Privacy Policy

Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are not obligated to provide this data. Failure to provide such data has no consequences. This applies only to the extent that no other information is provided regarding the subsequent processing operations.
"Personal data" refers to any information relating to an identified or identifiable natural person.

Server Log Files
You can visit our website without providing any personal information. 
Each time you access our website, usage data is transmitted to us or our web host/IT service provider via your internet browser and stored in log files (so-called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider.
Processing is carried out on the basis of Art. 6(1)(f) GDPR based on our overriding legitimate interest in ensuring the smooth operation of our website and in improving our services. 
 

Your data may be transferred to and processed in third countries outside the EU, in particular to Canada and the United States. An adequacy decision by the European Commission exists for Canada. For the United States, an adequacy decision by the European Commission is in place: the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission’s Standard Contractual Clauses.

Contact

Data Controller
Please contact us if you wish. The data controller is:Mehdi und Moutamassik GbR,Isolastraße 2,52353Düren, Germany,02421 394 8585, shop@casa-moro.eu

Customer Initiating Contact via Email
If you initiate business contact with us via email, we collect your personal data (name, email address, message text) only to the extent you provide it. The data processing serves to process and respond to your contact request.
If the contact serves the purpose of taking pre-contractual measures (e.g., consultation regarding purchase interest, preparation of an offer) or relates to a contract already concluded between you and us, this data processing is based on Article 6(1)(b) of the GDPR.
If contact is initiated for other reasons, this data processing is based on Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(f) of the GDPR.
We use your email address solely to process your inquiry. Your data will subsequently be deleted in accordance with statutory retention periods, provided you have not consented to further processing and use.

Collection and Processing When Using the Contact Form
When youuse the contact form, we collect your personal data (name, email address, message text) only to the extent you provide it. The data processing serves the purpose of establishing contact.
If the contact serves the purpose of carrying out pre-contractual measures (e.g., consultation regarding purchase interest, preparation of an offer) or relates to a contract already concluded between you and us, this data processing is based on Art. 6(1)(b) GDPR.
If contact is made for other reasons, this data processing is based on Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(f) of the GDPR.
We use your email address solely to process your inquiry. Your data will subsequently be deleted in accordance with statutory retention periods, provided you have not consented to further processing and use.

Collection and Processing for Email Applications 
Website visitors interested in open positions advertised on our website may apply via email. In doing so, we collect your personal data only to the extent you provide it. This includes your contact information (e.g., name, email address, phone number), details regarding your professional qualifications and education, information on professional development, and performance-related documentation.
The data processing serves the purpose of contacting you and deciding whether to establish an employment relationship with you. The provision of this data is necessary to carry out the application process. The processing of your personal data is based on Article 6(1)(b) of the GDPR in conjunction with Section 26(1) of the BDSG for the purpose of carrying out pre-contractual measures (completing the application process as a preliminary step toward an employment contract).
To the extent that you have given us consent to process personal data for inclusion in our applicant pool, e.g., by checking a box, the processing is based on Article 6(1)(a) of the GDPR. You may revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to revocation.
If, as part of the application process, special categories of personal data within the meaning of Article 9(1) of the GDPR are requested from applicants, such as information regarding the degree of severe disability, this is done on the basis of Article 9(2)(b) GDPR, so that we can exercise the rights arising from labor law and the law on social security and social protection and fulfill our obligations in this regard.
We store your personal data for as long as necessary to make a decision regarding your application. Your data will then be deleted no later than six months after the application process, unless you have consented to further processing and use. If an employment relationship is established following the application process, the data provided will be further processed on the basis of Art. 6(1)(b) GDPR in conjunction with § 26(1) BDSG for the purposes of carrying out the employment relationship and subsequently transferred to the personnel file.
 

Customer Account Orders      

Customer Account
When you open a customer account, we collect your personal data to the extent specified there. The data processing serves the purpose of improving your shopping experience and simplifying order processing. Processing is based on Art. 6(1)(a) of the GDPR with your consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of the processing carried out on the basis of your consent prior to revocation. Your customer account will then be deleted.

Collection, Processing, and Disclosure of Personal Data for Orders
When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to handle your inquiries. Providing this data is necessary for the conclusion of the contract. Failure to provide it means that no contract can be concluded. Processing is based on Article 6(1)(b) of the GDPR and is necessary for the performance of a contract with you. 
Your data may be disclosed, for example, to shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transfer is limited to a minimum.
 

Your data may be transferred to and processed in third countries outside the EU, in particular to Canada and the United States. An adequacy decision by the European Commission exists for Canada. For the United States, an adequacy decision by the European Commission is in place: the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission’s Standard Contractual Clauses.

