Privacy Policy
1. Preface and selected terms
On the one hand, this data protection declaration informs visitors and users of our website about the online data processing operations in which personal data is processed. On the other hand, you will receive information about our processing operations that do not primarily take place online.
1. “Personal data” are all individual details that allow conclusions to be drawn about a natural person (for definition see Art. 4 (1) GDPR). This includes, for example, names, e-mail addresses, telephone numbers, but also data such as IP addresses or customer numbers.
2. The ” processing of personal data” includes all processes, for example the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 (2) GDPR).
3. The ” data subject” within the meaning of data protection law is any natural person from whom personal data is processed.
4. Further definitions of terms can be found in the General Data Protection Regulation , which you will find mainly in Art. 4 of the GDPR (Definitions).
2. Responsibilities
Name and address of the responsible party
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
United Soft Media Verlag GmbH
Thomas-Wimmer-Ring 11
D-80539 Munich
Phone: +49 / 89 / 290 88 175
Fax: +49 / 89 / 290 88 160
E-Mail: info@usm.de
Name and address of the data protection officer
The data protection officer of the person responsible is:
DSB External data protection officer Stuttgart
Fabian Henkel
Kantstrasse 14
71277 Rutesheim
Telephone: +49 7152564773
E-Mail: info@externer-datenschutzbeauftragter-stuttgart.de
Web: https://www.externer-datenschutzbeauftragter-stuttgart.de
3. Brief overview of data processing
The following content gives you a brief overview of the processing of personal data; you can find more information in the passages presented in detail.
Security on our website (SSL Secure Socket Layer)
Our website is provided with an SSL certificate, with the help of which data transmission processes are encrypted. This happens, for example, when you send us a message using the form. As a precaution, however, we would like to point out that one hundred percent security in electronic data processing is not possible and that there is always a residual risk.
Data that you transmit to us
On the one hand, we process the data that you enter yourself on this page, for example in a form. In this case, the purpose of processing results from the type of form and, on the other hand, from this data protection declaration. Even if you send us a message by email, for example, or contact us in any other way, we will process your data in accordance with the purpose for which you were contacted.
Automatic server log files
On the other hand, our server automatically records all accesses and thus also IP addresses (log files), this serves to defend against attacks, analyze access numbers and ensure smooth operation.
Use of cookies
Cookies help us to provide various services. Cookies are small text files that can be saved and read in your browser. We use our own cookies as well as third-party cookies; you can find more information on this in this data protection declaration.
Other data recipients
a) Data processors
In accordance with the requirements of Art. 28 GDPR, we use contract
processors, for example in the area of IT services, web hosting, email hosting or printing services. They process personal data for us in accordance with instructions.
b) Use of third-party services
If it is necessary (for example for the execution of a contract), we pass on your data to banks, other payment service providers, shipping service providers, our tax advisor or lawyer, for example.
c) Legal obligations
In addition, we are obliged in certain cases to report to the competent authorities on the basis of the Money Laundering Act. In addition, we are subject to other legal obligations, such as commercial laws or tax law, in this context we have to pass on certain data to tax authorities, for example.
d) Investigation of criminal offenses
Insofar as it is necessary to investigate a criminal offense, we pass on data to the law enforcement authorities.
General information on deletion periods for personal data
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract; in addition, we are obliged to comply with statutory retention requirements. If the data processing is based on your consent, we will delete your data after your revocation.
Transfer of personal data to a third country
We try to have all service providers and services provided by providers within the European Union as far as possible. A transfer to a third country is possible if you have given us your consent and / or we have concluded an order processing contract in accordance with Art. 28 GDPR and the use of suitable guarantees. In individual cases we can use plugins or tools that are hosted in third countries, but we use them based on our legitimate interests. In these cases, we may point out the circumstance in this privacy policy.
Obligation to provide personal data
The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the required personal data, we will not be able to conclude and fulfill a contract with you.
4. Legal basis for the processing of personal data
The legal bases for the processing of personal data are exceptional circumstances that allow the processing of personal data. The essential legal bases are shown in particular in Art. 6 GDPR.
The legal bases according to which we process personal data are described in the individual processing operations in this data protection declaration.
• Given consent is one of those legal bases. This requires that the person gives its consent for one more data processing activities in an informed manner and on a voluntary basis. Consent on the basis of Article 6 (1) (a) GDPR can generally be revoked at any time without giving reasons.
