Privacy Policy

 

The protection of your personal data is very important to us.

In the following we would like to inform you that we ask for your personal data and store it electronically. Your data will be stored and processed by us in accordance with the relevant provisions of national data protection laws and the general data protection regulation (DSGVO).

Responsible in the sense of the aforementioned regulations:

OKINLAB GmbH
Ursulinenstraße 35,
66111 Saarbrücken
Tel: +49 (0)681 410 976 42
[email protected]

Data protection representative:
Manuel Dennemärker
[email protected]

I. General

1. Terms

To ensure the readability and comprehensibility of our data protection declaration, we will inform you in advance about the basic terms used in the DSGVO.

Personal data: Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is defined as a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics can be identified, expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Data subject: any identified or identifiable natural person whose personal data are processed by the controller.

Processing: Processing is any operation or set of operations, carried out with or without the aid of automated means, concerning personal data such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

Profiling: profiling is any automated processing of personal data consisting in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movements of that natural person

Pseudonymization: Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.

Responsible person or controller: Responsible person or controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or by the law of the Member States, the controller or the specific criteria for his nomination may be provided for by Union law or by the law of the Member States.

Processor: Processor is a natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller.

Recipient: The recipient is a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the course of a specific investigative mission under Union or national law shall not be considered as recipients.

Third party: a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.

Consent: Consent means any freely given, informed and unequivocal expression of the data subject's will in a specific case, in the form of a declaration or other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.

Payment service provider: Payment service providers are used to process payments under contracts that a data subject enters into with the person responsible.

2. Type and scope of data acquisition

When accessing our website or retrieving a file stored on our website, data is acquired and processed. This is only done as far as it is necessary to provide a functioning website and its contents and services. In addition, personal data is regularly acquired and used only with the appropriate consent. An exception is made in cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by law.

a. Legal basis for the processing of personal data

Insofar as the processing of personal data is carried out for the purpose of fulfilling the contracts concluded with us, Art. 6 para. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
If we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a DSGVO serves as the legal basis.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
In the case that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.

b. Legal basis for the processing of personal data

Personal data collected by us will be deleted as soon as the purpose for which it was stored no longer applies.
A storage takes place if this is provided for by a law, an EU regulation or other regulations.
Furthermore, data will be deleted when a storage period prescribed by the aforementioned standards expires, unless it is necessary to continue storing the data for the purpose of concluding or fulfilling a contract.

II. Provision of the website

1. Logfiles

a. Description and scope of data processing

When you access our website
• Browser type/-version
• Used operating system
• Referrer URL (previously visited website), and pages viewed on our website
• IP address
• Date and time of the server request
• Internet Service Provider
are logged.

b. Legal basis of the data processing

The legal basis for the storage of data and log files is Art. 6 para. 1 lit. f DSGVO.

c. Purpose of data processing

The storage in log files ensures the proper functioning of our website. It also serves the optimization and security of our systems. An evaluation of the data for marketing purposes does not take place in this context.

d. Duration of storage

The data stored by us will be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case after seven days at the latest. Storage beyond this period is possible. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

e. Objection and possibility of removal

The collection of the aforementioned data is mandatory for the operation of the website. There is therefore no possibility of objection on the part of the user.

2. Cookies

a. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored on the visitor's computer system when he or she visits our website. Cookies contain a string of characters that allows the visitor's browser to be identified when he or she visits our website again. We use technically necessary cookies to make our website more user-friendly, effective and secure. For example, the following data is stored and transmitted in the cookies:
• Articles in the shopping cart
• Login-data
• Language settings
The data obtained from this are pseudonymized by us. It is therefore not possible to assign the data to the visitor. Furthermore, this data is not stored with other personal data. You can set your browser to inform you about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be limited. In addition, we use cookies that allow an analysis of the surfing behavior of our website visitors (so-called analysis cookies). The following data, for example, are stored and transmitted in the analysis cookies:
• Page impressions
• Use of the website functions
• Language settings
When accessing our website, the user is informed about the use of cookies and obtained his consent to the processing of the personal data used.

b. Legal basis of the data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO. The legal basis for the processing of personal data using cookies for analysis purposes is still Art. 6 para. 1 lit. a DSGVO, provided the user has given his consent to this.

c. Purpose of data processing

Technically necessary cookies serve to simplify the use of websites. Some functions of the website or online store cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change.
The user data collected through technically necessary cookies is not used to create user profiles. Analysis cookies are used to improve the quality of our websites and their content. Through the analysis cookies we learn how the website is used and can thus constantly optimize our offer.

d. Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and transmitted by the user. Therefore, users also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.

