Data protection


1. Introduction 

With the following information, we would like to give you as a "data subject" an overview of the processing of your personal data by us and your rights under data protection laws. It is generally possible to use our website without entering personal data. However, if you wish to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.

The processing of personal data, such as your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to "KDH GmbH". By means of this privacy policy, we would like to inform you about the scope and purpose of the personal data we collect, use and process. 

As the controller, we have implemented numerous technical and organizational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, for example by telephone or post. 

You can also take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. We would therefore like to take this opportunity to give you some tips on how to handle your data securely: 

  • Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords. 
  • Only you should have access to the passwords. 
  • Make sure that you only ever use your passwords for one account (login, user or customer account). 
  • Do not use one password for different websites, applications or online services. 
  • Especially when using publicly accessible IT systems or IT systems shared with other people, you should always log out after logging in to a website, application or online service. 

Passwords should consist of at least 12 characters and be chosen in such a way that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name or the names of relatives, but should contain upper and lower case letters, numbers and special characters. 

2. Controller 

The controller within the meaning of the GDPR is 

KDH GmbH Schönbuchstraße 51, 71155 Altdorf, Germany

Representative of the controller: Zakir Halilovic 

3. Data protection officer 

You can contact the data protection officer as follows

Reiner Braun 

Telephone: 0172-7005556 

E-mail: r.braun@rb-c.de 

You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection. 

4. Transmission of data to third parties 

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if: 

1. you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a) GDPR,
2. the disclosure is permitted in accordance with Art. 6 para. 1 lit. f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data, 
3. in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 lit. c) GDPR, and 
4. this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b) GDPR.

In order to protect your data and, if necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission's standard contractual clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may serve as the legal basis for the transfer to third countries in accordance with Art. 49 para. 1 lit. a) GDPR. This may not apply in the case of data transfer to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.


5.Technology 

5.1, SSL/TLS encryption 

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the "https://" instead of "http://" in the address line of the browser and by the lock symbol in your browser line. We use this technology to protect your transmitted data. 

5.2 Data Collection When Visiting the Website

When you use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). With each access to a page by you or an automated system, our website collects a range of general data and information. These general data and information are stored in the server log files. The following can be recorded:

  1. Types and versions of browsers used
  2. Operating system used by the accessing system
  3. Website from which an accessing system reaches our website (referrer)
  4. Subpages accessed via an accessing system on our website
  5. Date and time of access to the website
  6. A shortened IP address (anonymized IP address)
  7. Internet service provider of the accessing system

When using this general data and information, we do not draw conclusions about your person. Rather, this information is needed to:

  1. Deliver the content of our website correctly
  2. Optimize the content of our website as well as its advertising
  3. Ensure the continued functioning of our IT systems and the technology of our website
  4. Provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack

We evaluate this collected data and information statistically and also with the aim of increasing data protection and data security in our company to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest follows from the purposes listed above for data collection.

5.3 Hosting by All-Inkl

We host our website with ALL-INKL.COM - Neue Medien Münnich, Owner René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter referred to as All-Inkl).

When you visit our website, your personal data (e.g., IP addresses in log files) are processed on All-Inkl's servers.

The use of All-Inkl is based on Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in ensuring the most reliable presentation, provision, and security of our website.

We have entered into a data processing agreement (DPA) pursuant to Art. 28 GDPR with All-Inkl. This is a data protection-mandated contract that ensures All-Inkl processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

For more information on All-Inkl's privacy policies, please visit: https://all-inkl.com/datenschutzinformationen/

6. Cookies

6.1 General Information on Cookies

Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site.

The cookie stores information that results in each case from the context with the specifically used end device. However, this does not mean that we immediately become aware of your identity.

The use of cookies is intended to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specified period of time. If you visit our site again to use our services, it will automatically recognize that you have already visited us and what inputs and settings you have made so that you do not have to enter them again.

Furthermore, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer. These cookies enable us to automatically recognize that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a defined period of time. You can find the respective storage period of the cookies in the settings of the consent tool used.

6.2 Legal Basis for the Use of Cookies

The data processed by cookies that are necessary for the proper functioning of the website are thus required to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR.

For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Art. 6 para. 1 lit. a) GDPR.

