Data protection declaration
We manage our websites in accordance with the principles regulated below:
We undertake to comply with the legal provisions on data protection and endeavour to take the principles of data avoidance and data minimisation into account at all times.
1. Name and address of the person responsible, as well as that of the data protection officer
a) The responsible person
The responsible body within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union, as well as within the meaning of other data protection regulations is:
b) The Data Protection Officer
The data protection officer of the responsible body at SiDIT GmbH is:
2. Explanations of terms
We have designed our data protection declaration in accordance with the principles of clarity and transparency. However, if there be any ambiguities regarding the use of different terms, the corresponding definitions can be found here.
3. Legal basis for the processing of personal data
a) Processing of personal data according to the GDPR
We only process your personal data, such as your surname and first name, your e-mail address and IP address, etc., if there is a legal basis for doing so. According to the General Data Protection Regulation, the following regulations in particular come into consideration:
- 6 para. 1 sentence 1 lit. a DSGVO: The data subject has given his/her consent to the processing of personal data concerning him/her for one or more specific purposes.
- 6 para. 1 p. 1 lit. b DSGVO: Processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject.
- 6 para. 1 sentence 1 lit. c DSGVO: Processing is necessary for compliance with a legal obligation to which the controller is subject.
- 6 para. 1 p. 1 lit. d DSGVO: Processing is necessary to protect the vital interests of the data subject or another natural person
- 6 (1) p. 1 lit. e DSGVO: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- Article 6(1)(1)(f) of the GDPR: processing is necessary for the purposes of the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child
However, at the relevant points in this data protection declaration, we will always point out once again the legal basis on which your personal data is processed.
b) Consent of the legal guardian according to Art. 8 Para. 1 Sentence 2 Alt.2 DSGVO
A parent or guardian must consent to all data processing on this website for which the consent of a minor who has not yet reached the age of 16 is required. Information on the individual data processing operations, their purposes and the categories of data concerned, for which the consent of the person concerned is required, can be found in the data protection declaration.
You can revoke your consent at any time by sending the revocation in text form to the contact details of the controller. The processing remains lawful until the revocation.
c) Processing of information pursuant to Section 25 (1) TTDSG
We also process information pursuant to Section 25 (1) of the TTDSG by storing information on your terminal equipment or accessing information that is already stored on your terminal equipment. This can be both personal information and non-personal data, e.g. cookies, browser fingerprints, advertising IDs, MAC addresses and IMEI numbers. Terminal equipment is any equipment connected directly or indirectly to the interface of a public telecommunications network for the transmission, processing or reception of messages, § 2 para. 2 no. 6 TTDSG.
As a rule, we process this information on the basis of your consent, § 25 para.1 TTDSG.
As far as an exception according to § 25 para.2 No.1 and No.2 TTDSG is given, we do not need consent. Such an exception is given if we only access or store the information in order to transmit a message via a public telecommunications network or if this is absolutely necessary so that we can provide a telemedia service that you have expressly requested. You can revoke your consent at any time.
We inform you that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
4. Passing on of personal data
The transfer of personal data is also processing within the meaning of the previous point 3. However, we would like to inform you again here separately about the subject of transfer to third parties. The protection of your personal data is very important to us. For this reason, we are particularly careful when it comes to passing on your data to third parties.
Therefore, data is only passed on to third parties if there is a legal basis for the processing. For example, we disclose personal data to persons or companies that act as processors for us in accordance with Art. 28 DSGVO. A processor is anyone who processes personal data on our behalf - i.e. in particular in an instruction and control relationship with us.
In accordance with the requirements of the GDPR, we conclude a contract with each of our order processors to oblige them to comply with data protection regulations and thus provide your data with comprehensive protection.
5. Storage period and deletion
We only store all personal data that you transmit to us for as long as required so as to fulfil the purposes for which this data was transmitted or for as long as this is required by law. The data will be deleted or blocked by us upon fulfilment of the purpose and/or expiry of the statutory storage periods.
6. SSL encryption
This website uses SSL encryption for security reasons and so as to protect the transmission of confidential content, such as requests you send to us as a website operator. You can recognise an encrypted connection by looking at the address line of the browser and noticing the change from "http://" to "https://" and by the lock symbol in your browser line.
