Data protection

We attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer you our website and our services. In accordance with Art. 13 GDPR, we describe in this declaration which data we use, in what way, for what purpose and to what extent, and what options and rights you have in connection with the use of your personal data.

1. responsible body

hey sleepy GmbH, represented by the Managing Director Theresa Schabert, Mühlenstraße 8A, 14167 Berlin, is responsible for compliance with data protection on our website. We have not appointed a data protection officer.

We will be happy to answer any data protection queries you may have. You have the following contact options:

Telephone: 0049 30 75438644

E-mail: info@lottili.de

2. data collection on our website

Server log files

When you visit our website, information is automatically transmitted by your browser to the server of our website. This information is only stored for a short time in a so-called log file and is automatically deleted.

This includes the following data:

Your IP address,
date and time of access,
the name and URL of the file you have accessed,
the website from which the request was made (referrer URL),
Information about the browser and operating system you are using,
the name of your access provider.

This data is used to ensure a smooth connection and convenient use of our website and to evaluate system security and stability.

The legal basis for data processing results from Art. 6 para. 1 sentence 1 lit. f GDPR, as we have a legitimate interest in data collection for the aforementioned purposes. In addition, a legal basis also arises from Art. 6 para. 1 lit. b GDPR for the processing of data for the fulfillment of a contract or pre-contractual measures.

The data is not used to draw conclusions about your person.

Hosting of the website using Shopify

Our website was created with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify") and is hosted on Shopify's servers. This is done on the basis of an order processing contract between Shopify and us pursuant to Art. 26 GDPR and on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR. GDPR for the creation and operation of our website.

Further information can be found at:

https://www.shopify.de/legal/datenschutz.

Contact form/ Communication by email

You will find a contact form on our website. We would like to give our customers the opportunity to contact us in an uncomplicated way. You can also write to us directly by e-mail. If you would like to use our contact form, you must enter your name and a valid e-mail address. If you write to us by e-mail, we will receive your e-mail address. All other data provided is optional. The data is collected for the purpose of initiating or implementing contractual relationships in accordance with Art. 6 para. 1 lit. b GDPR. If your request is not aimed at initiating or executing a contract, we still have a legitimate interest in processing and responding to your request. The use of personal data for this purpose is therefore based on Art. 6 para. 1 lit. f GDPR.

We use the data you provide exclusively to process your request. If this relates to the initiation or execution of business, we will delete your data in accordance with our company-internal deletion periods.

If your inquiry relates to another purpose, we will delete your data after processing, unless there is another legal basis for data storage.

Processing of customer and contract data

For the purpose of initiating business, concluding a contract and fulfilling the contract, we use your personal data required for this purpose in accordance with Art. 6 para. 1 lit. b GDPR.

Data will only be transferred to third parties if this is necessary for the fulfillment of the contract, e.g. if a company has been commissioned for production or transport services or a credit institution for payment processing.

This personal data is deleted after the expiry of the statutory warranty periods or after the end of statutory retention periods.

You can also create a user account with us. This requires you to provide the data requested during registration. In the user account, you can then view the profile data you have entered and stored as well as information on orders or products you have reserved. The user account is not publicly accessible. If you delete your user account, all data will be deleted, except for data that we are obliged to retain under commercial and tax law in accordance with Art. 6 para. 1 lit. f GDPR.

For every login, registration, order or other binding action, we store your IP address as well as the date and time. This is done for your protection and in accordance with Art. 6 para. 1 lit. f GDPR out of our legitimate interest in proving that a claim has arisen and to prevent misuse or unauthorized use of our system.

Furthermore, within the scope of your consent pursuant to Art. 6 para. 1 lit. a. GDPR, a cookie can be set which stores your data so that it is automatically entered on your next visit.

Processing by payment service providers

In the case of chargeable services, we process your personal data, in particular payment data (account, credit card and other bank data) on the basis of Art. 6 para. 1 lit. b GDPR. This is done for the purpose of executing the contract (payment processing/accounting). If necessary, your payment data will be transmitted to service providers (credit institutions, payment providers, accounting service providers) or processed directly by them for the payment transaction and for billing purposes.