7. Contents of our Website

7.1 Data Processing when Opening a Customer Account and for Contract Processing

In accordance with Art. 6 para. 1 lit. b) GDPR, personal data is collected and processed when you provide it to us for the purpose of performing a contract or opening a customer account. The data collected can be seen from the respective input forms. You can delete your customer account at any time, which can be done, among other ways, by sending a message to the above address of the data controller. We store and use the data you provide for contract processing. After complete processing of the contract or deletion of your customer account, your data will be blocked taking into account tax and commercial retention periods and deleted after expiration of these periods, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which we will inform you about below.

7.2 Data Processing for Order Fulfillment

The persnal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, to the extent necessary for the delivery of the goods. We also pass on your payment data to the authorized credit institution as part of payment processing, if this is necessary for payment processing. If payment service providers are used, we will inform you explicitly about this. The legal basis for the transfer of data is Art. 6 para. 1 lit. b) GDPR.

7.3 Contract Conclusion in Online Shops, Merchants, and Shipping of Goods

We only transmit personal data to third parties if this is necessary within the scope of contract processing, for example to companies entrusted with the delivery of goods or the credit institution entrusted with payment processing. Further transmission of data does not occur or only if you have expressly consented to the transmission. There is no disclosure of your data to third parties without express consent, for example for advertising purposes.

The legal basis for data processing is Art. 6 para. 1 lit. b) GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.

7.4 Contact / Contact Form

When contacting us (e.g., via contact form or email), personal data is collected. The data collected in the case of using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f) GDPR. If your contact aims at concluding a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted after final processing of your request, provided that it can be inferred from the circumstances that the matter in question has been conclusively clarified and there are no legal retention obligations opposing the deletion.

8. Newsletter Dispatch

8.1 Advertising Newsletter

On our website, you have the opportunity to subscribe to our company's newsletter. The personal data that is transmitted to us when ordering the newsletter is derived from the input mask used for this purpose.

We regularly inform our customers and business partners about our offers via a newsletter. Our company's newsletter can only be received by you if:

  1. You have a valid email address and
  2. You have registered for newsletter dispatch.

For legal reasons, a confirmation email in the double opt-in procedure is sent to the email address you first entered for newsletter dispatch. This confirmation email serves to verify whether the owner of the email address has authorized the receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by your Internet service provider (ISP) to your device at the time of registration, as well as the date and time of registration. This data collection is necessary in order to trace any (possible) misuse of the email address at a later date and therefore serves our legal protection.

The personal data collected as part of a newsletter registration will only be used to send our newsletter. Furthermore, subscribers to the newsletter may be informed by email if this is necessary for the operation of the newsletter service or for registration, such as in the event of changes to the newsletter offer or changes in technical conditions. The personal data collected as part of the newsletter service will not be passed on to third parties. You can cancel your subscription to our newsletter at any time. You can revoke your consent to the storage of personal data that you have given us for newsletter dispatch at any time. For the purpose of revoking consent, there is a corresponding link in every newsletter. Furthermore, you have the option to unsubscribe from the newsletter dispatch directly on our website at any time or to inform us in another way.

The legal basis for data processing for the purpose of newsletter dispatch is Art. 6 para. 1 lit. a) GDPR.

9. Our Activities in Social Networks

In order to communicate with you in social networks and to inform you about our services, we have our own pages there. When you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing activities triggered as a result, within the meaning of Art. 26 GDPR.

We are not the primary providers of these pages, but merely use them within the framework of the opportunities provided to us by the respective providers.

Therefore, we would like to point out in advance that your data may also be processed outside the European Union or the European Economic Area. The use may therefore involve data protection risks for you, as safeguarding your rights, e.g., to information, deletion, objection, etc., may be more difficult, and processing in social networks often takes place directly for advertising purposes or for analyzing user behavior by the providers, without this being influenced by us. If user profiles are created by the provider, cookies are often used or the usage behavior is assigned to your own member profile created within the social networks.

The described processing of personal data is carried out in accordance with Art. 6 para. 1 lit. f) GDPR based on our legitimate interest and the legitimate interest of the respective provider in being able to communicate with you in a contemporary manner and inform you about our services. If you, as a user, are required to give consent to data processing by the respective providers, the legal basis is Art. 6 para. 1 lit. a) GDPR in conjunction with Art. 7 GDPR.