When SSL encryption is activated, the data you transmit to us cannot be read by third parties.
a) When you visit the website
b) Technically necessary cookies
In order to make the use of our offer more pleasant for you, we use technically necessary cookies, which may be so-called session cookies (e.g. language and font selection, shopping cart, etc.), content cookies, cookies to ensure server stability and security, or similar. The legal basis for the cookies results from Art. 6 para. 1 p. 1 lit. f) DSGVO, our legitimate interest in the error-free operation of the website and the interest in making our services available to you in an optimised manner.
We will inform you of the legal basis on which this data is processed for the respective services within the data protection declaration.
8. Cookie banner
To obtain consent for the cookies we use, we use the cookie banner specially developed by SPRINTIS Schenk GmbH & Co. KG's own cookie banner. This itself sets a so-called consent cookie in order to query and process the respective consent status. This consent cookie is technically necessary and is therefore used on the basis of our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, § 25 (1) TTDSG.9. Collection and storage of personal data as well as their type and purpose of use
9. Collection and storage of personal data as well as their type and purpose of use
a) External hosting
Our website is hosted by Profihost GmbH, Expo Plaza 1, 30539 Hannover, Germany. For this reason, all personal data collected on our website is stored on the servers of our hoster, unless an external service of a third party is integrated. This may be the IP address, your e-mail address, communication data or similar. You can find out what specific personal data is involved in the individual functions and services explained by us below. If we use an external service of a third party, this will be made clear in the description of the respective service or tool.
The hoster only processes your data on our instructions and insofar as this is necessary to fulfil the services on the website. The hoster does not process the data for its own purposes. We have concluded an order processing contract with the hoster.
For more information on data protection, see: https://www.profihost.com/datenschutz/
b) Shop system
To offer our goods, we use the shop system of OXID ESALES AG, Bertoldstraße 48, 79098 Freiburg, Germany. The data you provide will therefore also be processed by our shop provider as part of the operation of the shop system. In addition, further cookies may be set by the shop system. For this reason, we have concluded a contract for commissioned data processing/the standard contractual clauses with them.
For more information on data protection, see: https://www.oxid-esales.com/datenschutz/
c) When visiting the website
When you access our website, the browser used on your end device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the file accessed
- Website from which the access was made (referrer URL)
- The browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The above data will be processed by us for the following purposes:
- Ensuring a smooth connection of the website
- Evaluation of system security and stability
- Error analysis
Data that allow a conclusion to your person, such as the IP address, are deleted after 7 days at the latest. If we store the data beyond this period, this data is pseudonymised so that it can no longer be assigned to you.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
On our website, we use a so-called Content Delivery Network ("CDN") as well as the web firewall to defend against DDoS attacks from the technology service provider Cloudflare Inc, 101 Townsend St. San Francisco, CA94107, USA ("Cloudflare").
Cloudflare may process IP addresses, traffic routing and system configuration information and other information about traffic destined for or originating from websites.
For the CDN, the information transfer between the browser and our server is technically routed through Cloudflare's network so that we can optimise the loading speeds of our website. The web firewall is designed to prevent fraudulent transactions, unauthorised access to the services and other illegal activities.
The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in a secure and efficient provision, as well as improvement of the stability and functionality of our website.
We have concluded the standard contractual clauses (Data Processing Addendum) with Cloudflare.
e) Contractual relationship
(1) Conclusion of contract
Within the scope of the establishment of the contractual relationship, only the personal data that is absolutely necessary for the performance of the contract is processed in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO.
If you also provide voluntary information, this will only be processed on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit a DSGVO. We use this voluntary information to offer a customer-friendly service and to constantly improve it.
(2) Customer account
You have the option of creating a customer account with us. For this purpose, in addition to your personal data for contract processing, your other voluntary information and the purchases you have made with us in the past will be stored and processed. You can access these at any time and thus obtain an overview of the purchases you have made with us. This data is used so that you can easily log in with your login data the next time you make a purchase. It should
also help you to control your purchasing activities. The legal basis is based on your consent according to Art. 6 Para. 1 S. 1 lit. a DSGVO.
You have the possibility to change or delete your data in the customer account at any time and to delete the account as a whole. If you make use of this function, your customer account with all the data contained therein will be deleted immediately.
