Privacy Notice
- Data controller; data protection officer
The data controller within the meaning of the EU-General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
NEXOC GmbH
Siemensstr. 9
85221 Dachau
Deutschland
Tel.: +49 8131 5695-650
Fax: +49 8131 5695-659
E-Mail:
The data protection officer of the data controller can be contacted by email to and by mail to:
CB ADDATA GmbH
Christian Bößl
Reitmeierfeld 23
94099 Ruhstorf a.d. Rott
Telefon: +49 8531 978 447 0
- General provisions on data processing
- Description and scope of the data processing
We only process our users' personal data to the extent necessary to provide a functional website and our content and services.
- Legal basis for the processing of personal data
Where we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 sent. 1 lit. a of the GDPR is the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sent. 1 lit. b GDPR is the legal basis. The same applies to processing activities required for the performance of pre-contractual measures.
Where processing of personal data is necessary to comply with a legal obligation of our company, Art. 6 para. 1 sent. 1 lit. c GDPR provides the legal basis.
If the processing is necessary for the purposes of the legitimate interests of our company or a third party and if such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 para. 1 sent. 1 lit. f GDPR provides the legal basis for the processing. If you have any questions regarding our consideration criteria, please also feel free to contact us or our data protection officer.
- Recipients
In principle, we only forward your personal data to other recipients if this is required to fulfil the described purposes, you gave your consent or if we are entitled or obliged to do so by law or by a court or administrative order. In general, this may concern in particular the following recipients:
- external service providers (e.g. IT, marketing, print, logistics, debt collection, file and data carrier disposal)
- public bodies (e.g. financial authorities, courts and public prosecutors)
- potential and actual acquirers of the company
- Transfer of personal data to third countries
In principle, your personal data is processed in Germany and in other European countries. However, if your personal data is processed in countries outside the European Union or European Economic Area (non-member countries) by way of exception, this will only be done if an adequate level of data protection is ensured by certain protective measures. In general, we take the following protective measures:
- adequacy decision of the EU Commission for recipients in Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, South Korea, Switzerland, Uruguay and the United Kingdom of Great Britain and Northern Ireland (further information is available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en)
- standard contractual clauses pursuant to Art. 46 II GDPR for other recipients (for further information, please refer to https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en)
- exceptions under Art. 49 GDPR for other recipients.
- Erasure of data and period of storage
The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. The time periods required for this will be reviewed by careful assessment within the framework of which the necessity of the data processing is thoroughly evaluated:
- If we process your personal data on the basis of your consent, this will end at the latest when you withdraw your consent.
- If we process your personal data on the basis of our legitimate interests, this will end at the latest when you object to such processing for legitimate reasons.
- Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions which apply to the data controller. Data will be blocked or erased if a storage period set forth by the aforementioned provisions expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract. The most important statutory retention obligations are set forth in Sec. 257 of the German Commercial Code (Handelsgesetzbuch, HGB) and Sec. 147 of the German Fiscal Code (Abgabenordnung, AO) and the retention periods amount to six or ten years, respectively. Pursuant to Secs. 195 et seqq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB), the statutory limitation periods can be up to thirty years; the regular limitation period is, however, three years.
This privacy notice may contain further information for individual cases.
- Voluntary or obligatory provision of data
In principle, you only have to provide us with the personal data that is required for the respective processing purpose. If you do not provide necessary data (e.g. data required for the conclusion of a contract or data required by law), it may not be possible to achieve the respective processing purpose. This may mean, for example, that it is not possible to conclude a contract or that certain services cannot be provided.
- Origin of your personal data
Essentially, we process personal data which we have obtained from you directly.
If, by way of exception, we process personal data which we have not directly received from you, this concerns any data which we legitimately obtain from publicly accessible sources (e.g. the Internet, press, trade register and register of associations) or which is legitimately provided to us by third parties.