Since we do not have access to the data stocks of the providers, we would like to point out that you can assert your rights (e.g., to information, correction, deletion, etc.) most effectively directly with the respective provider. Further information on the processing of your data in social networks is provided below for each social network provider used by us:

9.1 Facebook

Responsible party for data processing in Europe: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy Policy (Data Policy): Facebook Privacy Policy

9.2 Instagram

Responsible party for data processing in Germany: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy Policy: Instagram Privacy Policy

10. Web Analytics

10.1 Google Analytics 4 (GA4)

On our websites, we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

In this context, pseudonymized usage profiles are created and cookies (see "Cookies" section) are used. The information generated by the cookie about your use of the website may include:

  • Temporary recording of the IP address without permanent storage
  • Location data
  • Browser type/version
  • Operating system used
  • Referrer URL (previously visited page)
  • Time of the server request

The pseudonymized data may be transmitted to and stored by Google on a server in the United States. The information is used to evaluate the use of the website, compile reports on website activity, and provide other services related to website usage and internet usage for market research and customization of these web pages. This information may also be transferred to third parties if required by law or if third parties process these data on behalf of Google. Under no circumstances will your IP address be merged with other data from Google.

These processing operations are carried out only with your express consent pursuant to Art. 6(1)(a) GDPR.

The parent company Google LLC is certified under the EU-US Data Privacy Shield Framework as a US company. This constitutes an adequacy decision under Art. 45 GDPR, allowing the transfer of personal data without further guarantees or additional measures.

For more information on data protection when using GA4, please visit: https://support.google.com/analytics/answer/12017362?hl=en.

10.2 Google Analytics Remarketing

We have integrated Google Remarketing services on this website. The operator of Google Remarketing services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Remarketing is a function of Google AdWords that allows a company to display advertisements to internet users who have previously visited the company's website. Integrating Google Remarketing enables a company to create user-related advertisements and display interest-based ads to internet users accordingly.

The purpose of Google Remarketing is to display interest-based advertising. Google Remarketing allows us to display advertisements via the Google advertising network or on other websites tailored to the individual needs and interests of internet users.

Google Remarketing sets a cookie on the affected person's IT system. By setting the cookie, Google can recognize the visitor of our website if the visitor subsequently accesses websites that are also members of the Google advertising network. With each visit to a website on which the Google Remarketing service has been integrated, your internet browser automatically identifies itself to Google. In the course of this technical procedure, Google gains knowledge of personal data, such as your IP address or browsing behavior, which Google uses, among other things, to display interest-based advertising.

Through the cookie, personal information such as the websites visited by you is stored. Each time you visit our websites, personal data, including your IP address, is transferred to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may transfer these personal data collected through the technical procedure to third parties.

These processing operations are carried out only with your express consent pursuant to Art. 6(1)(a) GDPR.

The parent company Google LLC is certified under the EU-US Data Privacy Shield Framework as a US company. This constitutes an adequacy decision under Art. 45 GDPR, allowing the transfer of personal data without further guarantees or additional measures.

You can view the privacy policies of Google Remarketing at: https://www.google.com/intl/en/policies/privacy/.

10.3 TikTok Pixel

This website uses the web attribution solutions "TikTok Pixel" provided by TikTok Technology Limited, 10 Earlsfort Terrace, D02 T380, Co. Dublin, Dublin, D02t380, Ireland, and TikTok Information Technologies UK Limited, 1 London Wall, London, EC2Y 5EB, UK.

The use of the TikTok Pixel allows TikTok to track the behavior of visitors on our website and collect data about their activities. This data can be used to conduct targeted advertising campaigns on TikTok. Additionally, we collect information about conversions. This allows us to receive data from TikTok about how many visitors actually visit our website as a result of our TikTok advertisements.

By giving explicit consent, cookies are set by the pixel and hashed information is transmitted to TikTok. The pixel collects information such as:

  • Information about ads/events
  • Timestamp
  • IP address
  • User agent
  • Cookies

In the case of conversions, we do not regularly process personal data because it is not possible for us to attribute the hashed version of your TikTok ID to you as a person; only TikTok can do this. We also do not receive information about you, such as your name, age, etc.

These processing operations are carried out only with your express consent pursuant to Art. 6(1)(a) GDPR.

