data recipient: The Rocket Science Group (Mailchimp), LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA
Mailchimp privacy policy: https://www.intuit.com/privacy/statement/
Legal basis and legitimate interests: The data is passed on based on our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) on the security and stability of a legally compliant newsletter system incl. automated double opt-in and verifiability of user registrations.
Transfer to third countries: The data is processed outside the scope of the European Union, in Israel.
Appropriate safeguards: With regard to Israel, the European Commission decided that Israel offers adequate protection for personal data of citizens from EU member states (Art. 45 GDPR).
Storage period: Your data will be stored until you revoke your consent. Afterwards, their processing will be restricted and stored for up to three years in order to be able to provide legal proof of previously given consent.
IV.6 Events
For booking events, we have integrated a booking mask on certain pages of our website, which can be used to book tickets. Our events are held on site and online. The information on the event overview is decisive.
Purpose of processing: Carrying out the event, if necessary. Billing
Legal basis: Registration for the event constitutes a contract in accordance with Art. 6 para. 1 lit. b GDPR.
Data recipient: The registration data is used for planning, organization, implementation and, if necessary. Billing to the people involved in these tasks or company forwarded. If this involves order processing, we have an order processing agreement with these companies in accordance with Art. 28 GDPR closed to secure your personal data.
Storage period: We store the registration data until the event has been completed and for 3 years beyond if it is a paid event.
With regard to online events, reference is made to data processing by Google:
Video conference via Google Meet
When using Google Meet, the following data is processed:
Information to the user: first name, last name, telephone (optional), email address, password (if “single sign-on” is not used), profile picture (optional), department (optional)
Meeting metadata: topic , Description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting -Chats.
When dialing in with the telephone: information about the incoming and outgoing phone number, country name, start and end time. Possibly. Additional connection data such as:b the IP address of the device is saved.
Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make will be processed in order to display them in the “online meeting” and, if necessary. to log. In order to enable the display of video and the playback of audio, the data from the microphone of your device and any video camera on the device are processed for the duration of the meeting. You can turn off the camera or microphone yourself at any time using the Google Meet applications. mute.
To take part in an “online meeting” or To enter the “meeting room”, you must at least provide your name.
Purpose of processing: We use the Google Meet tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). Google Meet is a service provided by Google Inc., which is based in the USA.
Responsible: We are primarily responsible for the use of Google Meet. If you access Google via its website, the responsible party is: Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Legal basis and legitimate interests: If the events are carried out within the framework of a contract, Art. 6 para. 1 lit. b) GDPR legal basis. If the online meeting is not carried out on the basis of a contract, the legal basis is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is in the effective, stable, secure and professional conduct of “online meetings”, telephone conferences, video conferences and webinars.
Data recipient: Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google privacy policy: https://policies.google.com/privacy?
Third country transfer: The data is processed outside the scope of the European Union, in the USA.
IV.7 Photo/video recordings at events
If you take part in a face-to-face event organized by us, you can take photos or videos as part of this event. Video recordings of the participants are created, which are published together with information about the location, time and purpose of the event.
Purpose of data processing: Documentation of the event for publication on our company website, our social media profiles and company brochures for advertising purposes.
Legal basis: Art. 6 para. 1 p. 1 lit. f GDPR
Legitimate interests: advertising our company, public relations, direct advertising
Data recipients: if applicable. Photographer; Advertising agency
Storage period: Recordings that are not used after the event will be deleted immediately.
IV.8th Social media
Our website uses social plugins from various social networks. In order to increase the protection of your data when you visit our website, these buttons are not fully integrated into the page as plugins, but rather simply using an HTML link. This type of integration ensures that when you access a page on our website that contains such buttons, no connection is established to the servers of the respective social network. When you click the button, a new browser window will open and go to the social network page. Possibly. After entering your login details, you can then use the function provided (e.g.b “like” or “share”).
By clicking on the respective plugin, you give us your personal consent to transfer data to the respective social network. In particular, your IP address will be transmitted to the respective social network. The legal basis for this is Art. 6 para. 1 lit. a GDPR. You have the right to revoke your consent at any time. Data processing remains lawful until revocation. The revocation only applies to the future.
The following social networks are used:
Instagram
Instagram is a service provided by Facebook
Data recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Instagram”), parent company: Facebook Inc., 1 Hacker Way, 94025 Menlo Park, California, USA
Data protection declaration from Instagram: https://instagram.com/about/legal/privacy
Third country transfer: Unless anonymized data about Facebook Inc. are transferred, the data processing takes place in the USA.
Objection: Further settings and objections to the use of data for advertising purposes are possible within the Instagram profile settings: https://www.instagram.com/accounts/privacy_and_security/
IV.9 Opening a customer account
If you open a personal customer account with us for future orders, the following provisions apply:
Purpose of processing: User contract for the personal customer account.
Legal basis: contract in accordance with. Art. 6 para. 1 lit. b GDPR Your consent applies to the data you provide voluntarily. Art. 6 para. 1 lit. a GDPR.
Obligation to provide: The mandatory information can be found on the registration form. Without this information we cannot open an account for you.
Data recipient: The customer account is managed via our online shop. This is operated by our web host (see above).
