data protection

Data protection

1) Information about the collection of personal data and contact details of the person responsible

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we will inform you about how your personal data is handled when you use our website. Personal data is all data with which you can be personally identified.

1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is tilli Schirmer, Waldsiedlung 12, 09557 Flöha, Germany, Tel.: 03726397864, Email: hello@lulespiek.de. The person responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this website uses an SSL or. TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser bar.

2) Data collection when you visit our website

If you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you came to the page
  • Browser used
  • Operating system used
  • IP address used (if necessary: ​​in anonymized form)

Processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

3) Hosting & Content Delivery Network

Hosted by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”) for the purpose of hosting and displaying the online shop on a basis Processing on our behalf. All data collected on our website is processed on Shopify’s servers. As part of Shopify's aforementioned services, data may also be processed further on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc .or Shopify (USA) Inc. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by the European Commission's adequacy decision. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz
Further processing on servers other than those mentioned above by Shopify only takes place within the scope stated below.

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after you close the browser (so-called “session cookies”), while some of these cookies remain on your device for a longer period of time and enable you to save page settings (so-called “persistent cookies”). In the latter case, you can find out the storage period in the overview of the cookie settings in your web browser.
If personal data is also processed through individual cookies we use, the processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR either to implement the contract, in accordance with Art. 6 Para. 1 lit in accordance with Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be restricted.

5) Contact us

When you contact us (e.g. via contact form or email), personal data is processed - exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at a contract, the additional legal basis for the processing is Article 6 (1) (b) GDPR. Your data will be deleted if the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary.

6) Comment function

As part of the comment function on this website, in addition to your comment, information about the time the comment was created and the commenter name you chose are saved and published on this website. Furthermore, your IP address will be stored for security reasons in order to enable an attribution to the author in the event of illegal comments. Your email address will be saved so that we can contact you if a third party should complain about your published content as being illegal.

7) Use of customer data for direct advertising

- Newsletter delivery via MailChimp
Our email newsletters are sent via the technical service provider The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA ( http://www.mailchimp .com/ ), to whom we pass on the data you provided when registering for the newsletter. This transfer is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR and serves our legitimate interest in using an advertising-effective, secure and user-friendly newsletter system. Please note that your data is usually transferred to a MailChimp server in the USA and stored there.
MailChimp uses this information to send and statistically evaluate the newsletter on our behalf. For evaluation purposes, the emails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files that are stored on our website. This makes it possible to determine whether a newsletter message was opened and which links, if any, were clicked on. Using web beacons, Mailchimp automatically creates general, non-personal statistics about response behavior to newsletter campaigns. Based on our legitimate interest in the statistical evaluation of the newsletter campaigns to optimize advertising communication and better alignment with recipient interests, the web beacons in accordance with Art. 6 Para. 1 lit f GDPR also collect data from the respective newsletter recipient (email address, Time of retrieval, IP address, browser type and operating system) and used. This data allows an individual conclusion to be drawn about the newsletter recipient and is processed by Mailchimp to automatically create statistics that show whether a specific recipient has opened a newsletter message.
If you would like to deactivate data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
MailChimp can also use this data in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on its own legitimate interest in the needs-based design and optimization of the service as well as for market research purposes, for example to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them ourselves or to pass them on to third parties.
To protect your data in the USA, we have concluded a data processing agreement with MailChimp based on the European Commission's standard contractual clauses to enable the transfer of your personal data to MailChimp. If you are interested, this data processing contract can be viewed at the following internet address: https://mailchimp.com /legal /data-processing-addendum /
You can view MailChimp’s privacy policy here:
https://mailchimp.com /legal /privacy /

8) Data processing for order processing

8.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data we collect will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Article 6 Paragraph 1 Letter b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact details you provided when ordering (name, address, email address) in order to provide you with our legal information obligations in accordance with Art. 6 Para 1 lit. Your contact details will be used strictly for the purpose of communicating updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the respective information.