Reviews Advertising      


Data Collection When Posting a Comment or Review
When you comment on orreview an item or a post, we collect your personal data (name, email address, comment text) only to the extent you provide it. The processing serves the purpose of enabling comments/reviews and displaying comments/reviews. 

For the purpose of verifying your review/comment, we also collect the following data:order number,,,.

By submitting the comment/review, you consent to the processing of the transmitted data. Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of the processing carried out on the basis of your consent prior to revocation. Your personal data will then be deleted.

When your comment/review is published,the name you provided and the email address you provided will bepublished.

In addition, when you submit the comment or review, your IP address is stored for the purpose of preventing misuse of the comment or review function and ensuring the security of our IT systems. By submitting the comment or review, you consent to the processing of the transmitted data. Processing is carried out on the basis of Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time by notifying us, without affecting the lawfulness of the processing carried out on the basis of your consent prior to revocation. Your IP address will then be deleted.

Shopauskunft Customer Review
We use the “shopauskunft.de” review tool from Händlerbund Management AG (Kohlgartenstraße 11–13, 04315 Leipzig; “Shopauskunft”) for our website.
After you place your order, we would like to ask you to rate and comment on your purchase with us. For this purpose, we will contact you via email, using the technical system “Legally Compliant Review Request (RBA).” In doing so, we process the data related to your order (order number/invoice number, purchase amount, and shipping costs) as well as your email address. If necessary, we may also use this data to verify your review.
Processing is based on Article 6(1)(a) of the GDPR with your consent, provided that you have expressly consented to the transfer of your data and to receiving the review request.
You may revoke your consent at any time by using the corresponding link in the email or by notifying us, without affecting the lawfulness of the processing carried out on the basis of your consent prior to revocation.
For more information on data protection when using Shopauskunft, please visit:
https://www.shopauskunft.de/datenschutz.
 
Shopauskunft Widget
The Shopauskunft widget is integrated into our website. This serves the purpose of displaying the number and results of the reviews we have received via Shopauskunft to date and to advertise them.
To display the widget, it is technically necessary to transmit usage data from your internet browser to the Shopauskunft server and to store it in log files (so-called server log files) for 7 days. This stored data includes the name and URL of the file accessed, the date and time of access, the IP address of the requesting computer, the website from which access is made (referrer URL), the browser used, and, if applicable, your computer’s operating system, as well as the name of your internet service provider.
Processing is based on Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in promoting our offerings by displaying customer reviews we have already received. This data is not stored together with other personal data. 
 

Website logo for Google Customer Reviews
The website logo for Google Customer Reviews from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) is integrated into our website.
The integration serves the purpose of displaying the number and results of our reviews received via Google to date and promoting participation in this program.
Google uses cookies to display the logo on our website and to show you personalized ads on Google. In doing so, your IP address, among other things, may be processed and transmitted to Google.
Your data may be transferred to the United States. An adequacy decision by the EU Commission exists for the U.S., namely the Trans-Atlantic Data Privacy Framework (TADPF). Googlehas obtained TADPF certification and is thus committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1) sentence 1 TDDDG in conjunction with Article 6(1)(a) GDPR. The processing of your personal data is carried out with your consent on the basis of Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
For more information on terms of use and data protection when using Google Customer Reviews, please visithttps://www.google.com/shopping/customerreviews/static/tos/de/1_01_tos.htmlandhttps://policies.google.com/privacy?hl=de

Google Customer Reviews Rating Tool
We use the Google Customer Reviews rating tool provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) on our website.
After you place your order, we would like to ask you to rate and comment on your purchase with us. For this purpose, we will contact you via email, using Google’s survey opt-in module. In doing so, the following information, among other things, may be processed and transmitted to Google: order details (e.g., order ID, delivery country, estimated delivery date, GTIN of the ordered products) as well as your email address.
Your data may be transferred to the United States. An adequacy decision by the EU Commission exists for the U.S., namely the Trans-Atlantic Data Privacy Framework (TADPF). Googlehas obtained TADPF certification and is therefore committed to complying with European data protection principles.
Processing is based on Article 6(1)(a) of the GDPR with your consent, provided that you have expressly consented to the transfer of your data and to receiving the review request. You may revoke your consent at any time with future effect, without affecting the lawfulness of the processing carried out on the basis of your consent prior to revocation.
For more information on the terms of use and data protection when using Google Customer Reviews, please visit https://www.google.com/shopping/customerreviews/static/tos/de/1_01_tos.html and https://policies.google.com/privacy?hl=de
 