Your payment data will be stored for the duration of the contractual relationship and deleted after the contractual relationship has ended (until all mutual contractual obligations have been completed), unless there is another legal basis for data storage.

We use the following payment providers:

PayPal

Klarna

Apple Pay

You can find more information about Apple Pay at https://www.apple.com/de/apple-pay/

Shopify Payments

Mollie Payments

Review reminder by Reviews.io

During or after your order, you can give your consent in accordance with Art. 6 para. 1 lit. a GDPR for us to send you a review reminder by e-mail. For this we use the tool of REVIEWS.io 2020 GmbH, Stralauer Allee 6, 10245 Berlin. Your data will be passed on to REVIEWS.io 2020 GmbH within the framework of an order processing agreement. You can revoke your consent to this at any time by sending a message to the data controller or by contacting REVIEWS.io 2020 GmbH directly.

SendCloud

The delivery of your order is processed via the shipping portal "SendCloud" (SendCloud GmbH, Kanalstr. 10, 80538 Munich). In accordance with Article 6(1)(b) of the General Data Protection Regulation (GDPR), we transmit your data to SendCloud exclusively for the purpose of processing your online order. Your data will only be passed on if this is actually necessary to carry out the shipping process.

Further information on data protection at SendCloud can be found on their website at www.sendcloud.de/datenschutz/.

Shipping processing via easyDHL

For the purpose of shipping processing via DHL, we use the "easyDHL" service of 247APPS, Stefan Neuser Dipl. Ing. IT (FH), Langenaustraße, 116, 56070 Koblenz, Germany, on our website. Data processing is carried out in accordance with Art. 6 para. 1 lit. b b of the General Data Protection Regulation (GDPR). The app is used to create an interface between our Shop and DHL is enabled. Via easyDHL, the first and last name, company name, address, e-mail address and telephone number of the ordering party are processed by 247APPS and transmitted to DHL, insofar as the shipment is made via DHL. Once the data transfer to the DHL shipping interface has been successfully completed, the data is automatically deleted in the easyDHL app. The data is only processed by 247APPS for the above-mentioned purpose. We have concluded an order processing agreement with 247APPS for this purpose.

Subscription function via Paywhirl

On our website, we offer our customers the option of taking out a subscription for certain products. To conclude, process and manage subscriptions, we have integrated the Paywhirl service, Paywhirl Inc, 9452 Telephone Rd #140, Ventura, CA 93004, USA, www.paywhirl.com on our website. Your data is processed for the conclusion and processing of subscription contracts for recurring deliveries of goods in accordance with Art. 6 para. 1 lit. b GDPR.

When you place your subscription order, the data required to fulfill the contract (surname, first name, address, email address, customer account) will be transmitted to Paywhirl to manage the subscriptions. The information required for payment is taken directly from our online shop.Shop to the selected payment service provider, but not stored by Paywhirl.

The data transfer to Paywhirl takes place in compliance with officially recognized special contractual obligations (so-called "standard contractual clauses") within the framework of an order processing contract with Paywhirl. Paywhirl has subjected itself to European data protection law.

Further information on data protection at Paywhirl can be found at https://app.paywhirl.com/privacy and in the company's General Terms and Conditions at https://app.paywhirl.com/terms.

Rental checkout and subscription management via Circuly

On this website we use for our Checkout and Subscription Management circuly. circuly is a software company from Germany with headquarters in Germany, 33602 Bielefeld, Obernstr. 50, Phone: +49 176 552 884 77. circuly is an integrated software solution that covers various aspects of our subscription management. These include, among others: Checkout, customer login, invoices and payment processing, communication, returns management and reporting. This information is stored on the servers of our software partner circuly stored on servers of our software partner circuly. It can be used by us to contact our customers and to provide our subscription services. All information collected by us is subject to this privacy policy. We use all information collected exclusively to process the (subscription) order.

Legal basis

The legal basis for the use of the services of circuly is Art. 6 para. 1 lit. f) GDPR (legitimate interest). Our legitimate interest in using this service is the efficient and customer-friendly processing of subscription contracts.

Recipient

The recipient is circuly GmbH, Obernstr. 50, 33602 Bielefeld, Germany.