(3) Disclosure of data for shipping
We pass on the data that is necessary for shipping our goods (first name and surname, address, e-mail address, telephone number, to the extent this is necessary for freight goods) to the appropriate dispatch service provider for notification/coordination of the shipment and delivery of the goods.
The legal basis for the transfer is provided in Section 6 Par. p. 1 lit. b GDPR.
Within this context, we will pass on your data to one of the following shipping service providers . They will then provide you with further information on the processing of your data:
DHL Paket GmbH, Sträßchensweg 10, PLZ/Ort: 53113 Bonn, Telefon: +49/ (0) 228/ 18 20, E-Mail: impressum.paket[at]dhl.com;
DHL Freight GmbH, Godesberger Allee 102-104, 53175 Bonn, Deutschland, Telefon: +49/ (0) 228/377880, [email protected];
DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Deutschland, [email protected], Tel. 06021 843-0,
UPS Europa SA, Ave Ariane 5, Brüssel, B-1200, Belgien,
VS Verwaltungs- und Beteiligungsges. mbH, Alfred-Nobel-Str. 11, 97080 Würzburg, Deutschland, Tel. +49 (0)931 / 900 74-0,
DACHSER SE, Thomas-Dachser-Straße 2, 87439 Kempten, Deutschland, Tel.: +49 831 5916 0, [email protected],
Schäflein AG, Am Etzberg 7, 97520 Röthlein, Tel.: +49 (0) 9723 9069-0, Germany, info@schäflein.de
(4) Disclosure of data when using online payment service providers
If you decide to pay with one of the online payment service providers offered by us during the ordering process, your contact data will be transmitted to them as part of the order triggered in this way. The legitimacy of the transfer of the data results from Art. 6 para. 1 p. 1 lit. b DSGVO, for the implementation of the payment method selected by you as well as our legitimate interests according to Art. 6 para. 1 p. 1 lit. f DSGVO to enable a user-friendly and uncomplicated payment processing.
The personal data transmitted to the online payment service provider is mostly first name, last name, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data related to the order, such as number of items, item number, invoice amount and taxes in percent, invoice information, etc.
This transmission is necessary to process your order with the payment method you have selected, in particular to confirm your identity, to administer your payment and the customer relationship.
However, please note: Personal data may also be disclosed by the online payment service provider to service providers, subcontractors or other affiliated companies to the extent that this is necessary to fulfil the contractual obligations arising from your order or to process the personal data on your behalf.
Depending on the selected payment method, e.g. invoice or direct debit, the personal data transmitted to the provider will be transferred by the provider to credit agencies. This transmission serves to check your identity and creditworthiness in relation to the order you have placed. You can find out which credit agencies are involved and which data is generally collected, processed, stored and passed on by the respective provider in the respective data protection declarations of the providers:
PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Klarna AB, business address Sveavägen 46, 111 34 Stockholm, Sweden Further information on data protection is also available from Klarna directly: Datenschutzerklärung der Klarna AB
You can obtain information about the personal data stored by Klarna at any time by contacting [email protected]
Unzer Luxembourg S.A: société anonyme, 1, Place du Marché, L-6755 Grevenmacher, Tel.: +352-2763 9919, [email protected]
(5) Credit card payment
If you decide to pay by credit card, we collect and process your personal data and forward it to the card-issuing institution for payment processing and to fulfil the legal requirements, such as customer authentication in accordance with the EU Payment Services Directive PSD2. This involves the following data:
(personal data collected in the context of a payment procedure such as purchase on account, purchase by instalment or direct debit, in which goods or services are paid for - e.g. title, first name, billing address, delivery address, account data, e-mail address, telephone number, date of birth, IP address. Salutation, first name, last name, invoice address, delivery address, account data, e-mail address, telephone number, date of birth, IP address together with the data required for the execution of the transaction (item, invoice amount, interest, number of instalments, due dates, total amount, invoice number, tax amount, currency, order date and time) and creditworthiness data obtained from credit agencies and other cooperation partners in a manner permitted by data protection law).
This data is forwarded for payment processing pursuant to Art. 6 (1) sentence 1 lit. b) DSGVO and to fulfil our legal obligation to carry out strong customer authentication pursuant to Art. 6 (1) sentence 1 lit. c) DSGVO in conjunction with Directive EU 2015/2366 (PSD 2) and the Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz - ZAG) for anti-money laundering and criminal prosecution.