- Job applications and application procedures
- Description and scope of the data processing
We collect and process the personal data of job applicants for the purpose of performing the application procedure. The data may also be processed electronically. This is in particular the case if applicants provide their application documents by electronic means, e.g. by email. In principle, we only process the data that is necessary for the application procedure, such as
- surname, first name
- email address
- phone number
- possible start date
- salary expectations
- details of career and qualifications
Please note that an unencrypted email is generally not a secure means of communication for applications. We recommend that applicants send their application as an encrypted email.
- Legal basis for the processing of personal data
The legal basis for the processing of applicant data is specified in Art. 6 para. 1 sent. 1 lit. b GDPR.
If a longer storage of the application documents beyond the specific application procedure is desired, for example in order to be able to consider the application for other positions with us, the consent according to Art. 6 I 1 lit. a GDPR (in conjunction with Sec. 26 II of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) is the legal basis for this.
- Purpose of the data processing
Personal data is processed exclusively for the purpose of carrying out the application procedure.
- Sources of personal data in case of applications
If we receive applications and the associated personal data via external personnel service providers, we process personal data from this source accordingly.
- Duration of storage, objection and removal options
If an employment contract is concluded between the data controller and an applicant, the data provided will be stored for the performance of the employment relationship in accordance with the statutory provisions. If no employment contract is concluded between the data controller and the applicant, the application documents will be automatically erased after six months from the notification that the application was not successful unless the data subject consented to a longer storage period or other legitimate interests of the data controller prevent such erasure. Another legitimate interest in this sense is, for example, the obligation to provide evidence in proceedings pursuant to the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG).
If an applicant decides to object to the processing of their personal data, this can make it more difficult to carry out the application process.
- Provision of the website and creation of log files
- Description and scope of the data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected in this context:
- type and version of the user's browser;
- the user’s operating system;
- IP address/Internet service provider of the user;
- date/time of the access;
- websites from which the user's system reaches our website;
- websites accessed by the user's system via our website.
The data will be stored in the log files of our system. This data is not stored together with other personal data of the user.
- Legal basis for the processing of personal data
The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 sent. 1 lit. f GDPR.
- Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable the provision of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 sent. 1 lit. f GDPR.
- Duration of storage, objection and removal options
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. If the data is collected for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. It is possible to store data beyond this. In this case, the IP addresses of the users are deleted or distorted so that it is no longer possible to identify the accessing client.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
- Online shop
To place an order in our online store, you must have registered with us as a customer and your account must have been activated.
- Description and scope of the data processing
1.1. Collection of data upon registration
If you have decided to register and create a personalised customer account, the data entered in the respective input mask will be transmitted to us and stored. Online registration is not possible without providing the fields marked as mandatory. We also store the user's IP address and the date and time of access. By submitting the digital application form, you initiate the creation of a personalised, password-protected customer account. When you submit such an application, the data submitted is first checked manually and then your customer account is activated.
1.2. Collection of data after registration
Once you have registered, your personal customer number will be assigned and stored. In addition, your purchases (date, article, article number, quantity, price, currency, type of transaction) are stored.
1.3. Data transmission and contract processing
We involve third-party service providers in order to process your order; they support us with the performance (in full or in part) of concluded contracts. Certain personal data is transmitted to such service providers.
- Legal basis for the data processing
The processing of this data is necessary for the initiation or fulfilment of the contract which is why the legal basis for this data processing is Art. 6 para. 1 sent. 1 lit. b GDPR.
- Purpose of the data processing
The customer account allows you to conveniently use your saved data for further orders without having to enter it again. You can also view the data of your completed, open or recently sent orders and correct/manage the data you entered during registration.
- Duration of storage, objection and removal options
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. This is the case for the data collected during the registration process if the registration on our website is cancelled. As a user, you have the option of deleting your shop account or changing the data stored about you at any time. This can be done via the customer area on our website, by email to or by sending a message (e.g. fax or letter) to the contact details given in I. of this declaration.
- Recipients in the context of processing the contract
Within the framework of the payment processing, we will forward your payment data to the instructed credit institution as required for the processing of the payment. If payment service providers are used, we provide explicit information about this below. Within the framework of the order processing, the personal data collected by us will be forwarded to our forwarding agency as required to effect delivery of the goods. In this context, the legal basis for the disclosure of data is Art. 6 para. 1 sent. 1 lit. b GDPR.