Transmission to third countries

By using the service, personal data may be transferred to a third country. In the event of a transfer of personal data, the provider ensures the level of protection of the GDPR by complying with Art. 44 et seq. GDPR. If there is no adequacy decision with the third country in which the data importer is based, the transfer is subject to appropriate safeguards. If you have any questions, please contact our data protection officer.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you withdraw your consent or request the deletion of your personal data.

Possibility of objection

In accordance with Art. 21 (1) GDPR, you have the right to object to the processing of your personal data at any time. If you exercise your right, processing for this purpose will no longer take place. Further information on this can be found above in our privacy policy under "Rights of data subjects".

Contractual or legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information via link

https://www.circuly.io/data-privacy
https://www.circuly.io/data-processing-agreement

Creditworthiness check via CRIF

We transmit personal data collected within the scope of this contractual relationship to CRIF GmbH, Leopoldstraße 244, 80807 Munich, Germany.

The legal basis for this transfer is Article 6(1) sentence 1(b) and (f) of the General Data Protection Regulation (GDPR). The data exchange with CRIF GmbH also serves to fulfill legal obligations to carry out creditworthiness checks (Sections 505a and 506 of the German Civil Code).

CRIF GmbH processes the data received and also uses it for the purpose of profiling (scoring) in order to provide its contractual partners in the European Economic Area and Switzerland and, if necessary, other information, including for assessing the creditworthiness of natural persons. The transfer of personal data to countries outside the European Economic Area is carried out in accordance with the requirements of the European Commission. Further information on the activities of CRIF GmbH can be found in its information sheet or online at www.crif.de/datenschutz can be viewed online.

Newsletter

On our website, you have the option of subscribing to a free newsletter for the purpose of direct advertising. When you register for the newsletter, your name and e-mail address from the input mask are transmitted to us. Your IP address and the date and time of registration are also used. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given consent.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address is therefore stored for as long as the subscription to the newsletter is active.

If you have entered into a contractual relationship with us on our website and enter your e-mail address, we may subsequently use it to send you a newsletter for the purpose of direct advertising. In such a case, the newsletter will only be used to send direct advertising for our own similar goods or services. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter.

E-mails are sent in compliance with officially recognized special contractual obligations (so-called "standard contractual clauses") as part of an order processing contract using Klaviyo, a mailing tool (Klaviyo, 225 Franklin St, Boston, MA 02110, USA). Klaviyo has subjected itself to European data protection law.

Further information on data protection can be found at https://www.klaviyo.com/privacy

Use of data for advertising purposes

On our website, you can also give your consent to be contacted by us for the purpose of direct advertising. When you give your consent, your data from the input screen will be transmitted to us. Your IP address and the date and time of consent are also used. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy. The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address will therefore be stored as long as you have not withdrawn your consent.

If you have entered into a contractual relationship with us on our website and enter your e-mail address, we may subsequently use it to send you a newsletter for the purpose of direct advertising. In such a case, the newsletter will only be used to send direct advertising for our own similar goods or services. The legal basis for sending direct advertising as a result of the sale of goods or services is Art. 6 para. 1 lit. f i.V.m. § Section 7 (3) UWG.

The user concerned can unsubscribe from receiving advertising at any time. For this purpose, the user can send us an email using the contact details above.

Our website contains cookies. Cookies are small text files that are stored on your end device. They help us to make it easier for you to navigate through our website and enable the website to be displayed correctly. They are intended to support the user-friendliness of the website and are of course completely harmless for your end device. They temporarily collect information in connection with the device you are using and the software you are using. No conclusions about your identity are drawn from this.

For example, we use so-called "session cookies". These cookies are automatically deleted after your visit. We also use cookies that are stored on your end device, e.g. to make it easier for you to use our website on a subsequent visit and to recognize your browser on your next visit ("permanent cookies"). You can of course delete these cookies manually at any time.

We also use cookies to statistically record and evaluate the use of our website. This is done for the purpose of further optimizing our offer for you.

We also use cookies for pseudonymized reach measurement. You will be informed further about this below.

The cookies that are absolutely necessary for the operation of our website, i.e. without which our website cannot be displayed, are used for this purpose to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. These are automatically deleted after a defined period of time.