Storage period: Your data in the customer account will be stored for as long as the usage contract with us exists. Voluntary information will be stored until you revoke your consent. Afterwards, their processing will be restricted and stored for up to three years in order to be able to provide legal proof of previously given consent. This is done on the basis of our legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR) on the verifiability of data protection compliance.
IV.10 Ordering goods or Services
IV.10a General
WooCommerce by WordPress Ltd.
Our website uses WooCommerce by WordPress Ltd., a WordPress service to enable professional order processing via our website,
Purpose of processing: Execution of your order.
Legal basis: Contract in accordance with. Art. 6 para. 1 lit. b GDPR Your consent applies to the data you provide voluntarily. Art. 6 para. 1 lit. a GDPR. For other processing, Art. 6 para. 1 lit. f GDPR
Legitimate interests: debt collection and enforcement; Measures for business management and further development of services and products
Data recipient: WooCommerce Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland
WooCommerce Ireland Ltd. Privacy Policy.: https://automattic.com/privacy/
Transfer to third countries: The data is processed outside the scope of the European Union, in Israel.
Storage period: Regarding the storage period at Wix, we refer to their data protection declaration. We will store the data until the request has been processed. If the request is followed by a contractual relationship, the storage period for customer data applies.
IV.10b Payment processing
Purpose of processing: Execution of the order. Processing the payment.
Legal basis: contract in accordance with. Art. 6 para. 1 lit. b GDPR
Obligation to provide: Depending on the payment method you choose, you must contact us or provide the payment service provider with the required payment details.
Data recipient: The payment service providers used are listed below:
PayPal
Service provider: PayPal (Europe) S.a r.l et Cie, S.CA, 22-24 Boulevard Royal, L-2449 Luxembourg, https://www.paypal.com/de
Privacy policy from PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Credit information: PayPal reserves the right to pay by credit card via PayPal, Direct debit via PayPal or – if offered – “purchase on account” or “payment in installments” via PayPal to carry out a credit check. For this purpose, your payment details may be processed in accordance with Art. 6 para. 1 lit. f GDPR is passed on to credit agencies on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
IV.10c Direct advertising
Purpose of processing: direct advertising, sales promotion
Legal basis: Our overriding legitimate interest according to Art. 6 para. 1 lit. f GDPR
Legitimate interests: direct advertising, sales promotion
Data recipient: agency, letter shop
IV.10e Legal obligation
Purpose of processing: Fulfillment of legal obligations (e.g. b Information, notification, information and storage obligations, payment of taxes and duties)
Legal basis: The respective legal regulations apply in conjunction with Art. 6 para. 1 lit. c GDPR.
Data recipients: authorities, state institutions, lawyers, tax advisors, if applicable. Data Protection Officer
IV.11. Web analysis
Google Analytics
Our website uses Google Analytics, a web analysis service provided by Google Ireland Ltd. (Google). Google Analytics uses so-called “Cookies” This is information that is often stored in databases on your device and allows your use of the website to be analyzed. The information generated by the cookie about the use of this website by users is usually transmitted to Google's parent company in the USA and stored there.
Our website uses Google Analytics exclusively with the extension “_anonymizeIp()”, which ensures that the IP address is anonymized by shortening it and excludes any direct personal reference. Through the extension, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google's parent company in the USA and shortened there.
Purposes of processing: Tracking (e.g.b interest/behavior-related profiling), visit action evaluation, interest-based and behavior-related marketing, profiling (creating user profiles), conversion measurement (measuring the effectiveness of marketing measures), reach measurement (e.g.b Access statistics, recognition of returning visitors). These purposes apply to both us and Google and its parent company.
Legal basis: For the use of Google Analytics, you may give us permission. Your consent according to Art. 6 para. 1 p. 1 lit. a GDPR, which you can revoke at any time with effect for the future by selecting “Marketing” or Undo “Google Analytics”.
Storage period: We store the anonymized data obtained in this way for a maximum period of 14 months. The data is then automatically deleted. Regarding the storage period by Google, we refer to their data protection declaration.
Objection / Opt-Out: You can object to the collection of your data by installing a browser add-on to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de
Here you can determine for yourself which data is used by Google should: https://g.co/privacytools
You can also deactivate personalized advertising directly from Google: https://www.google.com/settings/ads/onweb/
You can find further information from Google on how you can block certain advertising here: https://support.google.com/ads/answer/2662922?hl=de
Across providers, you can also store your online advertising preferences here: https://www.youronlinechoices.com/de/
Alternatively, you can use the Network Advertising Initiative administration page: http://www.networkadvertising.org/consumer/opt_out.asp
Data recipients : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google privacy policy: https://policies.google.com/privacy
Google privacy policy for Google Analytics: https://policies.google.com/technologies/partner-sites
Third country transfer: Unless anonymized data is transferred to Google LLC, data processing also takes place in the USA.
We have worked with Google Ireland Ltd. The following agreement was concluded as a processor: https://business.safety.google/adsprocessorterms/ This also contains the EU standard contractual clauses, which are in accordance with Art. 46 (2) c GDPR are to be viewed as suitable guarantees.
