Privacy policy

Privacy Policy

1) Introduction and Controller’s Contact Details

1.1

Thank you for visiting our website and for your interest in our business. In the following, we inform you about how your personal data is handled when you use our website. Personal data means any data by which you can be personally identified.

1.2

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

B3 Media GmbH
Alter Güterbahnhof 3c
22303 Hamburg
Germany
Email: info@nordikitchen.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1

When you use our website for information purposes only, meaning if you do not register or otherwise submit information to us, we only collect the data that your browser transmits to our server (“server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

The website visited
Date and time of access
Amount of data sent in bytes
Source/reference from which you accessed the page
Browser used
Operating system used
IP address used (where applicable, in anonymised form)

Processing is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used in any other way. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.

2.2

For security reasons and in order to protect the transmission of personal data and other confidential content, such as orders or enquiries sent to the controller, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string “https://” and the lock symbol in your browser bar.

3) Hosting and Content Delivery Network

3.1 Shopify

We use the following provider for hosting our website and displaying the page content:

Shopify International Limited
Victoria Buildings, 2nd Floor
1-2 Haddington Road
Dublin 4, D04 XN32
Ireland

Data is also transferred to:

Shopify Inc.
150 Elgin St
Ottawa, ON K2P 1L4
Canada

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorised disclosure to third parties.

For transfers of data to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

3.2 Cloudflare

We use a content delivery network from the following provider:

Cloudflare Inc.
101 Townsend St.
San Francisco, CA 94107
USA

This service enables us to deliver large media files such as graphics, page content or scripts more quickly via a network of regionally distributed servers. Processing is carried out on the basis of our legitimate interest in improving the stability and functionality of our website in accordance with Article 6(1)(f) GDPR. We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorised disclosure to third parties.

For data transfers to the USA, the provider has certified under the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

3.3 imgix

We use a content delivery network from the following provider:

Zebrafish Labs Inc.
423 Tehama St.
San Francisco, CA 94103
USA

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after you close your browser (“session cookies”), while others remain on your device for longer and make it possible to save page settings (“persistent cookies”). In the latter case, you can find the storage period in the overview of your web browser’s cookie settings.

If personal data is also processed by individual cookies used by us, processing is carried out in accordance with Article 6(1)(b) GDPR either for the performance of the contract, in accordance with Article 6(1)(a) GDPR in the event that consent has been given, or in accordance with Article 6(1)(f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance, or exclude the acceptance of cookies for specific cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be restricted.

5) Contacting Us

5.1 Judge.me

We use the services of the following provider for review reminders:

Judge.me Ltd.
c/o Buckworths
2nd Floor, 1-3 Worship Street
London, England, EC2A 2AB
United Kingdom

Exclusively on the basis of your express consent in accordance with Article 6(1)(a) GDPR, we transmit your email address and, where applicable, further customer data to the provider so that the provider can contact you by email with a review reminder.

You may withdraw your consent at any time with effect for the future, either by contacting us or the provider.

We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorised disclosure to third parties.

In the event of data transfers to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

5.2 Loox

We use the services of the following provider for review reminders:

Loox Online Ltd.
Rehov Har Sinai 2
6581602 Tel Aviv-Yafo
Israel

You may withdraw your consent at any time with effect for the future, either by contacting us or the provider.

We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorised disclosure to third parties.

In the event of data transfers to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

5.3 Trustpilot

We use the services of the following provider for review reminders:

Trustpilot A/S
Pilestræde 58
1112 Copenhagen
Denmark

You may withdraw your consent at any time with effect for the future, either by contacting us or the provider.

We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorised disclosure to third parties.

5.4

When you contact us, for example by contact form or email, personal data is processed solely for the purpose of handling and responding to your enquiry, and only to the extent necessary for that purpose.

The legal basis for processing this data is our legitimate interest in responding to your enquiry in accordance with Article 6(1)(f) GDPR. If your enquiry is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted once it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided there are no statutory retention obligations to the contrary.

6) Data Processing When Opening a Customer Account

In accordance with Article 6(1)(b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. The data required for opening an account can be seen from the input form used for the corresponding form on our website.

You may delete your customer account at any time by sending a message to the controller at the address stated above. Once your customer account has been deleted, your data will be deleted provided that all contracts concluded through that account have been fully processed, no statutory retention periods prevent deletion, and we no longer have any legitimate interest in continuing to store the data.