We use cookies that are required for the execution of contracts or for the contractually agreed use of our website in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. These are automatically deleted after a defined period of time.

The use of cookies that are not required as described above is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. Your consent can be revoked at any time with immediate effect. To do this, go to the settings of the browser you are using and select "Delete browser data", you must have selected "Cookies and other website data" and then remove them.

GDPR Legal Cookie by Shopify

We use "GDPR Legal Cookie by Shopify" to implement the technologies, third-party providers and data transfer outside the EU in compliance with data protection law. "GDPR Legal Cookie by Shopify" is a product of beeclever GmbH, Friedrich-Mohr-Straße 1, 56070 Koblenz (hereinafter referred to as "beeclever"). An order processing agreement has been concluded with beeclever GmbH in this context.

By using "GDPR Legal Cookie", we inform the users of our website about the use of technologies on our website and obtain the necessary consent from the users.

When consent is given, the following data is automatically logged by beeclever GmbH:

- the anonymized IP address of the user

- Date and time of consent

- User agent of the end user's browser

- the URL of the provider

- an anonymous, random and encrypted key

- the cookies authorized by the user (cookie status), which serves as proof of consent

The encrypted key and the cookie status are stored by a cookie on the user's end device in order to fulfill the selection made by the user on future page views. This cookie is automatically deleted after 12 months.

The use of this cookie is based on Art. 6 para. 1 lit. c GDPR to fulfill the legal requirements of the GDPR.

You can manage the settings for storing cookies or deleting cookies in your browser settings at any time.

Further information on data protection regarding the GDPR Legal Cookie by Shopify can be found here: https://apps.shopify.com/gdpr-legal-cookie.

Google Analytics

We use Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website on the basis of your consent (within the meaning of Art. 6 para. 1 lit. a GDPR). Google Analytics is used for the needs-based design and continuous optimization of our website as well as to statistically record and evaluate our website. In this context, pseudonymized user profiles are created and cookies are used. Information about your use of this website is recorded, such as

Your IP address,
date and time of access,
the name and URL of the file you have accessed,
the website from which the request was made (referrer URL),
Information about the browser and operating system you are using,
the name of your access provider.

If you have given your consent, this information will be transferred to a Google server in the USA and stored there. Please note that this is a data transfer to a country outside the EU. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

As described above, you can prevent the storage of cookies on your computer. You can also prevent Google from using the data collected by cookies by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Subject to legal or contractual permissions, we have Google process the data in a third country under the special conditions of Art. 44 et seq. GDPR are met. Google has submitted to the GDPR, i.e. the processing is carried out in compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

Google marketing and remarketing services

Based on your consent (within the meaning of Art. 6 para. 1 lit. a. GDPR), we use Google marketing and remarketing services on our website, hereinafter referred to as Google marketing services, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter referred to as Google. Google marketing services are used for the needs-based design and continuous optimization of our website as well as for analysis purposes and for the economic improvement of our online offering.

If you have given your consent, we can use Google marketing services to display targeted advertisements on our site and for our site on third-party sites in such a way that they are tailored to the potential interests of users. The ads can be customized so that the user receives offers on other sites that they have viewed on our site but not purchased (remarketing). For this purpose, a (re)marketing tag, a corresponding code from Google, is executed on our site and on sites on which Google marketing services are activated and the web pages are integrated. This code generates a cookie on your end device in which it is noted which websites you have visited as a user,

which content you are interested in and which offers you have completed or even just viewed. It also stores technical data such as browser, visit times and information on other pages visited. In addition, your IP address is transmitted to Google in anonymized form. It is also possible for Google to combine the data with data from other sources.

We use the Google Adwords service as part of these Google marketing services. By using Google Adwords, we can see what happens after a user clicks on the corresponding ad. This may, for example, be the purchase of a product, registration for a newsletter, a call to our company or the download of a file. Corresponding customer actions that we have defined are referred to as conversions. The conversion cookie is specifically tailored to us and cannot be tracked by other Adwords customers. These conversion cookies are important to us as they enable us to compile statistics on the use of all customers in order to optimize our offer even better. No information is used that can identify an individual user.

