Privacy Policy

Data protection

We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.

1. Responsible party

The responsible party for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is DLC Distributed Ledger Consulting GmbH, Lange Reihe 73, 20099 Hamburg, Germany, phone: +49 40 88369186, e-mail: [email protected] The responsible party for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2.  Data encryption

For security reasons and to protect the transmission of personal data and other confidential content, such as orders or requests that you send to us as the responsible party, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

3.  Data collection when visiting our website

3.1  In the case of merely informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only process data that your browser transmits to our server (so-called “server log files”). In this case, we process the following data, which are technically necessary for us to display the website to you:

  • specific website accessed, incl. access status/HTTP code;
  • date and time at the time of access, incl. time zone difference;
  • amount of data sent in bytes;
  • source/reference from which the website was opened;
  • browser used, incl. its version and the language set;
  • operating system used;
  • IP address used.

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in ensuring and improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to check the server log files subsequently, should concrete indications point to an illegal use.

3.2 When you register for the newsletter or order our product, we collect the relevant information for this purpose. This includes, among other things, your e-mail address and/or, if you opt for our physical package, your postal address. For further data processing, we also use third-party software in this course, namely HubSpot, CleverReach and MailChimp, to which the data is transferred. The legal basis for this processing and transfer is your respective express consent (Art. 6 para. 1 lit. a GDPR). With service providers or third-party providers, we have each concluded a contract on data processing and, where required, the standard contractual clauses laid down by the EU Commission (hereinafter “standard contractual clauses”).

In detail:

HubSpot, HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, provides services for marketing, sales, CRM and customer service purposes. To do so, HubSpot processes personal data according to our instructions without having direct control over the personal data processed on our behalf. HubSpot is contractually prohibited from exploiting this personal data except as necessary to provide and optimize HubSpot's service offerings and as required by law. HubSpot enables us to create and share content for marketing, sales, and customer service, or to organize sales data (such as leads, customers, deals, etc.). Your contact information is stored and managed on HubSpot's service provider servers. HubSpot shares personal information with service providers or when HubSpot is required to do so by law or reasonably believes that such use or disclosure is necessary to protect HubSpot's rights, your safety or the safety of others, to investigate fraud, or to comply with a law, court order, or the requirements of the legal process. For more information, please refer to the service provider's privacy policy, which is available at https://legal.hubspot.com/privacy-policy.

With the service CleverReach of CleverReach GmbH & Co. KG, //CRASH Building Schafjückenweg 2, 26180 Rastede, our newsletter dispatch is organized and analyzed. The data you enter to receive the newsletter (e.g. e-mail address) is stored on CleverReach's servers in Germany or Ireland. The service provider does not use your personal data for its own purposes. The use of CleverReach enables us to analyze the behavior of newsletter recipients. Among other things, it can be determined how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called “conversion tracking”, it can also be determined whether a predefined action has taken place after clicking on the link in the newsletter. For more information, please refer to the privacy policy of the service provider, which is available at https://www.cleverreach.com/en/privacy-policy/.

We use MailChimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. Among other things, this allows the dispatch of newsletters to be organized and analyzed. If you enter data to receive the newsletter (e.g. e-mail address), this will be stored on MailChimp's servers in the USA. When you open an e-mail sent with MailChimp, a file contained in the e-mail (so-called web beacon) connects to MailChimp's servers in the USA to determine that a newsletter message is opened and which links are clicked. In addition, technical information is collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. For more details, please refer to the privacy policy of MailChimp at https://mailchimp.com/legal/terms/ or the so-called “Data Processing Annex”, which we have concluded with MailChimp and with which we oblige MailChimp to protect the data of our customers and not to pass them on to third parties. The latter can be viewed at the following link: https://mailchimp.com/legal/data-processing-addendum/.

3.3 If you access our website via a QR code, we track this access in order to obtain various evaluations relating to customer behavior and interactions with our website. The legal basis for this processing is your explicit consent (Art. 6 para. 1 lit. a GDPR).

