Privacy policy for the
website and app

Content

  1. Involved parties
    1. Responsible party
    2. Data protection officer
  2. General information on data processing
    1. Scope of the processing of personal data
    2. Legal basis for the processing of personal data
    3. Data deletion and duration of storage
    4. Data transfer
  3. Website (informational use)
    1. Log files
    2. Cookie
  4. Special website features
    1. General
    2. Registration
    3. Contact form and e-mail contact
    4. Newsletter
  5. Third party services
    1. General
    2. YouTube
    3. Google Maps
    4. Social-Media
    5. Payment services
  6. App
  7. Special app features
    1. Audio data, photo and movie recording
    2. Location data
  8. Data security
  9. Data subject rights
    1. Information
    2. Correction
    3. Restriction of processing
    4. Deletion
    5. Disclosure
    6. Data transmission
    7. Objection
    8. Revocation
    9. Automated decision, profiling
    10. Complaint to supervisory authority

I. Involved

1. Responsible party

The responsible party within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

alphaben GmbH
Markus Singler
In der Spöck 10
77656 Offenburg

Telefon: 015164117017
Mail:
Website: www.alphaben.app

Sales tax identification number according to Sect. 27 a of the Sales Tax Law:
14086/10463

2. Data protection officer

The data protection officer of the responsible party is:

alphaben GmbH
Markus Singler
In der Spöck 10
77656 Offenburg

Telefon: 015164117017
Mail:

II. General information on data processing

1. Scope of the processing of personal data

As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision of functional services as well as our content and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.

3. Data deletion and duration of storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

4. Data transfer

Except for the cases mentioned in this declaration, we do not pass on any data to third parties as a matter of principle. In particular, we do not sell the data entrusted to us.

Data will only be transferred if

  • you have given your express consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR,
  • the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6 (1) sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • in the event that there is a legal obligation for disclosure pursuant to Art. 6 (1) p. 1 lit. c GDPR,
  • this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b GDPR for the processing of contractual relationships with you.

The transfer of data relates only to that information which is absolutely necessary for the respective purpose. In this respect, the scope of the data transfer is reduced to the minimum required in each case.

III. Website (informational use)

1.  Logfiles
a. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected in this process:

  • Information about the browser type and the version used.
  • The operating system of the user
  • The content of the request (specific page)
  • The user's Internet service provider
  • The IP address of the user
  • Date and time of access
  • The amount of data transferred in each case
  • Websites from which the user's system accesses our website
  • Websites that are accessed by the user's system via our website

This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

b. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.

c. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

d. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

e. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

2. Cookie
a. Description and scope of data processing

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your terminal device (laptop, tablet, smartphone or similar) when you visit our site. A cookie contains a characteristic string of characters that allows the browser to be uniquely identified when you return to the website.

Cookies do not cause any damage to your terminal device, do not contain viruses, Trojans or other malware. Information is stored in the cookie that is related to the specific end device used.

The website uses transient cookies, persistent cookies and cookies from third-party providers.

Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website.

Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. If you visit our site again to use our services, it may be automatically recognized that you have already been with us and what entries and settings you have made so that you do not have to enter them again.

Details on cookies from third-party providers are presented in connection with the respective third-party provider.

b. Legal basis for data processing

The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1) p. 1 lit. f GDPR.

c. Purpose of data processing

The use of transient cookies serves to make the use of our offer more pleasant for you. For example, we use session cookies to recognize that you have already visited individual pages of our website. In addition, individual elements of our website require that the calling browser can be identified even after a page change.

We use persistent cookies to statistically record the use of our website and to evaluate search and surfing behavior for the purpose of optimizing our offer for you.

With the third-party cookies, we want to ensure a needs-based design and the ongoing optimization of our website. In addition, we use the measures to statistically record the use of our website and evaluate it for the purpose of optimizing our offer for you. Finally, we use cookies from third-party providers, especially in the context of social media plugins for this purpose, for promotional purposes with the aim of increasing our awareness.

d. Duration of storage, possibility of objection and removal

Transient cookies including session cookies are automatically deleted after leaving our site.

Persistent cookies are automatically deleted after a defined period of time.