3. Newsletter and product-related e-mails

a. Description and scope of data processing

Users have the possibility to subscribe to our newsletter on our website. When registering for the newsletter, the data requested from the input mask is transmitted to us.
In addition, the following data is collected during registration:
• IP address of the computer of the person registering
• Date and time of registration
During the registration process, consent is obtained through a so-called single opt-in procedure.
If customers have purchased goods or services from us and have entered their e-mail address, it can also be used to send a newsletter. In such a case, the newsletter will only be used to send direct advertising for our own similar goods or services.
In connection with the data processing for the dispatch of newsletters, the data is passed on to third parties (e-mail service providers). The data will be used exclusively for sending the newsletter.

b. Legal basis of the data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a DSGVO, if the user has given his consent.
The legal basis for the dispatch of the newsletter as a result of the sale of goods or services is Art. 7 para. 3 UWG.

c. Purpose of data processing

The collection of the user's e-mail address is used to send the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

d. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. The user's e-mail address is therefore stored for as long as the subscription to the newsletter is active.

e. Objection and possibility of removal

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose there is a corresponding link in every newsletter.

4. Newsletter Tracking

a. Description and scope of data processing

The newsletters we send out contain so-called tracking pixels. Tracking pixels are miniature graphics embedded in e-mails sent in HTML format to enable log file recording and log file analysis. The personal data collected in this way will not be passed on to third parties again. During the registration process, your consent will be obtained for this purpose through a so-called single-opt-in procedure.

b. Legal basis of the data processing

The legal basis for the processing of data after registration for the newsletter is Art. 6 para. 1 lit. a DSGVO if the user has given his consent, otherwise Art. 6 para. 1 lit. f DSGVO.

c. Purpose of data processing

Newsletter tracking is used for statistical evaluation of the success or failure of online marketing campaigns. This enables us to track whether and when an e-mail is opened and which links in the e-mail are clicked. Newsletter tracking also serves to improve and optimize the newsletter so that increasingly relevant information can be provided to the person concerned.

d. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case after a period of one year at the latest.

e. Objection and possibility of removal

The consent of the affected user can be terminated at any time by unsubscribing from the newsletter. For this purpose, there is a corresponding link in every newsletter, for example.

5. Registration during the ordering process

a. Description and scope of data processing

Users have the opportunity to register on our website.
During registration, the data requested from the input mask is transmitted to us and stored.
The personal data may be transferred to third parties, for example parcel service providers or manufacturing companies, if this is necessary for the fulfilment of the contract. These third parties use the data thus transferred exclusively for internal purposes attributable to us.

b. Legal basis of the data processing

If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the legal basis for the processing of data is Art. 6 para. 1 lit. b DSGVO.
If the user has given his consent, the legal basis for the processing of data is also Art. 6 para. 1 lit. a DSGVO.

c. Purpose of data processing

The registration of the user is required for the fulfillment of contracts with users or for the implementation of pre-contractual measures. Furthermore, the registration of the user is required for the provision of certain contents and services on our website.

d. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose of their acquisition.
This is the case for the data acquired during the registration process if the registration on our website is cancelled or modified.
This is the case for data acquired during the registration process for the purpose of fulfilling a contract or carrying out pre-contractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.

e. Objection and possibility of removal

Users have the possibility to cancel the registration at any time. Users can change or have the stored data changed by themselves at any time.
You can find out how to delete the registration from the responsible person.
If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, an early deletion of the data is only possible if no contractual or legal obligations prevent a deletion.

6. Payment provider: PayPal

a. Description and scope of data processing

If a user selects the payment provider PayPal during the ordering process, the user's data is automatically transmitted to the payment provider. By choosing PayPal as a payment option, the user agrees to the transmission of personal data required for payment processing. The provider is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. Data required for payment processing will be transmitted. These are, for example, first name, last name, (address), email address, IP address (telephone number), (cell phone number), and order details. PayPal's privacy policy is available at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

b. Legal basis of the data processing

If the use of the payment provider serves the performance of a contract to which the user is a party, the legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.
The legal basis for the processing of the data, if the user has given his consent, is furthermore Art. 6 para. 1 lit. a DSGVO.

c. Purpose of data processing

The data is transmitted for payment processing, prevention of misuse, as well as for identity and credit checks.

d. Duration of storage

Information on the duration of storage can be obtained from the operator or at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

e. Objection and possibility of removal

The user has the possibility at any time to revoke the given consent at PayPal. A revocation of data, which are absolutely necessary for the payment processing, is not possible.