• The processing of personal data for the initiation or implementation of contracts is also a legal basis and is defined in Art. 6 Paragraph 1 lit. b GDPR.
• The exception of data processing due to a legal obligation can be found in Art. 6 Paragraph 1 lit. c GDPR, for example we are obliged to comply with certain retention periods under commercial law and tax law.
• The processing of personal data on our legitimate interests allows processing after carefully weighing financial or legal interests against the interests of the data subject that are worthy of protection. This legal basis is stated in Article 6 (1) (f) GDPR.
5. Your rights under the General Data Protection Regulation
Every natural person has certain rights, these are defined in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can claim from us.
1. Right to revoke a given consent according to Art. 7 GDPR
You can revoke a given consent to us at any time without giving reasons with effect for the future.
2. Right to information (cf. Art. 15 GDPR)
You have the right to request information about the data processed by you and the purposes of the processing at any time.
3. Right to correction (cf. Art. 16 GDPR)
If you discover that we are processing incorrect or incomplete personal data, you have the right to correction.
4. Right to deletion (cf. Art. 17 GDPR)
You have the right at any time to request the deletion of your personal data that we are processing about you. If complete deletion is not possible, for example because we have to meet statutory retention requirements or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.
5. Right to restriction of processing / blocking (cf. Art. 18 GDPR)
You have the right to request that the processing of your personal data be restricted. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:
• If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the test, you have the right to request that the processing of your personal data be restricted.
• If the processing of your personal data happened / happens unlawfully, you can request the restriction of the data processing instead of the deletion.
• If we no longer need your personal data, but you need them to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of being deleted.
• If you have lodged an objection in accordance with Art. 21 Paragraph 1 GDPR, your interests and ours must be weighed up. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
• If you have restricted the processing of your personal data, this data – apart from its storage – may only be allowed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest processed by the European Union or a member state.
6. Right to data portability (cf. Art. 20 GDPR)
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done if it is technically feasible.
7. Right to object to certain processing operations and direct mail (cf. Art. 21 GDPR)
If the data processing takes place on the basis of Art. 6 Para. 1 lit. e or f GDPR, you have the right at any time for reasons that arise from your particular Situation arise to object to the processing of your personal data; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned, unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Para. 1 GDPR).If your personal data are processed in order to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object, your personal data will then no longer be used for direct marketing purposes (objection according to Art. 21 Paragraph 2 GDPR).
8. Right to file a complaint at the data protection authorities (cf. Art. 77 DGVO)
In the event of violations of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.
6. Automatic server log files
Our web server automatically logs all access e and thus IP addresses of visitors. This serves to defend against attacks, analyze access numbers and ensure smooth operation. We have a legitimate interest in this (Art. 6 lit. f GDPR).
In addition to the IP address, the server log usually records additional metadata about the session; you can find this data below .
• Date and time of the call
• Information about the browser type and the browser version used
• Information on the operating system used
• Device (client)
• Referring URL (from which page you landed with us)
• Clicked hyperlinks
We only process this data for the purposes mentioned above. We delete server log files after six months at the latest.
7. Use of cookies
<script id=”CookieDeclaration” src=https://consent.cookiebot.com/5c679fa0-96d8-4946-b501-30803b511a1c/cd.js type=”text/javascript” async></script>
Use of the Cookiebot Consent Management System
Our website uses Cookiebot’s cookie consent technology to obtain your consent to the storage of certain cookies on your device and to document them in compliance with data protection regulations. The provider of this technology is Cybot A / S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).
When you enter our website, a connection is established to the Cookiebot servers in order to obtain your consent and other declarations regarding the use of cookies. Cookiebot then saves a cookie in your browser in order to be able to assign the consent given to you or the revocation thereof. The data collected in this way will be stored until you ask us to delete it, delete the Cookiebot cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention requirements remain unaffected.
Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 (1) (c) GDPR. In addition, we have a legitimate interest in using a user-friendly and secure service for cookie consent, the legal basis is Art. 6 (1) (f) GDPR.
Data processing agreement
We have concluded an order processing contract with Cookiebot. This is a contract prescribed by data protection law, which ensures that Cookiebot processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
8. Processing of personal data in the context of establishing contact and communication
Communication by email
If you send us an email, we will process your data according to the content and purpose of the message. As a rule, processing takes place on the basis of pre-contractual measures or in the context of the implementation of a contractual relationship on the basis of Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR. It is in a legitimate interest to process your request quickly and efficiently.