Google Tag Manager
On our website we use the Google Tag Manager from Google. Google Tag Manager is an online tool with which we can integrate and manage website tags centrally and via a user interface. Tags are small sections of code that, for example, record your activities on our website. For this purpose, JavaScript code sections are inserted into the source code of our website. The tags come from Google Ads or Google Analytics, for example, but tags from other companies can also be integrated and managed via the manager. Such tags perform different tasks. You can collect browser data, embed buttons, set cookies and also track users across multiple websites. In the Tag Manager account settings, we have allowed Google to receive anonymized data from us. However, this only concerns the use and use of our tag manager and not your data, which is stored via the code sections.
Purposes of processing: Tracking (e.g.b interest/behavior-related profiling), visit action evaluation, interest-based and behavior-related marketing, profiling (creating user profiles), conversion measurement (measuring the effectiveness of marketing measures), reach measurement (e.g.b Access statistics, recognition of returning visitors). These purposes apply to both us and Google and its parent company. As far as we know, Google also uses the data collected in this way (anonymized) for its own purposes. In this respect, we refer to Google’s data protection declaration.
Legal basis and legitimate interests: For the integration of the Google Tag Manager on our website, this processing takes place in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. The various tags are then used in accordance with the separately described sections with the express consent of the user.
Storage period: Regarding the storage period by Google, we refer to their data protection declaration.
Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google data protection declaration: https://policies.google.com/privacy
Third country transfer: Unless anonymized data is transferred to Google LLC, data processing takes place in the USA.
IV.12. Web fonts
Our website uses so-called web fonts, which are provided by the respective provider, for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to the servers of the respective provider. This gives the provider knowledge that our website was accessed via your IP address. If your browser does not support web fonts, a default font will be loaded from your computer.
Purpose of processing: Uniform presentation of our internet presence in all media
Legal basis and legitimate interests: The integration is based on our legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR) on the technically secure, maintenance-free and efficient use of fonts, their uniform presentation and taking into account possible licensing restrictions for their integration.
We use web fonts from the following providers:
Google
Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway , Mountain View, CA 94043, USA
Data protection declaration from Google: https://policies.google.com/privacy
Transfer to third countries: Unless anonymized data is transferred to Google LLC, data processing takes place in the USA.
What data protection rights do I have?
As a data subject, you have the following rights:
Confirmation of data processing: You have the right to request confirmation from us as to whether your personal data is being processed. The requirements for this can be found in Art. 15 GDPR;
Information: You have the right to request information about your personal data processed by us. The requirements for this can be found in Art. 15 GDPR;
Correction: You have the right to immediately request that incorrect personal data concerning you be corrected. The requirements for this can be found in Art. 16 GDPR;
Deletion: You have the right to request the immediate deletion of personal data concerning you. The requirements for this can be found in Art. 17 GDPR;
Restriction of processing: You have the right to request the restriction of the processing of your personal data. The requirements for this can be found in Art. 18 GDPR;
Data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to have us transmit this data to another person responsible. The requirements for this can be found in Art. 20 GDPR;
Revocation of consent: You have the right to revoke your consent at any time if the processing is based on Art. 6 (1) lit. a or kind. 9 (2) lit. a GDPR is based. Data processing remains lawful until revocation. The revocation only applies to the future. The requirements for this can be found in Art. 7 (3) GDPR;
Complaint: You have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. The requirements for this can be found in Art. 77 GDPR. You can contact the supervisory authority responsible for the controller or the one in your country or Federal State. You can find a list of all supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to object
You have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation we process based on our overriding legitimate interest (Art. 6 (1) lit. e or f GDPR), to lodge an objection with future effect; This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to object to the processing of data for the purposes of direct advertising and product reviews
We collect and process your personal data in order to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
In individual cases, we process and use your personal data to send you a product review and/or other review requests by email that are solely related to your purchase, completion and/or other analogous transactions. We will continue if necessary. In this context, we may also use your e-mail address and/or your postal address to send you product recommendations by e-mail and/or post about similar goods and/or services we offer. You will receive these review requests and product recommendations from us regardless of whether you have subscribed to a newsletter.
Exercising your objection: You can respond to these review requests and product recommendations at any time by letter to Oliver Bock, Goldbock Unternehmensbetreuung, Jahnstraße 13, 64665 Alsbach-Hähnlein or by email to oliver.bock@goldbock.com und/or at the end of each review and/or Product recommendation email with effect for the future without incurring any additional costs other than the respective transmission costs according to the basic tariffs. Your right to object automatically also applies to possible profiling to the extent that it is related to such direct advertising. If you object to processing for the purposes of product reviews and/or other review requests and/or product recommendations, we will no longer process your personal data for these purposes with effect from the future.
If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes with effect from the future.
VI. How long will my data be stored?
Unless otherwise regulated above, the following criteria apply to determine the storage period:
If consent is given in accordance with Art. 6 para. 1 lit. a GDPR, the data will be stored until the person concerned revokes their consent.
For pre- and contractual purposes in accordance with Art. 6 para. 1 lit. b GDPR, the data will be stored until the contract is terminated.