To process your order, we also work with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

8.2 Use of payment service providers (payment services)

-Apple Pay
If you choose the “Apple Pay” payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed using the “Apple Pay” function of your device running iOS, watchOS or macOS by debiting a payment card stored with “Apple Pay”. Apple Pay uses security features built into your device's hardware and software to protect your transactions. In order to approve a payment, you must enter a code previously specified by you and verify it using the “Face ID” or “Touch ID” function of your device.
For the purpose of payment processing, the information you provided during the ordering process, along with the information about your order, will be passed on to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. Encryption ensures that only the website through which the purchase was made can access the payment details. After the payment is made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the payment success.
If personal data is processed during the transfers described, the processing takes place exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.
Apple retains anonymized transaction information, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can be used to identify you. You can turn off the ability to use Apple Pay on your Mac in your iPhone's settings. Go to Wallet & Apple Pay and turn off Allow Payments on Mac.
Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com /de-de /HT203027
- Google Pay
If you choose the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment will be processed via the “Google Pay” application on your device with at least Android 4.4 (“KitKat”) operated mobile device with an NFC function by charging a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). In order to approve a payment via Google Pay amounting to more than €25, you must first unlock your mobile device using the verification measure that has been set up (e.g. facial recognition, password, fingerprint or pattern).
For the purpose of payment processing, the information you provided during the ordering process, along with the information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the originating website, which is used to verify a payment made. This transaction number does not contain any information about the real payment details of your payment methods stored with Google Pay, but is created and transmitted as a one-time valid numerical token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment process. The transaction is carried out exclusively between the user and the source website by debiting the payment method stored with Google Pay.
If personal data is processed during the transfers described, the processing takes place exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.
Google reserves the right to collect, store and evaluate certain process-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photographs that you included with the transaction, the name and email address of the seller and buyer, respectively. the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.
According to Google, this processing is carried out exclusively in accordance with Article 6 (1) (f) GDPR based on the legitimate interest in proper accounting, verification of transaction data and the optimization and functionality of the Google Pay service.
Google also reserves the right to combine the processed process data with other information that is collected and stored by Google when you use other Google services.
The Google Pay terms of use can be found here:
https://payments.google.com /payments /apis-secure /u /0 /get_legal_document ?ldo=0 &ldt=googlepaytos &ldl=de
Further information on data protection with Google Pay can be found at the following internet address:
https://payments.google.com /payments /apis-secure /get_legal_document ?ldo=0 &ldt=privacynotice &ldl=de
-Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal, we pass on your payment data to PayPal (Europe) Sarl et Cie, SCA, 22- as part of the payment processing. 24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”), further. The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "payment in installments" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values ​​(so-called score values). To the extent that score values ​​are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, but is not limited to, address data. Further data protection information, including information about the credit agencies used, can be found in PayPal's data protection declaration: https://www.paypal.com /de /webapps /mpp /ua /privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
- Paypal checkout
This website uses PayPal Checkout, an online payment system from PayPal that consists of PayPal's own payment methods and local payment methods from third-party providers.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "Pay later" via PayPal, we pass on your payment details to PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L as part of the payment processing -2449 Luxembourg (hereinafter “PayPal”), further. The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only to the extent that this is necessary for payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “Pay later” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values ​​(so-called score values). To the extent that score values ​​are included in the results of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values ​​includes, but is not limited to, address data. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
If you select the PayPal payment method “purchase on account”, your payment data will first be sent to PayPal to prepare the payment, after which PayPal will forward it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (“Ratepay”) to carry out the payment. The legal basis is Article 6 Paragraph 1 Letter b GDPR. In this case, RatePay carries out an identity and creditworthiness check on its own behalf to determine solvency in accordance with the principle mentioned above and passes your payment data to credit agencies based on the legitimate interest in determining solvency in accordance with Article 6 Paragraph 1 Letter f of the GDPR further. A list of the credit agencies that Ratepay can rely on can be found here: https://www.ratepay.com/legal-payment-creditagencies/
If you use the payment method of a local third-party provider, your payment data will first be passed on to PayPal to prepare the payment in accordance with Article 6 (1) (b) GDPR. Depending on your selection of an available local payment method, PayPal will then transmit your payment data to the relevant provider in order to carry out the payment in accordance with Art. 6 Para. 1 lit. b GDPR:
- Immediately (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- blik (Polski Standard P&ltrok;atności sp. z oo, ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2
1200 Vienna, Austria)
- MyBank (PRETA SAS, 40 Rue de Courcelles, F-75008 Paris, France)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
For further data protection information, please see PayPal's data protection declaration: https://www.paypal.com /de /webapps /mpp /ua /privacy-full
- Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, the payment is processed via the technical service provider Stripe Payments Europe Ltd. , 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we communicate the information you provided during the ordering process, together with the information about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Article 6 Paragraph 1 Letter b GDPR. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. Further information about Shopify Payments’ data protection can be found at the following internet address: https://www.shopify.com/legal/privacy .
Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com /de /privacy
- IMMEDIATELY
If you select the payment method “SOFORT”, payment is processed via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “SOFORT”), to whom we will send the information you provided during the ordering process, along with the information about your order in accordance with Art. 6 Paragraph 1 Letter b GDPR. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). Your data will be passed on exclusively for the purpose of processing payments with the payment service provider SOFORT and only to the extent that it is necessary for this purpose. You can find further information about SOFORT's data protection regulations at the following internet address: https://www.klarna.com/sofort/datenschutz .
-Stripes
If you choose a payment method from the payment service provider Stripe, payment will be processed via the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will send your information and the information you provided during the ordering process about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. Further information about Stripe's data protection can be found at the URL https://stripe.com /de /privacy#translation .
Stripe reserves the right to carry out a credit check based on mathematical and statistical procedures in order to protect the legitimate interest in determining the user's solvency. Stripe may transmit the personal data necessary for a credit check and received as part of payment processing to selected credit agencies, which Stripe will disclose to users upon request. The credit report can contain probability values ​​(so-called score values). Insofar as score values ​​are included in the results of the credit report, they are based on a scientifically recognized mathematical and statistical procedure. The calculation of the score values ​​includes, but is not limited to, address data. Stripe uses the result of the credit check with regard to the statistical probability of payment default for the purpose of deciding on the right to use the selected payment method.
You can object to this processing of your data at any time by sending a message to Stripe or the commissioned credit agencies.
However, Stripe may continue to be entitled to process your personal data if this is necessary to process payments in accordance with the contract.