Use of Judge.me
We use the "Judge.me" rating system from Judge.me Ltd (c/o Buckworths 2nd Floor, 1-3 Worship Street, London, England, EC2A 2AB; "Judge.me") on our website.
Judge.me enables us to collect customer reviews and display them on our website to provide you with insight into the quality of our services.
After placing an order, you may receive an invitation from us or Judge.me to submit a review and subsequently provide a review. In doing so, the following data, among others, may be processed by us or Judge.me: email address, name, phone number, address, information about your device (IP address, information about your web browser and the operating system used), information about the purchased product or the service used (order number, product details), the content of your review and the star rating you provided, your product photos or videos (if you have attached them to your product review). This data may also be used to verify your review, if necessary.
Judge.me uses technologies such as cookies.
Your data may be transferred outside the EU to the United Kingdom. An adequacy decision by the European Commission is in place for the United Kingdom.
Your data may be transferred to the United States. An adequacy decision by the European Commission exists for the United States, namely the Trans-Atlantic Data Privacy Framework (TADPF). Judge.me is not certified under the TADPF. This data transfer is based on special contracts that have been approved for use in the United Kingdom and provide the same level of protection as that afforded to personal data in the United Kingdom.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1) sentence 1 of the TDDDG in conjunction with Article 6(1)(a) of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6(1)(a) of the GDPR, provided that you have expressly consented to the transfer of your data and to receiving the request for a review. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
For more information on data protection when using Judge.me, please visit: https://judge.me/privacy.

Use of the email address for sending newsletters
We use your email address to sendyou information and offers via newsletter, provided you have expressly consented to this. Data processing serves exclusively the purpose of sending promotional communications. For this purpose, we process your email address as well as any additional data you voluntarily provided when subscribing to our newsletter.
Processing is based on Article 6(1)(a) of the GDPR with your consent. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
You may unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list. Even after removal from the mailing list, we may continue to store your email address in a so-called blacklist to prevent you from receiving newsletter emails from us in the future. This storage is based on Article 6(1)(f) of the GDPR, reflecting our and your legitimate interest in preventing the reuse of your email address for sending our newsletter. You have the right to object at any time to this processing of personal data concerning you for reasons arising from your particular situation.

Use of the Email Address for Availability Notifications
We offer a product availability notification service on our website. If an item is temporarily unavailable, you have the option to enter your email address next to the respective item and be notified by us via email when it becomes available, provided you have consented to this. Once the item is available, you will receive a one-time email notification regarding the availability of the respective item. Processing is based on Article 6(1)(a) of the GDPR with your consent. You may withdraw your consent at any time without affecting the lawfulness of processing carried out on the basis of your consent prior to withdrawal. You may unsubscribe from the availability notification at any time by notifying us. Your email address will then be removed from the mailing list.
 

Shipping service providers Inventory management      

Disclosure of the email address to shipping companies for information regarding shipping status
We disclose your email address to the shipping company as part of contract fulfillment, provided you have expressly consented to this during the ordering process. The disclosure serves the purpose of informing you via email about the shipping status. Processing is based on Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time by notifying us or the shipping company, without affecting the lawfulness of the processing carried out on the basis of your consent prior to revocation.

Use of an external merchandise management system
We use a merchandise management system for contract processing within the scope of order processing. For this purpose, your personal data collected during the ordering process is transmitted to
plentysystems AG,Johanna-Waescher-Straße 7, 34131Kassel.

The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is based on Art. 6(1)(b) GDPR.

Payment service providers Credit check      

Use of Klarna payment options
We use the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; “Klarna”) on our website. When you select and use payment via Klarna, the data required for payment processing is transmitted to Klarna in order to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) of the GDPR.

In this process, cookies may be stored that enable the recognition of your browser. The resulting data processing is based on Article 6(1)(f) of the GDPR, based on our legitimate interest in offering a customer-oriented range of payment methods.You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation.
 
“Pay Later” (invoice), “Pay Now” (payment by direct debit, credit card, instant bank transfer), “Financing” (installment purchase)
For certain payment methods such as“Pay Later” (invoice), “Pay Now” (payment by direct debit, credit card, instant bank transfer), and “Financing” (installment purchase), Klarna reserves the right to obtain a credit check, if necessary, based on mathematical-statistical methods using credit reporting agencies.
To this end, Klarna transmits the personal data required for a credit check—such as first and last name, address, gender, email address, IP address, and data related to the order to a credit bureau for the purpose of identity and credit checks, and uses the information received regarding the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated using scientifically recognized mathematical and statistical methods, which incorporate, among other things, address data. Your legitimate interests are taken into account in accordance with legal provisions. The data processing serves the purpose of a credit check for the initiation of a contract. The processing is carried out on the basis of Art. 6(1)(f) GDPR based on our overriding legitimate interest in protection against payment default when Klarna provides advance payment. You have the right to object at any time to this processing of your personal data based on Art. 6(1)(f) GDPR for reasons arising from your particular situation by notifying Klarna. The provision of the data is necessary for the conclusion of the contract using your preferred payment method. Failure to provide the data will result in the contract not being able to be concluded using the payment method you have selected.
Further information, in particular regarding which credit agencies Klarna shares your personal data with, can be found at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies.
 