The technical processing of credit card payments is carried out by the payment service provider Unzer E-Com GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany. This company has been commissioned for the technical control of payment transactions including the implementation of the 3D Secure 2.0 procedure in accordance with Art. 28 DSGVO. Further recipients of the data are the banks involved (on the one hand, the card-issuing bank - the issuer - and on the other hand, the credit card-accepting bank of the merchant - the acquirer.
You can find the data protection regulations of Unzer E-Com GmbH under https://www.unzer.com/de/datenschutz/
Newsletter content and registration data
The sending of our newsletter and the performance of statistical surveys and analyses as well as logging of the registration process will only take place if you order it from us and have given your corresponding consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO, § 25 Para.1 TTDSG.
The contents of the newsletter are specifically described when you register for the newsletter. To register for the newsletter, it is sufficient to provide your e-mail address. If you provide further voluntary information, such as your name and/or gender, this will only be used to personalise the newsletter addressed to you.
Double opt-in and logging
For security reasons, we use the so-called double opt-in procedure to register for our newsletter so that no one can register with other people's email addresses. Therefore, after registering for our newsletter, you will first receive an e-mail asking you to confirm your registration. Your registration will only become effective once it has been confirmed.
Furthermore, your registration for the newsletter is logged. The logging includes the storage of the registration and confirmation time, your specified data and your IP address. If you make changes to your data, these changes will also be logged.
If you no longer wish to receive our newsletter, you can revoke your consent at any time for the future. To do so, you can click on the unsubscribe link at the end of each newsletter or send us an email to the following email address: [email protected]
The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
Use of CleverReach
We use the email tool CleverReach (CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany) to send our newsletter.
For this purpose, the data you provide will be passed on to CleverReach and processed by them. This tool enables us to evaluate how the newsletters are opened and used.
We have concluded an order processing contract with CleverReach. CleverReach does not obtain the right to disclose your data.
g) Contact form
We provide a form on our website so that you have the opportunity to contact us at any time. In order to use the contact form, it is necessary to enter a name for a personal salutation and a valid e-mail address for contacting us so that we know who the enquiry is from and can also process it.
If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provide there, as well as your IP address, will be processed in accordance with Art. 6 Para. 1 Sentence 1 lit. b and f DSGVO for the implementation of pre-contractual measures, which take place in response to your enquiry, or for the exercise of our legitimate interest, namely to carry out our business activities.
The enquiries as well as the accompanying data will be deleted 3 months after receipt at the latest, unless they are required for a further contractual relationship.
h) Application form
We provide you with a form on our website with which you can apply to us. Your personal data from the application will be processed in accordance with our data protection instructions for applicants.
The use of this form is based on our legitimate interest in a simple and secure transmission of your application documents, Art. 6 para. 1 p. 1 lit. f) DSGVO.
We use a chat from Tawk.to on our website. This is a live chat software provided by tawk.to Inc (187 East Warm Springs Rd, SB298, Las Vegas, NV, 89119).
The following data will be collected and processed from you during the live chat.
- Chat history
- Specified name
- IP address
- Country of origin
- Pages visited
- Duration of the visit to the pages
- Other personal information, depending on the information provided (e.g. email address, telephone number).
The chat is used for real-time communication.
The processing is based on Art. 6 para. 1 lit. f DSGVO in accordance with our legitimate interest in direct and customer-friendly communication.
You can find more information about tawk.to here: https://www.tawk.to/data-protection/gdpr-2/ We have concluded the standard contractual clauses with tawk.to.
j) Use of Google Maps:
Our website uses the Google Maps API. Through the use of Google Maps, information about your use of this website (including your IP address) may be transmitted to and stored by Google on servers in the United States (including your IP address) to a Google server (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) in the USA and stored there.
Google may transfer the information obtained through Maps to third parties where required to do so by law, or where such third parties process the information on Google's behalf. However, your IP address will under no circumstances be associated with other Google data. Nevertheless, we must point out that it would be technically quite possible for Google to identify individual users on the basis of the data received.