Details on cookies from third-party providers are presented in connection with the respective third-party provider.

Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer, certain cookies are rejected or a notice always appears before a new cookie is created. However, completely disabling cookies may prevent you from using all the features of our website.

You can delete cookies in the security settings of your browser at any time.

IV. Special website features

1. General

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide additional personal data, which we use to provide the respective service. If additional voluntary information is possible, this is marked accordingly.

We may transfer your personal data to third parties if we offer promotions, competitions, bookings or contract conclusions together with a third party provider. In this case, you will be informed separately about the disclosure to third parties before your data is transferred.

In some cases, we use external service providers to process your data. These have been carefully selected by us and commissioned in writing. They are bound by our instructions and are regularly monitored by us. The service providers will not pass on this data to third parties.

2. Registration

a. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data is not transferred to third parties. The data requested in each case is collected as part of the registration process.

The following data is also stored at the time of registration:

  • The IP address of the user
  • Date and time of registration

As part of the registration process, the user's consent to the processing of this data may be obtained.

b. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 (1) lit. a GDPR if the user has given his consent.

If the registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) lit. b GDPR.

c. Purpose of data processing

User registration is required for the provision of certain content and services on our website that are not generally accessible to the public. We only make these contents and services available to users known to us.

Registration of the user may also be necessary for the fulfillment of a contract with the user or for the performance of pre-contractual measures.

d. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

This is the case for data collected only during the registration process, when the registration on our website is cancelled or modified.

For data collected during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures, this is the case when the data is no longer necessary for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to fulfill contractual or legal obligations.

Continuing obligations require the storage of personal data during the term of the contract. In addition, warranty periods must be observed and data must be stored for tax purposes. The storage periods to be observed in this regard cannot be determined in a generalized manner, but must be determined on a case-by-case basis for the contracts and contracting parties concluded in each case.

e. Possibility of objection and removal

As a user, you have the option to cancel your registration at any time. You can have the data stored about you changed at any time. To delete or change, log in with your access data. In the special user menu you can then make the desired changes or deletion.

If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

3. Contact form and e-mail contact

a. Description and scope of data processing

A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored.

At the time the message is sent, the following data is also stored:

  • The IP address of the user
  • Date and time of registration

For the processing of the data, your consent may be obtained during the sending process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

In this context, the data will not be transferred to third parties. The data will be used exclusively for processing the respective communication.

b. Legal basis for data processing

The legal basis for the processing of the data is Art.6 para.1 lit. a GDPR if the user has given his consent.

Furthermore, the legal basis for the processing of data, in particular that transmitted in the course of sending an e-mail, is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

c. Purpose of data processing

The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

d. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

e. Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

4. Newsletter

a. Description and scope of data processing

On our website there is the possibility to subscribe to a free newsletter. In doing so, the data from the input mask is transmitted to us when registering for the newsletter.

In addition, the following data is collected during registration:

  • IP address of the calling computer
  • Date and time of registration

For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy.

If you purchase goods or services on our website and provide your e-mail address, this may subsequently be used by us to send you a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter.

No data will be transferred to third parties in connection with the processing of data for the dispatch of newsletters. The data is used exclusively for sending the newsletter.

If the website uses newsletter tracking, the associated data processing shall be addressed separately. A justification norm for the data processing will be found in Art. 6 (1) lit. f GDPR.

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons, also called tracking pixels. These are single-pixel image files that link to our website and thus enable us to evaluate your user behavior. This is done by collecting the above-mentioned data as well as web beacons that are assigned to your e-mail address and linked to a separate ID. Links received in the newsletter also contain this ID. The data is collected exclusively pseudonymously, i.e. the IDs are not linked to your other personal data, thus excluding any direct personal reference. The information collected in this way is stored by the newsletter provider on its server in Germany.

b. Legal basis for data processing

The legal basis for the processing of data after the user has registered for the newsletter is Art. 6 para. 1 lit. a GDPR if the user has given his consent.

The data processing in connection with the tracking of the newsletter is based on Art. 6 para. 1 lit. f GDPR.