Please note that we store all incoming e-mails according to generally accepted accounting principles for a period of ten years, beginning with the first day of the following year, in which the message was received. If you ask us to delete the data, we will from now on restrict your data for processing and only save it for the purpose of complying with retention periods in our legitimate interest.
Communication by phone or fax
Even if you contact us by phone or fax, we process your data either to initiate and implement contractual relationships (if the content is product or service-related) and / or in our legitimate interest, analogous to contacting us by e-mail. We do not record the content of the conversation, but we may make notes to process your request. This will be saved until the purpose of data processing has been achieved and we no longer have any legitimate interests in processing. If necessary, the content of the conversation is stored anonymously for statistical purposes. You can of course request deletion at any time.
9. Purchase of apps
IOS & Android apps can be purchased via the Apple App Stores and the Google Play Store. We ourselves are not involved in the transaction when buying in the stores.
10. Online store and customer service
The online store and checkout is provided by our partner company:
KOSMOS & YOU GmbH
Pfitzerstr. 5 – 7
70184 Stuttgart
KOSMOS & YOU GmbH, like United Soft Media Verlag GmbH, is part of the Franckh Media Group, which also includes Franckh-Kosmos Verlags-GmbH in particular. Contracts exist between the partner companies regarding joint responsibility within the meaning of Art. 26 GDPR.
10.1 Registration of a customer account / user account
You have the option to create a user account. This will enable you to use extended functionality, but is not mandatory. In the registration process you will be asked to enter various data, some of these fields are mandatory and marked accordingly.
With a user account you can log in to the site with a username and password, passwords are always stored encrypted.
Legal basis for the creation of a customer account / user account
Whether you create a user account is up to you. The processing of the data entered during registration is carried out on the one hand for the purpose of implementing the user relationship established by the registration and, if necessary, for the initiation of further contracts (Art. 6 para. 1 lit. b GDPR).
On the other hand, processing of your data for this purpose is based on your consent (Art. 6 para. 1 lit. a GDPR). Of course, you can revoke your consent at any time with effect for the future and request us to delete your user account.
Salesforce Sales Cloud
We would like to point out at this point that your data will be stored in our CRM Salesforce Sales Cloud when you set up a customer account. You can find more information in the passage on “CRM Salesforce Sales Cloud” in this privacy policy.
Deletion of a user account / customer account
Your data will be stored as long as you maintain your user account on our site. You can request us to delete your customer account at any time, or – if currently available as a feature in our store – delete your account yourself.
Please note that the deletion of your customer account does not necessarily lead to the deletion of all personal. Insofar as you have made a purchase in our store, for example, must comply with the statutory retention periods. In this case, the retention period is usually 10 years (§147 AO / §257 HGB / §14b UstG).
10.2 Customer service
You can contact our customer support at any time if you have a concern. As a rule, this process serves to clarify questions that concern a purchase that has already been made or a purchase in the future. In these cases, we process your data on the basis of Art. 6 (1) lit. b GDPR. In all other cases, we process your data in the legitimate interest of providing a smooth service and customer-friendly offer. The legal basis is Art. 6 para. 1 lit. f GDPR.
Responsible entity for customer service:
Kosmos & You GmbH
Pfizerstraße 5-7
D-70184 Stuttgart
Sub Processors
Based on our legitimate interests (Art. 6 para. 1lit. f GDPR), we use service providers in the area of customer service. These process personal data according to our instructions within the framework of a contract processing agreement.
• Majorel
Majorel Deutschland GmbH, Reinhard-Mohn-Straße 500, 33333 Gütersloh – a company of the Majorel Group Luxembourg S.A., 18, boulevard de Kockelscheuer, L-1821 Luxembourg – supports us in the coordination and response in the area of customer service. Privacy information https://de.majorel.com/privacy-policy/.
• Zendesk
We use the ticketing system provided by Zendesk, Inc, 1019 Market Street in San Francisco, CA 94103 USA. Zendesk has Binding Corporate Rules (BCR) that have been approved by the Irish Data Protection Authority. These are binding corporate rules that legitimize corporate data transfers to third countries outside the EU and EEA. Details can be found here: www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/. If you do not agree with processing your request with us via Zendesk, you can alternatively communicate with us via email, phone or fax. For more information, please see Zendesk’s privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/.
