Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For detailed information on the topic of data protection, please refer to our privacy policy listed below this text.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the "Notice of Responsible Party" section in this privacy policy.

How do we collect your data?

Your data is collected partly by you providing it to us. This may include data you enter in a contact form, for example.

Other data is collected automatically or with your consent when you visit the website through our IT systems. These are primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other service requests.

What rights do you have regarding your data?

You have the right at any time to obtain information about the origin, recipients, and purpose of your stored personal data free of charge. You also have the right to request correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right to request restriction of processing of your personal data under certain circumstances. Additionally, you have the right to file a complaint with the responsible supervisory authority.

You can contact us at any time with any questions regarding data protection.

Analytics Tools and Third-Party Tools

When you visit this website, your browsing behavior may be statistically evaluated. This is done primarily using so-called analytics programs.

You can find detailed information about these analytics programs in the privacy policy below.

2. Hosting

We host the contents of our website with the following provider:

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the hosting provider(s). This may include, in particular, IP addresses, contact inquiries, meta and communication data, contract data, contact information, names, website access, and other data generated via a website.

External hosting is provided for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online services in a secure, fast, and efficient manner through a professional provider (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, processing is carried out solely on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of TDDDG. Consent may be withdrawn at any time.

Our hosting provider(s) will process your data only to the extent necessary to fulfill their service obligations and will follow our instructions regarding this data.

We use the following hosting provider(s):

Corpex Internet GmbH
Tempowerkring 1A
21079 Hamburg

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures this provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is information by which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this occurs.

We point out that data transmission over the internet (e.g., when communicating via email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Notice to the Responsible Party

The responsible party for data processing on this website is:

Buchpark GmbH
Michael Jacobi
Krügerweg 1
14959 Trebbin

Phone: +4933817976585
Email: info@buchpark.de

The responsible party is the natural or legal person who, alone or together with others, determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing ceases to apply. If you assert a justified deletion request or revoke your consent to data processing, your data will be deleted, provided we do not have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will occur after these reasons cease to apply.

General Information on the Legal Basis for Data Processing on This Website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data according to Art. 9(1) GDPR are processed. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g., via device fingerprinting), data processing is additionally based on § 25(1) TDDDG. Consent may be withdrawn at any time. If your data is necessary for contract performance or the execution of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data insofar as it is necessary to fulfill a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing may also be based on our legitimate interest under Art. 6(1)(f) GDPR. The applicable legal basis in each individual case will be informed in the following paragraphs of this privacy policy.

Data Protection Officer

We have appointed a data protection officer.

Buchpark GmbH
Michael Jacobi
Krügerweg 1
14959 Trebbin

Phone: +4933817976585
Email: datenschutz@buchpark.de

Recipients of Personal Data

In the course of our business operations, we work with various external parties. This sometimes requires the transmission of personal data to these external parties. We only pass on personal data to external parties if this is necessary within the framework of contract performance, if we are required to do so by law (e.g., disclosure to tax authorities), if we have a legitimate interest under Art. 6(1)(f) GDPR in the disclosure, or if another legal basis permits the disclosure of data. When using data processors, we only pass on personal data of our customers on the basis of a valid Data Processing Agreement. In case of joint processing, a joint processing agreement is concluded.

Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke any previously granted consent at any time. The lawfulness of data processing carried out prior to the withdrawal remains unaffected by the withdrawal.

Right to Object to Data Collection in Specific Cases and to Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE APPLICABLE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process on the basis of your consent or for contract performance automatically provided to you or to a third party in a common, machine-readable format. If you request direct transfer of data to another controller, this will only occur to the extent technically feasible.

Information, Correction, and Deletion

You have the right at any time, within the scope of applicable legal provisions, to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing, and possibly the right to correct or delete this data. For this and for other questions regarding personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request restriction of processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing exists in the following cases:

• If you dispute the accuracy of your personal data stored with us, we generally need time to verify it. During the verification period, you have the right to request restriction of processing of your personal data.
• If the processing of your personal data was/is unlawful, you can request restriction of data processing instead of deletion.
• If we no longer need your personal data but you need it to exercise, defend, or assert legal claims, you have the right to request restriction of processing of your personal data instead of deletion.
• If you have lodged an objection under Art. 21(1) GDPR, a balance must be struck between your and our interests. As long as it has not been determined whose interests prevail, you have the right to request restriction of processing of your personal data.