The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) Act against Unfair Competition (UWG).

c. Purpose of data processing

The collection of the user's e-mail address serves to deliver the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

The processing of users' personal data enables us to analyze the behavior of our newsletter users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our newslette. This helps us to constantly improve our newsletters and their user-friendliness.

d. Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The user's e-mail address is therefore stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is usually deleted after a period of seven days.

e. Possibility of objection and removal

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.

This also enables revocation of consent to the storage of personal data collected during the registration process.

You can object to the newsletter tracking at any time by clicking on the separate link provided in each e-mail.

Such tracking is also not possible if you have deactivated the display of images by default in your e-mail program. In this case, however, the newsletter will not be fully displayed to you and you may not be able to use all of its features. If you display the images manually, the above tracking will occur.

V. Third party services

1. General

We have integrated the third-party services mentioned below in our online offers.

By visiting the website, the third-party provider receives the information that you have accessed the corresponding sub-page of our website. In addition, the above-mentioned data is transmitted. This occurs regardless of whether this third-party provider provides a user account through which you are logged in or whether no user account exists. If you are logged in to the plug-in provider, this data is directly assigned to your account. If you do not want the assignment to your profile with the plug-in provider, you must log out before activating the button.

The plug-in provider stores this data as usage profiles and uses it for purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the provision of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right.

For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the privacy policies of these providers provided below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.

The services of third parties are used on our website on the basis of Art. 6 (1) p. 1 lit. f GDPR to make our company better known. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for data protection compliant operation is to be ensured by their respective providers.

2. YouTube

We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in "extended data protection mode", which means that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos, data is transmitted. We have no influence on this data transmission.

Address of the provider and URL with their privacy policy: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/

3. Google Maps

We have continued to integrate content from Google Maps on our websites. With Google Maps, you can see our location on a digital map. In addition, it is possible to plan a route to us from any other location. Insofar as you use the route planner, location data may also be collected and transmitted to Google in addition to the above-mentioned data.

Address of the provider and URL with their privacy policy: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/

4. Social-Media

a. General

We use social media plug-ins from the providers listed below.

Social-Media Plug-ins verwenden wir regelmäßig unter Einsatz von „Shariff“-Schaltflächen. Bei „Shariff“ handelt es sich um eine von den Spezialisten der Zeitschrift c´t entwickelte Technologie zum Schutz der Privatsphäre. Einzelheiten können unter http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html .

We also use the so-called 2-click solution in some cases. This means that when you visit our site, no personal data is initially passed on to the providers of these plug-ins. You can recognize the provider of the plug-in by the marking on the grayed-out box by means of the initial letter. Only if you click on one of the plug-ins, personal data will be transmitted: By activating the plug-in, data is automatically transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA). We have no influence on the collected data and data processing operations, nor are we aware of the full extent of the data collection, the purposes and the storage periods. Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the grayed-out box.

When you activate a plug-in, the plug-in provider receives the information that you have accessed the corresponding subpage of our online offer. In addition, the above-mentioned data is transmitted, although in the case of Facebook and Xing, according to the respective providers in Germany, only an anonymized IP is collected. This occurs regardless of whether you have an account with this plug-in provider and are logged in there. If you are logged in to the plug-in provider, this data is directly assigned to your account. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and shares this publicly with your contacts. If you do not want the assignment to your profile with the plug-in provider, you must log out before activating the button.

The plug-in provider stores this data as usage profiles and uses it for purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right.

For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the privacy policies of these providers provided below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.

The legal basis for the processing of the data following the user's consent is Art. 6 para. 1 lit. a GDPR.

Addresses of the respective providers and URL with their privacy notices:

b. Facebook

Social media plugins from Facebook are used on our website to make their use more personal. For this purpose, we use the "LIKE" or "SHARE" button. This is an offer from Facebook.

When you call up a page of our website that contains such a plugin, your browser establishes a direct connection with Facebook's servers. The content of the plugin is transmitted by Facebook directly to your browser, which then integrates it into the website.

By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook account. If you interact with the plugins, for example by clicking the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook may use this information for the purposes of advertising, market research and demand-oriented design of the Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.

If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.