Information about our storage periods
We process your data until your request has been processed and subsequently restrict its processing. We delete your data after the expiry of the general limitation period after 3 years, starting with the calendar year following the transaction. Insofar as an accounting-relevant transaction arises from your request, for example if we send you spare parts or we reimburse you for a credit note, we are obliged to comply with legal retention periods (legal obligation Art. 6 para. 1 lit. c GDPR). These are 10 years according to §257 Abs. 1 HGB and §147 Abs. 2 AO, starting with the year following the transaction.
10.3 Data processing during purchase in our store
Contractual partner and operator of the online store is Kosmos & You GmbH, Pfizerstraße 5-7, D-70184 Stuttgart.
We collect your personal data for the processing of the purchase contract, usually these are
• Your name
• Your address
• Your email address
• Phone number, if applicable
• Address and delivery address, if applicable
• Customer number
• Order number
• Order date
• Purchased products
• Amount in Euro
• Payment method
• Payment data
The collection is based on Art. 6 para. 1 lit. b GDPR for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.
We are obliged to comply with legal retention periods (legal basis legal obligation according to Art. 6 para. 1 lit. c GDPR), these amount to 10 years according to §257 para. 1 HGB and §147 para. 2 AO (legal basis), starting with the year following the legal transaction.
You do not have to register an account to buy from our store and you can place a guest order.
a. Use of the Salesforce Salescloud and Marketingcloud
When purchasing in our webshop, your data will be transferred and managed in our CRM Salesforce Salescloud. For more information, see the passage on “Salesforce Sales Cloud” “Salesforce Marketing Cloud” in this privacy policy.
b. Processing of existing customer data for direct marketing purposes
In addition, we reserve the right to use your personal data for direct advertising by e-mail or post, provided that you do not object or have not objected to the use. The legal basis is Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG. You can find more information under “Direct marketing”.
c. Transmission to other data recipients for purchase processing
We transmit your personal data to third parties only if this is necessary in the context of the contract. When purchasing in our store, this is done for the disposition, preparation and dispatch of your order. In the process, your name and address data are transmitted, the legal basis is basically Art. 6 para. 1 lit. b GDPR as well as Art. 6 para. 1 lit. f GDPR in terms of our legitimate interest in using professional service providers.
10.4 Disposition and preparation for shipment
For the purpose of scheduling and shipment preparation, we transfer your data under a contract processing agreement to:
Arvato Distribution GmbH
An der Autobahn 22
33333 Gütersloh
10.5 Shipping service providers
We use the following shipping service providers for the shipment of goods:
Deutsche Post AG
Charles-de-Gaulle-Strasse 20
53113 Bonn, Germany
DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Hermes Germany GmbH
Essener Straße 89
22419 Hamburg
General Logistics Systems
Germany GmbH & Co. OHG
GLS Germany-Straße 1 – 7
36286 Neuenstein
DPD Germany GmbH
Wailandtstrasse 1
63741 Aschaffenburg
Transfer of your e-mail address to the selected shipping service provider
If you give your consent during the check-out process, we will transfer your e-mail address to the selected shipping service provider. This will use your e-mail address to send you information about your delivery. If you wish to revoke this, please address your revocation directly to the shipping service provider.
10.6 Information about our payment service providers
We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of processing the payment. For these transactions, the respective contract and data protection provisions of the respective providers apply. The use of the payment service providers is based on Art. 6 para. 1 lit. b GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consents can be revoked at any time for the future.
Integration of payment services via Unzer
We have integrated various payment methods via the provider Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg (hereinafter “Unzer”). The privacy policy of Unzer can be found at https://www.unzer.com/de/datenschutz/.
Your personal data will be transmitted and processed to Unzer GmbH and its partner companies for the purpose of processing the payment on the basis of Art. 6 para. 1 lit. b GDPR, accounting processing and, if necessary, refinancing.
The use of Unzer GmbH is furthermore based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in the use of a secure payment service.
Credit checks for unsecure payment methods
Valid for: Purchase on account, direct debit
The service provider Unzer GmbH carries out a risk and creditworthiness assessment for uncertain payment methods. The credit report may contain probability values (so-called score values).