7. Contact form and e-mail

a. Description and scope of data processing

Visitors to our website are provided with a contact form for fast, electronic contact. The data entered in the input mask is transmitted to us and stored.
In addition, the IP address of the user as well as the date and time of transmission are stored at the time of dispatch.
Alternatively, it is possible to contact us via the provided e-mail address. In this case, the user's personal data transmitted with the e-mail will be stored.
The data will not be passed on to third parties. The data will be used exclusively for the processing of the inquiry.

b. Legal basis of the data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Par. 1 lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

c. Purpose of data processing

The processing of personal data serves only to process the contact. In the case of contacting us by e-mail, this is also the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

d. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their acquisition. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.
Any additional personal data acquired during the sending process will be deleted after a period of one year at the latest.

e. Objection and possibility of removal

The user has the possibility to revoke his consent to the processing of personal data at any time. To do so, the user can contact the person responsible via the contact options provided on the website. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.

8. Google Analytics

a. Description and scope of data processing

This website uses the web analytics service Google Analytics provider is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google Analytic uses analysis cookies. The information generated by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. We extend the Google Analytics code with the code "gat._anonymizeIp();". This code has the effect of shortening to the logged IP address of Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The IP address transmitted by your browser when using Google Analytics is not combined with other data from Google.

b. Legal basis of the data processing

The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f DSGVO.

c. Purpose of data processing

The processing of users' personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to improve our website and its usability. This is also our legitimate interest in the processing of data in accordance with Art. 6 Para. 1 lit. f DSGVO. By making the IP address anonymous, the interest of the users in their protection of personal data is sufficiently taken into account.

d. Duration of storage

Information on the duration of storage is available at https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de.

e. Objection and possibility of removal

Cookies are stored on the user's computer and transmitted by the user. Therefore, users also have full control over the use of cookies. By changing the settings in your internet browser you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done are automated. If cookies are deactivated for our website, it may not be possible to use all functions of the website to their full extent.
You can also prevent the acquisition of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de.
For an opt-out when using mobile devices, the following link Disable Google Analytics must be clicked from any mobile device.

9. Google Remarketing

a. Description and scope of data processing

This website uses the Google Remarketing service of Google Inc. provider is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. This service enables us to show our visitors user-related and interest-relevant advertising. For this purpose, cookies are used which enable us to recognize visitors to our website when they subsequently visit websites which are also members of the Google advertising network. Google receives personal data about the visitor, such as the visitor's IP address or surfing behavior. Google Inc. uses the data obtained in this way to display advertising.

b. Legal basis of the data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a DSGVO if the user has given his consent to this.

c. Purpose of data processing

The analysis cookies are used to optimize the advertising displayed to the user.

d. Duration of storage

Information on the duration of storage can be obtained from the provider or at https://www.google.de/intl/de/policies/privacy/.

e. Possibility of objection and removal

Cookies are stored on the user's computer and transmitted by the user. Therefore, users also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
Furthermore, the person concerned has the possibility to object to interest-based advertising by Google. To do this, the person concerned must call up the link www.google.de/settings/ads from each of the Internet browsers he or she uses and make the desired settings there.
Further information and Google's applicable privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ can be called up.

10. Google Adwords

a. Description and scope of data processing

We have integrated Google AdWords on our website. The provider is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
By the use of Google AdWords the advertisement of our website is made possible by the insertion of interest-relevant advertising on the websites of third party companies and in the search engine results of the search engine Google and the insertion of external advertising on our website. If a user clicks on a Google Ad-Words ad, a conversion cookie is stored on the user's computer. Conversion cookies are not used to identify the user. Conversion cookies are used to track which sub-pages on our website have been called up, whether sales have been generated or cancelled. The personal data is stored by Google in the USA. Google may pass this information on to third parties.

b. Legal basis of the data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a DSGVO if the user has given his consent to this.