3.4 We also track the assignment of voucher and discount codes to individual users. We store which e-mail address (e.g. via newsletter) or which user name (social media) has received which voucher or discount code and by whom this code is used. If the voucher or discount code was shared via social media, we also track this. The legal basis for this processing is your explicit consent (Art. 6 para. 1 lit. a GDPR).

4.  External hosting by Heroku

4.1 This website is hosted by an external service provider (hoster).

4.2 The host is Heroku Inc, a subsidiary of Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany (hereinafter referred to as “Heroku”). Personal data collected on this website is stored on Heroku's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

4.3 Heroku is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

4.4 To ensure data protection-compliant processing, we have concluded an order processing agreement and standard contractual clauses with Heroku. You can view those here:

https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf. Heroku will process your data only to the extent necessary to fulfill its performance obligations and to comply with our instructions regarding such data. You can find more information on the handling of user data in Heroku's privacy policy: https://help.heroku.com/BET88NAL/does-heroku-comply-with-the-eu-data-protection-directive-on-personal-data. Further processing on servers other than the aforementioned ones of Heroku will only take place within the framework communicated below.

5.  Cookies

5.1  We use so-called cookies on various pages to make visiting our website more attractive and to enable the use of certain functions. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies).

5.2 Other cookies remain on your terminal device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.

5.3 If personal data is also processed by individual cookies implemented by us, the processing is done in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your express consent.

5.4 We may work with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we cooperate with the aforementioned advertising partners, you will be informed about the use of such cookies and the scope of the information processed in each case before the processing begins and within the paragraphs below.

5.5 Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Internet Explorer: https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d#:~:text=To delete cookies,box%2C and then select Delete

Firefox: https://support.mozilla.org/en-US/kb/websites-say-cookies-are-blocked-unblock-them

Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

6.  Contacting

When contacting us (e.g. via contact form or e-mail), personal data is processed. Which data is processed in the case of a contact form can be seen from the respective contact form. The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

7.  Social media profiles

7.1 We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below. Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous processing operations relevant to data protection.

7.2 In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection is done, for example, via cookies that are stored on your end device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.

Insofar as both the respective social media platform and we process your personal data, we are jointly responsible with the respective social media portal for data processing within the meaning of Art. 26 GDPR, insofar as a joint decision on data processing has actually been made and both the respective social media platform and we have an influence on the data processing. To the extent possible, we have entered into joint responsibility agreements with the social media platform pursuant to Art. 26 GDPR. In principle, you can assert your rights (right to information pursuant to Art. 15 GDPR, right to rectification pursuant to Art. 16 GDPR, right to erasure pursuant to Art. 17 GDPR, right to restriction of processing pursuant to Art. 18 GDPR, right to data portability pursuant to Art. 20 GDPR and right to complaint pursuant to Art. 77 GDPR) both against the respective social media platform and against us. Since we have no full control over the data processing, we will forward your request to assert your data subject rights to the social media portal if necessary. Our options depend largely on the corporate policy of the respective provider.

7.3 Please also note that we cannot track all processing operations on the social media platforms. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media platforms. For details, please refer to the terms of use and data protection provisions of the respective social media platforms.

7.4 The data collected directly by us via the social media platform will be deleted from our systems as soon as the purpose for storing it no longer applies or you request us to delete it. If you revoke your consent to this effect, the legality of the processing carried out on the basis of the consent up to the revocation will not be affected. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

7.5 Social platforms in detail

Instagram

We use the short message service Twitter. The provider is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. You can independently adjust your Twitter privacy settings in your user account. To do so, click on the following link and log in: https://twitter.com/personalization. For details, please see Twitter's privacy policy: https://twitter.com/de/privacy.

Reddit

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. For details on their handling of your personal data, please see LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

Facebook

We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA, a subsidiary of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. Instagram uses advertising cookies. If you wish to disable Instagram advertising cookies, please use the following link: https://www.facebook.com/help/instagram/1896641480634370. For details on how they handle your personal data, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875.