5.1. Payment transactions; PayPal
Payment transactions via the usual means of payment are made exclusively via an encrypted SSL or TLS connection.
We pass on your data to payment service providers on the basis of Art. 6 para. 1 sent. 1 lit. a GDPR, provided that you have given your express consent. Otherwise, we will pass on your data to fulfil the contract pursuant to Art. 6 para. 1 sent. 1 lit. b GDPR. The information will only be passed on if this is necessary for the payment.
You have the option of withdrawing your consent to the data processing or objecting to the data processing at any time. A withdrawal does not affect the effectiveness of data processing operations carried out in the past.
On our website we also offer payment via PayPal. The provider of this payment service is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"). If you select payment via PayPal, the payment data you enter will be transmitted to PayPal. For further data protection information, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
5.2. Shipping service provider
Our goods will be delivered to you by the shipping service provider selected or specified in the order process.
We will forward your email address to the shipping service provider in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent to this during the order process. Otherwise, we will only pass on the name of the recipient and the delivery address to the shipping service provider for the purpose of delivery in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. The information will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the shipping service provider or notification of delivery is not possible.
Consent can be revoked at any time with effect for the future vis-à-vis the data controller named above or vis-à-vis the shipping service provider. A revocation does not affect the effectiveness of data processing operations carried out in the past.
- Forms and email contact
- Description and scope of the data processing
When you contact us via a form on our website or by email, the data you provide (your email address and any other data you provide) will be transmitted to us and stored by us. The data will not be passed on to third parties in this context. The data will be used exclusively for processing the conversation.
If and insofar as this is necessary for the initiation, establishment, performance and/or termination of a legal transaction with our company, we will continue to process your personal data. If the data processing is necessary for the conclusion of a contract, it may be impossible to conclude, execute and/or terminate a legal transaction with our company if the data is not provided.
- Legal basis for the processing of personal data
The legal basis for the processing of the data transmitted in the course of contacting us is also Art. 6 para. 1 sent. 1 lit. f GDPR.
If you contact us in order to conclude a contract, Art. 6 para. 1 sent. 1 lit. b GDPR constitutes an additional legal basis.
- Purpose of the data processing
The processing of personal data from the input mask serves solely to process the contact. We cannot answer your enquiry if you do not provide us with your personal data. The other personal data processed during the form submission process is used to prevent misuse of the contact form.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 sent. 1 lit. f GDPR.
- Duration of storage, objection and removal options
We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the "Responsible provider" section.
- Use of cookies and similar technologies
- Description and scope of the data processing
Our website uses technologies with which information can be stored in your end device (e.g. computer, notebook, mobile phone) or access to information that is already stored in your end device is made possible. For example, when a user accesses a website, a cookie may be stored on the user's operating system. This cookie may contain a characteristic string of characters that enables the browser to be clearly identified when the website is called up again. In this way, the following data, for example, can be transmitted in pseudonymised form:
- Frequency of page views
- Utilisation of website functions
Some elements of our website require that the accessing user can be identified even after a page change. This website uses different types of cookies. When accessing our website, users are informed about the use of these technologies by an information banner.
In principle, the storage of information in your end device or access to information that is already stored in your end device only takes place on the basis of your consent (Sec. 25 para. 1 TTDSG). Without your consent, the storage of information in your end device or access to information that is already stored in your end device will only take place if this is absolutely necessary so that a telemedia service expressly requested by you can be provided (Sec. 25 para. 2 TTDSG).
- Legal basis for the processing of personal data
The legal basis for the processing of personal data using cookies is legitimate interests, Art. 6 para. 1 sent. 1 lit. f GDPR. Insofar as we use cookies for statistical or marketing purposes, this is done exclusively on the basis of your consent, Art. 6 para. 1 sent. 1 lit. a GDPR.
- Purpose of the data processing
Cookies and similar technologies are used (1) to provide this website and the functions that are fundamentally necessary for this website, (2) to analyse the use of our website (e.g. which pages were visited most frequently) in order to make the website more user-friendly, (3) to be able to display personalised advertising and (4) to be able to measure the success of our marketing activities. The settings in the privacy settings are decisive.
