Privacy Policy
Privacy Policy
DATA PROTECTION
Privacy Information
This page contains information about how we handle personal data on our website.
I. Scope
With this document, the person responsible would like to fulfill his information obligations towards those affected in accordance with Article 13 of the General Data Protection Regulation (GDPR). This data protection information is published at https://blog.findeling.de/datenpolitik and has been valid since January 2022. Due to the further development of our website or due to changed legal or official requirements, it may become necessary to change this data protection information. The amended version will be announced to you here.
II. Who is responsible for data processing?
The person responsible for data processing according to Art. 4 No. 7 GDPR is:
Oliver Bock, Findeling GmbH, Stresemannstraße, 22761 Hamburg, telephone: 049/ 1739977353, email: oliver.bock@findeling.com. The full imprint is available at the following link: https://blog.findeling.de/impressum/
III. What do we process your data for?
III.1. Log files / hosting
If you visit our website without registering or otherwise providing us with information, we only collect the following data, which your browser transmits to our server (so-called “server log files”):
The individual pages of our website (URL)
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (possibly in anonymized form)
Our website is stored by a hosting provider and made available for retrieval. The web server used stores the aforementioned server log files.
Purpose of processing: Hosting the website
Legal basis and legitimate interests: Processing is carried out on the basis of our overriding legitimate interest (Art. 6 Para. 1 lit. f GDPR) in the security and stability of our internet presence by commissioning a service provider to provide infrastructure and platform services, computing capacity, storage space and database services , security services and technical maintenance services
Data recipient: WordPress Ltd., https://wordpress.com/
Data protection information from WordPress Ltd.: https://automattic.com/de/privacy/
Third country transfer: Wix.com Ltd. is based in Israel. In this regard, the European Commission decided that Israel provides adequate protection for personal data of citizens from EU member states.
IV.2. Cookies
IV.2.a. General
(aa) Definitions
Below you will find extensive information about so-called “cookies” and other storage technologies (“Web Storage”). This is information that is often stored in databases on your device. Any type of “cookie” or “web storage” may contain personal data. In many cases, however, the data is pseudonymized. The following terms may be used below:
First-party cookie: This cookie is stored or modified by the website you are currently browsing
Third-party cookie: This cookie is stored or modified by third parties with whom the website operator is connected (e.g. an advertising network, a social media platform, etc.)
Session cookie: This cookie is deleted from your device when you close the browser. A session cookie often only stores a session ID in order to assign multiple requests from a user on a page to their session
Persistent cookie: This cookie is stored on your device until its validity expires or you delete it manually or automatically in the browser
Strictly necessary: Without this cookie and web storage, the service you requested cannot be provided
Optional: This cookie and web storage enables us to use additional functions and is only used if you give your consent
Local Storage: Belongs to the so-called “web storage”. This information is also stored in your web browser until manually deleted.
Session Storage: Belongs to the so-called “web storage”. This information is also stored in your web browser until you close the browser window.
(bb) Legal basis
Strictly necessary cookies and web storage: The storage of information and access to it are based on the legal basis of Section 25 (2) No. 2 TTDSG.
Optional cookies and web storage: The storage of information and access to it are based on the legal basis of your individual, personal and voluntary consent in accordance with Section 25 (1) TTDSG in conjunction with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect. Data processing remains lawful until revocation. Please note that if you do not accept optional cookies, individual functions of our website may be restricted
(cc) Data recipient / access option
First-party cookies: Only we as the data controller and site operator have access to these.
Third-party cookies: Only the third party who has set these cookies themselves has access to this. For example, only Google has access to a cookie set by Google and can read or change it.
Web storage: Only we as those responsible for data processing and site operators have access to this.
(dd) storage period
Session cookies: These only remain temporarily stored in your browser until the end of the browser session or can be deleted by you beforehand.
Persistent cookies: These remain stored on your device for as long as specified for the respective cookie or can be deleted by you beforehand.
Local storage: This remains stored until manually deleted.
Session storage: This remains stored until the browser window is closed.
The exact storage period is stated under “Cookies used and web storage”.
(ee) Deletion options / objection
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehne
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/
A general objection to the use of cookies used for online marketing purposes can be made for a large number of services, especially in the case of tracking, via the US website https://www.aboutads.info/choices/ or the EU website https://www.youronlinechoices.com/ can be explained.
IV.2.b. Cookies used
In the following overview we list the absolutely necessary first-party cookies used on our website and the purpose of data processing:
consent policy (Persistent Cookie)
Purpose: Stores the user's cookie preferences
Validity period: 1 year
hs (session cookie)
Purpose: Used for security reasons
Validity period: Until the end of the browser session
smSession (Persistent Cookie)
Purpose: Used to identify logged in website members
Validity period: 2 weeks
ssr caching (persistent cookie)
Purpose: Used to display the system that rendered the website
Validity period: 1 min.
svSession (Persistent Cookie)
Purpose: Used in conjunction with user login
Validity period: 2 years
XSRF TOKEN (session cookie)
Purpose: Used for security reasons
Validity period: Until the end of the browser session
In the following overview we list the optional third-party cookies from Wix used on our website and the purpose of data processing:
bSession (Persistent Cookie)
Purpose: Used for measuring system effectiveness
Validity period: 20 minutes
TS* (session cookie)
Purpose: Used for security and anti-fraud purposes
Validity period: Until the end of the browser session
In the following overview we list the optional third-party cookies from Google used on our website and the purpose of data processing:
_ga (Persistent Cookie)
Purpose: Registers a unique ID that is used to generate statistical data about how the visitor uses the website.
Validity period: 2 years
_gid (Persistent Cookie)
Purpose: Registers a unique ID that is used to generate statistical data about how the visitor uses the website.
Validity period: 1 day
_gat_gtag_UA (Persistent Cookie)
Purpose: Used by Google Analytics to limit request rate.
Validity period: 1 minute
IV.3. contact
If you contact us (e.g. via contact form, email, telephone, fax), personal data will be collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. Without this mandatory information we cannot process your request. All other details are optional.
