Crazy Factory Logo.

Data privacy statement

1 General information on data processing

1.1 Controller

Responsible within the meaning of the EU General Data Protection Regulation (GDPR) is:

Crazy Factory International GmbH

Address: Wanheimer Str. 66, 40468 Düsseldorf, Germany
Phone: 0211 96292512
Email: info@crazy-factory-international.com
Website: www.crazy-factory.com

1.2 Name and address of the Data Protection Officer

If you have questions about data protection, you can contact our data protection officer Jan Urban at the following email address: datenschutz@crazy-factory-international.com

Jan Urban
Crazy Factory International GmbH
Wanheimer Str. 66
40468 Düsseldorf
Deutschland

1.3 Protection of your data

We have taken technical and organizational measures to ensure that the requirements of the EU General Data Protection Regulation (GDPR) are met by us, as well as, by external service providers working for us.

If we work with other companies to provide our services, such as email and server providers, this will only be done after an extensive selection process. In this selection process, each individual service provider is carefully selected for its suitability in terms of technical and organizational data protection skills. This selection procedure will be documented in writing and an agreement on the order processing of data (data processing agreement) will only be concluded if the third party complies with the requirements of Art. 28 GDPR.

Our website is SSL/TLS encrypted, as can be seen by the https:// at the start of our URL.

1.4 Erasure of personal data

We process personal data only if necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

2 Hosting

2.1 Description and scope of data processing

When visiting our website, AWS web servers temporarily store every access in a log file. The following data may be collected and stored by AWS until automated erasure:

  • IP-address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Transmitted amount of data
  • Message if the retrieval was successful
  • Detection data of the browser and operating system used
  • Website from which access is made
  • Name of your Internet access provider

We do not access or analyze this data, which is stored on AWS servers.

We use the services of AWS for hosting purposes. The data processing is carried out by: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, Luxembourg 1855, Luxembourg (a subsidiary of Amazon.com Inc., 410 Terry Avenue North, Seattle WA 98109, USA).

AWS hosting services are used to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services, which we use for the purpose of operating this online offer.

You can find more information on the data protection of the service provider here: https://aws.amazon.com/de/privacy

2.2 Legal basis for processing personal data

The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 s. 1 lit. f) GDPR. Our legitimate interest is to make our website accessible for you.

2.3 Purpose of data processing

The processing of this data serves: the purpose of enabling the use of the website (connection establishment), system security, the technical administration of the network infrastructure, as well as to optimize the website. The IP address is evaluated only in case of attacks on our network infrastructure or the network infrastructure of our internet provider.

2.4 Duration of storage

Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) and deleted as soon as the purpose of data processing is achieved and no legal retention periods oppose a deletion. As a rule, this is the case after 7 days.

Data whose further retention is required for evidentiary purposes is exempt from deletion until the respective incident is finally clarified.

2.5 Right of objection and erasure

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.

To exercise your right to object, please contact us or the AWS Data Protection Officer directly at aws-EU-privacy@amazon.com.

3 Use of cookies

3.1 Description and scope of data processing

Our website uses cookies. Cookies are small text files which are assigned to the browser you are using and which are stored on your hard drive. Through this information flows to us or the party who set the cookie. Cookies cannot run programs on or transmit viruses to your computer. The following data may be transmitted:

  • Frequency of website visits
  • Which functions of the website are used by you
  • Used search terms
  • Your cookie-settings
  • Language settings
  • Items in a shopping basket
  • Viewed products

Upon entering our website, a consent banner informs you about the use of cookies on this website and asks for your consent to the use of cookies. We only set cookies that require consent after you have given your consent in the consent banner.Also, you are pointed to this data privacy statement of this website.

3.2 Legal basis for data processing

The legal basis for the processing of data for cookies is our legitim interest, which serve only the functionality of this website, is Art. 6 para. 1 s. 1 lit. f) GDPR.

The legal basis for the processing of data by cookies, which do not only serve the functionality of our website, is your consent Art. 6 para. 1 s. 1 lit. a) GDPR.

3.3 Purpose of data processing

We use cookies to enable you to log in, to store your language selection, to analyse the use of our website and to present you with interesting offers.

3.4 Duration of storage

This website uses two types of cookies. The extend and function of each are being explained below:

  • Transient cookies (see a))
  • Persistent cookies (see b))

a) Transient cookies are automatically deleted when you close the browser. This is especially true for session cookies which store your session ID, with which various requests from your browser can be assigned to your session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.

b) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.

You can find more detailed information on the duration of storage for the data processed by the service providers for the respective processing.

3.5 Right to objection and erasure

You have the possibility to withdraw your consent to the data processing by means of cookies, which do not only serve the functionality of the website, by changing your settings in the consent banner. In this way, you can prevent data processing via cookies on our website.

You can also delete the cookies in your browser's security settings at any time. Please note that you so may not be able to use all the features of this website. The setting of cookies can also be prevented at any time by appropriate settings in your internet browser.

4 Contact

4.1 Description and scope of data processing

It is possible to contact us by e-mail or via contact form. This will require different data to answer the request, which will be automatically saved for processing. The following data are required to process your request (marked as mandatory field):

  • E-mail adress
  • Name (first and/or last name)
  • Message

We do not share this information with third parties.

4.2 Legal basis for data processing

The legal basis for mandatory data depends on Art. 6 para. 1 s. 1 lit. b) GDPR.

The legal basis for the processing of optional data is your consent, pursuant to Art. 6 para. 1 s. 1 lit. a) GDPR.

4.3 Purpose of data processing

We process your personal data solely for the purpose of handling your contact request.

4.4 Duration of storage

Your data will be deleted by us as soon as the purpose of data processing has been fulfilled. In rare cases, however, your data may be retained for a longer period. This may be required due to legal, regulatory, or contractual obligations.

4.5 4.5 Right to objection and erasure

Both during and after registration, you are free to change, correct or delete the personal data provided. To do so, please use the login area or contact our data protection officer.

5 Live Chat - FrontApp

5.1 Description and scope of data processing

Our website uses FrontApp, a live chat software, to communicate with you. In this context, the data you voluntarily provide in the chat as well as your IP address are collected by default. FrontApp also uses cookies, which are text files stored on your computer that enable a personalized real-time chat interaction on the website.The data transmitted via the live chat is stored on servers of FrontApp, Inc. in the United States and within the European Economic Area. Data processing is carried out by: FrontApp, Inc., 1455 Market Street, Floor 19, San Francisco, California, 94103, USA.

The following data is collected as a minimum within the live chat:

  • Name (first name and/or last name)

The following data may also be collected optionally within the live chat:

  • IP address
  • Phone number

Further information can be found in FrontApp’s privacy policy:
https://front.com/legal/privacy-notice

Notice on Data Processing in the United States
FrontApp processes personal data, including in the United States. The company is certified under the EU-US Data Privacy Framework, which governs the lawful transfer of personal data from the European Union to the United States.

In addition, FrontApp uses the Standard Contractual Clauses provided by the European Commission pursuant to Art. 46(2) and (3) GDPR. These clauses are intended to ensure an adequate level of data protection even when data is transferred to third countries such as the United States.

By participating in the EU-US Data Privacy Framework and implementing the Standard Contractual Clauses, FrontApp commits to complying with European data protection standards when processing personal data, regardless of whether the data is stored or processed in the United States.

5.2 Legal basis for data processing

The legal basis for mandatory data depends on Art. 6 para. 1 s. 1 lit. b) GDPR.

The legal basis for optionally data is your given consent, Art. 6 para. 1 s. 1 lit. a) GDPR.

5.3 Purpose of data processing

The purpose of data processing is to provide users of our website with a direct and efficient means of communication and to enable them to submit questions and comments to us via the website chat.

5.4 Duration of storage

The collected data will be deleted as soon as the purpose of the data processing has been fulfilled and no statutory, contractual, or official retention obligations prevent deletion.

5.5 Right to objection and erasure

You have the right to withdraw your consent to data processing at any time in accordance with Art. 7 GDPR. The withdrawal shall take effect from the time it is declared and applies only for the future. To exercise your right of withdrawal, please contact our Data Protection Officer.

6 Registration

6.1 Description and scope of data processing

You have the option to register with us and create a user account. This requires you to enter personal data in the registration form. The following data is at least collected for this:

  • Email address

The user can optionally specify the following data:

  • Country of residence
  • Company/Building name
  • First name
  • Last name
  • Address
  • Date of birth
  • Phone number
  • Gender

6.2 Legal basis for data processing

If you enter mandatory personal data in the registration form, the legal basis of the data processing is based on Art. 6 para. 1 s. 1 lit. b) GDPR. However, if you also enter personal data in the optional input field, the data processing is based on Art. 6 para. 1 s. 1 lit. a) GDPR.