General information about Klarna is available at: https://www.klarna.com/de/. Your personal data will be processed by Klarna in accordance with applicable data protection regulations and as specified in Klarna’s Privacy Policy at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.
 

Cookies

Our website uses cookies. Cookies are small text files that are stored in or by the web browser on a user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a unique string of characters that allows the browser to be uniquely identified when the website is visited again.
 
Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate technical settings in your web browser, you can be notified before cookies are set, decide individually whether to accept them, and prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, please note that in such cases, you may not be able to use all features of this website to their full extent.
 
The links below provide information on how to manage (including disabling) cookies in the most common browsers:
 
Technically Necessary Cookies
Unless otherwise specified in the privacy policy below, we use only these technically necessary cookies for the purpose of making our website more user-friendly, effective, and secure. Furthermore, cookies enable our systems to recognize your browser even after you navigate to another page and to provide you with services. Some features of our website cannot be provided without the use of cookies. For these features, it is necessary for the browser to be recognized even after you navigate to another page.
 
The use of cookies or comparable technologies is based on Section 25(2) of the German Telemedia Act (TDDG). The processing of your personal data is based on Article 6(1)(f) of the GDPR, based on our overriding legitimate interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our website.
You have the right to object at any time to the processing of your personal data for reasons arising from your particular situation.
 

Use of the Shopify Consent Tool (Shopify Privacy & Compliance)
We use the “ShopifyPrivacy & Compliance” consent tool from Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; “Shopify”) on our website. Shopify is an affiliate of Shopify Inc. (151 O’Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
The tool allows you to grant consent for data processing via the website, in particular the setting of cookies, as well as to exercise your right to withdraw consent for consents already granted. The purpose of data processing is to obtain and document the necessary consents for data processing and thereby comply with legal obligations. Cookies may be used for this purpose. In doing so, user information, including your IP address, is collected and transmitted to Shopify.
Your data may be transferred to and processed in third countries outside the EU, in particular to Canada and the United States. An adequacy decision by the EU Commission exists for Canada. For the USA, an adequacy decision by the EU Commission is in place: the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission’s Standard Contractual Clauses.
Data processing is carried out to fulfill a legal obligation based on Art. 6(1)(c) GDPR.
For more information on data protection at Shopify, please visit https://www.shopify.com/de/legal/datenschutz.


Analysis Advertising Tracking Affiliate      


Use of Google Analytics 4
We use the web analytics service Google Analytics from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
Data processing serves the purpose of analyzing this website and its visitors, as well as for marketing and advertising purposes. To this end, Google will use the information obtained on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. 
The following information, among others, may be collected: IP address, date and time of the page view, click path, information about the browser and device you are using, pages visited, referrer URL (the website from which you accessed our website), location data, and purchase activities. Your data may be linked by Google to other data, such as your search history, your personal accounts, your usage data from other devices, and any other data Google has about you.

We first truncate your IP address on our own servers. Google thus receives only pseudonymized data.

Google uses technologies such as cookies, browser storage, and web beacons, which enable an analysis of your use of the website.The use of cookies or comparable technologies is based on your consent pursuant to Section 25(1) Sentence 1 TDDDG in conjunction with Article 6(1)(a) GDPR. 

The processing of your personal data is carried out with your consent on the basis of Article 6(1)(a) of the GDPR. You may revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to revocation.

In this context, we also use the Google Signals service. Google Signals enables cross-device tracking. Your data can thus be analyzed across devices if you have enabled “personalized ads” in your account settings and your devices are linked to your Google account. This makes it possible to recognize on which device you search for products and later return to complete purchases on another device, such as a tablet.
 
The cross-device reports generated in this context contain only aggregated data. We therefore receive only statistics generated by Google Signals. To prevent cross-device data collection and storage by Google Signals, you can disable the “personalized ads” feature in your Google Account settings. For more information, visit https://support.google.com/ads/answer/2662922?hl=de
For more information on data processing and privacy regarding Google Signals, please visit https://support.google.com/analytics/answer/7532985?hl=de
 

The information generated as a result of your use of this website is generally transmitted to a Google server in the United States and stored there. An adequacy decision by the European Commission exists for the United States, namely the Trans-Atlantic Data Privacy Framework (TADPF). Google has obtained TADPF certification and is therefore committed to complying with European data protection principles.Both Google and U.S. government authorities have access to your data.