Purpose of processing: Answering your request
Legal basis: Art. 6 Paragraph 1 Letter b GDPR for pre- or contractual matters. Art. 6 Para. 1 lit. a GDPR for your voluntary information.
Recipient of the data: Email service provider for emails, hosting provider for contact form requests
Storage period: Your data will be deleted after your request has been processed. This is the case if it can be seen from the circumstances that the matter in question has been conclusively clarified and if there are no legal retention obligations to the contrary. For pre- and contractual matters, your request will be stored until the contract is terminated and processing will then be restricted. If there is no longer a legal reason for storage, the data will be deleted.
IV.4. Chat
Intercom by Intercom R&D Unlimited Company
Our website uses technologies from Intercom R&D Unlimited Company. For this purpose, anonymized data is collected and stored for the purpose of web analysis and to operate the live chat system to answer live support requests. Usage profiles can be created from this anonymized data under a pseudonym.
Data recipient: 2nd Floor, Stephen Court, 18-21 Saint Stephen's Green, Dublin 2; Intercom, Inc. a Delaware corporation with offices at 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA
Intercom’s privacy policy: https://www.intercom.com/legal/privacy
Legal basis and legitimate interests: The data is passed on based on our overriding legitimate interest (Art. 6 Para. 1 lit. f GDPR) in the security and stability of a professional live chat system.
Transfer to third countries: The data is processed outside the scope of the European Union, in Israel.
Storage period: Regarding the storage period at Wix, we refer to their data protection declaration. We store your data until your request has been processed. If the inquiry leads to a contract being concluded, the storage period applies to customers.
IV.5. Newsletter
We send newsletters by email to our customers with information about our company, our products, services, promotions and offers. The newsletter is sent out monthly at most.
Purpose of processing: direct marketing, customer communication
Legal basis and legitimate interests: The sending is based on our legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) in regular customer communication and sales promotion through direct marketing.
Right to object (opt-out): You can object to the sending of our newsletter at any time with effect for the future by informing us by email (see above under Responsible person) or by clicking on the link that can be found at the end of each newsletter .
Storage period: Your data will be stored until you object. They will then be restricted in processing and blocked from further sending the newsletter.
If named below, we use the following service providers:
Mailchimp
The newsletter service provider uses cookies and other tracking technologies to collect and process the following data in addition to the email address and, if applicable, the names of the newsletter recipients:
IP address, device information (hardware, operating system, web browser, unique device identifier), connection information and device locations
The newsletters sent contain so-called web beacons, which record the recipient's interaction with the newsletter (e.g. opening the newsletter, clicking on links contained therein).
Data recipient: The Rocket Science Group (Mailchimp), LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA
Mailchimp privacy policy: https://www.intuit.com/privacy/statement/
Legal basis and legitimate interests: The data is passed on on the basis of our overriding legitimate interest (Art. 6 Para. 1 lit. f GDPR) in the security and stability of a legally compliant newsletter system including automated double opt-in and verifiability of user registrations.
Transfer to third countries: The data is processed outside the scope of the European Union, in Israel.
Appropriate safeguards: With regard to Israel, the European Commission decided that Israel offers adequate protection for personal data of citizens from EU member states (Article 45 GDPR).
Storage period: Your data will be stored until you revoke your consent. Afterwards, their processing will be restricted and stored for up to three years in order to be able to provide legal proof of previously given consent.
IV.6. Events
For booking events, we have integrated a booking mask on certain pages of our website, which can be used to book tickets. Our events are held on site and online. The information on the event overview is decisive.
Purpose of processing: Implementation of the event, billing if necessary
Legal basis: Registration for the event constitutes a contract in accordance with Article 6 Paragraph 1 Letter b GDPR.
Data recipient: The registration data will be forwarded to the people or companies involved in these tasks for planning, organization, implementation and, if necessary, billing. If this involves order processing, we have concluded an order processing agreement with these companies in accordance with Art. 28 GDPR in order to secure your personal data.
Storage period: We store the registration data until the event has been completed and for 3 years beyond if it is a paid event.
With regard to online events, reference is made to data processing by Google:
Video conference via Google Meet
When using Google Meet, the following data is processed:
User information: First name, last name, telephone (optional), email address, password (if single sign-on is not used), profile picture (optional), department (optional)
Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialing in with the telephone: information about the incoming and outgoing phone number, country name, start and end time. If necessary, additional connection data such as the IP address of the device can be saved.
Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make will be processed in order to display them in the “online meeting” and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your device and any video camera on the device are processed for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the Google Meet applications.
In order to take part in an “online meeting” or enter the “meeting room”, you must at least provide information about your name.
Purpose of processing: We use the Google Meet tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). Google Meet is a service provided by Google Inc., which is based in the USA.
Responsible person: We are primarily responsible for the use of Google Meet. If you access Google via their website, the responsible party is: Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Legal basis and legitimate interests: If the events are carried out within the framework of a contract, Art. 6 Para. 1 lit. b) GDPR is the legal basis. If the online meeting is not carried out on the basis of a contract, the legal basis is Article 6 Paragraph 1 Letter f) GDPR. Our overriding legitimate interest is in the effective, stable, secure and professional conduct of “online meetings”, telephone conferences, video conferences and webinars.
Data recipient: Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google privacy policy: https://policies.google.com/privacy?
Transfer to third countries: The data is processed outside the scope of the European Union, in the USA.
IV.7. Photo/video recordings at events
If you take part in a face-to-face event organized by us, photos or video recordings of the participants can be taken as part of this event, which will be published together with information about the location, time and purpose of the event.
Purpose of data processing: Documentation of the event for publication on our company website, our social media profiles and company brochures for advertising purposes.
Legal basis: Art. 6 Paragraph 1 Sentence 1 Letter f GDPR
Legitimate interests: advertising our company, public relations, direct advertising
Data recipient: possibly photographer; advertising agency
Storage period: Recordings that are not used after the event will be deleted immediately.
IV.8. Social media
Our website uses social plugins from various social networks. In order to increase the protection of your data when you visit our website, these buttons are not fully integrated into the page as plugins, but rather simply using an HTML link. This type of integration ensures that when you access a page on our website that contains such buttons, no connection is established to the servers of the respective social network. When you click the button, a new browser window will open and go to the social network page. If necessary, after entering your login data, you can then carry out the function provided (e.g. “like” or “share”).