Through the integration of Google Maps, the Google Fonts are also dynamically reloaded by Google, without this being actively determined by the website operator or visitor. The integration of these web fonts takes place via a server call, usually a Google server in the USA. The following may be transmitted to the server and stored by Google:
- Name and version of the browser used
- Website from which the request was triggered (referrer URL)
- Operating system of your computer
- Screen resolution of your computer
- IP address of requesting computer
- Language settings of the browser or operating system the user is using.
The use of Google Maps is a service for you, so that you can see our exact location and, if necessary, better plan your visit to us. The use of Google Maps is based on your consent pursuant to Art. 6 Para. 1 S. 1 lit. a DSGVO.
k) Google Tag Manager
We use the Google Tag Manager from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. The Google Tag Manager is an administration and management tool in which other tracking and other tracking and/or statistical tools can be centrally managed and played out.
When you visit our website and give your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) DSGVO, the Google Tag Manager collects and processes your IP address, which may also be transmitted to the USA. However, the Google Tag Manager itself does not create a user profile or analyses.
10. Analysis and tracking tools
We use the following analysis and tracking tools on our website. These are used to ensure the ongoing optimisation of our website and to design it in line with requirements.
We use these tools on the basis of your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. You can revoke your consent at any time by changing the cookie settings. The processing remains lawful until the revocation.
The respective data processing purposes and data categories can be found in the corresponding tools. We would like to point out that we have no influence on whether and to what extent the service providers carry out further data processing.
a) Google Analytics
We use Google Analytics on our website, a web analytics service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google").
- Name and version of the browser used
- Operating system of your computer
- Website from which the access is made (referrer URL)
- IP address of the requesting computer
- Time of the server request
are usually transferred to a Google server in the USA and stored there.
Your IP address is automatically anonymised by Google before it is recorded via EU domains and servers. There is therefore no logging or storage of your IP address.
Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
We have concluded an order processing contract with Google. Please click here for an overview of data protection at Google. [https://support.google.com/analytics/answer/6004245]
b) Google Remarketing
We use the remarketing function of Google Analytics to target advertising campaigns - including Google AdWords campaigns - to visitors to our website.
Based on your previous visits to our website, you will be presented with relevant advertisements when you visit other websites in the Google Display Network.
The DoubleClick cookie enables Google to display targeted advertisements to ourselves and other third parties that match interests identified based on your previous visits to our website and/or other websites. These advertisements may be displayed on websites operated by Google and/or other operators of the Google advertising network. We also use the Google Analytics advertising features to analyse the effectiveness of our own advertising campaigns.
If you have agreed in your Google account that your web and app browsing history is linked by Google to your Google account and information from your Google account is used to personalise ads, Google will use data from you together with Google Analytics data to create target group lists for cross-device remarketing. To do this, Google Analytics first collects Google-authenticated IDs for you as a user on our website, which are linked to your Google account. Google Analytics then temporarily links these IDs with Google Analytics data in order to optimise our target groups.
c) Google Ads Conversion Tracking
We use Google Ads, an online advertising programme from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), on our website. Conversion tracking is also used in this process. With this tool, Google Ads sets a cookie on your end device when you come to our website via a Google ad.
The cookie does not serve any personal traceability. If you visit our website as a user and the cookie is still working, it will be recognisable to us together with Google that you clicked on the corresponding ad and were redirected to our page. A different cookie is assigned to each Google Ads customer. Cookies are thus not traceable via the websites of the Ads customers.
The data collected through conversion cookies is used to create conversion statistics for Ads customers. As Google Ads customers, we learn the total number of users who responded to our ad and were then redirected to a website that was tagged with a conversion tracking tag.
were then redirected to a website that was tagged with a conversion tracking tag. This allows us to see the success of individual advertising efforts. During this process, we do not receive any information with which we could personally identify you as a user.
When using Google Ads, your browser automatically establishes a direct connection with the Google server and, if you have a Google account and are logged in to it, can assign the visit to your account. If you do not have a Google account, Google will assign you its own identifier. We have no influence on what other data Google collects and stores.
d) LinkedIn Conversion Tracking
We use the conversion tracking function of LinkedIn on our website. This enables us to target you with advertisements following a visit to our website. In addition, LinkedIn provides a report that shows how successful our advertisements are and how users interact with our site in general. If you have logged in via LinkedIn before visiting our site, this will be recognised as part of the conversion tracking and you will be connected to your LinkedIn account as a visitor to our site.