For the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to the privacy policy (https://www.facebook.com/about/privacy/) of Facebook.

c. Twitter

On our Internet pages, plugins of the short message network of Twitter Inc. (Twitter) are integrated. You can recognize the Twitter plugins (tweet button) by the Twitter logo on our site. You can find an overview of tweet buttons here (https://about.twitter.com/resources/buttons).

When you call up a page of our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter thereby receives the information that you have visited our site with your IP address. If you click the Twitter "tweet button" while logged into your Twitter account, you can link the content of our pages on your Twitter profile. This allows Twitter to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter.

If you do not want Twitter to be able to associate the visit to our pages, please log out of your Twitter user account.

For more information, please refer to the privacy policy of Twitter (https://twitter.com/privacy).

d. Instagram

Our website also uses so-called social plugins ("plugins") from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram").

The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera".

When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of Instagram. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged into Instagram.

This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plugins, for example by clicking the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there.

The information is also published on your Instagram account and displayed there to your contacts.

If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website.

For more information, see the privacy policy (https://help.instagram.com/155833707900388) of Instagram.

5. Payment services

a. General

Services subject to a charge can be paid for using one of the payment services and payment methods listed below. For this purpose, a payment method can be selected individually at the end of the respective order process. The payment services offered depend on the type of service ordered. The payment services are regularly offered by third parties.

By using a payment service, the third-party provider receives the information that and which services you purchase from us. In addition, the data mentioned during the ordering process is transmitted. This occurs regardless of whether this third-party provider provides a user account through which you are logged in or whether no user account exists. The transfer of your data takes place exclusively for the purpose of payment processing with the respective service provider.

The data transmitted to the payment service contains the information provided during the ordering process together with information about your order (e.g. name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) as well as data related to the order (e.g. invoice amount, article, delivery type).

The payment services reserve the right to conduct a credit check for certain payment methods. The Payment Services use the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, these have their basis in a scientifically recognized mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values.

For more information on the purpose and scope of data collection and its processing by the third-party provider, please refer to the data protection declarations of these providers provided below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.

The legal basis for processing personal data in connection with the conclusion of a contract is Art. 6 (1) lit. b GDPR. The data processing is carried out in order to process your orders in the online store.

b. PayPal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal, we pass on your payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing.

For more information about PayPal's privacy policy, please visit https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

c. Amazon Payments

If payment is made via "Amazon Pay", the payment will be processed by the payment service provider Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (hereinafter: "Amazon Payments"), to which we pass on your information provided during the ordering process.

For more information about Amazon Payments' privacy policy, please visit: https://pay.amazon.de/help/201212490?ld=APDELPADirect

d. Stripe

When payments are made via the Stripe service, we pass on your payment data to Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (hereinafter: Stripe).

For more information on Klarna's privacy policy, please visit: https://stripe.com/de/privacy#translation

e. Klarna

When payments are made via the Klarna service, we share your payment data with Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna") as part of the payment processing.

For more information on Klarna's privacy policy, please visit: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

f. Immediately

If you select the payment method "SOFORT", the payment will be processed by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to whom we pass on the information you provided during the ordering process, along with information about your order. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden).

For more information about SOFORT's privacy policy, please visit https://www.klarna.com/sofort/datenschutz.

VI. App

In addition to our online offer, we provide you with a mobile app that you can download to your mobile device. In doing so, you are also entitled to the rights described here. In addition to the data mentioned above in this data protection declaration, further personal data is processed, about which we inform you in the following.

When downloading the app, the necessary information is transferred to the App Store, i.e. in particular user name, e-mail address and customer number of your account, time of download, payment information and the individual device identification number. However, we have no influence on this data collection and are not responsible for it. We process this provided data insofar as this is necessary for downloading the app to your mobile device. They are not stored further beyond this.