By clicking on the respective plugin, you give us your personal consent to transfer data to the respective social network. In particular, your IP address will be transmitted to the respective social network. The legal basis for this is Article 6 Paragraph 1 Letter a GDPR. You have the right to revoke your consent at any time. Data processing remains lawful until revocation. The revocation only applies to the future.
The following social networks are used:
Instagram
Instagram is a service from Facebook
Data recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Instagram”), parent company: Facebook Inc., 1 Hacker Way, 94025 Menlo Park, California, USA
Instagram privacy policy: https://instagram.com/about/legal/privacy
Transfer to third countries: Unless anonymized data is transferred to Facebook Inc., data processing takes place in the USA.
Objection: Further settings and objections to the use of data for advertising purposes are possible within the Instagram profile settings: https://www.instagram.com/accounts/privacy_and_security/
IV.9. Opening a customer account
If you open a personal customer account with us for future orders, the following provisions apply:
Purpose of processing: User agreement for the personal customer account.
Legal basis: Contract in accordance with Article 6 Paragraph 1 Letter b GDPR. Your consent applies to the data you provide voluntarily in accordance with Article 6 Paragraph 1 Letter a of the GDPR.
Obligation to provide: The mandatory information can be found on the registration form. Without this information we cannot open an account for you.
Data recipient: The customer account is managed via our online shop. This is operated by our web host (see above).
Storage period: Your data in the customer account will be stored for as long as the usage contract with us exists. Voluntary information will be stored until you revoke your consent. Afterwards, their processing will be restricted and stored for up to three years in order to be able to provide legal proof of previously given consent. This is done on the basis of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) in the verifiability of data protection compliance.
IV.10. Ordering goods or services
IV.10.a. General
WooCommerce by WordPress Ltd.
Our website uses WooCommerce by WordPress Ltd., a WordPress service to enable professional order processing via our website,
Purpose of processing: Execution of your order.
Legal basis: Contract in accordance with Article 6 Paragraph 1 Letter b GDPR. Your consent applies to the data you provide voluntarily in accordance with Article 6 Paragraph 1 Letter a of the GDPR. For other processing, Article 6 Paragraph 1 Letter f GDPR applies.
Legitimate interests: debt collection and enforcement; Measures for business management and further development of services and products
Data recipient: WooCommerce Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland
WooCommerce Ireland Ltd. privacy policy: https://automattic.com/privacy/
Transfer to third countries: The data is processed outside the scope of the European Union, in Israel.
Storage period: Regarding the storage period at Wix, we refer to their data protection declaration. We will store the data until the request has been processed. If the request is followed by a contractual relationship, the storage period for customer data applies.
IV.10.b. Payment processing
Purpose of processing: Execution of the order. Processing the payment.
Legal basis: Contract in accordance with Article 6 Paragraph 1 Letter b GDPR.
Obligation to provide: Depending on the payment method you choose, you must provide us or the payment service provider with the required payment data.
Data recipient: The payment service providers used are listed below:
PayPal
Service provider: PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg, https://www.paypal.com/de
PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Credit report: PayPal reserves the right to carry out a credit report for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment in installments” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
IV.10.c. Direct mail
Purpose of processing: direct advertising, sales promotion
Legal basis: Our overriding legitimate interest according to Art. 6 Para. 1 lit. f GDPR
Legitimate interests: direct advertising, sales promotion
Data recipient: agency, letter shop
IV.10.e. Legal obligation
Purpose of processing: Fulfillment of legal obligations (e.g. information, notification, disclosure and retention obligations, payment of taxes and duties)
Legal basis: The respective legal regulations apply in conjunction with Art. 6 Para. 1 lit. c GDPR.
Data recipients: Authorities, state institutions, lawyers, tax advisors, if applicable data protection officer
IV.11. Web analytics
Google Analytics
Our website uses Google Analytics, a web analysis service provided by Google Ireland Ltd. (Google). Google Analytics uses so-called “cookies”. This is information that is often stored in databases on your device and allows your use of the website to be analyzed. The information generated by the cookie about users' use of this website is usually transferred to Google's parent company in the USA and stored there.
Our website uses Google Analytics exclusively with the extension “_anonymizeIp()”, which ensures that the IP address is anonymized by shortening it and excludes any direct reference to a person. Through the extension, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google's parent company in the USA and shortened there.
Purposes of processing: Tracking (e.g. interest/behavior-related profiling), visit action evaluation, interest-based and behavioral marketing, profiling (creation of user profiles), conversion measurement (measuring the effectiveness of marketing measures), reach measurement (e.g. access statistics, recognition of returning visitors). These purposes apply to both us and Google and its parent company.
Legal basis: For the use of Google Analytics, you may give us your consent in accordance with Art Undo selection for “Marketing” or “Google Analytics”.
Storage period: We store the anonymized data obtained in this way for a maximum period of 14 months. The data is then automatically deleted. Regarding the storage period by Google, we refer to their data protection declaration.
Objection / Opt-Out: You can object to the collection of your data by installing a browser add-on to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de
Here you can decide for yourself which data should be used by Google: https://g.co/privacytools
You can also deactivate personalized advertising directly from Google: https://www.google.com/settings/ads/onweb/
Further information from Google on how you can block certain advertising can be found here: https://support.google.com/ads/answer/2662922?hl=de
You can also store your preferences regarding online advertising across providers here: https://www.youronlinechoices.com/de/
Alternatively, you can use the Network Advertising Initiative administrative page: http://www.networkadvertising.org/consumer/opt_out.asp
Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google privacy policy: https://policies.google.com/privacy
Google privacy information for Google Analytics: https://policies.google.com/technologies/partner-sites
Transfer to third countries: Unless anonymized data is transferred to Google LLC, data processing also takes place in the USA.
We have worked with Google Ireland Ltd. As a processor, the following agreement has been concluded: https://business.safety.google/adsprocessorterms/ This also contains the EU standard contractual clauses, which are to be viewed as suitable guarantees in accordance with Art. 46 (2) c GDPR.