Wir verwenden darüber hinaus die unter https://www.facebook.com/legal/terms/businesstools aufgeführten Facebook-Business-Tools, um Leistungen unserer Produkte und Dienstleistungen besser verstehen und messen zu können. Gleichzeitig können wir damit Personen, die unsere Produkte und Dienstleistungen nutzen oder daran Interesse haben, besser erreichen und diesen einen besseren Service bieten. Facebook erhält Daten der Business-Tools als Impressionen und Klickdaten (z. B. „Gefällt mir“-Angaben oder die Anzahl der Klicks auf den „Teilen“-Button), die durch soziale Plugins von Facebook und Facebook Login übermittelt werden, sowie Daten von bestimmten APIs, beispielsweise den Messenger-Kundenabgleich von der Send API oder aus bestimmten Pilot-, Test-, Alpha- oder Beta-Programmen, die Facebook von Zeit zu Zeit anbietet. Hierfür gilt der sog. „Zusatz für Verantwortliche“ (https://de-de.facebook.com/legal/controller_addendum), um die jeweiligen Verantwortlichkeiten für die Erfüllung der Verpflichtungen gemäß der DSGVO hinsichtlich der gemeinsamen Verarbeitung festzulegen. Wir sind verpflichtet, den Ihnen diese Informationen zur gemeinsamen Verantwortlichkeit mit Facebook bereitzustellen. Facebook ist für die Erfüllung der Rechte betroffener Personen gemäß der Art. 15–20 DSGVO hinsichtlich der von Facebook nach der gemeinsamen Verarbeitung gespeicherten personenbezogenen Daten verantwortlich. Die gemeinsame Verantwortlichkeit besteht bei der Erhebung oder dem Erhalt im Rahmen einer Übermittlung, hingegen nicht bei der weiteren Verarbeitung von sog. „Event-Daten“ (im Sinne der Ziffer 1. a. ii. der Nutzungsbedingungen für Facebook Business-Tools), die Facebook mittels der in unsere Websites integrierten Facebook-Social-Plugins und Einbettungsfunktionen für Inhalte erhebt oder im Rahmen einer Übermittlung erhält, um Inhalte und Werbeinformationen anzuzeigen, die den unterstellten Interessen der Nutzer entsprechen, oder kommerzielle bzw. transaktionsbezogene Nachrichten zu übermitteln oder die Anzeigenauslieferung und Personalisierung von Funktionen und Inhalten, insbesondere Werbeinformationen, zu verbessern. Wenn Facebook uns aggregierte und anonymisierte Messwerte, Analysen und Berichte bereitstellt, erfolgt dies nicht im Rahmen der gemeinsamen Verantwortlichkeit. Vielmehr wird Facebook in diesem Fall als Auftragsverarbeiter tätig.

We have a profile on Reddit. The provider is Reddit Inc, 1455 Market Street, Suite 1600 San Francisco, CA 94103. Reddit uses advertising cookies. If you would like to disable Reddit advertising cookies, please use the following link: https://www.redditinc.com/policies/cookie-notice. For details on their handling of your personal data, please refer to Reddit's privacy policy: https://www.redditinc.com/policies/privacy-policy.

Facebook

We have a profile on Facebook. The provider is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA; Facebook and we are jointly responsible for the collection of personal data of visitors to our Facebook profile, but not for the further processing thereof. The information required pursuant to Art. 13 para. 1 (a) and (b) GDPR, the privacy policy and further information on how Facebook processes personal data, including the legal basis on which Facebook relies and the options for exercising the rights of data subjects vis-à-vis Facebook, can be found in Facebook's so-called “Data Policy” at https://www.facebook.com/about/privacy. By visiting our Facebook profile, you regularly submit information, the content of which can be found in detail in the “Things you and others do and provide” section of Facebook's Data Policy. This includes, but is not limited to, information about the type of content users view, actions users take, and information about the devices used in doing so (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in Facebook's Data Policy). Facebook also processes information in order to provide analytics services, so-called “Page Insights”, to Page operators so that they can, for example, obtain statistical information such as gender or age distribution regarding the viewing of the Facebook Page. You can find more information on this and the so-called “Page Insights Supplement regarding the responsible party” that applies between Facebook and us here: https://www.facebook.com/legal/terms/page_controller_addendum. Your rights, in particular to information, deletion, objection and complaint to the competent supervisory authority remain unaffected; Facebook will answer your inquiries to this effect in accordance with the Page Insights Supplement.