Formore information on terms of use and data protection, please visithttps://policies.google.com/technologies/partner-sites,https://policies.google.com/privacy?hl=de&gl=de, andhttps://business.safety.google/privacy/

Use of Shopify Analytics
We use the statistics and analytics functions of Shopify International Ltd. (Victoria Buildings,2nd Floor,1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; “Shopify”)on our websiteas part of a data processing agreement. Shopify is an affiliate of Shopify Inc. (151 O’Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
Data processing serves the purpose of analyzing this website and its visitors. To this end, data is stored for marketing and optimization purposes and made available in reports, analyses, and statistics. In doing so, the following device information, among other things, is collected and processed: information about the web browser, the IP address, the time zone, and some of the cookies installed on your device. When you navigate the website, information is also collected regarding the web pages or products you visit, the referrer URL (the website from which you accessed our site), and how you interact with the website. Technologies such as cookies, web beacons, tags, and pixels (electronic files used to track how you navigate the website) are used for this purpose.
Your data may be transferred to and processed in third countries outside the EU, in particular to Canada and the United States. An adequacy decision by the European Commission exists for Canada. For the United States, an adequacy decision by the European Commission is in place: the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission’s Standard Contractual Clauses.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1) sentence 1 TDDDG in conjunction with Article 6(1)(a) GDPR. The processing of your personal data is carried out with your consent based on Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
You can find more detailed information on data protection at Shopify athttps://www.shopify.com/de/legal/datenschutz, information on the data processing agreement athttps://www.shopify.com/de/legal/dpa, and information on the cookies used athttps://www.shopify.com/de/legal/cookies.

Use of the Meta Pixel
We use the Meta Pixel from Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “Meta”) on our website.
Meta and we are joint controllers for the collection of your data that occurs when the service is integrated and for the transfer of this data to Meta. The basis for this is an agreement between us and Meta regarding the joint processing of personal data, in which the respective responsibilities are defined. The agreement is available athttps://de-de.facebook.com/legal/terms/businesstools. According to this agreement, we are specifically responsible for fulfilling the information obligations under Articles 13 and 14 of the GDPR, for compliance with the security requirements of Article 32 of the GDPR regarding the correct technical implementation and configuration of the service, and for compliance with the obligations under Articles 33 and 34 of the GDPR, to the extent that a personal data breach affects our obligations under the joint processing agreement. Meta is responsible for enabling data subjects’ rights in accordance with Articles 15–20 of the GDPR, for complying with the security requirements of Article 32 of the GDPR regarding the security of the service, and for fulfilling the obligations under Articles 33 and 34 of the GDPR, to the extent that a personal data breach affects Meta’s obligations under the joint processing agreement.
The application is used to target website visitors with interest-based advertising on the social networks Facebook and Instagram. To this end, Meta’s remarketing tag has been implemented on the website. This tag establishes a direct connection to Meta’s servers when you visit the website. This transmits information to Meta’s servers regarding which of our pages you have visited. Meta associates this information with your personal Facebook and/or Instagram user account. When you visit the social networks Facebook or Instagram, you will then be shown personalized, interest-based ads.
The application also serves the purpose of generating conversion statistics. This allows us to determine the total number of users who clicked on one of our ads and were redirected to a page equipped with a conversion tracking tag, as well as the actions taken after being redirected to that website. However, we do not receive any information that can be used to personally identify users.
Your data may be transferred to the United States. An adequacy decision by the European Commission exists for the United States, namely the Trans-Atlantic Data Privacy Framework (TADPF). Meta has obtained TADPF certification and is therefore committed to complying with European data protection principles.
The processing of your personal data is carried out with your consent based on Art. 6(1)(a) GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
You can disable the “Custom Audiences” remarketing feature here. For more information on the collection and use of data by Meta, your rights in this regard, and options for protecting your privacy, please refer to Meta’s privacy policy athttps://www.facebook.com/about/privacy/.