Google Tag Manager
We use Google Tag Manager from Google on our website. Google Tag Manager is an online tool with which we can integrate and manage website tags centrally and via a user interface. Tags are small sections of code that, for example, record your activities on our website. For this purpose, JavaScript code sections are inserted into the source code of our website. The tags come from Google Ads or Google Analytics, for example, but tags from other companies can also be integrated and managed via the manager. Such tags perform different tasks. You can collect browser data, embed buttons, set cookies and also track users across multiple websites. In the Tag Manager account settings, we have allowed Google to receive anonymized data from us. However, this only concerns the use and use of our tag manager and not your data, which is stored via the code sections.
Purposes of processing: Tracking (e.g. interest/behavior-related profiling), visit action evaluation, interest-based and behavioral marketing, profiling (creation of user profiles), conversion measurement (measuring the effectiveness of marketing measures), reach measurement (e.g. access statistics, recognition of returning visitors). These purposes apply to both us and Google and its parent company. As far as we know, Google also uses the data collected in this way (anonymized) for its own purposes. In this respect, we refer to Google’s data protection declaration.
Legal basis and legitimate interests: For the integration of the Google Tag Manager on our website, this processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. The various tags are then used in accordance with the separately described sections with the express consent of the user.
Storage period: Regarding the storage period by Google, we refer to their data protection declaration.
Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google privacy policy: https://policies.google.com/privacy
Transfer to third countries: Unless anonymized data is transferred to Google LLC, data processing takes place in the USA.
IV.12. Web fonts
Our website uses so-called web fonts, which are provided by the respective provider, for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to the servers of the respective provider. This gives the provider knowledge that our website was accessed via your IP address. If your browser does not support web fonts, a default font will be loaded from your computer.
Purpose of processing: Uniform presentation of our internet presence in all media
Legal basis and legitimate interests: The integration is based on our legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) in the technically secure, maintenance-free and efficient use of fonts, their uniform presentation and taking into account possible licensing restrictions for their integration.
We use web fonts from the following providers:
Google
Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google privacy policy: https://policies.google.com/privacy
Transfer to third countries: Unless anonymized data is transferred to Google LLC, data processing takes place in the USA.
What data protection rights do I have?
As a data subject, you have the following rights:
Confirmation of data processing: You have the right to request confirmation from us as to whether your personal data is being processed. The requirements for this can be found in Art. 15 GDPR;
Information: You have the right to request information about your personal data processed by us. The requirements for this can be found in Art. 15 GDPR;
Rectification: You have the right to request that incorrect personal data concerning you be corrected immediately. The requirements for this can be found in Art. 16 GDPR;
Deletion: You have the right to request the immediate deletion of personal data concerning you. The requirements for this can be found in Art. 17 GDPR;
Restriction of processing: You have the right to request that the processing of your personal data be restricted. The requirements for this can be found in Art. 18 GDPR;
Data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to have us transmit this data to another person responsible. The requirements for this can be found in Art. 20 GDPR;
Revocation of consent: You have the right to revoke your consent at any time if the processing is based on Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR. Data processing remains lawful until revocation. The revocation only applies to the future. The requirements for this can be found in Art. 7 (3) GDPR;
Complaint: You have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. The requirements for this can be found in Art. 77 GDPR. You can contact the supervisory authority responsible for the person responsible or the one in your country or federal state. You can find a list of all supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which we process based on our overriding legitimate interest (Art. 6 (1) lit. e or f GDPR). to make an impact for the future; This also applies to profiling based on this provision within the meaning of Article 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to object to the processing of data for the purposes of direct advertising and product reviews
We collect and process your personal data to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
In individual cases, we process and use your personal data to send you a product review and/or other review requests by email that are solely related to your purchase, completion and/or other analogous transactions. In this context, we may also use your email address and/or your postal address to send you product recommendations by email and/or post about similar goods and/or services we offer. You will receive these review requests and product recommendations from us regardless of whether you have subscribed to a newsletter.
Exercising the objection: You can respond to these review requests and product recommendations at any time by letter to Oliver Bock, Goldbock Unternehmensbetreuung, Jahnstraße 13, 64665 Alsbach-Hähnlein or by email to oliver.bock@goldbock.com and/or at the end of each review and /or product recommendation email with effect for the future without incurring any additional costs other than the respective transmission costs according to the basic tariffs. Your right to object automatically also applies to possible profiling to the extent that it is related to such direct advertising. If you object to processing for the purposes of product reviews and/or other review requests and/or product recommendations, we will no longer process your personal data for these purposes with effect from the future.
If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes with effect from the future.
VI. How long will my data be stored?
Unless otherwise stipulated above, the following criteria apply to determine the storage period:
If consent is given in accordance with Article 6 Paragraph 1 Letter a of the GDPR, the data will be stored until the person concerned revokes their consent.
For pre-contractual and contractual purposes in accordance with Article 6 Paragraph 1 Letter b GDPR, the data will be stored until the contract is terminated.
If we have an overriding legitimate interest in accordance with Article 6 Paragraph 1 Letter f of the GDPR, the data will be stored until the data subject exercises his or her right to object in accordance with Article 21 Paragraph 1 of the GDPR, unless we can provide compelling legitimate reasons for the processing prove that the interests, rights and freedoms of the data subject outweigh the data subject, or the processing serves to assert, exercise or defend legal claims.
In the case of direct advertising in accordance with Article 6 Paragraph 1 Letter f of the GDPR, the data will be stored until the person concerned exercises their right to object in accordance with Article 21 Paragraph 2 and 3 of the GDPR.
Furthermore, personal data will only be stored for as long as there is a legal reason for storage.
VII. Source of personal data
We process personal data that we have received from you or the recipients of personal data.
VIII. Obligation to provide data
As part of the performance of our contractually or legally assumed obligations, you as the data subject may be legally obliged to provide our company with information and personal data that is necessary for the establishment, implementation and termination of the contractual relationship and the fulfillment of the associated contractual obligations or for the collection thereof we are legally obliged. Without this data, we will usually have to refuse to conclude the contract or will no longer be able to carry out an existing contract and may have to terminate it.