6.3 Purpose of data processing

The processing of personal data is used solely for us to finish your registration and organize your user account.

6.4 Duration of storage

We will delete your data upon termination of your account, unless we are required to retain it due to legal or contractual obligations. In any event, data will be deleted after X years of inactivity.

6.5 Right to objection and erasure

During and after the registration, you are free to change, correct or delete your personal data. For this purpose, please use the login area or contact our Data Protection Officer.

6.6 Social Login by social media

6.6.1 Description of data processing

We offer you the option to register and log in on our website (social login) using your

  • Facebook account
  • Google account, or
  • Amazon account.

In this case, separate registration on this website is not required. Instead, the user account of the social network used for login is linked to your customer account on our website. This allows you to authenticate yourself and log in to your customer account on our website using your social media credentials. The advantage for you is that you do not need to remember a new password for your customer account on our website.

Through this connection, we automatically receive the following information from Meta Platforms Ireland Limited, Google LLC or Amazon.com, Inc.:

Meta:

  • Social ID
  • First name
  • Last name
  • Middle name
  • Name format
  • Profile picture
  • Nickname
  • Email address
  • Link to your public profile

The full list can be found at:
https://developers.facebook.com/docs/facebook-login/permissions

Google:

  • Social ID
  • Full name
  • Username
  • Family name
  • URL
  • Email address
  • Link to your public profile

Please note that in your account settings, it is possible to restrict the data transfer to the ID only.
The full list can be found at:
https://developers.google.com/identity/sign-in/web/

The full list can be found at:
https://developer.amazon.com/docs/login-with-amazon/customer-profile.html

For further information about the respective social media login, the data transmitted, and the privacy settings of your social media account, please refer to the privacy policies of:

6.6.2 Legal basis for data processing

As far as we receive your first and last name as well as your e-mail address, the legal basis of the data processing is based on Art. 6 para. 1 s. 1 lit. b) GDPR. All further information is given to us voluntarily. Therefore, data processing is based on Art. 6 para. 1 s. 1 lit. a) GDPR.

6.6.3 Purpose of data processing

The social login facilitates the use of our registration function. In addition, we receive information about the use of our website by social media users. We also use social media logins to make our website better known.

6.6.4 Duration and storage

Social login data is stored until the declaration of a revocation and used as described.

6.6.5 Right to objection and erasure

You can prevent this data processing by using our regular registration process. During and after the registration, the data subject is free to change, correct or delete their personal data. As far as the data processing is based on your consent, you can withdraw your consent to this data processing at any time regarding future processing in accordance to Art. 7 GDPR. Further adjustments may be possible within the settings of your social media account.

Newsletter

6.7 Description and scope of data processing

On our website visitors can subscribe to our newsletter. When subscribing to the newsletter, you will be asked to provide personal data for processing. This is the data that is requested in the newsletter registration form. Input fields marked with an "*" are mandatory fields:

  • your email address.

This data is necessary to send the newsletter to its recipients.

The newsletter will be sent via email only after the sign-up process is completed. In order to meet the requirements of the GDPR, we use DOI (Double Opt.-In). If you sign up for our newsletter, we will send a confirmation email to the address you provided us with. This email contains a confirmation link that you must click to complete the sign-up process. Following this procedure, the IP address, date and time of login are stored. This is done to prevent abuses. We won’t transfer the data to third parties.

6.8 Legal basis for data processing

This processing is legally based on Art. 6 para. 1 s.1 lit. a) GDPR, thus your consent.

6.9 Purpose of data processing

The newsletter has the functions of informing the affected parties about offers and news at a regular basis.

6.10 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

6.11 Right to objection and erasure

The consent to receiving the newsletter can be withdraw by you at any time. For this purpose, you can click the integrated link in each newsletter to unsubscribe. It is also possible to inform us about the revocation of the consent in any other way, e.g. via mail or email.

6.12 ActiveCampaign

We use the email marketing tool ActiveCampaign on our website. Data processing is carried out by: ActiveCampaign, LLC, 1 N Dearborn St, 5th floor, Chicago, IL 60602, USA.

The email addresses of our newsletter recipients, as well as other data described in this notice, are stored on ActiveCampaign’s servers in the USA. ActiveCampaign processes this data on our behalf. Furthermore, according to its own information, ActiveCampaign may use this data to optimize or improve its own services. However, the provider does not use this data to contact our customers directly or to pass it on to third parties.In addition, technical data such as IP address and the time an email is accessed are processed by ActiveCampaign.

Further information on data protection at ActiveCampaign can be found here: https://www.activecampaign.com/legal/privacy-policy

6.12.1 Legal Basis for Data Processing

The legal basis for the use of ActiveCampaign is our legitimate interest pursuant to Art. 6 para. 1 s. 1 lit.f) GDPR. Our legitimate interest lies in effective email management.

6.12.2 Purpose of Data Processing

We use ActiveCampaign as our sending service provider to ensure effective address management and to stay in contact with you via the newsletter.

6.12.3 Duration of Data Storage

We process your data only for as long as necessary to fulfill the purpose and as long as no statutory or official retention obligations prevent deletion.

6.12.4 Right to object and erasure

You may revoke your consent at any time. To do so, please contact our data protection officer. You also have the option at any time to use the “opt-out” link at the end of each email, which will result in us removing your email address from our mailing list, meaning that ActiveCampaign will no longer process your personal data.

However, this does not affect mailing lists that ActiveCampaign manages on behalf of other clients.

7 Online shopping

7.1 Description and scope of data processing

When you shop at our website and a delivery is arranged, we will process your first name and surname, address and e-mail address to complete the purchase agreement and the delivery agreement with you.

In the case of parcel deliveries, we also pass on your name, address and e-mail address to our contracted processors and service providers.

7.2 Legal basis for data processing

The legal basis for this data processing is Art. 6 para. 1 s.1 lit. b) GDPR. We are processing your data for the fulfilment of purchase contracts and supply agreements.

7.3 Purpose of data processing

We process your data to close the contract, to handle the payment, for billing, to ensure on-time delivery and to inform you about that delivery.

We provide your data to our contracted processors and service providers, so that they can process the delivery and, if necessary, communicate with you to announce and coordinate the delivery of your ordered goods.

7.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

7.5 Right to objection and erasure

The data processing is necessary in order to be able to process your purchase contract, which is why it cannot be waived. There is therefore no option to object.

7.6 Credit Card

7.6.1 Description and scope of data processing

If you want to pay with your credit card while online shopping, we need your personal data for payment. We will ask you for following data:

  • First and last name,
  • Address,
  • E-Mail address,
  • Credit card number,
  • Name of credit card owner and
  • Credit card validity.

We check this personal data with the data of your order to detect an abusive use of the credit card or the payment possibility with credit card. Hereafter we will use the data to settle the agreed payment by credit card.

7.6.2 Legal basis of data processing

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. b) GDPR. The processing of your data is required for payment by credit card.

7.6.3 Purpose of data processing

The transmission of the data is necessary to prevent any possible misuse and use the data after successful verification to process the agreed payment by credit card.

7.6.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

7.6.5 Right to objection and erasure

Data processing is mandatory in order to process your payment, so it cannot be waived if you have chosen this payment method. Therefore, objecting is impossible.

7.7 Direct debit

7.7.1 Description and scope of data processing

If you opt for payment by direct debit, the following payment data will be collected:

  • Name of account holder,
  • IBAN

We do not process the payment data itself. The payment data is processed directly by the service provider who processes the payment.

Responsible for data processing is: UBS Switzerland.

Beyond the specified payment data, only the

  • Order number and
  • Invoice amount

are being processed. The service provider cannot assign this information to other information (such as your address or email address). Please note the privacy policy of the service provider:

https://www.ubs.com/global/de/legal/privacy.onlycontent.html

7.7.2 Legal basis of data processing

The legal basis for data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.

7.7.3 Purpose of data processing

The processing of the data is required for payment by direct debit and thus for the execution of the contract.

7.7.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

7.7.5 Right to objection and erasure

Data processing is mandatory in order to process your payment by direct debit, which is why you cannot waive it if you have chosen this payment method. There is therefore no option to object.

7.8 Advance Payment

7.8.1 Description and scope of data processing

If you opt for advance payment by bank transfer, you transfer money to us using the bank of your choice. The following payment data will be transmitted to us:

  • Name of account holder,
  • IBAN,
  • Order number and
  • Invoice amount

We do not process the payment data itself. The payment data is processed directly by the service provider who processes the payment.

Responsible for data processing is: UBS Switzerland

The service provider cannot assign this information to other information (such as your address or email address). Please note the privacy policy of the service provider:

https://www.ubs.com/global/de/legal/privacy.onlycontent.html

7.8.2 Legal basis of data processing

The legal basis for data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.