Use of Google Ads Conversion Tracking
We use the online advertising program “Google Ads” on our website and, within this framework, conversion tracking (visit action analysis). Google Conversion Tracking is an analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; Google).
When you click on an ad placed by Google, a cookie for conversion tracking is stored on your computer. These cookies have a limited validity period, do not contain any personal data, and therefore do not serve to identify you personally. If you visit certain pages on our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to that page. Each Google Ads customer receives a different cookie. Therefore, it is not possible to track cookies across the websites of Ads customers.
The information collected using the conversion cookie is used to generate conversion statistics. This allows us to determine the total number of users who clicked on one of our ads and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.  
Your data may be transferred to Google LLC’s servers in the United States. An adequacy decision by the European Commission exists for the United States, namely the Trans-Atlantic Data Privacy Framework (TADPF). Googlehas obtained TADPF certification and is therefore committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1) sentence 1 TDDDG in conjunction with Article 6(1)(a) GDPR. The processing of your personal data is based on your consent pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
Further information and Google’s privacy policy can be found at: https://www.google.de/policies/privacy/orhttps://business.safety.google/privacy/
 
Use of the remarketing or "Similar Audiences" feature of Google Inc.
We use the remarketing or "Similar Audiences" feature of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.
The purpose of this application is to analyze visitor behavior and interests. Google uses cookies to analyze website usage, which forms the basis for creating interest-based advertisements. These cookies track website visits and collect anonymized data regarding website usage. No personal data of website visitors is stored. If you subsequently visit another website in the Google Display Network, you will be shown advertisements that are highly likely to take into account previously viewed product and information sections.
Your data may be transferred to servers operated by Google LLC in the United States. An adequacy decision by the European Commission exists for the United States, namely the Trans-Atlantic Data Privacy Framework (TADPF). Googlehas obtained TADPF certification and is therefore committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1)(1) TDDDG in conjunction with Article 6(1)(a) GDPR. The processing of your personal data is based on your consent pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
For more information on Google Remarketing and the associated privacy policy, please visit: https://www.google.com/privacy/ads/andhttps://business.safety.google/privacy/
 
Use of the Awin Partner Program
We use the “Awin” partner program provided by AWIN AG (Eichhornstraße 3, 10785 Berlin; “Awin”).
When you click on an advertisement containing a partner link, Awin places a cookie on your computer for conversion tracking. The cookies serve the purpose of ensuring accurate billing within the affiliate program by tracking the performance of an advertising medium. The cookies recognize that you clicked on the ad and allow the advertiser to trace the origin of the order. In addition, Awin uses so-called fingerprinting. This allows the device you are using to be recognized. Among other things, Awin can detect that the affiliate link on this website was clicked or viewed. Awin collects, among other things, your transaction data (such as order value, product type, sales channel, use of a coupon) and your username in the form of a unique numerical sequence, so that no identity is recognizable, but it contains information about specific user actions and the user’s device.
Your data may be transferred to third countries such as the U.S. No adequacy decision has been issued by the European Commission for the United States. Data transfers are based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, available at:https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1) sentence 1 of the TDDDG in conjunction with Article 6(1)(a) of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
The privacy policy with detailed information on Awin’s use of data can be found at https://www.awin.com/de/datenschutzerklarung.
 


Plug-ins and Other Information

Use of Google Tag Manager
We use GoogleTag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.
This application manages JavaScript tags and HTML tags used to implement tracking and analytics tools in particular. Data processing serves the purpose of designing our website to meet user needs and optimizing it.
Google Tag Manager itself does not store cookies, nor does it process personal data. However, it enables the triggering of additional tags that may collect and process personal data.
For more information on terms of use and data protection, please click here.
 

Use of Social Plugins via “Shariff”
We use social network plugins on our website. To ensure you retain control over your data, we use the privacy-secure “Shariff” buttons.
Without your explicit consent, no connections to the social network servers are established and, consequently, no data is transmitted.
“Shariff” was developed by specialists at the computer magazine c’t. It enables greater privacy online and replaces the standard “Share” buttons of social networks. You can find more information about the Shariff project here https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.
When you click on the buttons, a pop-up window appears where you can log in to the respective provider using your credentials. Only after you actively log in will a direct connection to the social networks be established.
By logging in, you consent to the transfer of your data to the respective social media provider. Among other things, both your IP address and information about which of our pages you have visited will be transmitted. If you are logged into one or more of your social media accounts at the same time, the collected information will also be associated with your corresponding profiles. You can prevent this association only by logging out of your social media accounts before visiting our website and before clicking the buttons. The social networks listed below are integrated via the "Shariff" function.
For more information on the scope and purpose of data collection and use, as well as your rights in this regard and options for protecting your privacy, please refer to the linked privacy policies of the providers.

Facebook by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
https://www.facebook.com/policy.php
Your data may be transferred to the United States. An adequacy decision by the European Commission exists for the United States: the Trans-Atlantic Data Privacy Framework (TADPF). Metahas obtained TADPF certification and is therefore committed to complying with European data protection principles.