DATA PROTECTION
Privacy Information
This page contains information about how we handle personal data on our website.
I. Scope
With this document, the person responsible would like to fulfill his information obligations towards those affected in accordance with Article 13 of the General Data Protection Regulation (GDPR). This data protection information is published at https://blog.findeling.de/datenpolitik and has been valid since January 2022. Due to the further development of our website or due to changed legal or official requirements, it may become necessary to change this data protection information. The amended version will be announced to you here.
II. Who is responsible for data processing?
The person responsible for data processing according to Art. 4 No. 7 GDPR is:
Oliver Bock, Findeling GmbH, Stresemannstraße, 22761 Hamburg, telephone: 049/ 1739977353, email: oliver.bock@findeling.com. The full imprint is available at the following link: https://blog.findeling.de/impressum/
III. What do we process your data for?
III.1. Log files / hosting
If you visit our website without registering or otherwise providing us with information, we only collect the following data, which your browser transmits to our server (so-called “server log files”):
The individual pages of our website (URL)
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (possibly in anonymized form)
Our website is stored by a hosting provider and made available for retrieval. The web server used stores the aforementioned server log files.
Purpose of processing: Hosting the website
Legal basis and legitimate interests: Processing is carried out on the basis of our overriding legitimate interest (Art. 6 Para. 1 lit. f GDPR) in the security and stability of our internet presence by commissioning a service provider to provide infrastructure and platform services, computing capacity, storage space and database services , security services and technical maintenance services
Data recipient: WordPress Ltd., https://wordpress.com/
Data protection information from WordPress Ltd.: https://automattic.com/de/privacy/
Third country transfer: Wix.com Ltd. is based in Israel. In this regard, the European Commission decided that Israel provides adequate protection for personal data of citizens from EU member states.
IV.2. Cookies
IV.2.a. General
(aa) Definitions
Below you will find extensive information about so-called “cookies” and other storage technologies (“Web Storage”). This is information that is often stored in databases on your device. Any type of “cookie” or “web storage” may contain personal data. In many cases, however, the data is pseudonymized. The following terms may be used below:
First-party cookie: This cookie is stored or modified by the website you are currently browsing
Third-party cookie: This cookie is stored or modified by third parties with whom the website operator is connected (e.g. an advertising network, a social media platform, etc.)
Session cookie: This cookie is deleted from your device when you close the browser. A session cookie often only stores a session ID in order to assign multiple requests from a user on a page to their session
Persistent cookie: This cookie is stored on your device until its validity expires or you delete it manually or automatically in the browser
Strictly necessary: Without this cookie and web storage, the service you requested cannot be provided
Optional: This cookie and web storage enables us to use additional functions and is only used if you give your consent
Local Storage: Belongs to the so-called “web storage”. This information is also stored in your web browser until manually deleted.
Session Storage: Belongs to the so-called “web storage”. This information is also stored in your web browser until you close the browser window.
(bb) Legal basis
Strictly necessary cookies and web storage: The storage of information and access to it are based on the legal basis of Section 25 (2) No. 2 TTDSG.
Optional cookies and web storage: The storage of information and access to it are based on the legal basis of your individual, personal and voluntary consent in accordance with Section 25 (1) TTDSG in conjunction with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with future effect. Data processing remains lawful until revocation. Please note that if you do not accept optional cookies, individual functions of our website may be restricted
(cc) Data recipient / access option
First-party cookies: Only we as the data controller and site operator have access to these.
Third-party cookies: Only the third party who has set these cookies themselves has access to this. For example, only Google has access to a cookie set by Google and can read or change it.
Web storage: Only we as those responsible for data processing and site operators have access to this.
(dd) storage period
Session cookies: These only remain temporarily stored in your browser until the end of the browser session or can be deleted by you beforehand.
Persistent cookies: These remain stored on your device for as long as specified for the respective cookie or can be deleted by you beforehand.
Local storage: This remains stored until manually deleted.
Session storage: This remains stored until the browser window is closed.
The exact storage period is stated under “Cookies used and web storage”.
(ee) Deletion options / objection
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehne
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/
A general objection to the use of cookies used for online marketing purposes can be made for a large number of services, especially in the case of tracking, via the US website https://www.aboutads.info/choices/ or the EU website https://www.youronlinechoices.com/ can be explained.
IV.2.b. Cookies used
In the following overview we list the absolutely necessary first-party cookies used on our website and the purpose of data processing:
consent policy (Persistent Cookie)
Purpose: Stores the user's cookie preferences
Validity period: 1 year
hs (session cookie)
Purpose: Used for security reasons
Validity period: Until the end of the browser session
smSession (Persistent Cookie)
Purpose: Used to identify logged in website members
Validity period: 2 weeks
ssr caching (persistent cookie)
Purpose: Used to display the system that rendered the website
Validity period: 1 min.
svSession (Persistent Cookie)
Purpose: Used in conjunction with user login
Validity period: 2 years
XSRF TOKEN (session cookie)
Purpose: Used for security reasons
Validity period: Until the end of the browser session
In the following overview we list the optional third-party cookies from Wix used on our website and the purpose of data processing:
bSession (Persistent Cookie)
Purpose: Used for measuring system effectiveness
Validity period: 20 minutes
TS* (session cookie)
Purpose: Used for security and anti-fraud purposes
Validity period: Until the end of the browser session
In the following overview we list the optional third-party cookies from Google used on our website and the purpose of data processing:
_ga (Persistent Cookie)
Purpose: Registers a unique ID that is used to generate statistical data about how the visitor uses the website.
Validity period: 2 years
_gid (Persistent Cookie)
Purpose: Registers a unique ID that is used to generate statistical data about how the visitor uses the website.
Validity period: 1 day
_gat_gtag_UA (Persistent Cookie)
Purpose: Used by Google Analytics to limit request rate.
Validity period: 1 minute
IV.3. contact
If you contact us (e.g. via contact form, email, telephone, fax), personal data will be collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. Without this mandatory information we cannot process your request. All other details are optional.
Purpose of processing: Answering your request
Legal basis: Art. 6 Paragraph 1 Letter b GDPR for pre- or contractual matters. Art. 6 Para. 1 lit. a GDPR for your voluntary information.