For more information on the privacy policies of TikTok, please visit: https://www.tiktok.com/legal/privacy-policy?lang=en.

11. Advertising

11.1 Google Ads (AdWords) Remarketing/Retargeting

We have integrated Google Ads on this website. The operator of Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

This allows us to advertise this website in Google search results and on third-party websites. For this purpose, Google places a cookie on your device's browser, which enables interest-based advertising based on pseudonymous cookie IDs and the pages you have visited.

Further data processing only occurs if you have consented to Google linking your internet and app browser history with your Google account and using information from your Google account to personalize ads you view on the web. If you are logged into Google during your visit to our website in this case, Google will use your data together with Google Analytics data to create and define audience lists for cross-device remarketing. Your personal data is temporarily linked with Google Analytics data to create target groups.

These processing operations are carried out only with your express consent pursuant to Art. 6(1)(a) GDPR.

The parent company Google LLC is certified under the EU-US Data Privacy Shield Framework as a US company. This constitutes an adequacy decision under Art. 45 GDPR, allowing the transfer of personal data without further guarantees or additional measures.

You can view the privacy policies and further information from Google Ads at: https://www.google.com/policies/technologies/ads/.

11.2 Google Ads with Conversion Tracking

We have integrated Google Ads on this website. The operator of Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an internet advertising service that allows advertisers to display ads both in Google search results and on the Google advertising network. Google Ads allows an advertiser to pre-define specific keywords with which an ad will only be displayed in Google's search results when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, ads are distributed on relevant internet pages using an automatic algorithm and based on previously defined keywords.

The purpose of Google Ads is to promote our website by displaying interest-based advertising on third-party websites and in Google search engine results, as well as displaying third-party advertising on our website.

If you access our website through a Google ad, Google will place a so-called conversion cookie on your IT system. A conversion cookie loses its validity after thirty days and is not used to identify you. The conversion cookie allows both us and Google to track whether a user who accessed our website via an AdWords ad generated revenue, meaning they completed a purchase or canceled it.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. We use these visit statistics to determine the total number of users who were referred to us through Ads ads, i.e., to determine the success or failure of each Ads ad and to optimize our Ads ads for the future. Neither our company nor other advertisers using Google Ads receive information from Google that could identify you.

Personal information, such as the websites you visit, is stored via the conversion cookie. Therefore, each time you visit our websites, personal data, including your IP address of the internet connection you are using, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass this personal data collected through the technical process to third parties.

These processing operations are carried out only with your express consent pursuant to Art. 6(1)(a) GDPR.

The parent company Google LLC is certified under the EU-US Data Privacy Shield Framework as a US company. This constitutes an adequacy decision under Art. 45 GDPR, allowing the transfer of personal data without further guarantees or additional measures.

You can view the privacy policies and further information from Google AdSense at: https://www.google.com/intl/en/policies/privacy/.

12. Social Media Plugins

12.1 Instagram Plugin

We have integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform, allowing users to share photos and videos and distribute such data in other social networks.

The operator of Instagram services is Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

Each time you visit one of the individual pages of this website operated by us and on which an Instagram component (Instagram button) has been integrated, the Internet browser on your IT system is automatically prompted by the respective Instagram component to download a display of the corresponding component from Instagram. As part of this technical process, Instagram gains knowledge of which specific subpage of our website you are visiting.

If you are logged into Instagram at the same time, Instagram recognizes with each visit to our website and throughout the duration of your stay on our website, which specific subpage you are visiting. This information is collected by the Instagram component and associated with your Instagram account by Instagram. If you click one of the Instagram buttons integrated on our website, the data and information transferred with it will be associated with your personal Instagram user account, stored, and processed by Instagram.

Instagram always receives information via the Instagram component that you have visited our website whenever you are logged into Instagram at the time of visiting our website, regardless of whether you click the Instagram component or not. If you do not want Instagram to receive such information about you, you can prevent this transmission by logging out of your Instagram account before visiting our website.

This US company is certified under the EU-US Data Privacy Shield Framework. This constitutes an adequacy decision under Art. 45 GDPR, allowing the transfer of personal data without further guarantees or additional measures.

Processing of personal data via social media buttons occurs only with your explicit consent in accordance with Art. 6(1)(a) GDPR.