Instagram by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland) https://help.instagram.com/155833707900388.
Your data may be transferred to the United States. An adequacy decision by the European Commission exists for the United States, namely the Trans-Atlantic Data Privacy Framework (TADPF). Metahas obtained TADPF certification and is therefore committed to complying with European data protection principles.

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
Your data may be transferred to the United States. An adequacy decision by the European Commission exists for the U.S., namely the Trans-Atlantic Data Privacy Framework (TADPF). LinkedInhas obtained certification under the TADPF and is therefore obligated to comply with European data protection principles.

Pinterest by Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA)
https://policy.pinterest.com/de/privacy-policy
Your data may be transferred to the United States. An adequacy decision by the European Commission exists for the United States, namely the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified under the TADPF.

X, formerly known as Twitter, (X Corp., 1355 Market Street, Suite 900 San Francisco, CA 94103, USA)
https://twitter.com/privacy
https://twitter.com/personalization
Your data may be transferred to the United States. TheEuropean Commission has issued an adequacy decision for the United States, the Trans-Atlantic Data Privacy Framework (TADPF).X is certified under the TADPF and is therefore committed to complying with European data protection principles.


Xing by XING SE (Dammtorstraße 30, 20354 Hamburg):
https://www.xing.com/privacy
Your data may be transferred to the United States. An adequacy decision by the European Commission exists for the United States, namely the Trans-Atlantic Data Privacy Framework (TADPF). Xing is not certified under the TADPF. Data transfer is based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, available at:https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.

Use of Google Maps
We use the function for embedding Google Maps from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, “Google”) on our website.
This feature enables the visual display of geographic information and interactive maps. When pages containing Google Maps are accessed, Google also collects, processes, and uses data from website visitors.
Your data may also be transferred to the United States in this process. An adequacy decision by the EU Commission exists for the U.S., namely the Trans-Atlantic Data Privacy Framework (TADPF). Googlehas obtained TADPF certification and is thus committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1) sentence 1 TDDDG in conjunction with Article 6(1)(a) GDPR. The processing of your personal data is carried out with your consent on the basis of Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
For more information on the collection and use of data by Google, please refer to Google’s privacy policy at https://www.google.com/privacypolicy.html. There, you also have the option to change your settings in the Privacy Center so that you can manage and protect the data processed by Google.

Use of YouTube
We use the function for embedding YouTube videos provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”) on our website. YouTube is an affiliate of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
This feature displays videos hosted on YouTube in an iFrame on the website. The “Enhanced Privacy Mode” option is enabled. As a result, YouTube does not store any information about website visitors. Information is only transmitted to YouTube and stored there once you watch a video. Your data may be transferred to the United States. An adequacy decision by the EU Commission exists for the U.S., namely the Trans-Atlantic Data Privacy Framework (TADPF). YouTubehas obtained TADPF certification and is thus committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1) sentence 1 TDDDG in conjunction with Article 6(1)(a) GDPR. The processing of your personal data is based on your consent pursuant to Article 6(1)(a) GDPR. You may revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to revocation.
For more information on the collection and use of data by YouTube and Google, your rights in this regard, and options for protecting your privacy, please refer to YouTube’s privacy policy at https://www.youtube.com/t/privacy.

Use of Vimeo
We use plugins from Vimeo Inc. (555 West 18th Street, New York, New York 10011, USA; “Vimeo”) on our website to embed videos from the “Vimeo” portal.
When you visit pages on our website that contain such a plug-in, a connection is established to Vimeo’s servers, and the plug-in is displayed on the page via a notification to your browser. This transmits both your IP address and information about which of our pages you have visited to Vimeo’s servers.
If you are logged into Vimeo at the time, Vimeo assigns this information to your personal user account. When using the plugin functions (e.g., by starting a video by clicking the corresponding button), this information is also assigned to your Vimeo account.
Your data may be transferred to the United States. An adequacy decision by the EU Commission exists for the U.S., namely the Trans-Atlantic Data Privacy Framework (TADPF). Vimeo has obtained TADPF certification and is thus committed to complying with European data protection principles. 
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1) sentence 1 TDDDG in conjunction with Article 6(1)(a) GDPR. The processing of your personal data is based on your consent pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
For more information on the purpose and scope of data collection, as well as the further use and processing of data by Vimeo, and regarding your rights and options for protecting your privacy, please refer to Vimeo’s privacy policy: https://vimeo.com/privacy

Inclusion of the Händlerbund Member Logo
The Händlerbund member logo (Händlerbund e.V., Kohlgartenstraße 11–13, 04315 Leipzig) is included on our website. When you visit our website, the browser on your device automatically sends information to the Händlerbund e.V. server. This information is temporarily stored in a so-called server log file for 7 days. The following information is collected without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the file accessed,
  • Website from which the access originated (referrer URL),
  • the browser used and, if applicable, your computer’s operating system, as well as the name of your Internet service provider. 