9) Online marketing

Facebook Pixel for creating custom audiences (with Cookie Consent Tool)
Our online offering uses the so-called “Facebook pixel” from the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Facebook”).
If a user clicks on an advertisement we have placed on Facebook, an addition is added to the URL of our linked page by Facebook Pixel. If our site allows sharing data with Facebook via pixels, this URL parameter is written into the user's browser via a cookie, which our linked site sets itself. This cookie is then read by Facebook Pixel and enables the data to be forwarded to Facebook.
With the help of the Facebook pixel, Facebook is able to determine the visitors to our online offering as a target group for the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook pixel to only show the Facebook ads we place to those Facebook users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products) based on the information they visit websites) which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not appear annoying. This allows us to further evaluate the effectiveness of Facebook advertisements for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion”).
The data collected is anonymous to us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook uses the data for its own advertising purposes, in accordance with the Facebook data usage guidelines ( https://www.facebook.com/about/privacy/ ) can use. The data can enable Facebook and its partners to place advertisements on and outside of Facebook.
The data processing associated with the use of the Facebook Pixel only takes place with your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with future effect by deactivating this service in the “cookie consent tool” provided on the website.

10) Page functionalities

10.1 Google reCAPTCHA

On this website we also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is primarily used to distinguish whether an entry is made by a natural person or whether it is improperly processed through machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in determining individual personal responsibility on the Internet and avoiding misuse and spam. As part of the use of Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. come to the USA.

You can view further information about Google reCAPTCHA and Google's privacy policy at: https://www.google.com /intl /de /policies /privacy /

To the extent legally required, we have obtained your consent for the processing of your data as described above in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with future effect. To exercise your revocation, please follow the option described above for making an objection.

10.2 Shopsync for Shopify

This website uses the Shopify app “Shopsync” from ShopSync LLC, PO Box 252, Jefferson City, TN 37760, USA.
With the help of ShopSync, the newsletter service “Mailchimp” is synchronized with our Shopify account in such a way that, on the one hand, updates to Mailchimp email lists (e.g. an opt-out of a newsletter recipient) are also automatically stored on Shopify and, on the other hand New contact data generated through contract conclusions on Shopify are automatically transferred to Mailchimp's email lists.