We also use the Facebook business tools listed at https://www.facebook.com/legal/terms/businesstools to better understand and measure performance of our products and services. At the same time, we can use them to better reach people who use or are interested in our products and services and to provide them with better service. Facebook receives Business Tools data as impressions and click-through data (e.g., “like” views or number of clicks on the “share” button) submitted through Facebook social plugins and Facebook Login, as well as data from certain APIs, such as Messenger customer matching from the Send API or from certain pilot, test, alpha or beta programs that Facebook offers from time to time. This is subject to the so-called “Controller Addendum” (https://de-de.facebook.com/legal/controller_addendum), to specify the respective responsibilities for fulfilling the obligations under the GDPR with respect to joint processing. We are required to provide you with this information on joint responsibility with Facebook. Facebook is responsible for fulfilling the rights of data subjects under Art. 15–20 of the GDPR with respect to personal data stored by Facebook after joint processing. Joint responsibility exists in the case of collection or receipt in the context of a transmission, but not in the case of further processing of so-called “event data” (as defined in section 1. a. ii. of the Terms of Use for Facebook Business Tools) that Facebook collects or receives in the course of a transmission by means of the Facebook social plugins and content embedding features integrated into our websites in order to display content and advertising information that correspond to the assumed interests of users or to deliver commercial or transaction-related messages or to improve ad delivery and personalization of features and content, in particular advertising information. When Facebook provides aggregated and anonymized metrics, analytics, and reporting to us, it does not do so as part of shared responsibility. Rather, Facebook acts as a processor in this case.

The data collected about you will be processed by Facebook and may be transferred outside the European Union, which could make it more difficult to enforce your rights. To the extent that Facebook processes personal data as a (joint) controller, the standard contractual clauses set forth by the EU Commission (https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32004D0915). apply. To the extent Facebook processes personal data as a processor, the “Data Processing Terms and Conditions” available at https://www.facebook.com/legal/terms/dataprocessing/update and the “Facebook EU Data Transfer Addendum” available at https://www.facebook.com/legal/EU_data_transfer_addendum which also incorporates the standard contractual clauses for processors (without the illustrative optional clauses). The latter are available here: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=CELEX%3A32010D0087.

You have the option to object to the processing of your data by Facebook under the following link: https://www.facebook.com/settings?tab=ads.

Pinterest

We have a profile on Pinterest. The provider is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Pinterest uses advertising cookies. If you wish to disable Pinterest advertising cookies, please use the following link: https://policy.pinterest.com/en/cookies. For details on how they handle your personal data, please see Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy.

7.6 We also use the social media management software “Hootsuite”. We have a legitimate interest in using this software pursuant to Art. 6 para. 1 lit. f GDPR, as Hootsuite allows us to centrally manage multiple social media accounts. Posts can be prepared, scheduled, published, liked and shared in it. At the same time, the channels of the different services can also be tracked within Hootsuite in order to monitor discussions on the social web about our companies, brands or our services and products that are relevant for us. In this context, we generally have only limited access to your publicly accessible profile data and have no conclusive knowledge of the extent to which Hootsuite collects your user data. You can find further information on this in Hootsuite's privacy policy at: https://hootsuite.com/de/legal/privacy.

  1. Data processing for order handling

8.1 In order to process your order, we cooperate with the following service providers, which support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information. The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the framework of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR.