When using the app, we collect the following additional personal data to enable the app's features:

  • Device identification / unique number of the mobile device (IMEI = International Mobile Equipment Identity).
  • for iOS devices, their device number (UDID = Unique Device ID)
  • unique number of the network subscriber (IMSI = International Mobile Subscriber Identity)
  • mobile phone number (MSISDN = Mobile Subscriber ISDN Number),
  • MAC address for WLAN use / Media Access Control address (= hardware address of a network adapter)
  • Name of your mobile device
  • E-mail address

For advertising purposes we use the so-called "Advertising Identifier" (IDFA). This is a unique, but non-personalized and non-permanent identification number for a specific end device, provided by iOS. The data collected with this is not linked to any other device-related information. We use this IDFA to provide you with personalized advertising and to evaluate your usage. If you activate the option "no ad tracking" in the iOS settings under "Privacy" - "Advertising", we can only do the following: Measuring your interaction with banners by counting the number of times a banner is displayed without being clicked ("frequency capping"), click-through rate, detecting unique usage ("unique user"), and security measures, fraud prevention, and troubleshooting. You can delete the IDFA in the device settings at any time ("reset Ad-ID"), then a new IDFA will be created, which will not be merged with the previously collected data. Please note that you may not be able to use all the features of our app if you restrict the use of the IDFA.

VII. Special app features

1. Audio data, photo and movie recording

Our service also processes audio data with voice recordings of people as well as photo and film recordings of people. The voices, images and films can be assigned to a specific person through technical matching.

At the beginning of app use, we ask you for permission to use your audio data, photo and film recordings. If you refuse, we will not use this data. You may not be able to use all the features of our app in this case. You can grant or revoke permission later in the app or operating system settings.

If you allow access to this data, the app will only access and transfer this data to our server to the extent necessary to provide the functionality. We will treat this data confidentially and delete it if you revoke the rights to use it or if it is no longer necessary for the provision of the services and there are no legal retention obligations.

2. Location data

Our offer also includes so-called location-based services, with which we offer you special offers tailored to your particular location. In order to be able to offer you these features of the app, we collect your location data by means of GPS and your IP address in anonymized form, if you allow this.

You can allow or revoke this features in the settings of the app or your operating system at any time by calling "Settings". Your location will only be transmitted to us if, when using the app, you make use of features that we can only offer you if we know your location.

Your location data will not be used to create movement profiles beyond your current location.

VIII. Data security

Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.

Only those employees and contractors for whom this data is absolutely necessary for the provision of services have access to personal data. The persons authorized to access the data are bound by confidentiality obligations. Violations of this obligation may lead to (summary) dismissal and criminal prosecution.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological standards and developments.

IX. Rights of affected persons

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Information

You may request confirmation from the controller as to whether personal data concerning you are being processed by us.

If such processing is taking place, you may request information from the controller about the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data which are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) any available information on the origin of the data, if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

This right of access may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the limitation is necessary for the fulfilment of the research or statistical purposes.

2. Correction

You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

Your right to rectification may be limited to the extent that it is likely to render impossible or seriously prejudice the achievement of the research or statistical purposes and the limitation is necessary for the fulfilment of the research or statistical purposes.

3. Restriction of processing

You may request restriction of the processing of personal data concerning you under the following conditions:

(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of processing, but you need it for the establishment, exercise or defense of legal claims; or

(4) if you have objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the controller's legitimate grounds override your grounds.

If the processing of personal data concerning you has been restricted, such data may - apart from being stored - only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Your right to restriction of processing may be limited to the extent that it is likely to render impossible or seriously impede the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

4. Deletion

a. Obligation to delete

You may request the Controller to delete the personal data concerning you without undue delay, and the Controller is obliged to delete such data without undue delay, if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.

(4) The personal data concerning you have been processed unlawfully.

(5) The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

(6) The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) GDPR.

b. Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

c. Exceptions

The right to deletion does not exist insofar as the processing is necessary to

(1) for the exercise of the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

(5) for the assertion, exercise or defense of legal claims.

5. Disclosure

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the data Controller.

6. Data transmission

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that.

(1) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and

(2) the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to processing of the personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR.

Your right to object may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the limitation is necessary for the fulfillment of the research or statistical purposes.

8. Revocation

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. Automated decision, profiling

You have the right not to be subjected to a decision based solely on automated processing - including profiling - which produces legal effects vis-à-vis you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is permitted by legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests; or

(3) is made with your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases mentioned in (1) and (3), the Controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, which include, at a minimum, the right to obtain the intervention of a person on the part of the Controller, to express his or her point of view and to contest the decision.

10. Complaint to supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.