As part of Google marketing services, we can integrate third-party advertisements on our website using the Google "AdSense" service. AdSense uses cookies to enable Google's partner websites and Google itself to place ads based on users' visits to this website or other websites on the Internet.

As part of the Google marketing services, we can use the Google service Google Optimizer as part of so-called A/B testing to understand the effect of various changes to a website. Cookies are stored on users' devices for these test purposes. Only pseudonymous user data is processed.

As part of Google marketing services, we can integrate third-party advertisements into our website using the Google DoubleClick service. DoubleClick sets cookies for you. These cookies enable Google's partner websites to place ads based on users' visits to this website or other websites.

The Google Tag Manager, Google Datastudio and Search Console services are also used. We use these services to manage Google's marketing and analysis services on our website.

It is also possible for you to use the settings and opt-out options provided by Google if you wish to object to this processing.

You can find a corresponding link under: https://adssettings.google.com/authenticated

Further information on marketing services can be found on Google's overview page: https://policies.google.com/technologies/ads

Google's privacy policy can be found at: https://policies.google.com/privacy

Shopify Analytics

On the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR, we use the Shopify Analytics analysis tool from Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. In this context, in compliance with officially recognized special contractual obligations (so-called "standard contractual clauses"), personal data is transferred to Shopify International Limited Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland as part of an order processing contract, the information and data collected by these cookies on the use of our website and evaluated there in aggregated form. Shopify may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Shopify.

The parent company of Shopify International Limited is a Canadian company based in the capital city of Ottawa. In addition to European data protection law (GDPR), the Canadian Data Protection Act (PIPEDA), which has been declared appropriate by the European Commission, also applies to the processing and protection of data. Further information on data protection can be found at https://www.shopify.com/legal/privacy.

Further information on Shopify Analytics can be found at https://help.shopify.com/de/manual/reports-and-analytics/shopify-reports. You can find Shopify's privacy policy at https://www.shopify.de/legal/datenschutz.

Google Webfonts (stored locally)

On the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, we use Google Ajax & jQuery libraries, Google Web Fonts of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google", for the purpose of a customer-friendly and appealing presentation of our site. Fonts are retrieved by your browser from our server and loaded into the browser cache in order to display content, texts and fonts correctly. Information about your provider, operating system, browser and IP address may be transmitted to our server. As the web fonts are stored locally on our server, no data is transmitted to Google.

Meta Pixel

On the basis of your consent (within the meaning of Art. 6 para. 1 lit. a. GDPR), we use "Meta Pixel" from Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter "Meta". Meta Pixel is used for the needs-based design and continuous optimization and analysis of our website and our commercial offering. Meta Pixel enables us to display targeted advertising to Facebook users who also show or could show interest in our offer. In this way, our advertising reaches the users who are interested and is not annoying. It also enables us to carry out a static analysis for market research purposes. You can find more information on how Meta Pixel works here: https://de-de.facebook.com/business/help/742478679120153

The data collected by Meta Pixel is also processed in accordance with Facebook's data usage policy: https://www.facebook.com/policy.php

You have the right to object to the collection of data by Meta Pixel. To do so, please use the settings option regarding Facebook's usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings you make are not limited to one device, but are applied to all devices you use.

As described above, you can prevent the storage of cookies on your computer.

Facebook Conversion API

We have integrated the Facebook Conversion API on our website. The service provider is Meta Platforms Ireland Limited, based at 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected may also be transferred to the USA and other third countries.

The Facebook Conversion API enables us to track the interactions of website visitors with our website and transmit them to Facebook in order to improve the performance of our advertising on Facebook. The information collected primarily includes the time the website was accessed, the web page accessed, your IP address, your user agent and possibly other specific data such as the value of the shopping cart, the currency used or products purchased. You can find a detailed list of the data collected here: Link to the collected data.

The use of this service is based on your consent in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR) and Section 25(1) of the German Telemedia Act (TTDSG). You have the right to withdraw your consent at any time.