7.8.3 Purpose of data processing

The processing of the data is required for advance payment and thus for the execution of the contract.

7.8.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

7.8.5 Right to objection and erasure

Data processing is mandatory in order to process your advance payment, which is why you cannot waive it if you have chosen this payment method. There is therefore no option to object.

7.9 PayPal

7.9.1 Description and scope of data processing

We offer PayPal as a possible payment service. PayPal is a virtual means of payment. In order to use the payment service via PayPal, you must first register with PayPal. Responsible Person is: PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the user uses PayPal as a means of payment, personal data of the user will be transmitted to PayPal, to which he ultimately agrees. The personal data includes:

  • Frist name,
  • last name,
  • Address,
  • E-Mail address,
  • IP-address,
  • Telephone number,
  • if necessary mobile number
  • and other data, which are necessary for the final payment transaction.

In addition to the transfer of data to credit bureaus, it is also possible that PayPal may transfer the personal data to affiliated companies, including subcontractors, as far as this is necessary to fulfill the contractual obligations. The same applies to order processing. PayPal uses Binding Corporate Rules to ensure data protection: https://www.paypal.com/de/webapps/mpp/ua/bcr

For the privacy policy of PayPal, please refer to the following link: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

7.9.2 Legal basis of data processing

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.

7.9.3 Purpose of data processing

The transmission of the data is necessary to prevent any possible misuse. We inform you that PayPal may transfer your personal information to credit bureaus. This is because PayPal reserves its right to verify the identity and creditworthiness of the user.

7.9.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

7.9.5 Right to objection and erasure

Data processing is mandatory in order to process your payment through PayPal, so it cannot be waived if you have chosen this payment method. Therefore, objecting is impossible or would lead to withdrawal from the contract.

7.10 Amazon Pay

7.10.1 Description and scope of data processing

We offer Amazon Payments as a possible payment service. With Amazon Payments, you can use the payment and shipping information stored in your Amazon account to shop quickly and securely. To use the payment service via Amazon Payments, you must first sign in with your Amazon account. Responsible for data processing is:Amazon Payments Europe S.C.A. 5, Rue Plaetis - 2338 Luxembourg (registration number registered at R.C.S. Luxembourg: B153265, VAT ID: LU24448288).

Our shop is connected to Amazon via a plugin. Your Amazon log-in data is processed via a form provided by Amazon. The data is processed directly by Amazon. This happens without our assistance. Amazon provides temporary checkout information such as billing address and / or shipping address for you to choose from after successful login. Billing will be done directly through your Amazon account. We only store the data necessary for order processing.

We inform you that Amazon Payments may transfer your personal information to credit bureaus. In addition to the transfer of data to credit bureaus, it is also possible that Amazon Payments transfers personal data to affiliated companies, including subcontractors, as far as this is necessary to fulfill the contractual obligations. The same applies to order processing as stated above.

For the privacy policy of Amazon Payments, please refer to the following link: https://pay.amazon.com/uk/help/201751600

7.10.2 Legal basis for data processing

The legal basis is Art. 6 para. 1 s. 1 lit. b) GDPR.

7.10.3 Purpose of data processing

The transmission of the data is necessary to prevent any possible misuse. This is because Amazon Payments reserves its right to verify the identity and creditworthiness of the user.

7.10.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

7.10.5 Right to objection and erasure

Data processing is mandatory in order to process your payment through Amazon Payments, so it cannot be waived if you have chosen this payment method. Therefore, objecting is impossible or would lead to withdrawal from the contract.

7.11 Apple Pay

7.11.1 Description and Scope of Data Processing

On our website, you also have the option to pay using Apple Pay. Data processing is carried out by:

Apple Inc., One Apple Park Way, Cupertino, California, USA, 95014

Apple Pay uses security features integrated into the hardware and software of your device to protect transactions. In addition, using Apple Pay requires setting up a passcode, the complexity of which you can determine yourself. According to Apple, it does not store the original credit, debit, or prepaid card numbers used with Apple Pay and does not have access to them. Furthermore, Apple does not store transaction data that could identify you personally. When Apple Pay is used with credit, debit, or prepaid cards, transactions are visible only to you, the merchant or developer, and the bank or card issuer.

When you add a credit, debit, or prepaid card to Apple Pay, the entered data is encrypted and sent to Apple’s servers. If the camera is used to capture card data, this data is not stored on the device or in the photo library. Apple decrypts the data, determines the card’s payment network, and re-encrypts the data with a key that can only be decrypted by the selected payment network (or a provider authorized by the card issuer for provisioning and token services).

The information you provide about your card, as well as data regarding the activation of certain device settings and your device usage patterns, may be sent to Apple to determine whether you are eligible for Apple Pay. Apple may also share data with your card issuer, payment network, or other providers authorized by your card issuer to activate Apple Pay, verify card eligibility, and prevent fraud. To securely transmit payment data during transactions on our website, Apple Pay receives the encrypted transaction and re-encrypts it using a developer-specific key before sending the transaction data to the payment processor. This key ensures that only we, as the website through which you make a purchase, can access the encrypted payment data. Websites must verify their domain when offering Apple Pay as a payment option.

Apple sends us a device-specific account number along with a transaction-specific, dynamic security code. Neither Apple nor your device transmits the actual card number to us.

Apple retains anonymized transaction data, including the approximate purchase amount, the name of the website, the approximate date and time, and whether the transaction was successfully completed.

Apple’s privacy policy can be found here: https://www.apple.com/de/legal/privacy/de-ww/
Service-specific information about Apple Pay can be found here: https://support.apple.com/de-de/HT203027

7.11.2 Legal Basis for Data Processing

The legal basis for data processing is Art. 6 para.1s. 1 lit. b) GDPR.

7.11.3 Purpose of Data Processing

The processing of data is necessary to enable payment via Apple Pay and thus for the performance of the contract.
Apple may also use this data to improve Apple Pay and other products and services.

7.11.4 Duration od Data Storage

We store your data only for as long as necessary to process the purchase and issue invoices, unless statutory or contractual retention obligations prevent deletion.

Apple retains personal data for as long as necessary to fulfill the purposes described in its service-specific privacy overviews.

7.11.5 Right to objection and erasure

Data processing is strictly necessary to process your payment via Apple Pay and therefore cannot be waived if you choose this payment method.

The scope of data processing by Apple also depends on the security settings you configure within your account. Additional settings can be adjusted as follows:

If transaction data is transmitted over the internet, it is encrypted by iCloud and stored in encrypted form on Apple’s servers. You can disable iCloud support on your device by going to “Settings” > “[your name]” > “iCloud” and turning off “Wallet.”

You can also view further details about Apple Pay and data protection and adjust settings on your device. To do so, go to “Settings” > “Wallet & Apple Pay” on an iOS device and tap “How Your Data Is Managed,” or on a Mac go to “System Settings” > “Wallet & Apple Pay” and click “Apple Pay & Privacy.”

7.12 Google Payment

7.12.1 Description and Scope of Data Processing

You also have the option to complete your purchase via Google Payment. Data processing for the European Economic Area and Switzerland is carried out by:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

In addition to registration information and data processed by Google Payment via third parties, the following data may be processed by Google for each transaction:

  • Date, time, and amount of the transaction
  • Merchant location and description
  • A description of the purchased goods or services provided by the seller
  • Photos you have attached to the transaction
  • The name and email address of the seller and buyer or sender and recipient
  • The payment method used
  • Your description of the reason for the transaction
  • Where applicable, the offer associated with the transaction

If you make a purchase or transaction via Google Payments, Google provides us with certain personal data about you. If you make a purchase through our website, we may also verify whether you have a Google Payments account with a payment method that can be used for payment with us.

For more information about Google Payments and Google’s privacy practices, please refer to:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
https://policies.google.com/privacy

7.12.2 Legal Basis for Data Processing

The legal basis for data processing is Article 6 para. 1 s. 1 lit b) GDPR.

7.12.3 Purpose of Data Processing

The processing of data is necessary for payment via Apple Pay and thus for the performance of the contract.

Google processes the data in order to provide you with Google Payments services and to protect you against fraud, phishing, or other violations. This information may also be used to support third-party providers in delivering products or services that you have requested from them. Google also uses the information to verify your Google Payments account and to determine whether you comply with the terms of use and other lawful business requirements in connection with Google Payments transactions you initiate.

7.12.4 Duration of Storage

We store your data only for as long as necessary to process the purchase and issue invoices, unless statutory or contractual retention obligations prevent deletion.

Google deletes the data as soon as it is no longer required for record-keeping purposes and no official, legal, or contractual obligations prevent deletion.

7.12.5 Right to objection and erasure

Data processing is strictly necessary in order to process your payment via Apple Pay and therefore cannot be waived if you choose this payment method.