If you have restricted processing of your personal data, this data may—apart from being stored—only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for important reasons of public interest of the European Union or a Member State.

SSL or TLS Encryption

This page uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the page operator. An encrypted connection is indicated by the address bar of your browser changing from "http://" to "https://" and by a lock icon in your browser line.

When SSL or TLS encryption is enabled, data you transmit to us cannot be read by third parties.

Encrypted Payment Processing on This Website

If after concluding a paid contract there is an obligation to transmit your payment data (e.g., account number for direct debit authorization) to us, this data is required for payment processing.

Payment processing via common payment methods (Visa/MasterCard, direct debit) is carried out exclusively via an encrypted SSL or TLS connection. An encrypted connection is indicated by the address bar of your browser changing from "http://" to "https://" and by a lock icon in your browser line.

With encrypted communication, your payment data transmitted to us cannot be read by third parties.

Objection to Advertising Emails

The use of contact data published as part of the legal notice requirements for sending unsolicited advertising and informational materials is hereby objected to. The operators of this page expressly reserve the right to take legal action in the event of unsolicited transmission of advertising information, such as spam emails.

4. Data Collection on This Website

Cookies

Our websites use so-called "cookies." Cookies are small data packages that do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your end device until you delete them yourself or automatic deletion by your web browser occurs.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or video display). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies required for electronic communication processing, provision of certain desired functions (e.g., for the shopping cart function), or website optimization (e.g., cookies for measuring web audience) (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for technically error-free and optimized provision of its services. If consent for storing cookies and similar recognition technologies has been obtained, processing is carried out solely on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent may be withdrawn at any time.

You can configure your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude acceptance of cookies for specific cases or generally, and activate automatic deletion of cookies when closing your browser. Disabling cookies may limit the functionality of this website.

You can find information on which cookies and services are used on this website in this privacy policy.

Consent Management with Usercentrics

This website uses the consent technology of Usercentrics to obtain your consent for the storage of certain cookies on your end device or the use of certain technologies and to document this in compliance with data protection law. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").

When you enter our website, the following personal data is transmitted to Usercentrics:

• Your consent(s) or revocation of your consent(s)
• Your IP address
• Information about your browser
• Information about your end device
• Time of your visit to the website
• Geolocation

Furthermore, Usercentrics stores a cookie in your browser to assign the given consents or their revocation to you. The data collected in this way is stored until you request deletion from us, you delete the Usercentrics cookie yourself, or the purpose for data storage ceases. Mandatory legal retention requirements remain unaffected.

The Usercentrics banner on this website was configured with the help of eRecht24. You can recognize this by the eRecht24 logo appearing in the banner. To display the eRecht24 logo in the banner, a connection is established to the image server of eRecht24. Your IP address is also transmitted, but it is stored only in anonymized form in the server logs. The eRecht24 image server is located in Germany with a German provider. The banner itself is provided exclusively by Usercentrics.

The use of Usercentrics is to obtain the legally required consents for the use of certain technologies. The legal basis for this is Art. 6(1)(c) GDPR.

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures this provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files that your browser automatically transmits to us. These are:

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

A consolidation of this data with other data sources is not carried out.

This data is collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in technically error-free presentation and optimization of its website—for this, the server log files must be collected.

Contact Form

If you send us inquiries via a contact form, your information from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing your inquiry and in case of follow-up questions. We do not pass this data on without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or is necessary to execute pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR) if this was requested; consent may be withdrawn at any time.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage ceases to exist (e.g., after completion of processing your inquiry). Mandatory legal provisions—particularly retention periods—remain unaffected.

Inquiry by Email, Telephone, or Fax

If you contact us by email, telephone, or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of handling your request. We do not pass this data on without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or is necessary to execute pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR) if this was requested; consent may be withdrawn at any time.

The data you send to us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage ceases to exist (e.g., after completion of handling your request). Mandatory legal provisions—particularly legal retention periods—remain unaffected.