c. Purpose of data processing

Google AdWords enables the display of Internet advertising in Google's search engine results and in the Google advertising network. For this purpose, we define keywords in advance, by means of which an advertisement is only displayed in the Google search engine results if the user calls up a keyword-relevant search result with the search engine. In the Google advertising network, the ads are distributed to topic-relevant websites by means of an automatic algorithm and in accordance with the keywords defined beforehand. The help us to optimize our ads.

d. Duration of storage

Information on the duration of storage can be obtained from the provider or at https://www.google.de/intl/de/policies/privacy/

e. Possibility of objection and removal

Cookies are stored on the user's computer and transmitted by the user. Therefore, users also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent. Furthermore, the person concerned has the possibility to object to interest-related advertising by Google. To do so, the person concerned must click on the link www.google.de/settings/ads and make the desired settings there.
For more information and Google's current privacy policy, please visit https://www.google.de/intl/de/policies/privacy/ can be called up.

11. AddThis

a. Description and scope of data processing

Components of the AddThis service are integrated on this website. Provider is the company AddThis, Inc. 1595 Spring Hill Road, Suite 300, Vienna, VA 22182, USA.
AddThis is a bookmarketing service, which enables bookmarking via buttons. For this purpose AddThis sets cookies on the end devices of the users.
When calling websites that have integrated AddThis, the following data is stored:
• Visit and call of specific websites
• IP address
• Browser type
• Browser language
• Date and time of the visit the website
Further information can be found at http://www.addthis.com/privacy/privacy-policy.

b. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a DSGVO if the user has given his consent to this.

c. Purpose of data processing

AddThis can use the data to create anonymous profiles that allow AddThis and its affiliated companies to display personalized advertising to users.

d. Duration of storage

Information on the duration of storage can be obtained from the provider or at http://www.addthis.com/privacy/privacy-policy.

e. Opposition and elimination possibilities

Cookies are stored on the user's computer and transmitted by the user. Therefore, users also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of the website to their full extent.
Furthermore, the data subject has the possibility to object to the processing of personal data by AddThis via opt-out cookie. The following link sets such an Opt-Out cookie http://www.addthis.com/privacy/opt-out.
It is pointed out that the website of the person responsible may then no longer be fully usable.
Further information and the applicable data protection regulations of AddThis can be found at http://www.addthis.com/privacy/privacy-policy.

12. Post Affiliate Pro

a. Description and scope of data processing

On this site are integrated components of service Post Affiliate Pro. Provider is Quality Unit, s.r.o. Vajnorská 100/A 83104 Bratislava Slovakia.
By using this service it is possible for us to determine commission payments for our partners.
In connection with the data processing for the determination of the commission, the data will be passed on to third parties (affiliate service provider). The data will be used exclusively for determining the commission. In doing so, the visits to our website are counted by referrer URLs used by partners. In case of a transcation the order ID is passed on.

b. Legal basis of the data processing

The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f DSGVO.

c. Purpose of data processing

The processing of users' personal data enables us to determine the commission payment for our partners.

d. Duration of storage

Information on the duration of storage can be obtained from the provider or at https://www.postaffiliatepro.com/privacy-policy-post-affiliate-pro/ & https://www.postaffiliatepro.com/privacy-cookies-policy/.

e. Possibility of objection and removal

Cookies are stored on the user's computer and transmitted by the user. Therefore, users also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.

13. Mouseflow

a. Description and scope of data processing

This website uses the web analysis service Mouseflow. The provider is Mouseflow ApS, Flaesketorvet 68 1711 Copenhagen Denmark.
Mouseflow is an analysis tool that captures mouse clicks and movements, scrolling movements and other metadata.

b. Legal basis of the data processing

The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f DSGVO.

c. Purpose of data processing

The processing of users' personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to improve our website and its usability. This is also our legitimate interest in the processing of data in accordance with Art. 6 Para. 1 lit. f DSGVO.

d. Duration of storage

Information on the duration of storage is available at: https://mouseflow.de/privacy/

e. Objection and possibility of removal

Cookies are stored on the user's computer and transmitted by the user. Therefore, users also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
Furthermore, the person concerned has the possibility to object to the analysis by mouseflow. For this purpose, the person concerned must click on the link https://mouseflow.de/opt-out/ and make the desired settings there.