8.2 To fulfill our contractual obligations to our customers, we work with external shipping partners. We pass on your name as well as your delivery address and, if necessary for the delivery, your telephone number to a shipping partner selected by us exclusively for the purposes of the delivery of goods Art. 6 para. 1 lit. b GDPR.

8.3 Use of payment service providers (payment services)

Klarna

If you select a Klarna payment service, payment processing is carried out via Klarna Bank AB (publ) (https://www.klarna.com), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). In order to enable the processing of the payment, your personal data (first and last name, street, house number, postal code, city, gender, e-mail address, telephone number and IP address) as well as data related to the order (e.g. invoice amount, article, delivery type) will be passed on to Klarna for the purpose of checking your identity and creditworthiness, provided that you have expressly consented to this in accordance with Art. 6 (1) lit. a GDPR during the ordering process. To which credit agencies your data may be forwarded in this regard, you can see here: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. Klarna uses the information obtained about the statistical probability of non-payment for a weighed decision on the establishment, implementation or termination of the contractual relationship. You can revoke your consent at any time by sending a message to the data controller or to Klarna. However, Klarna remains entitled to process your personal data, if applicable, insofar as this is necessary for the processing of payments in accordance with the contract. Your personal data will be handled in accordance with the applicable data protection regulations and as specified in Klarna's privacy policy https://www.klarna.com/international/privacy-policy/.

PayPal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - “purchase on account” or “installment payment” via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) as part of the payment processing. The transfer takes place in accordance with Art. 6 para. 1 lit. b GDPR and only to the extent necessary for payment processing. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - “purchase on account” or “installment payment” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in terms of the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The creditworthiness information may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For further information on data protection, including information on the credit agencies used, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/legalhub-full?locale.x=en_DE. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data, provided that this is necessary for the contractual payment processing.

Stripe.

If you choose a payment method of the payment service provider Stripe, the payment is processed via the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process together with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. You can find more information about Stripe's data protection at the URL https://stripe.com/de/privacy.

  1. Your rights as a data subject

9.1 The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:

  • Right to information pursuant to Art. 15 GDPR;
  • Right to rectification pursuant to Art. 16 GDPR;
  • Right to erasure pursuant to Art. 17 GDPR;
  • Right to restriction of processing pursuant to Art. 18 GDPR;
  • Right to information pursuant to Art. 19 GDPR;
  • Right to data portability pursuant to Art. 20 GDPR;
  • Right to revoke consent given pursuant to Art. 7 para. 3 GDPR;
  • Right to lodge a complaint pursuant to Art. 77 GDPR.

9.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS. IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

10.  Duration of storage of personal data

10.1 Unless otherwise stated, the duration of the storage of personal data depends on the respective legal basis, the purpose of processing and – if relevant – additionally on any retention periods under tax and commercial law.

10.2 Your data will be stored by us after your express consent in accordance with Art. 6 para. 1 a GDPR until you revoke your consent. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this. If legal retention periods exist for the storage of your data processed during legal or quasi-legal obligations, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for processing for the fulfillment of a contract or contract initiation pursuant to Art. 6 para. 1 lit. b GDPR and/or there is no legitimate interest on our part in the continued storage pursuant to Art. 6 para. 1 lit. f GDPR.

10.3 Your personal data stored on the legal basis of processing to protect our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR will be stored for the duration of the existence of our legitimate interest or until you exercise your right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing is for the establishment, exercise or defense of legal claims.

10.4 Your data stored on a legal basis for the purpose of direct marketing pursuant to Art. 6 para. 1 lit. f GDPR will be stored for the duration of the existence of this purpose or until you exercise your right to object pursuant to Art. 21 para. 2 GDPR. Your stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed. This does not apply if the other information in this statement about specific processing situations indicates otherwise.

10.5 You are under no legal or contractual obligation to provide us with your personal data. However, it is possible that certain functions of our websites depend on the provision of personal data. If you do not provide personal data in these cases, this may result in functions not being available or only being available to a limited extent.