You can prevent Google LLC or its subsidiaries from sharing information with third parties (whose websites or apps you visit) about whether you have a Google Payments account that can be used for payments with that provider by adjusting your Google Payment settings.

7.13 Stripe

7.13.1 Description and scope of data processing

We offer Stripe as a payment service. With Stripe, you can use payment information stored in your Stripe account to make purchases quickly and securely. To use the payment service through Stripe, prior registration is required. The data processing is carried out by: Stripe Payments Europe Ltd (subsidiary of Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA).

Data processing by Stripe is carried out only for bookings that require online payments. The information collected by Stripe includes:

  • Payment method
  • Payment method information (e.g. credit or debit card number or bank account details)
  • Purchase amount
  • Date of purchase.

Different payment methods may require the collection of different categories of data. The payment method information Stripe collects depends on the payment method you choose. When you complete a transaction, Stripe may also receive:

  • Name
  • Email address,
  • Billing or shipping address
  • and in some cases your transaction history to authenticate you.

We trust Stripe’s data security. All card numbers entered are encrypted using AES-256. The infrastructure used to store, decrypt, and transmit card numbers is completely separate and uses different login credentials than Stripe’s primary services. Stripe is also certified to the highest industry standards and holds regulatory licenses worldwide. According to Stripe, it has taken precautions to ensure a level of security appropriate to the risk associated with the processing of personal data and has implemented organizational, technical, and administrative measures to protect personal data within the company from unauthorized access, destruction, loss, alteration, or misuse. For more information, please refer to Stripe’s Privacy Policy: https://stripe.com/en-lu/privacy

7.13.2 Legal basis for data processing

Our legal basis is based on Art. 6 para. 1 s. 1 lit. b) GDPR.

7.13.3 Purpose of data processing

The transmission of the data is necessary to prevent any misuse. We inform you that Stripe may transmit the personal data to credit agencies. This is because Stripe reserves the right to check your identity and creditworthiness.

7.13.4 Duration of storage

We will only store your data for as long as is necessary to process your payment and invoice you. If you are a Stripe user, Stripe will retain your personal data for as long as the services are provided to you. The data will then be deleted unless there are regulatory, contractual or legal retention obligations that prevent deletion.

7.13.5 Right to objection and erasure

Data processing is essential for processing your credit card payment, so it is required if you wish to make a purchase. If you have any questions about data protection at Stripe or wish to exercise your rights, please contact our Data Protection Officer or use the contact form linked below to get in touch with Stripe: https://stripe.com/contact or privacy@stripe.com

7.14 Przelewy24

7.14.1 Description and scope of data processing

We use the payment service Przelewy24. Data processing is carried out by:

PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland.

If the user wishes to use the payment option Przelewy24 for payment processing, personal data will be transmitted to Przelewy24. The following personal data is processed:

  • First name
  • Last name
  • Home address
  • Address for correspondence
  • Email-address
  • Number of payment accounts, including bank accounts
  • Payment card number
  • Other identifier of the payment instrument used
  • Mobile number
  • IP address

It is possible that Przelewy24 transfers the personal data also to credit bureaus in order to carry out an examination of the identity and creditworthiness of the user. It is also possible that Przelewy24 transfers the personal data to affiliated companies and / or subcontractors if this is necessary to fulfill contractual obligations. Regarding the privacy policy, please refer to the following link: Information obligation - GDPR - Przelewy24 .

7.14.2 Legal basis of data processing

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.

7.14.3 Purpose of data processing

We use Przelewy24 as a convenient and fast option for you to process your payment. The transmission of data is not only necessary for the processing of payments, but also to prevent misuse.

7.14.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

7.14.5 Right to objection and erasure

Data processing is mandatory in order to process your payment with Przelewy24, so it cannot be waived if you have chosen this payment method. There is therefore no option to object.

7.15 Bancontact

7.15.1 Description and scope of data processing

We use the payment service Bancontact. For this purpose, we have integrated components of Bancontact into our website. Data processing is carried out by:

Bancontact Company SA/NV, Rue d'Arlon 82, 1040 Brussels, Belgium

If you choose Bancontact as your payment method, your personal data will be transmitted to Bancontact. The following personal data may be processed:

  • First name
  • Last name
  • Address
  • Email address
  • Mobile phone number
  • IP-address
  • Card number (shortened), as registered in the app

Bancontact may also transfer personal data to credit agencies in order to verify the identity and creditworthiness of the data subject. Furthermore, Bancontact may share personal data with affiliated companies and/or subcontractors if this is necessary to fulfill contractual obligations.

Further information can be found at:
https://assets-us-01.kc-usercontent.com/0d76cd9b-cf9d-007c-62ee-e50e20111691/158da3dd-91cd-497c-a8be-2f27123d8b76/260301 - Privacy Statement Bancontact Pay ENG.pdf.

7.15.2 Legal basis of data processing

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.

7.15.3 Purpose of data processing

We use Bancontact to make the payment process simple and efficient for you. The transmission of data is necessary not only for processing the payment but also for preventing misuse.

7.15.4 Duration of storage

Your data will only be stored for as long as necessary to process the purchase and issue invoices, unless statutory or contractual retention obligations prevent deletion.

7.15.5 Right to objection and erasure

The data processing is necessary in order to process your payment via Bancontact. Therefore, it cannot be waived if you choose this payment method. Consequently, there is no option to object.

7.16 iDeal

7.16.1 Description and scope of data processing

We use the payment service by iDeal. For this purpose, we have integrated components of iDeal on this website. Data processing is carried out by:

Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands.

If the user wishes to use the payment option iDeal for payment processing, personal data will be transmitted to iDeal. The following personal data is processed:

  • PIN and TAN
  • technical verification of the account balance or account coverage
  • Transmission of the confirmation of the transaction to us
  • First name
  • Last name
  • Address
  • E-Mail-address,
  • Mobilphone nummer
  • other data if necessary for payment processing.

It is possible that iDeal transfers the personal data also to credit bureaus in order to carry out an examination of the identity and creditworthiness of the user. It is also possible that iDeal transfers the personal data to affiliated companies and / or subcontractors if this is necessary to fulfill contractual obligations. Regarding the privacy policy, please refer to the following link: iDEAL_Privacy_Statement_EN.pdf.

7.16.2 Legal basis of data processing

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.

7.16.3 Purpose of data processing

We use iDeal as a convenient and fast option for you to process your payment. The transmission of data is not only necessary for the processing of payments, but also to prevent misuse.

7.16.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

7.16.5 Right to objection and erasure

Data processing is mandatory in order to process your payment with iDeal, so it cannot be waived if you have chosen this payment method. There is therefore no option to object.

8 Social media links

We have integrated social media platforms through into our services, which may result in the social media provider receiving data from you. If you click on the social media link, the website of the respective social media provider is loaded. By loading the website of the respective social media provider via our services, the respective reference data is transmitted to the respective social media provider. The social media provider thereby receives the information that you have visited us.

Further information on data processing by the social media providers can be found here:

Instagram: https://help.instagram.com/155833707900388 https://www.instagram.com/about/legal/privacy/

Meta: https://de-de.facebook.com/about/privacy,

Pinterest: https://policy.pinterest.com/de/privacy-policy

TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/de

YouTube: https://www.google.de/intl/de/policies/privacy/

9 Tools for analytics and marketing

We use analysis tools that process personal data to continuously improve our website. We have also integrated tools to enable us to use your data for marketing purposes (e.g. displaying relevant results).

You can view and change the settings you have made for the individual tools and processing purposes at any time via our consent banner.

Details of the tools used can be found below:

9.1 ADCELL

9.1.1 Description and scope of data processing

We use the services of ADCELL on our website. ADCELL operates affiliate marketing. The processing is carried out by: Firstlead GmbH (ADCELL), Rosenfelder Straße 15-16, 10315 Berlin, Germany.

Through affiliate marketing, visitors to our website are redirected to offers and thus to websites of other providers (third parties). If you click on a corresponding link to an offer from another provider, a cookie from ADCELL will be set on your system.

This cookie enables ADCELL to track from which website you were referred to the respective target page. In this process, a so-called affiliate ID is assigned to your device. ADCELL thereby enables us to receive a commission if transactions are carried out via our website.

In the course of this process, the following data in particular may be processed:

  • IP address (shortened/anonymized where possible)
  • Browser type and browser version
  • Operating system
  • Device type
  • Referrer URL (previously visited website)
  • Click ID
  • Timestamp
  • Transaction data

Further information on data processing by ADCELL can be found at:
https://www.adcell.de/agb.

9.1.2 Legal basis of data processing

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. a) GDPR.

9.1.3 Purpose of data processing

The processing serves to track and account for the success of our advertising measures. In particular, we can identify which links led to transactions. Furthermore, the processing is used to optimize our online offering and for the economic evaluation of our marketing activities.