- Duration of storage, objection and removal options
The functional duration of cookies and similar technologies generally depends on your visit to our website, i.e. cookies are e.g. deleted when you leave our website (so-called "session cookies"). The functional duration of cookies and similar technologies may also depend on a specified expiry date. The functional life of cookies and similar technologies requiring consent ends in any case with the revocation of your consent. If you withdraw your consent, the legality of the storage of information on your end device or access to information that is already stored on your end device up until the withdrawal of your consent will not be affected. If you do not accept cookies and similar technologies that require your consent, you will not suffer any disadvantages therefrom. There is no obligation to grant consent to cookies and similar technologies requiring consent.
Further details regarding the cookies and similar technologies we use can be found via "Cookie Details" in the Privacy Settings.
You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Any cookies already set can be removed at any time. This can also be completed automatically by setting the maximum storage period in your browser settings. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
The following links will help you to make settings for rejecting or accepting cookies in the most commonly used browsers:
- Internet Explorer / Windows Edge: http://windows.microsoft.com/de-de/windows-vista/block-or-allow-cookies
- Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
- Safari: https://support.apple.com/de-de/guide/deployment/depf7d5714d4/web
- Opera: http://help.opera.com/Windows/10.20/de/cookies.html
- Other plugins and tools
- Web analysis tools, Google Analytics
1.1. Description and scope of the data processing
We use Google Analytics on our website, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google), to evaluate the use of our website and to compile reports on website activity. Using this web analysis, we can, for example, identify at what time our website is visited or which functions or content are used most frequently and in which areas our website needs to be optimised.
1.2. Legal basis for the processing of personal data
The legal basis for the processing of personal data of users is the consent according to Art. 6 para. 1 sent. 1 lit. a GDPR.
1.3. Purpose of the data processing
We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user.
1.4. Duration of storage, objection and removal options
The processed data will be deleted as soon as it is no longer required to fulfil the purpose. In case of Google Analytics this is the case after two months.
You can withdraw your consent at any time for the future. You can withdraw your consent in the Privacy Settings. If you revoke your consent, your data will no longer be used for the specified purposes and your personal data will be erased. The lawfulness of the processing carried out on the basis of your consent prior to such withdrawal will not be affected.
As already mentioned, you may prevent cookies from being stored by selecting the respective settings on your browser software; however, please note that in this case you may not be able to use all functions of this website to their full extent. In addition to that, you may prevent Google from collecting the data generated by the cookies and related to your use of the website (including your IP address) as well as from processing such data by downloading and installing the browser add-on available at http://tools.google.com/dlpage/gaoptout?hl=de.
In addition to that, you may prevent Google from collecting the data generated by the cookies and related to your use of the website (including your IP address) as well as from processing such data by refusing your consent to set cookies.
1.5. Cross-device analysis
This website also uses Google Analytics for a cross-device analysis of visitor flows. You can deactivate the cross-device analysis of your usage in your Google account under "My data", "Personal data".
1.6. Demographic details
This website uses the "demographics details" feature of Google Analytics. As a result, reports can be produced that contain information on the age, gender and interests of the site visitors. This data comes from interest-based advertising of Google and third-party visitor data. This data cannot be attributed to a specific person. You can disable this feature at any time through the ad settings in your Google account, or generally prohibit the collection of your data by Google Analytics as outlined in the section "Objection to Data Collection".
- Google Maps
We use Google Maps on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 sent. 1 lit. a GDPR.
By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under III. of this notice will be transmitted. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. This analysis takes place (even for users who are not logged in) in particular to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; you must contact Google to exercise this right.
Further information on the purpose and scope of the collection of data and its processing by the plug-in provider can be found in the provider's privacy policies. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy.
- Integration of YouTube videos
We have integrated YouTube videos into our online offering which are stored on http://www.YouTube.com and can be played from our website. If you have consented to your data being processed and stored by integrated YouTube elements, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR).