14. Zendesk

a. Description and scope of data processing

This website integrates components of the Zendesk service. The provider is Zendesk, Inc. 1019 Market St., San Francisco, CA 94103.
By using this service we are able to offer our users a live chat.
In connection with the data processing for the provision of the live chat, the data will be passed on to third parties (communication service providers). The data is used exclusively for the provision of the live chat.

b. Legal basis of the data processing

The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f DSGVO.

c. Purpose of data processing

The processing of users' personal data enables us to provide a live chat.

d. Duration of storage

Information on the duration of storage can be obtained from the provider or at https://www.zendesk.de/company/customers-partners/privacy-policy/

e. Possibility of objection and removal

Cookies are stored on the user's computer and transmitted by the user. Therefore, users also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.

15. My Fonts

a. Description and scope of data processing

Components of the MyFonts Counter service are integrated on this website. The provider is MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA.
Due to licensing terms, page-view tracking is performed by counting the number of visits to our website for statistical purposes and transmitting this information to MyFonts. MyFonts collects anonymous data in the process.

b. Legal basis of the data processing

The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f DSGVO.

c. Purpose of data processing

The processing of users' personal data makes it possible to determine the number of visits to our website.

d. Duration of storage

Information on the duration of storage can be obtained from the provider or at: http://www.myfonts.com/info/terms-and-conditions

e. Possibility of objection and removal

Cookies are stored on the user's computer and transmitted by the user. Therefore, users also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
Further information on data protection and the cookies used can be found at: http://www.myfonts.com/info/terms-and-conditions/#Privacy

16. Trusted Shops

a. Description and scope of data processing

On this website components of the Trusted Shops service are integrated. Provider is the Trusted Shops GmbH Colonius Carré Subbelrather road 15c 50823 Cologne.
By using this service we are able to offer our users a buyer protection. In addition we make the evaluation of our products possible.
In connection with the data processing for the provision of buyer protection and the evaluation, the data is passed on to third parties (Trusted Shops). The data is processed exclusively for the provision of buyer protection and the evaluation of our products. Thereby e-mail address and order ID are passed on.

b. Legal basis of the data processing

The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f DSGVO.

c. Purpose of data processing

The processing of users' personal data enables us to provide buyer protection and to evaluate our products.

d. Duration of storage

Information on the duration of storage can be obtained from the provider or at https://www.trustedshops.de/impressum/

e. Possibility of objection and removal

The person concerned has the right to object at any time to the processing of personal data and to request the removal of personal data already collected.

17. Two-click solution for integrating social media plugins

The website does not integrate social media plugins directly into the web presence. A profile creation by third parties is therefore excluded.
In order to still share our offers via Pinterest, Instagram, Facebook, Twitter or Google+, we use the so-called two-click solution.
Only when you decide to share a post by clicking on the corresponding button and then click on it will data be transferred to the operator of the respective social media service.
We recommend that you read the data protection regulations of the respective social media service you want to use beforehand so that you are informed about the purpose and scope of the data acquisition and the further processing and use of the data as well as your rights and setting options for protecting your privacy.
You can find them here:
Facebook: https://www.facebook.com/about/privacy/
twitter: https://twitter.com/privacy
Google+: https://www.google.com/intl/de/policies/
Instagram: https://www.instagram.com/about/legal/privacy/
Pinterest: https://about.pinterest.com/privacy-policy

18. Two-click solution for integrating Youtube

On our website we have integrated components from YouTube. YouTube is an Internet video portal that allows video publishers to post video clips for free and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television broadcasts, but also music videos, trailers or videos created by users themselves can be accessed via the Internet portal.rnetportal abrufbar sind.
The provider is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The website does not embed YouTube videos directly into the web presence. A profile formation by third parties is therefore excluded.
In order to be able to watch our videos nevertheless, users must first click on the preview image. The video can only be watched after clicking away the hint or logging in. Only in this moment data is transferred.
For more information, please see https://www.youtube.com/yt/about/d and the YouTube Privacy Policy, which is available at https://www.google.de/intl/de/policies/privacy/. These provide information about the collection, processing and use of personal data by YouTube and Google.

19. etracker

The provider of this website uses services of etracker GmbH from Hamburg, Germany (www.etracker.com) to analyze usage data. If visitors give us their explicit consent, cookies are used to enable statistical analysis of the use of this website by their visitors and to display usage-related content or advertising. Cookies are small text files that are stored by the Internet browser on the user's end device. etracker cookies do not contain any information that would allow a user to be identified.