If our predominant legitimate interest is in accordance with Art. 6 para. 1 lit. f GDPR, the data will be stored until the person concerned exercises their right to object in accordance with Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
For direct advertising in accordance with Art. 6 para. 1 lit. f GDPR, the data will be stored until the person concerned exercises their right to object in accordance with Art. 21 para. 2, 3 GDPR.
Furthermore, personal data will only be stored for as long as there is a legal reason for storage.
VII. Source of personal data
We process personal data that we have received from you or the recipients of personal data.
VIII. Obligation to provide data
As part of the performance of our contractually or legally assumed obligations, you as the data subject may be legally obliged to provide our company with information and personal data that is necessary for the establishment, implementation and termination of the contractual relationship and the fulfillment the associated contractual obligations are required or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or will no longer be able to carry out an existing contract and, if necessary, have to finish.
PRIVACY POLICY
Privacy Information
This page contains information about how we handle personal data on our website.
I. Scope
With this document, the person responsible would like to fulfill his information obligations in accordance with Art. 13 of the General Data Protection Regulation (GDPR) towards those affected. This data protection information is published under https://blog.findeling.de/datenschutzrichtlinie and is valid since January 2022. Due to the further development of our website or due to changed legal or official requirements, it may become necessary to change this data protection information. The amended version will be announced to you here.
II. Who is responsible for data processing?
The one according to Art. 4 No. 7 GDPR, the person responsible for data processing is:
Oliver Bock, Findeling GmbH, Westhafenplatz 1, 60327 Frankfurt, telephone: 049/ 1739977353, e-mail: oliver.bock@findeling.com. Das full legal notice is available under the following link: https://blog.findeling.de/impressum/
III. Why do we process your data?
III.1 Log files / hosting
If you visit our website without registering or otherwise providing us with information, we only collect the following data that your browser transmits to our server (so-called “Server log files”):
The individual pages of our website (URL)
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you accessed the page
Browser used
Operating system used
IP address used (if applicable. in anonymized form)
Our website is stored by a hosting provider and made available for retrieval. The web server used stores the aforementioned server log files.
Purpose of processing: Hosting the website
Legal basis and legitimate interests: Processing is carried out on the basis of our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) on the security and stability of our internet presence by commissioning a service provider to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services
Data recipient: WordPress Ltd., https://wordpress.com/
Privacy information from WordPress Ltd.: https://automattic.com/de/privacy/
Third country transfer: Wix.com Ltd. is based in Israel. In this regard, the European Commission decided that Israel provides adequate protection for personal data of citizens from EU member states.
IV.2 Cookies
IV.2a General
(aa) Definitions
Below you will find extensive information about so-called “cookies” and other storage technologies (“Web Storage”). This is information that is often stored in databases on your device. Any type of “cookie” or “Web storage” may contain personal data. In many cases, however, the data is pseudonymized. The following terms may be used: used below:
First-party cookie: This cookie is stored or modified by the website you are currently surfing
Third-party cookie: This cookie is stored or modified by third parties with which the website operator is connected (e.g. b an advertising network, a social media platform, etc.ä)
Session cookie: This cookie is deleted from your device when you close the browser. A session cookie often only stores a session ID in order to assign multiple requests from a user on a page to their session
Persistent cookie: This cookie is stored on your device until its validity expires or you delete it manually or automatically Delete browser
Strictly necessary: Without this cookie and web storage, the service you have requested cannot be provided
Optional: This cookie and web storage enables us to use additional functions and is only used if you Give your consent to this
Local Storage: Belongs to the so-called “Web Storage” This information is also stored in your web browser until manually deleted.
Session Storage: Belongs to the so-called “Web Storage” This information is also stored in your web browser until you close the browser window.
(bb) Legal basis
Strictly necessary cookies and web storage: The storage of information and access to it are based on the legal basis of Section 25 (2) No. 2 TTDSG.
Optional cookies and web storage: The storage of information and access to it are based on the legal basis of your individual personal and voluntary consent in accordance with Section 25 (1) TTDSG in conjunction with.vm Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect. Data processing remains lawful until revocation. Please note that if you do not accept optional cookies, individual functions of our website may be restricted
(cc) Data recipient / access option
First-party cookies: Only we as the data controller and site operator have access to these.
Third-party cookies: Only the third party who has set these cookies themselves has access to this. For example, only Google has access to a cookie set by Google and can read or change it.
Web storage: Only we as those responsible for data processing and site operators have access to this.
(dd) Storage period
Session cookies: These only remain temporarily stored in your browser until the end of the browser session or can be deleted by you beforehand.
Persistent cookies: These remain stored on your device for as long as specified for the respective cookie or can be deleted by you beforehand.
Local storage: This remains stored until manually deleted.
Session storage: This remains stored until the browser window is closed.
The exact storage period is specified under “Cookies used and web storage”.
(ee) Deletion options / objection
Please note that you can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or not to accept cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/
A general objection to the use of cookies used for online marketing purposes can be made for a large number of services, especially in the case of tracking, via the US website https://www.aboutads.info/choices/ or the EU website https://www.youronlinechoices.com/ can be explained.