9.1.4 Duration of storage

The data will be deleted as soon as the purpose of the data processing no longer applies and no statutory retention obligations prevent deletion.

9.1.5 Right to objection and erasure

You may withdraw your consent to data processing at any time.

The setting of cookies can be prevented at any time by adjusting the settings in your internet browser. Cookies that have already been set can also be deleted via the settings of your browser.

Please note that disabling cookies may result in not all functions of our website being fully available.

9.2 Bing Ads

9.2.1 Description and scope of data processing

We use Bing Ads, an online advertisement service. Responsible for data processing is: Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA; and Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

If you have reached our website after clicking on a Bing ad, Bing Ads saves a conversion cookie to your browser which stores your IP address. This data is stored in the USA. The information gathered using the conversion cookie is used to generate conversion statistics. It is possible that Microsoft will share this information with third parties.

For more information, please refer to the Microsoft privacy policy: https://privacy.microsoft.com/de-de/privacystatement#mainbingmodule

9.2.2 Legal basis of data processing

The data processing is based on your consent pursuant to Art. 6 para. 1 s. 1 lit. a) GDPR.

9.2.3 Purpose of data processing

The purpose of the processing is the provision of user-specific advertisements. Through advertising, we can reach a larger group of users and interested parties. In addition, we increase awareness of our brand.

9.2.4 Duration of storage

The conversion cookie will expire one year after setting. This means that you can no longer be identified. Within this year both we and Microsoft can track which subpages have been accessed.

9.2.5 Right to objection and erasure

You have the option to withdraw your consent to data processing at any time. Please contact our Data Protection Officer for this purpose.

You can delete the cookies in the security settings of your browser at any time. The use of cookies can be prevented by appropriate browser settings at any time.

You may opt out of targeted advertising by Microsoft at any time. If you have a Microsoft account, please visit: https://choice.microsoft.com/de-de/opt-out If you do ot have an account, you can also opt out using third party services like https://www.networkadvertising.org/choices/ or https://www.aboutads.info/.

9.3 Criteo

9.3.1 Description and scope of data processing

We use the Criteo service to place advertisements on our website and third-party pages for previous visitors to our website. Responsible for data processing is: Criteo SA, Rue Blanche, 75009, Paris, France

Criteo places a cookie on your computer, from which information about the delivery of advertising can be obtained. The cookie text files contain information about your visits to our website, to the products you have viewed in order to provide specific product recommendations during subsequent visits to our website or others. However, this information cannot be linked to your person. Neither us nor Criteo collects this information with your personal data and does not disclose personal data to third parties.

9.3.2 Legal basis of data processing

The data processing is based on Art. 6 para. 1 s. 1 lit. a) GDPR.

9.3.3 Purpose of data processing

Our legitimate interest is to monitor and ensure the speedy accessibility of our website.

9.3.4 Duration of storage

The data will be deleted as soon as they are no longer needed for our recording purposes.

9.3.5 Right to objection and erasure

You may object to the storage and use of data in a Criteo cookie by following the link and set the knobs to ""ON"" in the ""Opt-Out"" box: http://www.criteo.com/de/privacy-policy

If you do this, a new cookie (opt-out cookie) will be set in your browser informing Criteo that no data regarding your browser behaviour may be stored. Please note that the setting must be made for all used browsers. If all your cookies are deleted in a browser, this will also affect the Criteo opt-out cookie.

9.4 Facebook Custom Audience / Facebook-Pixel

9.4.1 Description and data processing

Our website uses Meta’s Facebook Custom Audience or Facebook Pixel to measure conversions. Data processing is carried out by: Meta Platforms Ireland Limited, 1 Hacker Way, Menlo Park, CA 94025, USA.

With the help of the Facebook Pixel, we can analyze the behaviour of our website’s visitors. As a result, the effectiveness of Meta advertisements can be evaluated. Meta receives the following data:

  • the redirect URL,
  • browser information,
  • and the person's Facebook user ID if they have a Facebook account

The data is stored and processed by Meta, a connection to the user profile is possible. Meta can use the data for its own advertising purposes. This use of data cannot be influenced by us as the site operator.

The data we receive is used for: [...] We cannot [...] create a personal reference.

The data is stored and processed by Meta, so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes, according to the Meta data usage directive. As a result, Meta can enable ads to be displayed on Facebook and outside of Facebook. This use of data cannot be influenced by us as the site operator. You can find Meta’s data privacy policy here: https://www.facebook.com/about/privacy/

9.4.2 Legal basis of data processing

The legal basis for processing data is your given consent, Art. 6 para. 1 s. 1 lit. a) GDPR.

9.4.3 Purpose of data processing

We process your data to continue the optimization of our website and our advertising activities.

9.4.4 Duration of storage

The data will be deleted as soon as they are no longer needed for our recording purposes.

9.4.5 Right to objection and erasure

You can deactivate the remarketing feature ""Custom Audiences"" in the Ads Settings section of Meta: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen, if you have a Facebook account. If you do not have a Facebook account, you can disable Meta’s usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/

9.5 Google Ad Manager

9.5.1 Description and scope of data processing

We use Google Ad Manager. Data processing for the European Economic Area and for Switzerland is carried out by:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ad Manager uses information of your visits of this and other websites to generate advertisements of products and services that might interest you. For further information on the methods used or what you can do to prevent Google Ad Manager from using this information, please refer to the following link: https://www.google.de/policies/technologies/ads/.

9.5.2 Legal basis of data processing

Legal basis is Art. 6 para 1 s. 1 lit. a) GDPR.

9.5.3 Purpose of data processing

We use Google Ad Manager to generate advertisements for our website visitors. Our interest is to cooperate with other companies to reach a broader audience.

9.5.4 Duration of storage

The data will be deleted as soon as they are no longer needed for our recording purposes.

9.5.5 Right to objection and erasure

The setting of cookies can be prevented by appropriate settings in your Internet browser at any time. The already set cookies can also be deleted in the settings of the Internet browser. We express our concern that preventing cookies from being set may mean that not all features are fully available.

9.6 Google Ads and Conversion Tracking

9.6.1 Description and scope of data processing

We have integrated the services of Google Ads (formerly Google AdWords) on our website. Google Ads is an internet advertising service. We use Google Ads to gain relevance in the results of Google's search engine. Data processing for the European Economic Area and for Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If the user accesses our website through a Google ad, Google will set a so-called conversion cookie on the user's system. For the explanation of the cookies, please refer to the pass to the cookies. The conversion cookie is used to create and analyze web-use statistics. It stores the IP address when visiting the website. This data is stored in the USA. It is possible that Google will share this information with third parties.

For further privacy notices of Google refer to: https://policies.google.com/privacy?hl=en&gl=de

9.6.2 Legal basis of data processing

The legal basis is your consent pursuant to Art. 6 para. 1 s. 1 lit. a) GDPR.

9.6.3 Purpose of data processing

We use Google Ads to gain relevance in the results of Google's search engine. These advertisements are carried out to reach a greater audience.

9.6.4 Duration of storage

30 days after setting the conversion cookie the cookie loses its validity. This means that the user can no longer be identified. Within these 30 days both- us and Google can track which subpages have been accessed.

9.6.5 Right to objection and erasure

You can withdraw your consent to data processing at any time. Please use our consent banner for this purpose.

You can prevent cookies from being set at any time by adjusting the settings in your internet browser. Cookies that have already been set can also be deleted in your internet browser settings.

You can use this link http://www.google.com/settings/ads/plugin to permanently prevent data processing in your browser. As a result, some functions of our website may no longer be fully available.

In your browser settings, you can also opt out of cookies for conversation tracking and thus user-related advertising by Google. To do this, please click on the following link: www.google.de/settings/ads. Please note that you will need to reset your settings if you delete the cookies in your browser.

9.7 Google AdSense

9.7.1 Description and scope of data processing

We use Google AdSense on the website. This is an online service used for promotional purposes. Google AdSense allows the placement of advertisements on third party websites. Data processing for the European Economic Area and for Switzerland is carried out by:Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google AdSense places a cookie on the affected person. Regarding the clarification of “cookies”, see the passage on cookies above. The information stored by cookie can be recorded, collected and evaluated by Google Inc. or third parties. In addition, Google AdSense also uses so-called ""WebBacons"" (small invisible graphics) for the collection of information, through the use of which simple actions such as the visitor traffic on the website can be recorded, collected and evaluated.

The information generated by the cookie and / or WebBeacon about your use of this website is transmitted to a Google server in the USA and stored there. Google uses the information to evaluate your web behaviour with respect to the AdSense ads. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google. Your IP address will not be associated with other Google data stored by Google.