The data generated by etracker on behalf of the provider of this website is processed and stored by etracker exclusively in Germany and is therefore subject to the strict German and European data protection laws and standards. etracker has been independently tested, certified and awarded the data protection seal of approval ePrivacyseal.

The data processing is carried out on the legal basis of Art. 6 para. 1 lit a (consent) of the EU Data Protection Basic Regulation (EU-DSGVO) for the optimization of our online offer and our web presence. Since the privacy of our visitors is particularly important to us, the IP address is anonymized at etracker as soon as possible and log-in or device IDs are converted into a unique key at etracker that is not assigned to a person. etracker does not use the data in any other way, merge it with other data, or pass it on to third parties.

You can object to a granted consent at any time. Your objection has no adverse consequences for you.



Further information on data protection at etracker can be found here.
20. Criteo

Our website form.bar uses cookies/advertising IDs for advertising purposes. This allows us to show our advertising to visitors interested in our products on partner websites, apps and emails. Re-targeting technologies use cookies or advertising IDs and display ads based on your previous browsing behavior. To opt-out of these interest-based advertisements, please visit the following websites:

www.networkadvertising.org/choices/
www.youronlinechoices.com/

We may share information such as technical identifiers from your registration information on our [website/app] or our CRM system with trusted advertising partners. This allows us to link your devices and/or environments and provide you with a seamless user experience with the devices and environments you use. For more details about these linking capabilities, please refer to the Privacy Policy, which you will find in the above platforms or the explanations below.

For more information about Criteo's privacy policy, please visit www.criteo.com/de/privacy.

III. Rights of the data subjects

1. Right to information

Any person affected by the processing of personal data may request confirmation from the controller as to whether personal data of the person concerned are being processed.
In the event of such processing, you may request the following information from the data controller:
• Processing purposes
• Categories of personal data that are processed
• the recipients or categories of recipients to whom the personal data concerned have been or will be disclosed
• the planned duration of storage of the personal data concerning you or, if it is not possible to give specific details, criteria for determining the duration of storage
• the existence of a right to rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing • Existence of a right of appeal to a supervisory authority
• all available information on the origin of the data, if the personal data is not collected from the data subject
• the existence of automated decision-making, including profiling, in accordance with Art. 22, paras. 1 and 4 DSGVO and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing on the data subject
• The data subject shall also have the right to obtain information as to whether personal data relating to him/her are being transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO in connection with the transfer.
• Bei einer Datenverarbeitung zu wissenschaftlichen, historischen oder statistischen Forschungszwecken:
o This right of information may be limited to the extent that it is likely to make the realization of the research or statistical purposes impossible or seriously impairs it and the limitation is necessary for the fulfillment of the research or statistical purposes.

2. Right of rectification

Data subjects shall have the right to obtain from the data controller the rectification and/or integration of personal data processed concerning them, in the event that such data is incorrect or incomplete. The person responsible must make the correction without delay.
When processing data for scientific, historical or statistical research purposes:
Your right of rectification may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the limitation is necessary for the achievement of the research or statistical purposes.

3. Right to limit processing

Subject to the following conditions, data subjects may request that the processing of personal data concerning them be restricted:
• if the accuracy of the personal data in question is disputed for a period of time that allows the person responsible to verify the accuracy of the personal data
• the processing is unlawful and the data subject refuses the deletion of the personal data and instead requests the restriction of the use of the personal data
• the controller no longer needs the personal data for the purposes of the processing, but the data subject needs it in order to assert, exercise or defend legal claims, or
• if the data subject has lodged an objection to the processing pursuant to Art. 21 para. 1 DSGVO and it has not yet been established whether the legitimate reasons of the controller outweigh the reasons of the data subject
Where the processing of the personal data concerned has been restricted, such data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If the limitation of the processing has been limited in accordance with the above mentioned conditions, the data subject will be informed by the controller before the limitation is lifted.
When processing data for scientific, historical or statistical research purposes:
The data subject's right to limit processing may be restricted to the extent that it is likely to make it impossible or seriously hamper the achievement of the research or statistical purposes and that the restriction is necessary for the achievement of the research or statistical purposes.