IV.2b Cookies used
In the following overview we list the absolutely necessary first-party cookies used on our website and the purpose of data processing:
consent-policy (persistent cookie)
Purpose : Stores the user's cookie preferences
Validity period: 1 year
hs (session cookie)
Purpose: Used for security reasons
Validity period: Until the end of the browser session
smSession (Persistent Cookie)
Purpose: Used to identify logged in website members
Validity period: 2 weeks
ssr-caching (Persistent Cookie)
Purpose: Used to display the system from which the website was rendered
Validity period: 1 min.
svSession (Persistent Cookie)
Purpose: Used in connection with user login
Validity period: 2 years
XSRF TOKEN (Session Cookie)
Purpose : Is used for security reasons
Validity period: Until the end of the browser session
In the following overview we list the optional third-party cookies from Wix used on our website and the purpose of data processing:
bSession (Persistent Cookie)
Purpose: Used to measure system effectiveness
Validity period: 20 minutes
TS* (Session Cookie)
Purpose: Used for security reasons and to combat fraud
Validity: Until the end of the browser session
In the overview below we list the optional third-party cookies from Google used on our website and the purpose of data processing on:
_ga (Persistent Cookie)
Purpose: Registers a unique ID that is used to generate statistical data about how the visitor uses the website.
Validity period: 2 years
_gid (Persistent Cookie)
Purpose: Registers a unique ID that is used to generate statistical data about how the visitor uses the website.
Validity period: 1 day
_gat_gtag_UA (Persistent Cookie)
Purpose: Used by Google Analytics to limit the request rate.
Validity period: 1 minute
IV.3 Contact
If you contact us (e.g. b Personal data is collected via contact form, email, telephone, fax). Which data is collected in the case of a contact form can be seen from the respective contact form. This data is used exclusively for the purpose of answering your request or stored and used for contact and the associated technical administration. Without this mandatory information we cannot process your request. All other details are optional.
Purpose of processing: Answering your request
Legal basis: Art. 6 para. 1 lit. b GDPR for pre- or contractual matters. Art. 6 para. 1 lit. a GDPR for your voluntary information.
Recipient of the data: Email service provider for emails, hosting provider for contact form requests
Storage period: Your data will be deleted after your request has been processed. This is the case if it can be seen from the circumstances that the matter in question has been conclusively clarified and if there are no legal retention obligations to the contrary. For pre- and contractual matters, your request will be stored until the contract is terminated and processing will then be restricted. If there is no longer a legal reason for storage, the data will be deleted.
IV.4 Chat
Intercom by Intercom R&D Unlimited Company
Our website uses technologies from Intercom R&D Unlimited Company. For this purpose, anonymized data is collected and stored for the purpose of web analysis and to operate the live chat system to answer live support requests. Usage profiles can be created from this anonymized data under a pseudonym.
Data recipient: 2nd Floor, Stephen Court, 18-21 Saint Stephen’s Green, Dublin 2; Intercom, Inc. a Delaware corporation with offices at 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA
Data protection declaration from Intercom: https://www.intercom.com/legal/privacy
Legal basis and legitimate interests: The data is passed on based on our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) on the security and stability of a professional live chat system.
Transfer to third countries: The data is processed outside the scope of the European Union, in Israel.
Storage period: Regarding the storage period at Wix, we refer to their data protection declaration. We store your data until your request has been processed. If the inquiry leads to a contract being concluded, the storage period applies to customers.
IV.5 Newsletter
We send newsletters by email to our customers with information about our company, our products, services, promotions and offers. The newsletter is sent out monthly at most.
Purpose of processing: direct marketing, customer communication
Legal basis and legitimate interests: The sending is based on our legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR) on regular customer communication and sales promotion through direct marketing.
Right to object (opt-out): You can object to the sending of our newsletter at any time with effect for the future by informing us by email (see above under responsible person) or by clicking on the link at the end of each newsletter can be found.
Storage period: Your data will be stored until you object. They will then be restricted in processing and blocked from further sending the newsletter.
If named below, we use the following service provider:
Mailchimp
The newsletter service provider uses cookies and other tracking technologies to inform you about the email address and, if necessary. to collect and process the following data in addition to the names of the newsletter recipients:
IP address, device information (hardware, operating system, web browser, unique device identifier), connection information and device locations
The newsletters sent contain so-called. Web beacons that record the recipient's interaction with the newsletter (e.g. b Open the newsletter, click on the links contained there).
Data recipient: The Rocket Science Group (Mailchimp), LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA
Mailchimp privacy policy: https://www.intuit.com/privacy/statement/
Legal basis and legitimate interests: The data is passed on based on our overriding legitimate interest (Art. 6 para. 1 lit. f GDPR) on the security and stability of a legally compliant newsletter system incl. automated double opt-in and verifiability of user registrations.
Transfer to third countries: The data is processed outside the scope of the European Union, in Israel.
Appropriate safeguards: With regard to Israel, the European Commission decided that Israel offers adequate protection for personal data of citizens from EU member states (Art. 45 GDPR).
Storage period: Your data will be stored until you revoke your consent. Afterwards, their processing will be restricted and stored for up to three years in order to be able to provide legal proof of previously given consent.