7) Use of Customer Data for Direct Marketing

7.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. Providing further data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you will only receive newsletters once you have expressly confirmed your consent to receive them by clicking a verification link sent to the email address provided.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Article 6(1)(a) GDPR. In doing so, we store your IP address entered by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later point in time. The data collected by us when you register for the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller named above. After unsubscribing, your email address will be removed from our newsletter distribution list without delay, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this where permitted by law and as explained in this policy.

7.2 GoDaddy

Our email newsletters are sent via the following provider:

Go Daddy Operating Co LLC
14455 North Hayden Road, Suite 226
Scottsdale, AZ 85260
USA

On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provide when subscribing to the newsletter to this provider in accordance with Article 6(1)(f) GDPR so that the provider can send the newsletter on our behalf.

Subject to your express consent in accordance with Article 6(1)(a) GDPR, the provider also carries out statistical performance analysis of newsletter campaigns by means of web beacons or tracking pixels in the emails sent, which can measure opening rates and specific interactions with the content of the newsletter. Device information, such as time of access, IP address, browser type and operating system, is also collected and evaluated, but is not merged with other data sets.

You may revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

For data transfers to the USA, the provider has certified under the EU-US Data Privacy Framework.

7.3 Klaviyo

Our email newsletters are sent via the following provider:

Klaviyo, Inc.
125 Summer St., Ste 600
Boston, MA 02110
USA

You may revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

For data transfers to the USA, the provider has certified under the EU-US Data Privacy Framework.

7.4 Basket Reminder Emails

If you abandon your purchase with us before completing your order, you have the option of receiving a one-off reminder by email about the contents of your virtual shopping basket.

The only mandatory information required for sending this reminder is your email address. Providing further data is voluntary and may be used to address you personally. For sending such emails, we use the so-called double opt-in procedure, which ensures that you will only receive a notification once you have expressly confirmed your consent by clicking a verification link sent to the email address provided.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Article 6(1)(a) GDPR for sending a basket reminder. In doing so, we store your IP address entered by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later point in time. The data collected by us when registering for our email notification service is used strictly for the intended purpose.

You may unsubscribe from basket reminder emails at any time by sending a corresponding message to the controller named above. After unsubscribing, your email address will be removed from the relevant mailing list without delay, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this where permitted by law and as explained in this policy.

8) Data Processing for Order Handling

8.1

To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned shipping company and the commissioned financial institution in accordance with Article 6(1)(b) GDPR.

If, on the basis of a corresponding contract, we owe you updates for goods with digital elements or for digital products, we process the contact details you provided when placing the order in order to personally inform you within the scope of our statutory information obligations in accordance with Article 6(1)(c) GDPR. Your contact details are used strictly for the purpose of notifying you about updates owed by us and are only processed by us to the extent necessary for the respective information.

To handle your order, we also work with the following service providers, who support us wholly or partly in the performance of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

8.2 Use of Payment Service Providers

Google Pay

If you choose the payment method “Google Pay” of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment processing will be carried out via the “Google Pay” application on your mobile device, operated with at least Android 4.4 (“KitKat”) and equipped with NFC functionality, by charging a payment card stored in Google Pay or a payment system verified there, such as PayPal. To authorise a payment via Google Pay exceeding EUR 25.00, your mobile device must first be unlocked using the verification method set up on the device, such as facial recognition, password, fingerprint or pattern.

For the purpose of payment processing, the information you provide during the order process, together with information about your order, is passed on to Google. Google then transmits the payment information stored in Google Pay to the originating website in the form of a uniquely assigned transaction number, which is used to verify a completed payment. This transaction number does not contain any information about the actual payment details of your payment method stored in Google Pay, but is created and transmitted as a one-time valid numerical token. In all transactions via Google Pay, Google acts solely as an intermediary for processing the payment. The transaction is carried out exclusively in the relationship between the user and the originating website by charging the payment method stored in Google Pay.

If personal data is processed in the course of the described transmissions, processing is carried out exclusively for payment processing in accordance with Article 6(1)(b) GDPR.

Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction carried out via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos you attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction and, where applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Article 6(1)(f) GDPR on the basis of the legitimate interest in proper invoicing, verification of transaction data, and optimisation and functional maintenance of the Google Pay service.