4. Right to deletion

a. Duty to delete

The data subject may request the controller to delete personal data relating to him/her without delay and the controller shall be obliged to delete such data without delay if one of the following reasons applies
• the personal data concerned are no longer necessary for the purposes for which they were acquired or otherwise processed;
• the data subject has withdrawn his or her consent on which the processing was based pursuant to Art. 6 para. 1 letter a or Art. 9 para. 2 letter a DSGVO, and there is no other legal basis for the processing;
• The data subject lodges an objection to the processing pursuant to Art. 21 para. 1 DSGVO and there are no overriding legitimate reasons for the processing, or the data subject lodges an objection to the processing pursuant to Art. 21 para. 2 DSGVO;
• the personal data were processed unlawfully;
• deletion of the personal data concerned is necessary to comply with a legal obligation under Union or national law to which the controller is subject;
• the personal data in question has been acquired in relation to information society services offered, in accordance with art. 8 para. 1 of the DSGVO.

b. Information to third parties

If the data controller has made the personal data concerned public and is obliged to delete them pursuant to Art. 17 para. 1 DSGVO, he/she shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as the data subject, request that all links to these personal data or copies or replications of these personal data have demanded.

c. Exceptions

The right to deletion does not exist insofar as the processing is necessary
• to exercise the right to freedom of expression and information;
• to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 DSGVO;
• for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Art. 89 para. 1 DSGVO, insofar as the law referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
• to assert, exercise or defend legal claims.

5. Right of information

Where the data subject has asserted the right to rectification, erasure or limitation of processing vis-à-vis the controller, the controller shall be obliged to notify all recipients to whom the personal data concerned have been disclosed of such rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort. The data subject shall have the right vis-à-vis the controller to be informed of such recipients.

6. Right to data transferability

Data subjects have the right to obtain the personal data concerning them that have been provided to the data controller in a structured, common and machine-readable format. Moreover, data subjects have the right to have their personal data communicated to another data controller without interference from the data controller to whom the personal data has been communicated, provided that
• the processing is based on a consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and
• the processing is carried out using automated procedures.
In exercising this right, data subjects also have the right to obtain that personal data concerning them be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data transferability shall not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right of objection

Data subjects have the right to object at any time, for reasons arising from their particular situation, to the processing of personal data concerning them that is carried out pursuant to Art. 6 para. 1 lit. e or f of the DSGVO; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerned unless he can demonstrate compelling legitimate reasons for processing which outweigh the interests of the data subjects, their rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
Where the personal data concerned are processed for the purpose of direct marketing, data subjects shall have the right to object at any time to the processing of personal data relating to them for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.
If data subjects object to processing for the purposes of direct marketing, the personal data concerning them shall no longer be processed for those purposes.
Notwithstanding Directive 2002/58/EC, data subjects may exercise their right of objection in connection with the use of information society services by means of automated procedures involving technical specifications.
When processing data for scientific, historical or statistical research purposes:
Data subjects also have the right to object, for reasons arising from their particular situation, to the processing of personal data concerning them for the purposes of scientific or historical research or for statistical purposes, in accordance with Art. 89 para. 1 DSGVO.
The right of objection may be limited to the extent that it is likely to make the realization of the research or statistical purposes impossible or seriously impairs it and the limitation is necessary for the fulfillment of the research or statistical purposes.

8. Right of revocation of the data protection declaration of consent

Affected persons have the right to revoke their declaration of consent under data protection law at any time. Revocation of consent does not affect the lawfulness of the processing that has taken place on the basis of the consent until revocation.

9. Automated decision in individual cases including profiling

Data subjects shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects them in a similar way. This shall not apply if the decision
• is necessary for the conclusion or performance of a contract between the data subject and the controller
• is authorised by Union law or by the law of the Member States to which the controller is subject and that law contains adequate measures to safeguard the rights and freedoms of the data subjects and their legitimate interests, or
• with express consent. However, these decisions may not be based on special categories of personal data according to Art. 9 para. 1 DSGVO, unless Art. 9 para. 2 lit. a or g DSGVO applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.
In the cases referred to in points 1 and 3, the controller shall take appropriate measures to safeguard the rights, freedoms and legitimate interests of data subjects, including at least the right to obtain the intervention of a person from the controller, to present his point of view and to challenge the decision.

10. Right to appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, data subjects shall have the right to complain to a supervisory authority, in particular in the Member State in which they are resident, in their place of employment or in the place where the alleged offence is committed, if they consider that the processing of personal data relating to them is contrary to the DSGVO.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 DSGVO.