IV.6 Events
For booking events, we have integrated a booking mask on certain pages of our website, which can be used to book tickets. Our events are held on site and online. The information on the event overview is decisive.
Purpose of processing: Carrying out the event, if necessary. Billing
Legal basis: Registration for the event constitutes a contract in accordance with Art. 6 para. 1 lit. b GDPR.
Data recipient: The registration data is used for planning, organization, implementation and, if necessary. Billing to the people involved in these tasks or company forwarded. If this involves order processing, we have an order processing agreement with these companies in accordance with Art. 28 GDPR closed to secure your personal data.
Storage period: We store the registration data until the event has been completed and for 3 years beyond if it is a paid event.
With regard to online events, reference is made to data processing by Google:
Video conference via Google Meet
When using Google Meet, the following data is processed:
Information to the user: first name, last name, telephone (optional), email address, password (if “single sign-on” is not used), profile picture (optional), department (optional)
Meeting metadata: topic , Description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting -Chats.
When dialing in with the telephone: information about the incoming and outgoing phone number, country name, start and end time. Possibly. Additional connection data such as:b the IP address of the device is saved.
Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make will be processed in order to display them in the “online meeting” and, if necessary. to log. In order to enable the display of video and the playback of audio, the data from the microphone of your device and any video camera on the device are processed for the duration of the meeting. You can turn off the camera or microphone yourself at any time using the Google Meet applications. mute.
To take part in an “online meeting” or To enter the “meeting room”, you must at least provide your name.
Purpose of processing: We use the Google Meet tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). Google Meet is a service provided by Google Inc., which is based in the USA.
Responsible: We are primarily responsible for the use of Google Meet. If you access Google via its website, the responsible party is: Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Legal basis and legitimate interests: If the events are carried out within the framework of a contract, Art. 6 para. 1 lit. b) GDPR legal basis. If the online meeting is not carried out on the basis of a contract, the legal basis is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is in the effective, stable, secure and professional conduct of “online meetings”, telephone conferences, video conferences and webinars.
Data recipient: Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google privacy policy: https://policies.google.com/privacy?
Third country transfer: The data is processed outside the scope of the European Union, in the USA.
IV.7 Photo/video recordings at events
If you take part in a face-to-face event organized by us, you can take photos or videos as part of this event. Video recordings of the participants are created, which are published together with information about the location, time and purpose of the event.
Purpose of data processing: Documentation of the event for publication on our company website, our social media profiles and company brochures for advertising purposes.
Legal basis: Art. 6 para. 1 p. 1 lit. f GDPR
Legitimate interests: advertising our company, public relations, direct advertising
Data recipients: if applicable. Photographer; Advertising agency
Storage period: Recordings that are not used after the event will be deleted immediately.
IV.8th Social media
Our website uses social plugins from various social networks. In order to increase the protection of your data when you visit our website, these buttons are not fully integrated into the page as plugins, but rather simply using an HTML link. This type of integration ensures that when you access a page on our website that contains such buttons, no connection is established to the servers of the respective social network. When you click the button, a new browser window will open and go to the social network page. Possibly. After entering your login details, you can then use the function provided (e.g.b “like” or “share”).
By clicking on the respective plugin, you give us your personal consent to transfer data to the respective social network. In particular, your IP address will be transmitted to the respective social network. The legal basis for this is Art. 6 para. 1 lit. a GDPR. You have the right to revoke your consent at any time. Data processing remains lawful until revocation. The revocation only applies to the future.
The following social networks are used:
Instagram is a service provided by Facebook
Data recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Instagram”), parent company: Facebook Inc., 1 Hacker Way, 94025 Menlo Park, California, USA
Data protection declaration from Instagram: https://instagram.com/about/legal/privacy
Third country transfer: Unless anonymized data about Facebook Inc. are transferred, the data processing takes place in the USA.
Objection: Further settings and objections to the use of data for advertising purposes are possible within the Instagram profile settings: https://www.instagram.com/accounts/privacy_and_security/
IV.9 Opening a customer account
If you open a personal customer account with us for future orders, the following provisions apply:
Purpose of processing: User contract for the personal customer account.
Legal basis: contract in accordance with. Art. 6 para. 1 lit. b GDPR Your consent applies to the data you provide voluntarily. Art. 6 para. 1 lit. a GDPR.
Obligation to provide: The mandatory information can be found on the registration form. Without this information we cannot open an account for you.
Data recipient: The customer account is managed via our online shop. This is operated by our web host (see above).
Storage period: Your data in the customer account will be stored for as long as the usage contract with us exists. Voluntary information will be stored until you revoke your consent. Afterwards, their processing will be restricted and stored for up to three years in order to be able to provide legal proof of previously given consent. This is done on the basis of our legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR) on the verifiability of data protection compliance.
IV.10 Ordering goods or Services
IV.10a General
WooCommerce by WordPress Ltd.
Our website uses WooCommerce by WordPress Ltd., a WordPress service to enable professional order processing via our website,
Purpose of processing: Execution of your order.