For more information about Google AdSense, please refer to the following link: https://www.google.de/intl/de/adsense/start/

9.7.2 Legal basis of data processing

Legal basis is the Art. 6 para 1 s. 1 lit. a) GDPR.

9.7.3 Purpose of data processing

Our intention is to raise our profile by enabling user-specific advertisements. Through advertising, we are reaching a wider audience of users and potential customers. This also helps us increase our visibility.

9.7.4 Duration of storage

The data will be deleted as soon as it is no longer needed for our purposes and there are no regulatory, legal or contractual requirements preventing its deletion.

9.7.5 Right to objection and erasure

You may revoke your consent to data processing at any time. To do so, please contact our Data Protection Officer. You can prevent cookies from being set and web beacons from being displayed at any time by adjusting the settings in your web browser. Cookies that have already been set can also be deleted in your web browser settings. Please note that preventing the use of cookies may result in some features not being fully available.

9.8 Google Analytics 4.0

9.8.1 Description and scope of data processing

Our website uses Google Analytics. This is a service for analyzing access to websites of Google Inc. (""Google"") and allows us to improve our website. Data processing for the European Economic Area and for Switzerland is carried out by:Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Cookies enable us to analyze your use of our website. The information collected may include

  • IP address
  • time of access
  • duration of access
  • From which website you came to our website
  • Interaction on the website
  • Demographic characteristics, if the website visitor is logged into their Google Account
  • Device categories, browser type, operating system, screen resolution

and are transmitted to a Google server in the USA and stored there. The analysis of your activities on our website is transmitted to us in the form of reports. Google may pass on the information collected to third parties if this is required by law or if third parties process this data on behalf of Google. IP anonymization is carried out by Google by default and cannot be deactivated, so IP addresses are only processed further in abbreviated form in order to exclude any possible direct personal reference to you. You can find more information on the terms of use and data protection of Google Analytics at https://policies.google.com, https://support.google.com/analytics/answer/6004245?&ref_topic=2919631#zippy=%2Ccookies-und-kennzeichnungen-von-google-analytics, and https://support.google.com/analytics/answer/9019185?#zippy=%2Cthemen-in-diesem-artikel.

9.8.2 Legal basis of data processing

The legal basis is your given consent, Art. 6 para 1 s. 1 lit. a) GDPR.

9.8.3 Purpose of data processing

By processing the data, we can analyze how our website is used, so we can improve it for our users.

9.8.4 Duration of storage

The data will be deleted 2 or 14 months after your last visit to our website.

9.8.5 Right to objection and erasure

You can withdraw your consent to data processing at any time with effect for the future. Please use our consent banner for this purpose. You can also prevent the installation of cookies from Google Analytics yourself by making the appropriate settings in your browser software. Google Analytics can also be deactivated and controlled using browser extensions, e.g. http://tools.google.com/dlpage/gaoptout.

9.9 Google Remarketing

9.9.1 Description and scope of data processing

We use Google Remarketing. By using Google Remarketing, we are able to display advertisements to you. This is also possible when you visit other websites, provided you have previously registered on our website. Google Remarketing thus enables user-targeted advertising. Data processing for the European Economic Area and for Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Remarketing works by setting a cookie on the user. This cookie use gives Google the opportunity to recognize the user if they visit a website that also uses Google Remarketing.

As a result, Google will be notified of the user's IP address or browsing behaviour.

For more information about Google's current privacy policy, please visit: https://www.google.de/intl/de/policies/privacy/

9.9.2 Legal basis of data processing

Data processing is based on your consent in accordance with Art. 6 para. 1 s. 1 lit. a) GDPR.

9.9.3 Purpose of data processing

By using Google Remarketing, we may display advertisements to users that have previously logged into our website. Google Remarketing ultimately enables user-directed personalized advertising.

9.9.4 Duration of storage

The data will be deleted as soon as they are no longer needed for our recording purposes.

9.9.5 Right to objection and erasure

Th You may revoke your consent to data processing at any time. To do so, please contact our Data Protection Officer.

You can prevent cookies from being set at any time by adjusting the settings in your web browser. Cookies that have already been set can also be deleted in your web browser settings. Please note that preventing cookies from being set may result in some features not being fully available.

The user can object to user-related advertising by Google at any time. For this we refer to: www.google.de/settings/ads

9.10 Google Tag Manager

9.10.1 Description and scope of data processing

Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus, for example, integrate Google marketing services into our online offer). The Tag Manager serves as a ""manager"" of the implemented tags. This allows us to centrally manage integrated Google products or other analysis tools on our website. The tags embedded on the website are referred to as sections of code that make it possible to track your activities on our website. By using our website, users download the Google Tag Manager, which automatically results in the user's IP address being forwarded to Google With regard to the processing of personal data, please refer to the information on Google services. Data processing for the European Economic Area and Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

You can access the usage guidelines of the Google Tag Manager here: https://www.google.com/intl/de/tagmanager/use-policy.html

9.10.2 Legal basis for data processing

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 s. 1 lit. a) GDPR.

9.10.3 Purpose of data processing

Google Tag Manger simplifies the management and organization of the analysis tools used for the website. In order to integrate an analysis tool, JavaScript codes must be integrated into the website. By using Google Tag Manger, it is possible for us to manage these embedded codes from one place.

9.10.4 Duration of storage

Since data storage is not carried out directly by Google Tag Manager, but the data is forwarded to the tracking tools, it is necessary to check with the individual embedded tracking tools how long the data is stored.

9.10.5 Right to objection and erasure

You have the option at any time to revoke a given consent to data processing with effect for the future. For this, you would have to contact the respective data protection officers of the tools. Further information regarding the management of your data can be found in the data protection statements of the tools used.

9.11 Google ReCaptcha

9.11.1 Description and scope of data processing

We use Google reCAPTCHA to protect us from excessive spam. This program is designed to ensure that the inquirer is a human and not an automated program.

Data processing for the European Economic Area and for Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google automatically records the IP address, the access location and the time of access. In addition, the behavior of the website visitor is analyzed on the basis of various characteristics (e.g. time spent by the visitor on the website, mouse movements made, cookies stored in the browser history). This analysis by Google begins automatically as soon as you call up a page that uses Google reCAPTCHA, if you have previously consented to the use of Google reCAPTCHA.

Further information on the handling of personal data can be found in the Google privacy policy https://www.google.de/intl/de/policies/privacy , at https://policies.google.com/technologies/partner-sites and at https://www.google.com/recaptcha.

9.11.2 Legal basis of data processing

Data processing is based on your consent in accordance with Art. 6 para. 1 s. 1 lit. a) GDPR.

9.11.3 Purpose of data processing

Through Google reCAPTCHA, we ensure that there are natural persons with potential interest behind the requests. By limiting the number of inquiries in this way, we can respond to individual requests more quickly and more efficiently, and at the same time secure our website against automatically distributed malware.

9.11.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

9.11.5 Right to objection and erasure

You have the option to withdraw your consent to data processing at any time, see Art. 7 GDPR. A withdrawal takes effect from the time at which it is expressed. The withdrawal will be effective for the future. For this purpose, please use our consent management tool or contact our data protection officer.

9.12 Hotjar

9.12.1 Description and scope of data processing

We use Hotjar, an analysis software. Data processing is carried out by: Hotjar Ltd. (""Hotjar""), 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe.

With Hotjar it is possible to measure and analyze the usage behavior (clicks, mouse movements, scroll heights, etc.) on our website. The information generated by the ""Tracking Code"" and ""Cookie"" from your visit to our website will be transmitted to the Hotjar servers in Ireland and stored there. The tracking code collects the following information:

  • The IP address of your device (collected and stored in an anonymous format)
  • Your e-mail address, including your first and last name, provided you have made it available through our website
  • Screen size of your device
  • Device type and browser information
  • Geographical viewpoint (only the country)
  • The preferred language to represent our website
  • referring domain
  • Visited pages
  • Geographical viewpoint (only the country)
  • The preferred language to represent our website
  • Date and time when the website was accessed

Hotjar will use this information to evaluate your usage of our website, to generate reports of use, as well as other services related to the website use and internet evaluation of the website.

You will find more Information at: https://www.hotjar.com/legal/policies/privacy

9.12.2 Legal basis of data processing

The legal basis is your given cosent, the Art. 6 para 1 s. 1 lit. a) GDPR.

9.12.3 Purpose of data processing

We process your data to continue the optimization of our website. This also explains our legitimate interest in data processing.

9.12.4 Duration of storage

The cookies that Hotjar uses have a different ""lifespan""; some stay up to 365 days, some remain valid only during the current visit.

9.12.5 Right to objection and erasure

You may withdraw your consent to data processing at any time. To do so, please contact our Data Protection Officer.