ProvenExpert

We have integrated rating seals from ProvenExpert on this website. The provider is Expert Systems AG, Quedlinburger Str. 1, 10589 Berlin, https://www.provenexpert.com.

The ProvenExpert seal allows us to display customer reviews of our company that have been submitted to ProvenExpert on our website in a seal. When you visit our website, a connection is established with ProvenExpert so that ProvenExpert can determine that you visited our website. Furthermore, ProvenExpert collects your language settings to display the seal in the selected language.

The use of ProvenExpert is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in displaying customer reviews in a comprehensible manner. If appropriate consent has been obtained, processing is carried out solely on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of TDDDG. Consent may be withdrawn at any time.

5. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or conduct independent analysis. It only serves to manage and deploy the tools integrated through it. However, Google Tag Manager collects your IP address, which may also be transmitted to Google's parent company in the United States.

The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and easy integration and management of various tools on its website. If appropriate consent has been obtained, processing is carried out solely on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of TDDDG. Consent may be withdrawn at any time.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards in data processing in the USA. Each company certified under the DPF commits to maintaining these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, time on site, operating systems used, and origin of the user. This data is combined in a user ID and assigned to the respective end device of the website visitor.

Furthermore, we can record your mouse and scrolling movements and clicks with Google Analytics. Google Analytics also uses various modeling approaches to supplement the collected data sets and applies machine learning technologies in data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). Information collected by Google about your use of this website is typically transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be withdrawn at any time.

Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards in data processing in the USA. Each company certified under the DPF commits to maintaining these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

IP Anonymization

Google Analytics IP anonymization is activated. This means your IP address is shortened by Google within Member States of the European Union or other contracting states of the European Economic Area Agreement before transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activities, and provide other services related to website use and internet use to the website operator. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about how Google handles user data in Google Analytics, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used to deliver personalized advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on visitor behavior on our site.

Data Processing Agreement

We have concluded a Data Processing Agreement with Google and fully implement the strict requirements of German data protection authorities when using Google Analytics.

Google Analytics E-Commerce Measurement

This website uses Google Analytics' "E-Commerce Measurement" function. With the help of E-Commerce Measurement, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. In this process, information such as orders placed, average order values, shipping costs, and the time from product view to purchase is collected. This data can be combined by Google under a transaction ID assigned to the respective user or their device.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in Google search results or on third-party websites when a user enters certain search terms on Google (keyword targeting). Additionally, targeted advertisements can be displayed based on user data available at Google (e.g., location data and interests) (audience targeting). As a website operator, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our advertisements and how many ads led to corresponding clicks.

The use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent may be withdrawn at any time.

Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards in data processing in the USA. Each company certified under the DPF commits to maintaining these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Shopware Analytics

Shopware Analytics Purpose of Processing: Together with our shop software service provider in joint responsibility, we evaluate certain information from our customer data (e.g., customer group, pages visited, click paths, date and time of visit, information about the end device used (resolution, pixel density, operating system), referrer URL, browser information used, locale, search queries, and timezone). This information is processed by an external service provider and made available to us in near real-time so we can monitor the use of our website and improve our offerings. 

Legal Basis: Art. 6(1)(f) GDPR Data Categories: Derivations from master and contact data (customer group, no individual customer data), usage data, connection data Data Recipients: shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany (as joint controller), IT service provider 

Essential aspects of joint responsibility: Joint responsibility exists between us and shopware AG; data is collected on our shop and then transmitted to Shopware's servers or those of their service providers; except for obtaining your consent for the use of cookies or similar technologies and fulfilling these information obligations, all obligations, particularly the implementation of affected persons' rights, lie with shopware AG, which you can reach at legal@shopware.com. You can also assert your rights as an affected person with us, and we will forward your request accordingly to shopware AG. Shopware AG can derive behaviors from the collected data on our store but cannot assign this data to you as an individual. Intended Third Country Transfer: None Do we store personal data on your end device based on your consent or read such data? Yes, see Consent Management for details.

6. Newsletter

Newsletter Data

If you wish to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you own the email address provided and agree to receive the newsletter. No further data is collected, or only on a voluntary basis. For the processing of newsletters, we use newsletter service providers, which are described below.