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under III. of this notice will be transmitted. This takes place regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to your Google Account, your data will be assigned directly to your account. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. This analysis takes place (even for users who are not logged in) in particular to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; you must contact YouTube to exercise this right.
Further information on the purpose and scope of the collection of data and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.
- Social media, fan pages
4.1. Description and scope of the data processing
We operate so-called "fan pages" on various platforms in order to be able to present ourselves via such company pages.
In some cases, we use the analysis options provided by the service providers to obtain statistical analyses ("Insights"). Different service providers may use different cookies and similar technologies for this purpose. We have no direct knowledge of the identity of the visitor. If you are registered with the respective service provider with a user account, the platform operators can link your data to the user account and process it for their own purposes.
As the operator of the following pages, we are joint controllers together with the respective service providers within the meaning of Art. 4 no. 7 GDPR.
- Facebook of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland (hereinafter: Facebook);
- Google LLc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, (hereinafter: Youtube);
This is subject to the following information:
- Facebook: Facebook's terms of use available under https://www.facebook.com/legal/terms. Facebook's data protection notice available under https://www.facebook.com/privacy/center/ and ttps://www.facebook.com/legal/terms/page_controller_addendum;
- YouTube: YouTube's terms of use available under https://www.youtube.com/t/terms . YouTube's data protection information available under https://policies.google.com/privacy;
In this context, the following data may, among others, be processed:
- IP addresses
- device- and browser-related data
- use-related information
- location data
Social media buttons from these social networks are sometimes used on our website. In order to increase the protection of your data when you visit our website, these buttons are not fully integrated into the page as plugins but only as an HTML link. This integration ensures that no connection is yet established with the servers of the service provider of the respective social network when a page of our website which contains such buttons is accessed.
If you click on one of the buttons, a new browser window with the website of the respective service provider opens where you can, for example, click on the Like or Share button (after entering your login data, if necessary).
4.2. Legal basis for the processing of personal data
The legal basis for the processing of data is the legitimate interest pursuant to Art. 6 I 1 lit. f) GDPR. It is in our legitimate interest to be able to present ourselves via our respective fan page and to use Insights to analyse how our fan page is used.
4.3. Purpose of the data processing
The purpose of the Facebook fan page is to present our company on Facebook and to analyse the use of our Facebook fan page in order to be able to design and optimise it in line with requirements based on the findings. In order to better promote our business objectives, the service providers may also provide us with demographic and geographic analyses that we can use to place interest-based advertisements. If you are registered with the respective platform, a cross-device analysis may also be performed.
The service providers use the information in part to distribute and improve their advertising system on the respective platform.
4.4. Objection and removal options
You can object to the processing of data at any time.
Facebook: As a user, you can influence the extent to which your user behaviour may be recorded under the settings for advertising preferences. Further options for objecting are offered by the settings (available at https://www.facebook.com/settings) or the form provided via Facebook for the right to object (available at https://www.facebook.com/help/contact/612141586937373).
YouTube: As a user, you can object to the processing by YouTube via the settings in your account (available at https://adssettings.google.com/authenticated). You can find more information on how to make adjustments to the data protection settings in the Help (available at https://support.google.com/youtube/topic/9257518?hl=de&ref_topic=9257107,3230811,3256124,&sjid=14435722167943552034-EU).
4.5. Additional information
Facebook is the primary point of contact for the exercise of data subject rights insofar as only Facebook, as the provider of the social network, has direct access to the necessary information and can take any necessary measures and provide any necessary information. Should our support nevertheless be required, we can be contacted at any time.
You can exercise your data subject rights regarding our YouTube channel against us and Google.
- Trusted Shops Trustbadge
Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. seal of approval, collected reviews) and to offer Trusted Shops products to buyers after an order. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in optimal marketing by enabling secure purchasing pursuant to Art. 6 para. 1 sent. 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops AG, Subbelrather Str. 15C, 50823 Köln (Cologne) ("Trusted Shops"), with whom we are joint data controller under data protection law in accordance with Art. 26 GDPR. In the context of this privacy notice, we inform you below about the essential content of the contract pursuant to Art. 26 para. 2 GDPR.