Legal basis: Contract in accordance with. Art. 6 para. 1 lit. b GDPR Your consent applies to the data you provide voluntarily. Art. 6 para. 1 lit. a GDPR. For other processing, Art. 6 para. 1 lit. f GDPR
Legitimate interests: debt collection and enforcement; Measures for business management and further development of services and products
Data recipient: WooCommerce Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland
WooCommerce Ireland Ltd. Privacy Policy.: https://automattic.com/privacy/
Transfer to third countries: The data is processed outside the scope of the European Union, in Israel.
Storage period: Regarding the storage period at Wix, we refer to their data protection declaration. We will store the data until the request has been processed. If the request is followed by a contractual relationship, the storage period for customer data applies.
IV.10b Payment processing
Purpose of processing: Execution of the order. Processing the payment.
Legal basis: contract in accordance with. Art. 6 para. 1 lit. b GDPR
Obligation to provide: Depending on the payment method you choose, you must contact us or provide the payment service provider with the required payment details.
Data recipient: The payment service providers used are listed below:
PayPal
Service provider: PayPal (Europe) S.a r.l et Cie, S.CA, 22-24 Boulevard Royal, L-2449 Luxembourg, https://www.paypal.com/de
Privacy policy from PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Credit information: PayPal reserves the right to pay by credit card via PayPal, Direct debit via PayPal or – if offered – “purchase on account” or “payment in installments” via PayPal to carry out a credit check. For this purpose, your payment details may be processed in accordance with Art. 6 para. 1 lit. f GDPR is passed on to credit agencies on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
IV.10c Direct advertising
Purpose of processing: direct advertising, sales promotion
Legal basis: Our overriding legitimate interest according to Art. 6 para. 1 lit. f GDPR
Legitimate interests: direct advertising, sales promotion
Data recipient: agency, letter shop
IV.10e Legal obligation
Purpose of processing: Fulfillment of legal obligations (e.g. b Information, notification, information and storage obligations, payment of taxes and duties)
Legal basis: The respective legal regulations apply in conjunction with Art. 6 para. 1 lit. c GDPR.
Data recipients: authorities, state institutions, lawyers, tax advisors, if applicable. Data Protection Officer
IV.11. Web analysis
Google Analytics
Our website uses Google Analytics, a web analysis service provided by Google Ireland Ltd. (Google). Google Analytics uses so-called “Cookies” This is information that is often stored in databases on your device and allows your use of the website to be analyzed. The information generated by the cookie about the use of this website by users is usually transmitted to Google's parent company in the USA and stored there.
Our website uses Google Analytics exclusively with the extension “_anonymizeIp()”, which ensures that the IP address is anonymized by shortening it and excludes any direct personal reference. Through the extension, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google's parent company in the USA and shortened there.
Purposes of processing: Tracking (e.g.b interest/behavior-related profiling), visit action evaluation, interest-based and behavior-related marketing, profiling (creating user profiles), conversion measurement (measuring the effectiveness of marketing measures), reach measurement (e.g.b Access statistics, recognition of returning visitors). These purposes apply to both us and Google and its parent company.
Legal basis: For the use of Google Analytics, you may give us permission. Your consent according to Art. 6 para. 1 p. 1 lit. a GDPR, which you can revoke at any time with effect for the future by selecting “Marketing” or Undo “Google Analytics”.
Storage period: We store the anonymized data obtained in this way for a maximum period of 14 months. The data is then automatically deleted. Regarding the storage period by Google, we refer to their data protection declaration.
Objection / Opt-Out: You can object to the collection of your data by installing a browser add-on to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de
Here you can determine for yourself which data is used by Google should: https://g.co/privacytools
You can also deactivate personalized advertising directly from Google: https://www.google.com/settings/ads/onweb/
You can find further information from Google on how you can block certain advertising here: https://support.google.com/ads/answer/2662922?hl=de
Across providers, you can also store your online advertising preferences here: https://www.youronlinechoices.com/de/
Alternatively, you can use the Network Advertising Initiative administration page: http://www.networkadvertising.org/consumer/opt_out.asp
Data recipients : Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google privacy policy: https://policies.google.com/privacy
Google privacy policy for Google Analytics: https://policies.google.com/technologies/partner-sites
Third country transfer: Unless anonymized data is transferred to Google LLC, data processing also takes place in the USA.
We have worked with Google Ireland Ltd. The following agreement was concluded as a processor: https://business.safety.google/adsprocessorterms/ This also contains the EU standard contractual clauses, which are in accordance with Art. 46 (2) c GDPR are to be viewed as suitable guarantees.
Google Tag Manager
On our website we use the Google Tag Manager from Google. Google Tag Manager is an online tool with which we can integrate and manage website tags centrally and via a user interface. Tags are small sections of code that, for example, record your activities on our website. For this purpose, JavaScript code sections are inserted into the source code of our website. The tags come from Google Ads or Google Analytics, for example, but tags from other companies can also be integrated and managed via the manager. Such tags perform different tasks. You can collect browser data, embed buttons, set cookies and also track users across multiple websites. In the Tag Manager account settings, we have allowed Google to receive anonymized data from us. However, this only concerns the use and use of our tag manager and not your data, which is stored via the code sections.