Brevo

This website uses Brevo for sending newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo is a service that can be used to organize and analyze newsletter distribution. The data you enter for the purpose of receiving the newsletter is stored on the servers of Sendinblue GmbH in Germany.

Data Analysis by Brevo

With the help of Brevo, it is possible for us to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links may have been clicked. In this way, we can determine which links were clicked most frequently.

Additionally, we can see whether certain predefined actions were performed after opening/clicking (conversion rate). For example, we can determine whether you made a purchase after clicking on the newsletter.

Brevo also allows us to segment newsletter recipients by various categories ("clustering"). Newsletter recipients can be segmented, for example, by age, gender, or location. In this way, newsletters can be better tailored to the respective target audiences.

If you do not want analysis by Brevo, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message.

Detailed information about the features of Brevo can be found at the following link: https://www.brevo.com/newsletter-software/.

Legal Basis

Data processing is based on your consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time. The lawfulness of data processing operations carried out prior to the withdrawal remains unaffected by the withdrawal.

Storage Duration

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter with us or the newsletter service provider and will be deleted from the newsletter distribution list after you unsubscribe. Data stored with us for other purposes remains unaffected.

After your removal from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. Data from the blacklist is used only for this purpose and is not merged with other data. This serves both your interests and our interests in complying with regulatory requirements when sending newsletters (legitimate interest under Art. 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

For more details, see the privacy policy of Brevo at: https://www.brevo.com/data-protection/ and https://www.brevo.com/legal/privacypolicy/.

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures this provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Newsletter Distribution to Existing Customers

If you order goods or services from us and provide your email address in the process, your email address may subsequently be used by us to send newsletters, provided we have previously informed you of this. In such cases, the newsletter will only send direct marketing for similar goods or services of our own. You can cancel this newsletter at any time. For this purpose, each newsletter contains a corresponding link. The legal basis for sending the newsletter in this case is Art. 6(1)(f) GDPR in combination with § 7(3) UWG.

After your removal from the newsletter distribution list, your email address may be stored by us in a blacklist to prevent future mailings. Data from the blacklist is used only for this purpose and is not merged with other data. This serves both your interests and our interests in complying with regulatory requirements when sending newsletters (legitimate interest under Art. 6(1)(f) GDPR). Storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

7. E-Commerce and Payment Providers

Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data to establish, design, and modify our contractual relationships. Personal data about your use of this website (usage data) is collected, processed, and used only to the extent necessary to enable you to use the service or to bill for it. The legal basis for this is Art. 6(1)(b) GDPR.

Customer data collected is deleted after completion of the contract or termination of the business relationship and expiration of any applicable statutory retention periods. Statutory retention periods remain unaffected.

Data Transmission Upon Conclusion of Contracts for Online Shops, Merchants, and Goods Shipment

When you order goods from us, we pass your personal data to the transport company responsible for delivery and to the payment service provider responsible for payment processing. Only such data is disclosed as the respective service provider needs to fulfill its task. The legal basis for this is Art. 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. If you have given corresponding consent under Art. 6(1)(a) GDPR, we will pass your email address to the transport company responsible for delivery so it can inform you by email about the shipping status of your order; you can revoke this consent at any time.

Data Transmission Upon Conclusion of Contracts for Services and Digital Content

We only transmit personal data to third parties if this is necessary within the framework of contract processing, for example to a financial institution responsible for payment processing.

Further transmission of data does not occur, or only if you have explicitly agreed to the transmission. Data is not passed on to third parties without explicit consent, for example for advertising purposes.

The legal basis for data processing is Art. 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Credit Checks

For a purchase on account or another payment method where we advance payment, we may conduct a credit check procedure (scoring). For this purpose, we transmit your entered data (e.g., name, address, age, or bank details) to a credit reporting agency. Based on this data, the probability of payment default is determined. If there is an excessive payment default risk, we may refuse the respective payment method.

The credit check is conducted on the basis of contract performance (Art. 6(1)(b) GDPR) and to prevent payment defaults (legitimate interest under Art. 6(1)(f) GDPR). If consent was obtained, the credit check is based on this consent (Art. 6(1)(a) GDPR); consent may be withdrawn at any time.