You can prevent the collection of data by Hotjar by clicking on the following link and follow the instructions: https://www.hotjar.com/legal/compliance/opt-out

9.13 Matomo

9.13.1 Description and scope of data processing

We use the web analytics service Matomo (formerly PIWIK). The data processing is carried out by: InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand.

Matomo is located in New Zealand, a third country with an adequate level of protection certified by the EU Commission according to Art. 45 para. 3 GDPR, https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32013D0065

Matomo sets a cookie with the user. Regarding the clarification of “cookies”, see the passage on cookies above. The following data is stored:

  • Two bytes of the IP address of the calling system
  • The visited website
  • The websites from which you came to the called website (referrer)
  • The subpages that are called from the called website
  • The length of stay on the website
  • The frequency of calling the website

The software runs exclusively on the servers of our website. Your personal data is only stored there. This data is not passed on to third parties.

The software is set in a way that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (ex.: 192.168.xxx.xxx). In this way, an assignment of the shortened IP address to the calling computer is no longer possible. For more information on Matomo's privacy policy, please refer to the links below: https://matomo.org/privacy/ und https://matomo.org/privacy-policy/

9.13.2 Legal basis of data processing

Legal basis for processing data is Art. 6 para. 1 s. 1 lit. a) GDPR.

9.13.3 Purpose of data processing

The web analytics service Matomo is mainly used by us for website optimization and cost-benefit analysis. Matomo will furthermore be used to provide an analysis of users' traffic to the site. It is in our interests to make our website offer clearly structured and user-friendly for you.

9.13.4 Duration of storage

We process personal data only for as long as necessary. As soon as the purpose of the data processing has been fulfilled, blocking and deletion takes place in accordance with the standards of the deletion concept here, unless legal, official or contractual regulations prevent deletion.

9.13.5 Right to objection and erasure

You have the option to revoke your consent to data processing at any time. Please contact our data protection officer for this purpose. The setting of cookies can also be prevented at any time by making the appropriate settings in your internet browser. The cookies already set can also be deleted for the future in the settings of the Internet browser. We would like to point out that preventing the setting of cookies may mean that not all functions are available without restriction. For questions regarding data protection to Matomo, you can contact Matomo at the following e-mail address: privacy@matomo.org

9.14 TradeTracker

9.14.1 Description and scope of data processing

Ee use the services of TradeTracker on our website. TradeTracker operates affiliate marketing. The processing is carried out by: TradeTracker Deutschland GmbH, Uhlandstraße 26, 22087 Hamburg, Germany.

Through affiliate marketing, visitors to our website are redirected to offers and thus to websites of other providers (third parties). If you click on a corresponding link to an offer from a provider on another website, a cookie is set on your system by TradeTracker. This cookie enables TradeTracker to recognize from which website you accessed the respective subsequent website. For this process, an affiliate ID is assigned to you via your cookie. TradeTracker thus helps us to receive compensation for advertising third-party services and goods.

Further information on how TradeTracker works and on data protection can be found at: https://tradetracker.com/de/privacy-policy/

9.14.2 Legal basis of data processing

The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. a) GDPR.

9.14.3 Purpose of data processing

The processing serves to track and account for the success of our advertising measures. In particular, we can identify which links led to transactions. Furthermore, the processing is used to optimize our online offering and for the economic evaluation of our marketing activities.

9.14.4 Duration of storage

The data will be deleted as soon as the purpose of the data processing no longer applies and no statutory retention obligations prevent deletion.

9.14.5 Right to objection and erasure

You have the option to withdraw your consent to data processing at any time. Please contact our data protection officer for this purpose. The setting of cookies can be prevented at any time by adjusting the settings in your internet browser. Cookies that have already been set can also be deleted in the browser settings. Please note that preventing the setting of cookies may result in some functions not being fully available.

9.15 TikTok Pixel

9.15.1 Description and data processing

Our website uses the TikTok Pixel for conversion tracking. The data processing is carried out by: TikTok, Technology Limited,10 Earlsfort Terrace, Dublin, D02 T380, Irland (“TikTok”).
With the help of the TikTok Pixel, the behavior of website visitors can be tracked after they have visited our website. This allows the effectiveness of TikTok advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

For this purpose, TikTok processes the following data:

Technical data: device and network connection data (your device model, your operating system, keystroke patterns or rhythms, your IP address, and your system language)

  • service-related, diagnostic, and performance data, including crash reports and performance logs
  • automatically generated device ID and user ID
  • usage data: content viewed by you, usage duration and frequency, interactions with other users, search history on the platform, and your settings, information related to end-user interaction with digital properties, including advertisements displayed in connection with the services
  • performance metrics and ad impression metrics
  • pixel data
  • segment-related information

You can find TikTok privacy information at: https://www.tiktok.com/legal/privacy-policy-eea?lang=de

9.15.2 Legal basis of data processing

The legal basis for processing data is your given consent, Art. 6 para. 1 s. 1 lit. a) GDPR.

9.15.3 Purpose of data processing

We process your data to continue the optimization of our website and our advertising activities.

9.15.4 Duration of storage

The data will be deleted as soon as they are no longer needed for our recording purposes.

9.15.5 Right to objection and erasure

You may withdraw your consent at any time. Please contact our data protection officer for this purpose. You may also contact TikTok Inc. directly using this form: https://www.tiktok.com/legal/report/privacy.

10 Social Media-Pugins

10.1 Instagram

10.1.1 Description and scope of data processing

We have integrated the services of Instagram on this website. Instagram can be reached via the button at the bottom right of our website. Responsible for data processing is:Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

If the user clicks on the Instagram button, the website of Instagram will be opened. By accessing the Instagram website via our website ("through clicking the button"), Instagram receives the information that the user has visited our website. If, at the time of visiting our website, the user is simultaneously logged in via an Instagram account (it does not matter if it is your own account), Instagram will receive further information, such as which pages of or website the user visited. Instagram collects this information, so theoretically there is the possibility to assign this information to the Instagram account. For more information on privacy, we refer to the following data policy of Instagram: https://help.Instagram.com/155833707900388 and https://www.Instagram.com/about/legal/privacy

10.1.2 Legal basis of data processing

The legal basis for data processing is Art. 6 para. 1 s. 1 lit. a) GDPR.

10.1.3 Purpose of data processing

We use social media to promote our company. We also want to give you the opportunity to interact with social media through our website.

10.1.4 Duration of storage

Meta claims to store your data for a period of 90 days. At the end of the 90 days, the data will be anonymized so that they cannot be further associated with you. To our knowledge, this also applies to Instagram data.

10.1.5 Right to objection and erasure

To prevent this form of processing, the user has to log out from Instagram and delete all cookies before visiting our website. Other settings and disagreements regarding the use of data for advertising purposes are possible within the Instagram profile settings or via the US page or the EU page of Instagram. The settings are platform independent, they are adopted for all devices, such as desktop computers or mobile devices.

10.2 YouTube

10.2.1 YouTube Button

Description and scope of data processing

We have integrated the services of YouTube on this website. Data processing is carried out by: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC. Data processing for the European Economic Area and for Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If the user clicks on the YouTube button or link, a website of YouTube will be opened. This might also happen in form of a small window in our website (a so-called iframe). By accessing YouTube's website through our website ("per click"), YouTube receives the information that the user has visited our website. If, at the time of visiting our website, the user is logged in via a YouTube account (it does not matter if it is their own), YouTube will receive further information, such as which pages were entered on our website by the user. YouTube collects this information, which theoretically gives you the opportunity to associate this information with the YouTube account. For more information about privacy, please refer to the following data policy from YouTube: https://policies.google.com/privacy?hl=en&gl=de

Legal basis of data processing

The legal basis for this data processing is your given consent, Art. 6 para. 1 s. 1 lit. a) GDPR.

Purpose of data processing

We use social media to promote our company. We also want to give you the opportunity to interact with social media through our website.

Duration of storage

Data collected by YouTube (Google) will be deleted by the controller after a fixed retention period of 9 to 18 months.

Right of objection and erasure

To prevent the processing of data by YouTube, you have the possibility to log out of YouTube and delete all cookies before visiting our website. Additional settings and objections on the use of data for promotional purposes are available within the YouTube Profile settings.