For more information and the applicable privacy policies of Instagram, please visit: https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

13. Plugins and Other Services

13.1 Google Tag Manager

On this website, we use the Google Tag Manager service. The operator of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool enables the implementation and management of "website tags" (i.e., keywords embedded in HTML elements) through an interface. By using Google Tag Manager, we can automatically track which button, link, or personalized image you have actively clicked and subsequently record which content on our website is of particular interest to you.

The tool also triggers other tags that may collect data. However, Google Tag Manager does not access these data directly. If you have deactivated tracking at the domain or cookie level, this deactivation remains in effect for all tracking tags implemented with Google Tag Manager.

These processing operations are carried out only with your explicit consent pursuant to Art. 6(1)(a) GDPR.

The parent company Google LLC is certified under the EU-US Data Privacy Shield Framework. This constitutes an adequacy decision under Art. 45 GDPR, allowing the transfer of personal data without further guarantees or additional measures.

For more information about Google Tag Manager and Google's privacy policy, please visit: https://www.google.com/intl/en/policies/privacy/.

13.2 YouTube (Videos)

We have integrated components from YouTube on this website. The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

YouTube is an internet video portal that allows video publishers to freely upload video clips and enables other users to view, rate, and comment on these videos at no cost. YouTube permits the publication of all types of videos, which is why both complete films and TV shows, as well as music videos, trailers, or user-generated videos, can be accessed via the internet portal. Each time you visit one of the individual pages of this website operated by us and on which a YouTube component (YouTube video) has been integrated, the internet browser on your IT system is automatically prompted by the respective YouTube component to download a display of the corresponding YouTube component from YouTube. YouTube may also load Google WebFonts, Google Video, and Google Photo services. Further information about YouTube can be accessed at https://www.youtube.com/yt/about/.

As part of this technical process, YouTube and Google become aware of which specific subpage of our website you are visiting.

If you are simultaneously logged into YouTube, YouTube recognizes with the call-up of a subpage that contains a YouTube video which specific subpage of our website you are visiting. This information is collected by YouTube and Google and assigned to your YouTube account.

YouTube and Google receive information via the YouTube component that you have visited our website whenever you are logged into YouTube at the same time as you visit our website, regardless of whether you click a YouTube video or not. If you do not want YouTube and Google to receive such information about you, you can prevent this transmission by logging out of your YouTube account before visiting our website.

These processing operations are carried out only with your explicit consent in accordance with Art. 6(1)(a) GDPR.

The parent company Google LLC is certified under the EU-US Data Privacy Shield Framework. This constitutes an adequacy decision under Art. 45 GDPR, allowing the transfer of personal data without further guarantees or additional measures.

You can view YouTube's privacy policy at https://www.google.com/intl/en/policies/privacy/.

14. Payment Providers

14.1 Klarna

We have integrated components from Klarna on our website. The operator of Klarna is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden. Klarna is an online payment service provider that enables purchase on account or flexible installment payments. Klarna also offers additional services such as buyer protection or identity and credit checks.

If you select "purchase on account" or "installment payment" as a payment option during the ordering process in our online shop, your data will be automatically transmitted to Klarna. By choosing one of these payment options, you consent to the transmission of personal data required for processing the invoice or installment purchase or for identity and credit checks.

The personal data transmitted to Klarna usually includes first and last name, address, date of birth, gender, email address, IP address, telephone number, mobile phone number, and other data necessary for processing an invoice or installment purchase. Also necessary for the processing of the purchase contract are such personal data that are related to the respective order. In particular, there may be mutual exchange of payment information, such as bank account details, card number, expiration date, and CVC code, number of items, item number, data on goods and services, prices, and tax duties, information about previous purchasing behavior or other information about your financial situation.

The transmission of data is intended in particular for identity verification, payment administration, and fraud prevention. We will transmit personal data to Klarna in particular when there is a legitimate interest in the transmission. The personal data exchanged between Klarna and us will be transmitted by Klarna to credit agencies. This transmission is intended for identity and credit checks.

Klarna also discloses personal data to affiliated companies (Klarna Group) and service providers or subcontractors to the extent necessary to fulfill contractual obligations or to process data on behalf.

For the decision on the establishment, execution, or termination of a contractual relationship, Klarna collects and uses data and information about the previous payment behavior of the person concerned as well as probability values for their behavior in the future (so-called scoring). The calculation of the scoring is carried out on the basis of scientifically recognized mathematical-statistical methods.