Payment Services

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g., name, payment amount, account information, credit card number) is processed by the payment service provider for the purpose of payment processing. The respective terms and conditions and privacy policies of the respective providers apply to these transactions. Payment service providers are used on the basis of Art. 6(1)(b) GDPR (contract processing) and in the interest of the smoothest, most convenient, and most secure payment process possible (Art. 6(1)(f) GDPR). Insofar as your consent is requested for certain actions, Art. 6(1)(a) GDPR is the legal basis for data processing; consents may be revoked at any time for the future.

The following payment services/payment service providers are used in connection with this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").

Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.paypal.com/webapps/mpp/ua/pocpsa-full.

Details can be found in PayPal's privacy policy: https://www.paypal.com/webapps/mpp/ua/privacy-full.

Apple Pay

The provider of the payment service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. You can find Apple's privacy policy at: https://www.apple.com/legal/privacy/.

Google Pay

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can find Google's privacy policy here: https://policies.google.com/privacy.

Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter "Stripe").

Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://stripe.com/privacy and https://stripe.com/guides/general-data-protection-regulation.

For details, please see Stripe's privacy policy at the following link: https://stripe.com/privacy.

Klarna

The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). Klarna offers various payment options (e.g., installment purchases). If you choose to pay with Klarna (Klarna Checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna Checkout solution. For details on the use of Klarna cookies, see the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/en_us/checkout.pdf.

For details, you can find Klarna's privacy policy at the following link: https://www.klarna.com/privacy/.

giropay

The provider of this payment service is paydirekt GmbH, Stephanstraße 14–16, 60313 Frankfurt am Main (hereinafter "giropay").

Details can be found in giropay's privacy policy: https://www.paydirekt.de/agb/index.html.

American Express

The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter "American Express").

American Express may transmit data to its parent company in the USA. Data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-cz/company/legal/privacy-centre/binding-corporate-rules/.

For more information, see American Express's privacy policy: https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter "Mastercard").

Mastercard may transmit data to its parent company in the USA. Data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter "VISA").

The United Kingdom is considered an adequate third country for data protection purposes. This means that the United Kingdom has a level of data protection equivalent to that in the European Union.

VISA may transmit data to its parent company in the USA. Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

For more information, see VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

8. Our Own Services

Handling of Applicant Data

We offer you the opportunity to apply with us (e.g., by email, mail, or via online application form). Below we inform you about the scope, purpose, and use of personal data collected from you during the application process. We assure you that the collection, processing, and use of your data are in compliance with applicable data protection law and all other legal requirements, and that your data is treated strictly confidentially.

Scope and Purpose of Data Collection

When you submit an application to us, we process the personal data associated with it (e.g., contact and communication data, application documents, notes taken during application interviews, etc.) insofar as this is necessary to decide on establishing an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation), and—if you have given consent—Art. 6(1)(a) GDPR. Consent may be revoked at any time. Your personal data is passed on within our company only to persons involved in processing your application.

If your application is successful, the data you submitted is stored in our data processing systems on the basis of § 26 BDSG and Art. 6(1)(b) GDPR for the purpose of conducting the employment relationship.

Data Retention Period

If we cannot make you a job offer, you decline a job offer, or you withdraw your application, we reserve the right to keep the data submitted by you on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of your application). After that, the data will be deleted and the physical application documents will be destroyed. Storage serves particularly for evidence purposes in the event of a legal dispute. If it is evident that the data will be required after the 6-month period expires (e.g., due to an impending or pending legal dispute), deletion will not take place until the purpose for continued retention ceases.

Longer retention may also occur if you have given appropriate consent (Art. 6(1)(a) GDPR) or if legal retention obligations prevent deletion.

Inclusion in Applicant Pool

If we cannot make you a job offer, you may have the opportunity to be included in our applicant pool. If you are included, all documents and information from your application will be transferred to the applicant pool so we can contact you in the event of matching vacancies.

Inclusion in the applicant pool occurs solely on the basis of your explicit consent (Art. 6(1)(a) GDPR). Giving consent is voluntary and is not related to the ongoing application process. You can revoke your consent at any time. In this case, your data will be irrevocably deleted from the applicant pool, unless legal retention reasons exist.

Data in the applicant pool will be irrevocably deleted at the latest two years after consent is given.