Google also reserves the right to combine the processed transaction data with further information collected and stored by Google when using other Google services.

The Google Pay terms of use can be found here:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on data protection at Google Pay can be found here:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

Klarna

One or more online payment methods from the following provider are available on this website:

Klarna Bank AB
Sveavägen 46
111 34 Stockholm
Sweden

If you select a payment method offered by the provider where you pay in advance, such as credit card payment, your payment data communicated during the order process, including name, address, bank and card details, currency and transaction number, as well as information about the content of your order, will be passed on to the provider in accordance with Article 6(1)(b) GDPR. Your data is only passed on for the purpose of payment processing with the provider and only to the extent necessary for that purpose.

If you select a payment method where the provider pays in advance, such as invoice purchase, instalment purchase or direct debit, you will also be asked during the order process to provide certain personal data, such as first and last name, street, house number, postcode, city, date of birth, email address, telephone number and, where applicable, details of an alternative payment method.

To safeguard our legitimate interest in determining our customers’ ability to pay, we transmit this data to the provider for the purpose of a credit check in accordance with Article 6(1)(f) GDPR. Based on the personal data you provide and on additional data such as shopping basket, invoice amount, order history and payment experience, the provider checks whether the payment option selected by you can be granted with regard to payment and default risks.

In addition to provider-internal criteria, identity and creditworthiness information from the following credit agencies may also be included in the decision as part of the application review in accordance with Article 6(1)(f) GDPR:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values, so-called score values. Where score values are included in the result of the credit report, they are based on a scientifically recognised mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of score values.

You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for payment processing in accordance with the contract.

PayPal

One or more online payment methods from the following provider are available on this website:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg

If you select a payment method of the provider where you pay in advance, your payment data communicated during the order process, including name, address, bank and card details, currency and transaction number, as well as information about the content of your order, will be passed on to the provider in accordance with Article 6(1)(b) GDPR. Your data is only passed on for the purpose of payment processing with the provider and only to the extent necessary for that purpose.

If you select a payment method where we pay in advance, you will also be asked during the order process to provide certain personal data, such as first and last name, street, house number, postcode, city, date of birth, email address, telephone number and, where applicable, details of an alternative payment method.

In such cases, in order to safeguard our legitimate interest in determining your ability to pay, we transmit this data to the provider for the purpose of a credit check in accordance with Article 6(1)(f) GDPR. Based on the personal data you provide and on additional data such as shopping basket, invoice amount, order history and payment experience, the provider checks whether the payment option selected by you can be granted with regard to payment and default risks.

Shopify Payments

One or more online payment methods from the following provider are available on this website:

Shopify International Limited
Victoria Buildings
1-2 Haddington Road
Dublin 4, D04 XN32
Ireland

If you select a payment method of the provider where you pay in advance, such as credit card payment, your payment data communicated during the order process, including name, address, bank and card details, currency and transaction number, as well as information about the content of your order, will be passed on to the provider in accordance with Article 6(1)(b) GDPR. Your data is only passed on for the purpose of payment processing with the provider and only to the extent necessary for that purpose.

9) Retargeting / Remarketing and Conversion Tracking

9.1 Meta Pixel

Within our online offering, we use the “Meta Pixel” service of:

Meta Platforms Ireland Limited
4 Grand Canal Square
Dublin 2
Ireland

If a user clicks on an advert placed by us on Facebook and/or Instagram, the URL of our linked page is extended by means of “Meta Pixel” with a parameter. This URL parameter is then entered into the user’s browser after redirection via a cookie set by our linked page itself.

This enables Meta, on the one hand, to determine the visitors to our online offering as a target group for the display of adverts, so-called ads. Accordingly, we use the service in order to display the Facebook and/or Instagram ads placed by us only to users who have also shown an interest in our online offering or who have certain characteristics, such as interests in certain topics or products determined on the basis of the websites visited, which we transmit to Meta, so-called custom audiences.

On the other hand, “Meta Pixel” can be used to track whether users were redirected to our website after clicking on an ad and which actions they take there, so-called conversion tracking.

The data collected is anonymous for us, meaning it does not allow us to draw any conclusions about the identity of users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta may use the data for its own advertising purposes.