Recipient of the data: Email service provider for emails, hosting provider for contact form requests
Storage period: Your data will be deleted after your request has been processed. This is the case if it can be seen from the circumstances that the matter in question has been conclusively clarified and if there are no legal retention obligations to the contrary. For pre- and contractual matters, your request will be stored until the contract is terminated and processing will then be restricted. If there is no longer a legal reason for storage, the data will be deleted.
IV.4. Chat
Intercom by Intercom R&D Unlimited Company
Our website uses technologies from Intercom R&D Unlimited Company. For this purpose, anonymized data is collected and stored for the purpose of web analysis and to operate the live chat system to answer live support requests. Usage profiles can be created from this anonymized data under a pseudonym.
Data recipient: 2nd Floor, Stephen Court, 18-21 Saint Stephen's Green, Dublin 2; Intercom, Inc. a Delaware corporation with offices at 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA
Intercom’s privacy policy: https://www.intercom.com/legal/privacy
Legal basis and legitimate interests: The data is passed on based on our overriding legitimate interest (Art. 6 Para. 1 lit. f GDPR) in the security and stability of a professional live chat system.
Transfer to third countries: The data is processed outside the scope of the European Union, in Israel.
Storage period: Regarding the storage period at Wix, we refer to their data protection declaration. We store your data until your request has been processed. If the inquiry leads to a contract being concluded, the storage period applies to customers.
IV.5. Newsletter
We send newsletters by email to our customers with information about our company, our products, services, promotions and offers. The newsletter is sent out monthly at most.
Purpose of processing: direct marketing, customer communication
Legal basis and legitimate interests: The sending is based on our legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) in regular customer communication and sales promotion through direct marketing.
Right to object (opt-out): You can object to the sending of our newsletter at any time with effect for the future by informing us by email (see above under Responsible person) or by clicking on the link that can be found at the end of each newsletter .
Storage period: Your data will be stored until you object. They will then be restricted in processing and blocked from further sending the newsletter.
If named below, we use the following service providers:
Mailchimp
The newsletter service provider uses cookies and other tracking technologies to collect and process the following data in addition to the email address and, if applicable, the names of the newsletter recipients:
IP address, device information (hardware, operating system, web browser, unique device identifier), connection information and device locations
The newsletters sent contain so-called web beacons, which record the recipient's interaction with the newsletter (e.g. opening the newsletter, clicking on links contained therein).
Data recipient: The Rocket Science Group (Mailchimp), LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA
Mailchimp privacy policy: https://www.intuit.com/privacy/statement/
Legal basis and legitimate interests: The data is passed on on the basis of our overriding legitimate interest (Art. 6 Para. 1 lit. f GDPR) in the security and stability of a legally compliant newsletter system including automated double opt-in and verifiability of user registrations.
Transfer to third countries: The data is processed outside the scope of the European Union, in Israel.
Appropriate safeguards: With regard to Israel, the European Commission decided that Israel offers adequate protection for personal data of citizens from EU member states (Article 45 GDPR).
Storage period: Your data will be stored until you revoke your consent. Afterwards, their processing will be restricted and stored for up to three years in order to be able to provide legal proof of previously given consent.
IV.6. Events
For booking events, we have integrated a booking mask on certain pages of our website, which can be used to book tickets. Our events are held on site and online. The information on the event overview is decisive.
Purpose of processing: Implementation of the event, billing if necessary
Legal basis: Registration for the event constitutes a contract in accordance with Article 6 Paragraph 1 Letter b GDPR.
Data recipient: The registration data will be forwarded to the people or companies involved in these tasks for planning, organization, implementation and, if necessary, billing. If this involves order processing, we have concluded an order processing agreement with these companies in accordance with Art. 28 GDPR in order to secure your personal data.
Storage period: We store the registration data until the event has been completed and for 3 years beyond if it is a paid event.
With regard to online events, reference is made to data processing by Google:
Video conference via Google Meet
When using Google Meet, the following data is processed:
User information: First name, last name, telephone (optional), email address, password (if single sign-on is not used), profile picture (optional), department (optional)
Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialing in with the telephone: information about the incoming and outgoing phone number, country name, start and end time. If necessary, additional connection data such as the IP address of the device can be saved.
Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make will be processed in order to display them in the “online meeting” and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your device and any video camera on the device are processed for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the Google Meet applications.
In order to take part in an “online meeting” or enter the “meeting room”, you must at least provide information about your name.
Purpose of processing: We use the Google Meet tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). Google Meet is a service provided by Google Inc., which is based in the USA.
Responsible person: We are primarily responsible for the use of Google Meet. If you access Google via their website, the responsible party is: Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Legal basis and legitimate interests: If the events are carried out within the framework of a contract, Art. 6 Para. 1 lit. b) GDPR is the legal basis. If the online meeting is not carried out on the basis of a contract, the legal basis is Article 6 Paragraph 1 Letter f) GDPR. Our overriding legitimate interest is in the effective, stable, secure and professional conduct of “online meetings”, telephone conferences, video conferences and webinars.
Data recipient: Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google privacy policy: https://policies.google.com/privacy?
Transfer to third countries: The data is processed outside the scope of the European Union, in the USA.
IV.7. Photo/video recordings at events
If you take part in a face-to-face event organized by us, photos or video recordings of the participants can be taken as part of this event, which will be published together with information about the location, time and purpose of the event.
Purpose of data processing: Documentation of the event for publication on our company website, our social media profiles and company brochures for advertising purposes.
Legal basis: Art. 6 Paragraph 1 Sentence 1 Letter f GDPR
Legitimate interests: advertising our company, public relations, direct advertising
Data recipient: possibly photographer; advertising agency
Storage period: Recordings that are not used after the event will be deleted immediately.
IV.8. Social media
Our website uses social plugins from various social networks. In order to increase the protection of your data when you visit our website, these buttons are not fully integrated into the page as plugins, but rather simply using an HTML link. This type of integration ensures that when you access a page on our website that contains such buttons, no connection is established to the servers of the respective social network. When you click the button, a new browser window will open and go to the social network page. If necessary, after entering your login data, you can then carry out the function provided (e.g. “like” or “share”).