You also have the option to unsubscribe from interest-based advertising via LinkedIn. This is possible via the following link: https://www.linkedin.com/psettings/enhanced-advertising
e) Microsoft Advertising Conversion Tracking
We use the Microsoft Advertising programme on our website, which is provided and operated by Microsoft Ireland Operations Limited, One Microsoft Place, South Country Business Park, Leopardstown, Dublin, Ireland 18, D18 P521 ("Microsoft").
With the help of the Microsoft Advertising programme, we can place advertisements in various search engines and networks. In order to identify which ad or keyword brought you to our website, we have implemented Universal Event Tracking (UET) on our site. This is a conversion tracking tag that allows us to learn more about your user behaviour on our websites. We use this information to optimise our web ads and offers and better adapt them to your needs.
Microsoft collects, processes and uses information via the cookie, from which usage profiles are created using pseudonyms. These usage profiles are used to analyse visitor behaviour and are used to display advertisements. No personal information about the identity of the user is processed.
In doing so, Microsoft Advertising may collect the following information, among others:
- Information about the browser they use and the device you use
- identifiers (flags) assigned by Microsoft,
- Website or display from which access is made (referrer URL)
- P-address of the requesting computer,
- Access duration and time.
We have concluded an order processing contract with Microsoft, which ensures that your data shall be processed in accordance with European data protection standards.
It cannot be ruled out that personal data will also be processed by the service provider in the USA, as the parent company Microsoft Corporation has its headquarters in the USA.
Further information on data protection and the cookies used at Microsoft on the Microsoft website https://privacy.microsoft.com/de-de/privacystatement.
f) Microsoft Clarity
We use the "Microsoft Claritiy" analysis service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA on our website.
In this case, usage and user-related information, such as IP address, location, time or frequency of the visit to our website, is transferred to a Microsoft server in the USA and stored there. We have activated the anonymisation function at Microsoft so that your IP address is only processed in abbreviated form.
This data is used to evaluate your visit to our website and your usage behavior so that we can improve and optimize our services.
We have agreed the standard contractual clauses with Microsoft . You can find more information about data protection at https://privacy.microsoft.com/de-de/privacystatement
11. Rights of the data subject
You have the following rights:
In accordance with Art. 15 DSGVO, you have the right to request information about your personal data processed by us. This right of access includes information about
- the processing purposes
- the categories of personal data
- the recipients or categories of recipients to whom your data have been or will be disclosed
- the planned storage period or at least the criteria for determining the storage period
- the existence of a right to rectification, erasure, restriction of processing or opposition
- the existence of a right of appeal to a supervisory authority
- the origin of your personal data, if this data was not collected by us
- the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details
In accordance with Art. 16 DSGVO, you have the right to promptly correct any inaccurate or incomplete personal data stored by us.
In accordance with Art. 17 DSGVO, you have the right to request the immediate deletion of your personal data from us, insofar as the further processing is not necessary for one of the following reasons:
- the personal data are still necessary for the purposes for which they were collected or otherwise processed
- on the exercise of the right to freedom of expression and information
- for compliance with a legal obligation which requires processing under the law of the European Union or the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO
- for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing
- for the assertion, exercise or defense of legal claims
d) Restriction of processing
In accordance with Art. 18 DSGVO, you may request the restriction of the processing of your personal data for one of the following reasons:
- You dispute the accuracy of your personal data.
- The processing is unlawful and you object to the erasure of the personal data.
- We no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims
- You object to the processing pursuant to Art. 21 (1) DSGVO
If you have requested the rectification or erasure of your personal data or a restriction of processing pursuant to Art. 16, Art. 17 (1) and Art. 18 DSGVO, we will notify all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You may request that we inform you of these recipients.
You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format.
You also have the right to request the transfer of this data to a third party, provided that the processing was carried out with the help of automated procedures and is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b DSGVO.
In accordance with Art. 7 (3) DSGVO, you have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. In the future, we may no longer continue the data processing that was based on your revoked consent.
In accordance with Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying the particular situation. If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to [email protected]
j) Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between you and us
- is permitted by legislation of the European Union or the Member States to which we are subject and such legislation contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests
- is done with your express consent
However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases referred to in i) and iii), we shall take reasonable measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person from our side, to express your point of view and to contest the decision.