All of the above processing operations, in particular the setting of cookies for reading information on the device used, will only be carried out if you have given us your express consent in accordance with Article 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future by disabling this service in the cookie consent tool provided on the website.

We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorised disclosure to third parties.

The information generated by Meta is generally transmitted to a Meta server and stored there. In this context, transmission to servers of Meta Platforms Inc. in the USA may also occur.

For data transfers to the USA, the provider has certified under the EU-US Data Privacy Framework.

9.2 Google Ads Remarketing

This website uses retargeting technology from:

Google Ireland Limited
Gordon House
4 Barrow St
Dublin, D04 E5W5
Ireland

For this purpose, Google places a cookie in the browser of your device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit. Further data processing only takes place if you have agreed with Google that your internet and app browser history will be linked by Google to your Google account and that information from your Google account may be used to personalise ads you view on the web. If, in this case, you are logged into Google while visiting our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data in order to form target groups. In connection with the use of Google Ads Remarketing, personal data may also be transferred to servers of Google LLC in the USA.

All of the above processing operations, in particular the setting of cookies for reading information on the device used, will only be carried out if you have given us your express consent in accordance with Article 6(1)(a) GDPR. Without such consent, retargeting technology will not be used during your visit to the website.

You may withdraw your consent at any time with effect for the future. To exercise your withdrawal, please disable this service in the cookie consent tool provided on the website.

For data transfers to the USA, the provider has certified under the EU-US Data Privacy Framework.

9.3 Google Ads Conversion Tracking

This website uses the online advertising programme “Google Ads” and, as part of Google Ads, conversion tracking by:

Google Ireland Limited
Gordon House
4 Barrow St
Dublin, D04 E5W5
Ireland

We use Google Ads in order to draw attention to our attractive offers on external websites by means of advertising material, so-called Google Ads. In relation to the data from the advertising campaigns, we can determine how successful the individual advertising measures are. In doing so, we pursue the interest of showing you advertising that is relevant to you, making our website more interesting to you and ensuring a fair calculation of advertising costs.

The conversion tracking cookie is set when a user clicks on an ad placed by Google. Cookies are small text files stored on your device. These cookies usually expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the ad and was redirected to that page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of Google Ads customers. The information collected by means of the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page marked with a conversion tracking tag. However, they do not receive information that can be used to personally identify users.

In connection with the use of Google Ads, personal data may also be transferred to servers of Google LLC in the USA.

Details of the processing triggered by Google Ads Conversion Tracking and of Google’s handling of data from websites can be found here:
https://policies.google.com/technologies/partner-sites

You may also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plug-in available from Google at the following link:
https://www.google.com/settings/ads/plugin?hl=de

To address users, whose data we have received in the context of business or business-like relationships, with more relevant advertising, we use a customer matching function as part of Google Ads. For this purpose, we electronically transmit one or more files with aggregated customer data, especially email addresses and telephone numbers, to Google. Google does not gain access to plain-text data, but automatically encrypts the information in the customer files during transmission using a special algorithm. The encrypted information can then only be used by Google to match it to existing Google accounts that the data subjects have set up. This makes it possible to display personalised advertising across all Google services connected with the respective Google account.

Customer data is only transmitted to Google if you have given us your express consent in accordance with Article 6(1)(a) GDPR. You may revoke this consent at any time with effect for the future. Further information about Google’s data protection measures regarding customer matching can be found here:
https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182

Google’s privacy policy can be viewed here:
https://www.google.de/policies/privacy/

For data transfers to the USA, the provider has certified under the EU-US Data Privacy Framework.

9.4 TikTok Pixel

This website uses the conversion tracking technology of:

TikTok Technology Limited
10 Earlsfort Terrace
Dublin, D02 T380
Ireland

If you reached our website from an advert on the provider’s domain, the success of the advert can be tracked using cookies and/or similar technologies, such as tracking pixels, web beacons, pings or HTTP requests.

For this purpose, certain device and browser information, including, where applicable, your IP address, is read by means of the tracking technology in order to record and evaluate user actions predefined by us, such as completed transactions, leads, searches on the website or visits to product pages. This enables us to create statistics on user behaviour on our website after being redirected from an advert and to optimise our offer accordingly.

We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorised disclosure to third parties.