Within the framework of the joint responsibility existing between us and Trusted Shops, please preferably contact Trusted Shops in the event of data protection issues and to assert your rights using the contact options provided in the Data Protection Information. Irrespective of this, you can always contact the data controller of your choice. If necessary, your request will then be forwarded to the other data controller for answering.
- Google Tag Manager
We use "Google Tag Manager" on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Tag Manager enables us as marketers to manage website tags via a single interface. The Google Tag Manager tool is a domain that is used to implement tags (e.g. a JavaScript tag). Google Tag Manager triggers other tags which in turn may collect data. Google Tag Manager does not access data processed by loaded tags. Cookies that are implemented with the Google Tag Manager can be managed via the cookie banner. Any deactivations will remain in place for the respective tracking tags.
Information of the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland
Further information on data protection can be found on the following Google websites:
- Privacy Notice: https://policies.google.com/privacy?hl=de&gl=de
- FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html
- Use policy Google Tag Manager: https://www.google.com/intl/de/tagmanager/use-policy.html
- Google AdWords Conversion
We use Google AdWords to draw attention to our attractive offers with the help of advertising material (so-called Google AdWords) on external websites. In relation to the advertising campaign data, we can determine how successful the individual advertising measures are. This serves the purpose of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.
These advertising materials are delivered by Google via "ad servers". For this purpose, we use ad server cookies through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured. If you access our website via a Google ad, Google AdWords will store a cookie on your PC. These cookies generally lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.
These cookies enable Google to recognise your Internet browser on your next visit. If the user visits certain pages of the website of an AdWord customer and the cookie stored on the user's computer has not yet expired, Google and the customer can tell that the user clicked on the ad and proceeded to that page. A different cookie is assigned to each AdWords customer. Cookies can thus not be tracked using the website of an AdWords customer. We do not collect and process any personal data in the aforementioned advertising measures ourselves. We only receive statistical analyses from Google. Based on these analyses, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can relate the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the service provider will find out and store your IP address.
The legal basis for the processing of personal data of users is the consent according to Art. 6 para. 1 sent. 1 lit. a GDPR.
Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.
You can prevent participation in this tracking procedure in various ways: a) by setting your browser software accordingly, in particular suppressing third-party cookies will prevent you from receiving ads from third-party providers; b) by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices. com", https://www.google.de/settings/ads, this setting will, however, be deleted when you delete your cookies; c) by deactivating the interest-based ads of the service providers that are part of the "About Ads" self-regulation campaign via the link http://www.aboutads.info/choices; this setting will, however, be deleted when you delete your cookies; d) by permanently deactivating them in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all the functions of the offering to their full extent.
- Consent Management Platform
- Description and scope of the data processing
We use the "consent management platform" (CMP) of consentmanager GmbH, Eppendorfer Weg 183, 20253 Hamburg (hereinafter: ConsentManager) on our website to manage and document your consents and data protection settings for data processing as well as for cookies and similar technologies so that we can fulfil our obligations under data protection and privacy law. In this context, the following data can be processed:
- IP addresses
- Consent-related information and data protection settings
- Legal basis for the processing of personal data
Data processing is necessary for the fulfilment of our legal obligations. This is our legitimate interest pursuant to Art. 6 para. 1 sent. 1 lit. f GDPR.
- Purpose of the data processing
The purpose of the use is the management and documentation of consents and data protection settings for data processing as well as cookies and similar technologies so that we can fulfil our obligations under data protection and privacy law.
- Duration of storage, objection and removal options
The processed data will be deleted as soon as it is no longer required to fulfil the purpose.
- Data subject rights
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller:
- right to information (Art. 15 GDPR)
- right to rectification (Art. 16 GDPR)
- right to erasure (Art. 17 GDPR)
- right to restrict the processing (Art. 18 GDPR)
- right to notification (Art. 19 GDPR)
- right to data portability (Art. 20 GDPR)
- right to object (Art. 21 GDPR)
- right to withdraw the declaration of consent under data protection law (Art. 7 para. 3 GDPR)
- right to lodge a complaint with a supervisory authority (Art. 77 GDPR)