If personal data is collected on our website using this tool and passed on to Facebook, we are joint controllers together with Meta Platforms Ireland Limited in accordance with Article 26 of the GDPR. Our joint responsibility extends exclusively to the collection and transfer of data to Facebook. The processing of the data by Facebook after transmission does not fall under our joint responsibility. The obligations incumbent on us jointly are set out in a joint processing agreement. The exact wording of this agreement can be found here: Link to the joint processing agreement. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in accordance with data protection regulations. The data security of Facebook products is the responsibility of Facebook. If you wish to exercise your data subject rights (e.g. requests for information) in relation to the data processed by Facebook, you can contact Facebook directly. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

The transfer of data to the USA takes place on the basis of the European Commission's standard contractual clauses. You can find more information here: Link to the EU standard contractual clauses and Link to the Facebook privacy policy contains further information on the protection of your privacy.

Facebook Custom Audiences

We use Facebook Custom Audiences. The service provider of this tool is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our website or interact with our company's Facebook content, we collect your personal data through Facebook Custom Audiences. If you give us your consent to use Facebook Custom Audiences, we will transfer this data to Facebook so that Facebook can show you appropriate advertising. In addition, your data may be used to define target groups (lookalike audiences).

Facebook processes this data as our processor. You can find further information in Facebook's terms of use at Link to the Facebook Custom Audiences Terms of Use.

This service is used on the basis of your consent in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR) and Section 25(1) of the German Telemedia Act (TTDSG). You have the right to withdraw your consent at any time.

The transfer of data to the USA is based on the standard contractual clauses of the European Commission. Further information can be found here: Link to the EU standard contractual clauses for Facebook Custom Audiences and Link to the Facebook privacy policy.

Propel Replays

We use the web analysis service "Propel Replays" from Alcaris Inc 170-422 Richards St, Vancouver, BV V6B 2Z4, Canada on our website. The "Propel Replays" tool uses cookies and/or similar technologies such as tracking pixels, web beacons and algorithms to collect and store end device and browser information (IP address and browser details). This is done in pseudonymized form of the visitor data. The data collected is used for statistical analyses of user behaviour on our website and is used to create pseudonymized user profiles. Among other things, they enable the evaluation of movement patterns, such as heat maps, which show the duration of page visits and interactions with page content, such as text input, scrolling, clicking and mouse-overs. Pseudonymization ensures that no direct conclusions can be drawn about individuals, and there is no link to other personal data collected.

These described processing operations only take place if you have given us your express consent in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR). You have the right to withdraw your consent for the future at any time by deactivating the service via the "cookie consent tool" provided on the website.

We have concluded an order processing contract with the provider, which ensures the data protection interests of our website visitors and prohibits the unauthorized disclosure of data to third parties. If data is transferred to the provider's location, an adequate level of data protection is ensured in accordance with Article 45 of the GDPR by a decision of the European Commission.

3. social media channels

Facebook

We have created a fan page on the social network Facebook (address: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), hereinafter referred to as Facebook, and as the operator of this fan page we are considered jointly responsible with Facebook within the meaning of Art. 26 GDPR. Facebook offers us as the operator of a fan page to create anonymous statistics in the form of so-called page insights about the usage behavior of our fan page. For this purpose, Facebook installs and reads cookies on the user's end device.

We have agreed with Facebook that Facebook assumes primary responsibility under the GDPR for the processing of Insights data and fulfills all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). In addition, Meta Platforms Ireland Ltd. will make the essence of this Page Insights Addendum available to data subjects.

This addendum can be viewed here:

https://www.facebook.com/legal/terms/page_controller_addendum

We process the data collected via Facebook Insights on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in increasing our level of awareness by also providing information about our services and our company in the much-used social media. In particular, the modern and up-to-date presentation of our company is important to us.

You can find all further information on Facebook Insights here:

https://www.facebook.com/legal/terms/information_about_page_insights_data

Instagram

We have created a business profile on the social network Instagram (operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), hereinafter referred to as Facebook, and as the operator of this profile we are considered jointly responsible with Facebook within the meaning of Art. 26 GDPR. As the operator of an Instagram profile, Facebook offers us the opportunity to create anonymous statistics in the form of so-called page insights about the usage behavior of our profile. For this purpose, Facebook installs and reads cookies on the user's end device.

We have agreed with Facebook that Facebook assumes primary responsibility under the GDPR for the processing of Insights data and fulfills all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). In addition, Facebook will make the essence of this Page Insights Addendum available to the data subjects.