In the former case, data processing takes place in accordance with Article 6 Paragraph 1 Letter f of the GDPR on the basis of our legitimate interest in the effective and cross-system maintenance of the profiles of advertising recipients and the efficient consideration of legally significant status changes.

In the second case, exclusively on the basis of the user's express consent in accordance with Article 6 Para. 1 lit (purchase amount, time and date of purchase) transferred to Mailchimp by ShopSync.

Data transferred in this way will not be saved or retained by ShopSync after synchronization. All information synced between Shopify and Mailchimp is transferred using Secure Socket Layer (SSL) technology, and all transferred information remains encrypted during the sync process.

The synchronization process requires the transfer of information over a secure connection to servers hosted by Amazon Web Services in the United States.

Further data protection information about ShopSync can be found here: https://shopsync.io /privacy-policy

11) Tools and miscellaneous

11.1 - Lexoffice
To carry out the accounting, we use the service of the cloud-based accounting software “lexoffice” from Haufe-Lexware GmbH & Co. KG, Munzinger Straße 9, 79111 Freiburg.
Lexoffice processes incoming and outgoing invoices as well as our company's bank transactions in order to automatically record invoices, match them to the transactions and create financial accounting from them in a semi-automated process.
If personal data is also processed, the processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR on the basis of our legitimate interest in the efficient organization and documentation of our business processes.
Further information about lexoffice, the automated processing of data and the data protection regulations can be found at https://www.lexoffice.de/datenschutz/

11.2 Cookie consent tool

This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “cookie consent tool” is displayed to users when they access the page in the form of an interactive user interface on which consent can be given for certain cookies and/or cookie-based applications by checking a box. By using the tool, all cookies/services requiring consent are only loaded if the respective user gives their consent by checking the box. This ensures that such cookies are only set on the user's device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed here.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in doing so legally compliant, user-specific and user-friendly consent management for cookies and therefore a legally compliant design of our website.
Another legal basis for processing is Article 6 Paragraph 1 Letter c GDPR. As those responsible, we are subject to the legal obligation to make the use of cookies that are not technically necessary dependent on the respective user consent.
Further information about the operator and the setting options for the cookie consent tool can be found directly in the corresponding user interface on our website.

12) Rights of the person concerned

12.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) towards the person responsible with regard to the processing of your personal data, whereby reference is made to the legal basis listed for the respective exercise requirements:

  • Right to information in accordance with Art. 15 GDPR;
  • Right to rectification in accordance with Art. 16 GDPR;
  • Right to deletion in accordance with Art. 17 GDPR;
  • Right to restriction of processing in accordance with Art. 18 GDPR;
  • Right to information in accordance with Art. 19 GDPR;
  • Right to data portability in accordance with Art. 20 GDPR;
  • Right to revoke consent given in accordance with Art. 7 Para. 3 GDPR;
  • Right to complain in accordance with Art. 77 GDPR.

12.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCE OF INTERESTS BASED ON OUR OVERWHELMING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU USE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING IS RESERVED IF WE CAN PROOF COMPLEX REASONS FOR THE PROCESSING THAT ARE worthy of protection, which OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY EXERCISE YOUR OPT-OUT AS DESCRIBED ABOVE.

IF YOU USE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE AFFECTED DATA FOR DIRECT ADVERTISING PURPOSES.

13) Duration of storage of personal data

The duration of storage of personal data is determined based on the respective legal basis, the purpose of processing and - if relevant - additionally based on the respective legal retention period (e.g. commercial and tax law retention periods).

When processing personal data on the basis of express consent in accordance with Article 6 (1) (a) GDPR, this data will be stored until the person concerned revokes their consent.

If there are statutory retention periods for data that are processed within the framework of legal or transaction-like obligations on the basis of Art. 6 Para. 1 lit and/or we have no legitimate interest in further storage.

When processing personal data on the basis of Article 6 Paragraph 1 Letter f of the GDPR, this data will be stored until the data subject exercises his or her right to object in accordance with Article 21 Paragraph 1 of the GDPR, unless we can provide compelling legitimate reasons provide evidence for the processing that outweighs the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct advertising on the basis of Article 6 Paragraph 1 Letter f of the GDPR, this data will be stored until the person concerned exercises their right to object in accordance with Article 21 Paragraph 2 of the GDPR.

Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.