10) Website Functionalities

10.1 Google Web Fonts

This site uses so-called web fonts provided by:

Google Ireland Limited
Gordon House
4 Barrow St
Dublin, D04 E5W5
Ireland

When you visit a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly and establishes a direct connection to the provider’s servers. Certain browser information, including your IP address, is transmitted to the provider in the process.

Data may also be transferred to: Google LLC, USA

The processing of personal data when connecting to the provider of the fonts is only carried out if you have given us your express consent in accordance with Article 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future by disabling this service in the cookie consent tool provided on the website. If your browser does not support web fonts, a standard font from your computer will be used.

For data transfers to the USA, the provider has certified under the EU-US Data Privacy Framework.

10.2 Google reCAPTCHA

We use the CAPTCHA service of:

Google Ireland Limited
Gordon House
4 Barrow St
Dublin, D04 E5W5
Ireland

Data may also be transferred to: Google LLC, USA. For the visual design of the CAPTCHA window, the provider uses “Google Fonts”, i.e. fonts loaded from the internet by Google. No further information is processed beyond the data already transmitted to Google as part of the reCAPTCHA functionality.

The service checks whether an input is made by a natural person or improperly by automated processing and blocks spam, DDoS attacks and similar automated malicious access. In order to ensure that an action is taken by a human and not by an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system type used, as well as the date and duration of the visit, and transmits these to the provider’s servers for evaluation.

The legal basis is our legitimate interest in determining individual personal responsibility on the internet and preventing misuse and spam in accordance with Article 6(1)(f) GDPR.

We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorised disclosure to third parties.

For data transfers to the USA, the provider has certified under the EU-US Data Privacy Framework.

11) Tools and Other Services

11.1 easybill

We use the cloud-based accounting software service of easybill GmbH, Düsselstr. 21, 41564 Kaarst, Germany, for accounting purposes.

easybill processes incoming and outgoing invoices as well as, where applicable, our company’s bank transactions in order to automatically record invoices, match them with transactions and generate financial accounting in a semi-automated process.

If personal data is also processed in this context, the processing is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest in the efficient organisation and documentation of our business processes.

Further information on easybill GmbH, the automated processing of data and the privacy policy can be found at: easybill.de/privacy

11.2 Cookie Consent Tool

This website uses a so-called cookie consent tool to obtain legally valid user consents for cookies and cookie-based applications requiring consent. The cookie consent tool is displayed to users when they access the website in the form of an interactive user interface on which consent for certain cookies and/or cookie-based applications can be given by ticking a box. By using the tool, all cookies/services requiring consent are only loaded if the respective user has granted consent by ticking the relevant box. This ensures that such cookies are only set on the user’s device if consent has been given.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed.

If, in individual cases, personal data such as the IP address is processed for the purpose of storing, assigning or logging cookie settings, this is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly cookie consent management and thus in a legally compliant design of our website.

A further legal basis for processing is Article 6(1)(c) GDPR. As the controller, we are legally obliged to make the use of technically unnecessary cookies dependent on the respective user’s consent.

Where required, we have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorised disclosure to third parties.

Further information about the operator and the settings options of the cookie consent tool can be found directly in the corresponding user interface on our website.

12) Rights of the Data Subject

12.1

Applicable data protection law grants you the following data subject rights vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the legal basis stated for the respective exercise requirements:

Right of access pursuant to Article 15 GDPR
Right to rectification pursuant to Article 16 GDPR
Right to erasure pursuant to Article 17 GDPR
Right to restriction of processing pursuant to Article 18 GDPR
Right to be informed pursuant to Article 19 GDPR
Right to data portability pursuant to Article 20 GDPR
Right to withdraw consent granted pursuant to Article 7(3) GDPR
Right to lodge a complaint pursuant to Article 77 GDPR

12.2 Right to Object

If, within the framework of a balancing of interests, we process your personal data on the basis of our overriding legitimate interest, you have the right to object to this processing at any time with effect for the future on grounds arising from your particular situation.

If you exercise your right to object, we will stop processing the data concerned. Further processing remains reserved, however, if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

Where your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. You may exercise your objection as described above.

If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.