This addendum can be viewed here:

https://www.facebook.com/legal/terms/page_controller_addendum

You can find all further information on Facebook Insights here:

https://www.facebook.com/legal/terms/information_about_page_insights_data

4 Disclosure of data

Your personal data will generally not be transferred to third parties. However, data may be transmitted in exceptional cases for the following reasons:

insofar as you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR
insofar as the transfer is necessary pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and there is no overriding interest worthy of protection in not transferring your data
insofar as we are legally obliged to pass on the data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR
to the extent that disclosure pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR is permissible and necessary for the processing of contractual relationships with you

If your data is processed, e.g. in the case of external hosting, by third parties commissioned by us, this is done on the basis of Art. 28 GDPR by means of an order processing contract.

5. transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfill our (pre)contractual obligations on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests.

Subject to legal or contractual authorizations, we process or have the data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

Your data collected on this website will be transmitted to the USA by Google, META (Facebook) Propel Replays, PayWhirl and Klaviyo.

By accepting additional cookies or subscribing to newsletters, you consent to your data being processed in the USA in accordance with Art. 49 para. 1 sentence 1 lit. a GDPR.

6. rights of data subjects

Right to information Art. 15 GDPR

You have the right to request confirmation from us as to whether we are processing your personal data. If this is the case, you can request information about this personal data and about the following information:

the purposes of processing
the categories of personal data being processed
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing or a right to object to such processing
the existence of a right to lodge a complaint with a supervisory authority
if the personal data is not collected from you, all available information about the origin of the data
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject

Right to rectification Art. 16 GDPR

You have the right to obtain without undue delay the rectification of inaccurate personal data or the completion of incomplete personal data stored by us.

Right to erasure (right to be forgotten) of your data, Art. 17 GDPR

You can request the erasure of your data stored by us insofar as

the personal data are no longer necessary for the purposes for which they were collected or otherwise processed
you withdraw your consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Article 21(2) GDPR;
the personal data have been processed unlawfully;
the deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which you are subject;
the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR

We are obliged to erase the data if the requirements are met, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.

Right to restriction of processing, Art. 17 GDPR

You have the right to demand that we restrict processing insofar as

the accuracy of the personal data is contested by you, but only for the period enabling us to verify the accuracy of the data
the processing is unlawful and you do not wish your personal data to be erased immediately, but instead request the restriction of the use of the personal data
we no longer need the personal data for the purposes of the processing, but you need it for the establishment, exercise or defense of legal claims
you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override yours.

Insofar as processing is restricted, we may only process your personal data - apart from storing it - with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

You will be informed again before the restriction is lifted.

Right to data portability Art. 20 GDPR

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.

Right to object Art. 21 GDPR

In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data if it is processed on the basis of our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. However, this only applies if there are reasons arising from your particular situation or if the objection is directed against direct advertising.

Right of revocation Art. 7 para. 3 GDPR

You have the right, pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, to revoke your consent to us at any time. This revocation applies exclusively to future use.

Right to lodge a complaint with supervisory authorities

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of our registered office, if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation.

If you wish to exercise your rights as a data subject, you can also send an e-mail to the above e-mail address.

7 Data security

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize this by the fact that the address line of the browser changes from "http://" to "https://". You will also see a lock symbol in the browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

We have also taken precautions in the form of technical and organizational measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties.

8. up-to-dateness and amendment of this privacy policy

This privacy policy is currently valid and is dated November 1, 2023.

In order to ensure that our privacy policy always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy policy has to be adapted due to new or revised services, e.g. new services. The new privacy policy will then apply the next time you visit our website.

You can view and print out our privacy policy at any time on our website.

9 Complaints and warnings

If you feel that your rights have been violated or that you have been disadvantaged in any other way, please let us know yourself. You will then receive a personal, individual response. As part of your duty to minimize damages, we would like to point out that we will not cover the costs of a lawyer you have instructed out of court without first contacting us. It is expressly not our intention that you instruct a lawyer to issue a cease and desist letter and/or a cease and desist declaration subject to penalty.

Consequently, a presumed will cannot be taken into account.