10.2.2 YouTube Video

Description and scope of data processing

We have integrated the services of YouTube on this website. We use for the integration of videos the provider YouTube. Dat processing is caried out by: YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. Data processing for the European Economic Area and for Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit our website with embedded videos, your IP address will be sent to YouTube and cookies will be installed on your computer. We have included our YouTube videos in enhanced privacy mode (in which case, YouTube still contacts the Google DoubleClick service, but personal data is not evaluated according to Google's privacy policy). As a result, YouTube does not store any information about visitors unless they watch the embedded video. If you click the video, your IP address will be sent to YouTube and YouTube will know that you've watched the video. If you are logged in to YouTube, this information is also assigned to your user account (you can prevent this by logging out of YouTube before clicking the video). We use no influence on any possible collection or use of your data by YouTube. For more information about privacy, please refer to the following data policy of YouTube: https://www.google.de/intl/de/policies/privacy/

11 Other tools of third-party providers

We also use third-party providers to help us with the website's appearance and functionality. These are listed below:

11.1 Amazon CloudFront

11.1.1 Description and scope of data processing

Our website uses Amazon CloudFront. This is a Java Script code from the Amazon Web Services company that will be reloaded on the page when you open it. It is a Content Delivery Network (CDN). A CDN is a service that helps deliver content from our website, especially large media files, such as graphics or scripts, using regionally distributed and Internet-connected servers. Data processing is carried out by: Amazon Web Services, Inc., P.O. Box 81226, Seattle, WA 98108, USA (Amazon CloudFront – Content Delivery Network (CDN)

If you have enabled JavaScript in your browser and have not installed a Java Script Blocker, your browser may submit personal information to Amazon CloudFront. For further information please refer to: https://aws.amazon.com/de/privacy/?nc1=f_pr

11.1.2 Legal basis of data processing

The legal basis for this data processing are our legitimate interests, Art. 6 para. 1 s. 1 lit. a) GDPR.

We use Amazon CloudFront as a third-party provider for our media files based on our legitimate interest in providing you with a website that loads quickly, in accordance with Article 6 para. 1 s. 1 lit. f) GDPR.

11.1.3 Purpose of data processing

The purpose of processing your data is to ensure the secure and efficient delivery of our online services. We process your data solely for this purpose and to maintain the security and functionality of the CDN.

11.1.4 Duration of storage

The data will be deleted as soon as it is no longer needed for our purposes and there are no regulatory, legal, or contractual requirements preventing its deletion. This is typically the case after XX days.

11.1.5 Right to objection and erasure

You always have the option to object your given consent. To prevent this Java based processing of your data you can install a java blocker (e.g.http://www.noscript.net or http://www.ghostery.com).

11.2 Google ReCaptcha

11.2.1 Description and scope of data processing

We use Google reCAPTCHA to protect us from excessive spam. This program is designed to ensure that the inquirer is a human and not an automated program.

Data processing for the European Economic Area and for Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google automatically records the IP address, the access location and the time of access. In addition, the behavior of the website visitor is analyzed on the basis of various characteristics (e.g. time spent by the visitor on the website, mouse movements made, cookies stored in the browser history). This analysis by Google begins automatically as soon as you call up a page that uses Google reCAPTCHA, if you have previously consented to the use of Google reCAPTCHA.

Further information on the handling of personal data can be found in the Google privacy policy https://www.google.de/intl/de/policies/privacy , at https://policies.google.com/technologies/partner-sites and at https://www.google.com/recaptcha.

11.2.2 Legal basis of data processing

Data processing is based on your consent in accordance with Art. 6 para. 1 s. 1 lit. a) GDPR.

11.2.3 Purpose of data processing

Through Google reCAPTCHA, we ensure that there are natural persons with potential interest behind the requests. By limiting the number of inquiries in this way, we can respond to individual requests more quickly and more efficiently, and at the same time secure our website against automatically distributed malware.

11.2.4 Duration of storage

We process personal data only as long as necessary. As soon as the purpose of the data processing is fulfilled, erasure of the data is carried out according to the standards of the erasure concept, unless legal or contractual regulations oppose this.

11.2.5 Right to objection and erasure

You have the option to withdraw your consent to data processing at any time, see Art. 7 GDPR. A withdrawal takes effect from the time at which it is expressed. The withdrawal will be effective for the future. For this purpose, please use our consent management tool or contact our data protection officer.

12 Service providers from third countries

In order to provide our services, we use the support of service providers both from the European area and from third countries. To ensure the protection of your personal data even in the case of data transmission to a third country, we conclude special data processing agreements with each of the carefully selected service providers. All the service providers we use have sufficient evidence that data security is ensured by means of appropriate technical and organisational measures. Our service providers in third countries meet at least one of the following criteria:

Adequate level of protection: The provider comes from a country whose level of data protection has been recognized by the EU Commission. For more information, see: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

EU standard contract clauses: Our provider has submitted to the EU standard contractual clauses to ensure secure data transfer. For more information, see: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en

Binding Corporate Rules: Article 47 of the GDPR provides the possibility of ensuring data protection when transferring data to a third country via Binding Corporate Rules. These are examined and approved by the data security authorities within the framework of the consistency mechanism pursuant to Art. 63 GDPR.

Consent: In addition, a data transfer to a third country without an adequate level of protection will only take place if you have given us your consent in accordance with Art. 49 sec. 1 lit. a) GDPR for this purpose.

13 Your rights

With regard to your data processing, you have the following rights:

13.1 Right to withdraw a given consent (Art. 7 GDPR)

If you have given your consent to the processing of your data, you can withdraw it at any time. Such a withdrawal influences the permissibility of the processing of your personal data for the future, after you have expressed it to us. It can be done via the Consent Banner, orally or in writing by post or e-mail.

13.2 Right of access (Art. 15 GDPR)

You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to your personal data and the following information:

the purpose of processing;

the categories of personal data concerned;

the recipients or the categories of recipient to whom your personal data have been or will be disclosed, in particular recipients in countries outside of the EU or international organisations;

where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;

all available information on the source of your personal data;

the existence of automated decision-making, including profiling, referred to Art. 22 para. 1 and 4 GDPR and, in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

In the case of such a request, you must provide enough information about your identity to proof that the request concerns your own personal data.

13.3 Right to rectification and erasure (Art. 16, 17 GDPR)

You have the right to request that we, as the data controller, correct and/or complete any personal data concerning you that is incorrect or incomplete. We will carry out the correction without delay. You may also request the erasure of your personal data if any of the following applies to you:

  • the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;
  • you withdraw consent on which the processing is based according to Art. 6 para. 1 s.1 lit. a) or Art. 9 para. 2 lit. a) GDPR, and where there is no other legal ground of processing;
  • you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the you object to the processing pursuant to Art. 21 para. 2 GDPR;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
  • the personal data have been collected in relation to the offer of information society services referred to in Art. 8 para. 1.

Where we made the personal data public and are obliged to erase the personal data pursuant to Art. 17 para. 1 GDPR, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

These rights shall not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance of Art. 9 para. 2 lit. h) and i) as well as Art. 9 para. 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, in so far as the right referred to above is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  • for the establishment, exercise or defence of legal claims.

13.4 Right to restriction of processing (Art. 18 GDPR)

You shall have the right to obtain from us restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
  • you have objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification whether our legitimate grounds override yours.

Where processing has been restricted under the aforementioned conditions, such personal data shall, except for storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the limitation of the processing is restricted, you will be informed by us before the restriction is lifted.

13.5 Right to information (Art. 19 GDPR)

If you have asserted us your right to rectification, erasure or restriction of data processing, we will inform all recipients of your personal data to correct, delete or restrict the processing of data, unless this proves impossible or involves disproportionate effort.

You also have the right to know which recipients have received your personal data.

13.6 Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data from us in a commonly used, machine-readable format, provided that

  • the processing is based on consent pursuant of Art. 6 para. 1 s.1 lit. a) GDPR or of Art. 9 para. 2 lit. a) GDPR or is based on a contract pursuant of Art. 6 para. 1 s. 1 lit. b) DS-GVO; and
  • the processing is carried out by automated means.

In exercising your right to data portability, you have the right to obtain that personal data transmitted directly from us to another controller, as far as technically feasible. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority that has been delegated to us.

13.7 Right to object (Art. 21 GDPR)

Where we based the processing of your personal data on a legitimate interest (Art. 6 para. 1 s. 1 lit. f) GDPR), you may object to the processing. The same applies if the data processing is based on Art. 6 para. 1 s. 1 lit. e).

In this case, we ask you to explain the reasons why we should not process your personal data. Based on this we will terminate or adapt the data processing or show you our legitimate reasons why we continue the data processing.

13.8 How to exercise these rights

To exercise these rights, please contact our data protection officer.

13.9 Right to lodge a complaint with supervisory authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is against the infringes of the GDPR.

The supervisory authority to which the complaint has been submitted shall inform you of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 GDPR.

14 Subject to change

We reserve the right to change this privacy policy in compliance with legal requirements.

June 2026

Crazy Factory Support

The email address for all Crazy Factory related questions:
info.en@crazy-factory.com

Our support team will be happy to help you from Monday to Friday and your enquiries will generally be processed within 24 hours. Get in touch!

More than 80,000 positive reviews

Order straight from the producer

on orders of 29.00 € or more

More than 7m customers