You have the option to revoke your consent to the handling of personal data at any time to Klarna. Revocation does not affect personal data that must be processed, used, or transmitted in accordance with (contractual) payment processing.

The use of Klarna is in the interest of proper and smooth payment processing. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The transmission of your personal data occurs only with the granting of explicit consent in accordance with Art. 6(1)(a) GDPR.

You can view Klarna's privacy policy at https://cdn.klarna.com/1.0/shared/content/policy/data/en_gb/data_protection.pdf.

14.2 Paydirekt

On our website, we offer payment via Paydirekt, among other options. The provider of this payment service is Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany ("Paydirekt").

When you make a payment via Paydirekt, Paydirekt collects various transaction data and forwards it to the bank with which you are registered with Paydirekt. In addition to the data required for payment, Paydirekt may collect further data such as delivery address or individual items in the shopping cart as part of transaction processing.

Paydirekt subsequently authenticates the transaction using the authentication method stored with the bank for this purpose. The payment amount is then transferred from your account to our account. Neither we nor third parties have access to your account details.

The use of Paydirekt is in the interest of proper and smooth payment processing. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The transmission of your personal data occurs only with the granting of explicit consent in accordance with Art. 6(1)(a) GDPR.

For details on payments with Paydirekt, please refer to Paydirekt's terms and conditions and privacy policy at https://www.paydirekt.de/agb/index.html.

14.3 PayPal

We have integrated components from PayPal on this website. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. Additionally, PayPal offers the option to process virtual payments via credit cards if a user does not maintain a PayPal account. A PayPal account is managed using an email address, hence there is no traditional account number. PayPal allows for initiating online payments to third parties or receiving payments. PayPal also assumes trustee functions and offers buyer protection services.

If you select "PayPal" as the payment option during the ordering process in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transmission of personal data required for payment processing.

The personal data transmitted to PayPal typically includes first and last names, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. Also necessary for processing the purchase contract are such personal data that are related to the respective order.

The transmission of data is intended for payment processing and fraud prevention. We will transmit personal data to PayPal, in particular, when there is a legitimate interest for the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit agencies. This transmission is intended for identity and credit checks.

PayPal may disclose personal data to affiliated companies and service providers or subcontractors to the extent necessary to fulfill contractual obligations or process data on behalf.

You have the option to revoke your consent to the handling of personal data at any time with PayPal. Revocation does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing.

The use of PayPal is in the interest of proper and smooth payment processing. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The transmission of your personal data occurs only with the granting of explicit consent in accordance with Art. 6(1)(a) GDPR.

You can access PayPal's current privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

15. Your Rights as an Affected Person

15.1 Right to Confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

15.2 Right to Information Art. 15 GDPR

You have the right to obtain from us free information at any time about the personal data stored about you and a copy of this data in accordance with legal provisions.

15.3 Right to Rectification Art. 16 GDPR

You have the right to request the correction of inaccurate personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.

15.4 Deletion Art. 17 GDPR

You have the right to demand that the personal data concerning you be deleted without delay, provided that one of the legally stipulated reasons applies and the processing or storage is not necessary.

15.5 Restriction of Processing Art. 18 GDPR

You have the right to demand the restriction of processing if one of the legal requirements is met.

15.6 Data Portability Art. 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, common, and machine-readable format. You also have the right to transfer this data to another responsible party without hindrance from us, to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible, and provided that this does not adversely affect the rights and freedoms of others.

15.7 Objection Art. 21 GDPR

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is carried out on the basis of Art. 6(1)(e) (data processing in the public interest) or f (data processing on the basis of a balance of interests) GDPR, including profiling based on these provisions.

This also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

In individual cases, we process personal data to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. This also applies to profiling, insofar as it is associated with such direct advertising. If you object to us processing your personal data for purposes of direct advertising, we will no longer process the personal data for these purposes.

You also have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you that is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless such processing is necessary to fulfill a task in the public interest.

You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, using automated procedures where technical specifications are used.

15.8 Withdrawal of Consent to Data Protection

You have the right to revoke your consent to the processing of personal data at any time with effect for the future.

15.9 Complaint to a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of personal data.

This data protection declaration was created with the support of the data protection software: audatis MANAGER.