The temporary storage of the IP address by the system is necessary to enable delivery of the website. For this purpose, the IP address must remain stored for the duration of the session. The data is stored in log files to ensure the website functions properly. Additionally, the data is used to optimize the website and to ensure the security of the IT systems. This data is not stored together with other personal data. The legal basis for data processing is Art. 6(1)(f) GDPR.

Use of Google Fonts
We use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The data processing serves the purpose of uniformly displaying fonts on our website. To load the fonts, a connection to Google’s servers is established when the page is accessed. Cookies may be used in this process. In doing so, your IP address and information about the browser you are using, among other things, are processed and transmitted to Google. This data is not linked to your Google account.
Your data may be transferred to the United States. An adequacy decision by the European Commission exists for the United States, namely the Trans-Atlantic Data Privacy Framework (TADPF). Googlehas obtained certification under the TADPF and is therefore committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1) sentence 1 of the TDDDG in conjunction with Article 6(1)(a) of the GDPR. The processing of your personal data is carried out with your consent on the basis of Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
For more information on data processing and data protection, please visithttps://www.google.de/intl/de/policies/andhttps://developers.google.com/fonts/faq.

Use of Adobe Fonts
We use Adobe Fonts from Adobe Systems Software Ireland Limited (4-6 Riverwalk Citywest Business Campus, Dublin 24, Ireland; “Adobe”) on our website.
Data processing serves the purpose of uniformly displaying fonts on our website. To load the fonts, a connection to Adobe’s servers is established when the page is accessed. Cookies may be used in this process. In doing so, your IP address, as well as information about the browser and operating system you are using, is processed and transmitted to Adobe.
Your data may be transferred to third countries, such as the U.S. and India. There is no adequacy decision by the EU Commission for India. For the U.S., there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Adobehas certified itself under the TADPF and is thus committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25(1) sentence 1 of the TDDDG in conjunction with Article 6(1)(a) of the GDPR. The processing of your personal data is carried out with your consent on the basis of Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal.
Further information on data processing and data protection can be found athttps://www.adobe.com/de/privacy/policy.htmland athttps://www.adobe.com/de/privacy/policies/adobe-fonts.html.

Use of Font Awesome 
We use Font Awesome from Fonticons Inc. (307 S Main St., Suite 202, Bentonville, AR, 72712-9214 USA “Font Awesome”) on our website. Data processing serves the purpose of uniformly displaying fonts and icons on our website. To load the fonts, a connection to FontAwesome’s servers is established when the page is accessed. 
Cookies may be used in this process. In doing so, your IP address and information about the browser you are using, among other things, are processed and transmitted to Font Awesome. Your data may be transferred to third countries, such as the United States. An adequacy decision by the EU Commission exists for the USA, namely the Trans-Atlantic Data Privacy Framework (TADPF). Font Awesome is not certified under the TADPF.
The use of cookies or comparable technologies is based on your consent pursuant to Section 25(1) sentence 1 TDDDG in conjunction with Article 6(1)(a) GDPR. The processing of your personal data is carried out with your consent on the basis of Article 6(1)(a) of the GDPR. You may withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal. 
For more information on data processing and data protection, please visit https://fontawesome.com/privacy and https://fontawesome.com/support.
 

Data Subject Rights and Retention Period

Retention period
After the contract has been fully executed, the data is initially stored for the duration of the warranty period, then in accordance with statutory retention periods—particularly those under tax and commercial law—and finally deleted upon expiration of these periods, unless you have consented to further processing and use.

Rights of the data subject
Provided the legal requirements are met, you are entitled to the following rights under Articles 15 through 20 of the GDPR: the right to access, rectification, erasure, restriction of processing, and data portability.
In addition, pursuant to Art. 21(1) GDPR, you have the right to object to processing based on Art. 6(1)(f) GDPR, as well as to processing for the purposes of direct marketing.

Right to lodge a complaintwith the supervisory authority
Pursuant to Article 77 of the GDPR, you have the right to lodge a complaintwith the supervisory authority if you believe that the processing of your personal data is not lawful.

You may file a complaint, among other places, with the supervisory authority responsible for us, which you can reach at the following contact information:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf
Tel.: +49 211 384240
Fax: +49 211 38424999
Email: poststelle@ldi.nrw.de

Right to Object
If the processing of personal data described here is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR, you have the right to object to such processing at any time for reasons arising from your particular situation, with effect for the future.
Once an objection has been lodged, the processing of the data in question will cease, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.