By clicking on the respective plugin, you give us your personal consent to transfer data to the respective social network. In particular, your IP address will be transmitted to the respective social network. The legal basis for this is Article 6 Paragraph 1 Letter a GDPR. You have the right to revoke your consent at any time. Data processing remains lawful until revocation. The revocation only applies to the future.
The following social networks are used:
Instagram is a service from Facebook
Data recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Instagram”), parent company: Facebook Inc., 1 Hacker Way, 94025 Menlo Park, California, USA
Instagram privacy policy: https://instagram.com/about/legal/privacy
Transfer to third countries: Unless anonymized data is transferred to Facebook Inc., data processing takes place in the USA.
Objection: Further settings and objections to the use of data for advertising purposes are possible within the Instagram profile settings: https://www.instagram.com/accounts/privacy_and_security/
IV.9. Opening a customer account
If you open a personal customer account with us for future orders, the following provisions apply:
Purpose of processing: User agreement for the personal customer account.
Legal basis: Contract in accordance with Article 6 Paragraph 1 Letter b GDPR. Your consent applies to the data you provide voluntarily in accordance with Article 6 Paragraph 1 Letter a of the GDPR.
Obligation to provide: The mandatory information can be found on the registration form. Without this information we cannot open an account for you.
Data recipient: The customer account is managed via our online shop. This is operated by our web host (see above).
Storage period: Your data in the customer account will be stored for as long as the usage contract with us exists. Voluntary information will be stored until you revoke your consent. Afterwards, their processing will be restricted and stored for up to three years in order to be able to provide legal proof of previously given consent. This is done on the basis of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) in the verifiability of data protection compliance.
IV.10. Ordering goods or services
IV.10.a. General
WooCommerce by WordPress Ltd.
Our website uses WooCommerce by WordPress Ltd., a WordPress service to enable professional order processing via our website,
Purpose of processing: Execution of your order.
Legal basis: Contract in accordance with Article 6 Paragraph 1 Letter b GDPR. Your consent applies to the data you provide voluntarily in accordance with Article 6 Paragraph 1 Letter a of the GDPR. For other processing, Article 6 Paragraph 1 Letter f GDPR applies.
Legitimate interests: debt collection and enforcement; Measures for business management and further development of services and products
Data recipient: WooCommerce Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland
WooCommerce Ireland Ltd. privacy policy: https://automattic.com/privacy/
Transfer to third countries: The data is processed outside the scope of the European Union, in Israel.
Storage period: Regarding the storage period at Wix, we refer to their data protection declaration. We will store the data until the request has been processed. If the request is followed by a contractual relationship, the storage period for customer data applies.
IV.10.b. Payment processing
Purpose of processing: Execution of the order. Processing the payment.
Legal basis: Contract in accordance with Article 6 Paragraph 1 Letter b GDPR.
Obligation to provide: Depending on the payment method you choose, you must provide us or the payment service provider with the required payment data.
Data recipient: The payment service providers used are listed below:
PayPal
Service provider: PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg, https://www.paypal.com/de
PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Credit report: PayPal reserves the right to carry out a credit report for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment in installments” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). To the extent that score values are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.
IV.10.c. Direct mail
Purpose of processing: direct advertising, sales promotion
Legal basis: Our overriding legitimate interest according to Art. 6 Para. 1 lit. f GDPR
Legitimate interests: direct advertising, sales promotion
Data recipient: agency, letter shop
IV.10.e. Legal obligation
Purpose of processing: Fulfillment of legal obligations (e.g. information, notification, disclosure and retention obligations, payment of taxes and duties)
Legal basis: The respective legal regulations apply in conjunction with Art. 6 Para. 1 lit. c GDPR.
Data recipients: Authorities, state institutions, lawyers, tax advisors, if applicable data protection officer
IV.11. Web analytics
Google Analytics
Our website uses Google Analytics, a web analysis service provided by Google Ireland Ltd. (Google). Google Analytics uses so-called “cookies”. This is information that is often stored in databases on your device and allows your use of the website to be analyzed. The information generated by the cookie about users' use of this website is usually transferred to Google's parent company in the USA and stored there.
Our website uses Google Analytics exclusively with the extension “_anonymizeIp()”, which ensures that the IP address is anonymized by shortening it and excludes any direct reference to a person. Through the extension, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google's parent company in the USA and shortened there.
Purposes of processing: Tracking (e.g. interest/behavior-related profiling), visit action evaluation, interest-based and behavioral marketing, profiling (creation of user profiles), conversion measurement (measuring the effectiveness of marketing measures), reach measurement (e.g. access statistics, recognition of returning visitors). These purposes apply to both us and Google and its parent company.
Legal basis: For the use of Google Analytics, you may give us your consent in accordance with Art Undo selection for “Marketing” or “Google Analytics”.
Storage period: We store the anonymized data obtained in this way for a maximum period of 14 months. The data is then automatically deleted. Regarding the storage period by Google, we refer to their data protection declaration.
Objection / Opt-Out: You can object to the collection of your data by installing a browser add-on to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de
Here you can decide for yourself which data should be used by Google: https://g.co/privacytools
You can also deactivate personalized advertising directly from Google: https://www.google.com/settings/ads/onweb/
Further information from Google on how you can block certain advertising can be found here: https://support.google.com/ads/answer/2662922?hl=de
You can also store your preferences regarding online advertising across providers here: https://www.youronlinechoices.com/de/
Alternatively, you can use the Network Advertising Initiative administrative page: http://www.networkadvertising.org/consumer/opt_out.asp
Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google privacy policy: https://policies.google.com/privacy
Google privacy information for Google Analytics: https://policies.google.com/technologies/partner-sites
Transfer to third countries: Unless anonymized data is transferred to Google LLC, data processing also takes place in the USA.
We have worked with Google Ireland Ltd. As a processor, the following agreement has been concluded: https://business.safety.google/adsprocessorterms/ This also contains the EU standard contractual clauses, which are to be viewed as suitable guarantees in accordance with Art. 46 (2) c GDPR.