13) Web Analytics Services

13.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by:

Google Ireland Limited
Gordon House
4 Barrow St
Dublin, D04 E5W5
Ireland

By default, Google Analytics 4 sets cookies when you visit the website. These are small text files stored on your device which collect certain information. This information also includes your IP address, which is, however, shortened by Google by the last digits in order to exclude direct personal reference.

The information is transmitted to Google servers and processed there. Transfers to Google LLC, based in the USA, are also possible.

Google uses the collected information on our behalf to analyse your use of the website, to compile reports on website activity for us and to provide other services related to website use and internet use. The shortened IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. The data collected during the use of Google Analytics 4 is stored for a period of two months and then deleted.

All processing described above, in particular the setting of cookies on the device used, only takes place if you have given us your express consent pursuant to Article 6(1)(a) GDPR. Without your consent, Google Analytics 4 will not be used during your visit to the website. You may withdraw your consent at any time with effect for the future by disabling this service via the cookie consent tool provided on the website.

We have concluded a data processing agreement with Google which ensures the protection of our website visitors’ data and prohibits unauthorised disclosure to third parties.

Further legal information on Google Analytics 4 can be found here:
https://business.safety.google/intl/de/privacy/
https://policies.google.com/privacy?hl=de&gl=de
https://policies.google.com/technologies/partner-sites

Demographic characteristics
Google Analytics 4 uses the special “demographic characteristics” function and can use this to compile statistics that provide information on the age, gender and interests of website visitors. This is done by analysing advertising and information from third-party providers. This allows target groups to be identified for marketing activities. However, the data collected cannot be assigned to a specific person and is deleted after being stored for two months.

Google Signals
As an extension of Google Analytics 4, Google Signals may be used on this website to enable cross-device reports. If you have activated personalised ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics in accordance with Article 6(1)(a) GDPR, analyse your usage behaviour across devices and create database models, including those relating to cross-device conversions. We do not receive any personal data from Google, only statistics. If you would like to stop cross-device analysis, you can deactivate the “Personalised Advertising” function in your Google account settings. Follow the instructions on this page:
https://support.google.com/ads/answer/2662922?hl=de

Further information on Google Signals can be found here:
https://support.google.com/analytics/answer/7532985?hl=de

User IDs
As an extension of Google Analytics 4, the “User IDs” function may be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Article 6(1)(a) GDPR, created an account on this website and logged in to that account on different devices, your activities, including conversions, may be analysed across devices.

For data transfers to the USA, the provider has certified under the EU-US Data Privacy Framework.

13.2 Google Tag Manager

This website uses Google Tag Manager, a service of:

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland

Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analytics services, and calibrating, controlling and linking them to conditions via a single user interface. Google Tag Manager itself does not store or read information on user devices. Nor does the service carry out any independent data analysis. However, when a page is accessed, your IP address is transmitted to Google and may be stored there. Transmission to servers of Google LLC in the USA is also possible.

This processing is only carried out if you have given us your express consent in accordance with Article 6(1)(a) GDPR. Without such consent, Google Tag Manager will not be used during your visit to the website. You may withdraw your consent at any time with effect for the future by disabling this service in the cookie consent tool provided on the website.

We have concluded a data processing agreement with the provider, ensuring the protection of our website visitors’ data and prohibiting unauthorised disclosure to third parties.

For data transfers to the USA, the provider has certified under the EU-US Data Privacy Framework.

Further legal information on Google Tag Manager can be found here:
https://business.safety.google/intl/de/privacy/
https://policies.google.com/privacy?hl=de&gl=de

14) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and, where relevant, additionally by the respective statutory retention period, for example under commercial or tax law.

Where personal data is processed on the basis of express consent pursuant to Article 6(1)(a) GDPR, such data is stored until you withdraw your consent.

If there are statutory retention periods for data processed in the context of contractual or quasi-contractual obligations on the basis of Article 6(1)(b) GDPR, such data is routinely deleted after the retention periods have expired, provided it is no longer required for the performance or initiation of the contract and/or we no longer have any legitimate interest in continuing to store it.

Where personal data is processed on the basis of Article 6(1)(f) GDPR, such data is stored until you exercise your right to object under Article 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where personal data is processed for the purpose of direct marketing on the basis of Article 6(1)(f) GDPR, such data is stored until you exercise your right to object under Article 21(2) GDPR.

Unless otherwise stated in the other information in this policy regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Version: 09/2025