Purposes of processing: Tracking (e.g.b interest/behavior-related profiling), visit action evaluation, interest-based and behavior-related marketing, profiling (creating user profiles), conversion measurement (measuring the effectiveness of marketing measures), reach measurement (e.g.b Access statistics, recognition of returning visitors). These purposes apply to both us and Google and its parent company. As far as we know, Google also uses the data collected in this way (anonymized) for its own purposes. In this respect, we refer to Google’s data protection declaration.
Legal basis and legitimate interests: For the integration of the Google Tag Manager on our website, this processing takes place in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. The various tags are then used in accordance with the separately described sections with the express consent of the user.
Storage period: Regarding the storage period by Google, we refer to their data protection declaration.
Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google data protection declaration: https://policies.google.com/privacy
Third country transfer: Unless anonymized data is transferred to Google LLC, data processing takes place in the USA.
IV.12. Web fonts
Our website uses so-called web fonts, which are provided by the respective provider, for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to the servers of the respective provider. This gives the provider knowledge that our website was accessed via your IP address. If your browser does not support web fonts, a default font will be loaded from your computer.
Purpose of processing: Uniform presentation of our internet presence in all media
Legal basis and legitimate interests: The integration is based on our legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR) on the technically secure, maintenance-free and efficient use of fonts, their uniform presentation and taking into account possible licensing restrictions for their integration.
We use web fonts from the following providers:
Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway , Mountain View, CA 94043, USA
Data protection declaration from Google: https://policies.google.com/privacy
Transfer to third countries: Unless anonymized data is transferred to Google LLC, data processing takes place in the USA.
What data protection rights do I have?
As a data subject, you have the following rights:
Confirmation of data processing: You have the right to request confirmation from us as to whether your personal data is being processed. The requirements for this can be found in Art. 15 GDPR;
Information: You have the right to request information about your personal data processed by us. The requirements for this can be found in Art. 15 GDPR;
Correction: You have the right to immediately request that incorrect personal data concerning you be corrected. The requirements for this can be found in Art. 16 GDPR;
Deletion: You have the right to request the immediate deletion of personal data concerning you. The requirements for this can be found in Art. 17 GDPR;
Restriction of processing: You have the right to request the restriction of the processing of your personal data. The requirements for this can be found in Art. 18 GDPR;
Data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to have us transmit this data to another person responsible. The requirements for this can be found in Art. 20 GDPR;
Revocation of consent: You have the right to revoke your consent at any time if the processing is based on Art. 6 (1) lit. a or kind. 9 (2) lit. a GDPR is based. Data processing remains lawful until revocation. The revocation only applies to the future. The requirements for this can be found in Art. 7 (3) GDPR;
Complaint: You have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. The requirements for this can be found in Art. 77 GDPR. You can contact the supervisory authority responsible for the controller or the one in your country or Federal State. You can find a list of all supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to object
You have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation we process based on our overriding legitimate interest (Art. 6 (1) lit. e or f GDPR), to lodge an objection with future effect; This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to object to the processing of data for the purposes of direct advertising and product reviews
We collect and process your personal data in order to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
In individual cases, we process and use your personal data to send you a product review and/or other review requests by email that are solely related to your purchase, completion and/or other analogous transactions. We will continue if necessary. In this context, we may also use your e-mail address and/or your postal address to send you product recommendations by e-mail and/or post about similar goods and/or services we offer. You will receive these review requests and product recommendations from us regardless of whether you have subscribed to a newsletter.
Exercising your objection: You can respond to these review requests and product recommendations at any time by letter to Oliver Bock, Goldbock Unternehmensbetreuung, Jahnstraße 13, 64665 Alsbach-Hähnlein or by email to oliver.bock@goldbock.com und/or at the end of each review and/or Product recommendation email with effect for the future without incurring any additional costs other than the respective transmission costs according to the basic tariffs. Your right to object automatically also applies to possible profiling to the extent that it is related to such direct advertising. If you object to processing for the purposes of product reviews and/or other review requests and/or product recommendations, we will no longer process your personal data for these purposes with effect from the future.
If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes with effect from the future.
VI. How long will my data be stored?
Unless otherwise regulated above, the following criteria apply to determine the storage period:
If consent is given in accordance with Art. 6 para. 1 lit. a GDPR, the data will be stored until the person concerned revokes their consent.
For pre- and contractual purposes in accordance with Art. 6 para. 1 lit. b GDPR, the data will be stored until the contract is terminated.
If our predominant legitimate interest is in accordance with Art. 6 para. 1 lit. f GDPR, the data will be stored until the person concerned exercises their right to object in accordance with Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
For direct advertising in accordance with Art. 6 para. 1 lit. f GDPR, the data will be stored until the person concerned exercises their right to object in accordance with Art. 21 para. 2, 3 GDPR.
Furthermore, personal data will only be stored for as long as there is a legal reason for storage.
VII. Source of personal data
We process personal data that we have received from you or the recipients of personal data.
VIII. Obligation to provide data
As part of the performance of our contractually or legally assumed obligations, you as the data subject may be legally obliged to provide our company with information and personal data that is necessary for the establishment, implementation and termination of the contractual relationship and the fulfillment the associated contractual obligations are required or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or will no longer be able to carry out an existing contract and, if necessary, have to finish.