Google Tag Manager
We use Google Tag Manager from Google on our website. Google Tag Manager is an online tool with which we can integrate and manage website tags centrally and via a user interface. Tags are small sections of code that, for example, record your activities on our website. For this purpose, JavaScript code sections are inserted into the source code of our website. The tags come from Google Ads or Google Analytics, for example, but tags from other companies can also be integrated and managed via the manager. Such tags perform different tasks. You can collect browser data, embed buttons, set cookies and also track users across multiple websites. In the Tag Manager account settings, we have allowed Google to receive anonymized data from us. However, this only concerns the use and use of our tag manager and not your data, which is stored via the code sections.
Purposes of processing: Tracking (e.g. interest/behavior-related profiling), visit action evaluation, interest-based and behavioral marketing, profiling (creation of user profiles), conversion measurement (measuring the effectiveness of marketing measures), reach measurement (e.g. access statistics, recognition of returning visitors). These purposes apply to both us and Google and its parent company. As far as we know, Google also uses the data collected in this way (anonymized) for its own purposes. In this respect, we refer to Google’s data protection declaration.
Legal basis and legitimate interests: For the integration of the Google Tag Manager on our website, this processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. The various tags are then used in accordance with the separately described sections with the express consent of the user.
Storage period: Regarding the storage period by Google, we refer to their data protection declaration.
Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google privacy policy: https://policies.google.com/privacy
Transfer to third countries: Unless anonymized data is transferred to Google LLC, data processing takes place in the USA.
IV.12. Web fonts
Our website uses so-called web fonts, which are provided by the respective provider, for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to the servers of the respective provider. This gives the provider knowledge that our website was accessed via your IP address. If your browser does not support web fonts, a default font will be loaded from your computer.
Purpose of processing: Uniform presentation of our internet presence in all media
Legal basis and legitimate interests: The integration is based on our legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) in the technically secure, maintenance-free and efficient use of fonts, their uniform presentation and taking into account possible licensing restrictions for their integration.
We use web fonts from the following providers:
Data recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Google privacy policy: https://policies.google.com/privacy
Transfer to third countries: Unless anonymized data is transferred to Google LLC, data processing takes place in the USA.
What data protection rights do I have?
As a data subject, you have the following rights:
Confirmation of data processing: You have the right to request confirmation from us as to whether your personal data is being processed. The requirements for this can be found in Art. 15 GDPR;
Information: You have the right to request information about your personal data processed by us. The requirements for this can be found in Art. 15 GDPR;
Rectification: You have the right to request that incorrect personal data concerning you be corrected immediately. The requirements for this can be found in Art. 16 GDPR;
Deletion: You have the right to request the immediate deletion of personal data concerning you. The requirements for this can be found in Art. 17 GDPR;
Restriction of processing: You have the right to request that the processing of your personal data be restricted. The requirements for this can be found in Art. 18 GDPR;
Data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to have us transmit this data to another person responsible. The requirements for this can be found in Art. 20 GDPR;
Revocation of consent: You have the right to revoke your consent at any time if the processing is based on Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR. Data processing remains lawful until revocation. The revocation only applies to the future. The requirements for this can be found in Art. 7 (3) GDPR;
Complaint: You have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. The requirements for this can be found in Art. 77 GDPR. You can contact the supervisory authority responsible for the person responsible or the one in your country or federal state. You can find a list of all supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which we process based on our overriding legitimate interest (Art. 6 (1) lit. e or f GDPR). to make an impact for the future; This also applies to profiling based on this provision within the meaning of Article 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right to object to the processing of data for the purposes of direct advertising and product reviews
We collect and process your personal data to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
In individual cases, we process and use your personal data to send you a product review and/or other review requests by email that are solely related to your purchase, completion and/or other analogous transactions. In this context, we may also use your email address and/or your postal address to send you product recommendations by email and/or post about similar goods and/or services we offer. You will receive these review requests and product recommendations from us regardless of whether you have subscribed to a newsletter.
Exercising the objection: You can respond to these review requests and product recommendations at any time by letter to Oliver Bock, Goldbock Unternehmensbetreuung, Jahnstraße 13, 64665 Alsbach-Hähnlein or by email to oliver.bock@goldbock.com and/or at the end of each review and /or product recommendation email with effect for the future without incurring any additional costs other than the respective transmission costs according to the basic tariffs. Your right to object automatically also applies to possible profiling to the extent that it is related to such direct advertising. If you object to processing for the purposes of product reviews and/or other review requests and/or product recommendations, we will no longer process your personal data for these purposes with effect from the future.
If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes with effect from the future.
VI. How long will my data be stored?
Unless otherwise stipulated above, the following criteria apply to determine the storage period:
If consent is given in accordance with Article 6 Paragraph 1 Letter a of the GDPR, the data will be stored until the person concerned revokes their consent.
For pre-contractual and contractual purposes in accordance with Article 6 Paragraph 1 Letter b GDPR, the data will be stored until the contract is terminated.
If we have an overriding legitimate interest in accordance with Article 6 Paragraph 1 Letter f of the GDPR, the data will be stored until the data subject exercises his or her right to object in accordance with Article 21 Paragraph 1 of the GDPR, unless we can provide compelling legitimate reasons for the processing prove that the interests, rights and freedoms of the data subject outweigh the data subject, or the processing serves to assert, exercise or defend legal claims.
In the case of direct advertising in accordance with Article 6 Paragraph 1 Letter f of the GDPR, the data will be stored until the person concerned exercises their right to object in accordance with Article 21 Paragraph 2 and 3 of the GDPR.
Furthermore, personal data will only be stored for as long as there is a legal reason for storage.
VII. Source of personal data
We process personal data that we have received from you or the recipients of personal data.
VIII. Obligation to provide data
As part of the performance of our contractually or legally assumed obligations, you as the data subject may be legally obliged to provide our company with information and personal data that is necessary for the establishment, implementation and termination of the contractual relationship and the fulfillment of the associated contractual obligations or for the collection thereof we are legally obliged. Without this data, we will usually have to refuse to conclude the contract or will no longer be able to carry out an existing contract and may have to terminate it.