For this purpose, the data entered as part of the order (e.g. name, address, invoice amount, bank data) will be forwarded to publicly accessible databases and credit agencies via Unzer via queries and requests for information. Information, and if necessary, credit information based on statistical methods can be requested in particular from the following providers:
• CRIF GmbH, Diefenbachgasse 35, 11 50 Vienna, Austria
• CRIF AG, Hagenholzstrasse 81, 8050 Zurich, Switzerland
• CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich, Germany
• SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
• KSV1870 Information GmbH, Wagenseilgasse 7, 1100 Vienna, Austria
• Creditreform Boniversum GmbH, Hellersbergstr. 11, 41460 Neuss, Germany
• infoscore Consumer Data GmbH, Rheinstrasse 99, 76532 Baden-Baden, Germany
• ProfileAddress Direktmarketing GmbH, Altmannsdorfer Strasse 311, 1230 Vienna, Austria
• Emailage LTD, 1 Fore Street Ave, London, EC2Y 5EJ, United Kingdom
• ThreatMetrix, The Base 3/F, Tower C, Evert van de Beekstraat 1, 1118 CL Schiphol, The Netherlands
• payolution GmbH, Columbuscenter, Columbusplatz 7-8, 1100 Vienna, Austria
• Universum Business GmbH, Hanauer Landstr. 164, 60314 Frankfurt am Main, Germany
• SEON Technologies Ltd, Rákóczi út 42, 1072 Budapest, Hungary
• Google Ireland Ltd, Gordon House, Barrow Street Dublin 4, Ireland
• Intrum AG, Eschenstrasse 12, 8603 Schwerzenbach, Switzerland
The probability of non-payment is determined on the basis of this data. If the risk of non-payment is excessive, the payment type in question may be refused.
The credit assessment is carried out on the basis of contract performance (Art. 6 para. 1 lit. b GDPR) as well as to avoid payment defaults (legitimate interest according to Art. 6 para. 1 lit. f GDPR).
If consent has been obtained, the credit check is carried out on the basis of this consent (Art. 6 (1) lit. GDPR); consent can be revoked at any time.
You can object to this processing of your data at any time by sending a message to the data controller or to Unzer. However, Unzer may still be entitled to process your personal data if this is necessary for the contractual processing of payments.
Payment methods offered
• PayPal via Unzer
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full. For details, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
• Instant bank transfer via Unzer
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter “Sofort GmbH”). With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfill our obligations. If you have chosen the payment method “Sofortüberweisung”, you transmit the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, it also automatically checks your turnover, the credit line of the overdraft facility and the existence of other accounts and their balances. In addition to the PIN and the TAN, the payment data you have entered as well as data about yourself are also transmitted to Sofort GmbH. The personal data is your first and last name, address, telephone number(s), e-mail address, IP address and, if necessary, other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent fraud attempts. Details on payment with Sofortüberweisung can be found in the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.
• Mastercard via Unzer
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”). Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
• VISA Card via Unzer
The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”). The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection equivalent to the level of data protection in the European Union. VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html. For more information, please refer to VISA’s privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
• Purchase on account via Unzer
When selecting the payment method purchase on account, personal data as well as order data (such as shopping cart, invoice amount, order history, payment experience) are transmitted to Unzer for the purpose of a credit check and payment processing.
• Direct debit via Unzer
If you pay by direct debit, we will debit the amount from your account using our payment service Unzer and transfer it to our bank account.
10.7 Data transfer to collection companies
In order to fulfill the contract in accordance with Art. 6 para. 1 lit. b GDPR, your data will be passed on by Unzer GmbH to a commissioned collection agency, insofar as the payment claim has not been settled despite a previous reminder.
In this case, the debt will be collected directly by the collection agency. In addition, the disclosure serves the protection of legitimate interests in an effective assertion or enforcement of the payment claim pursuant to Art. 6 para. 1 lit. f GDPR.
11. Analysis tools, tracking and advertising
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses so-called “cookies”. These are text files that are saved on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.
IP anonymization
We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser plug-in
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: tools.google.com/dlpage/gaoptout.
Data processing agreement
We have concluded an order processing contract
with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Storage period
Data stored by Google at user and event level that are linked to cookies, user IDs (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are saved after 14 months anonymized or deleted. You can find details on this under the following link: https://support.google.com/analytics/answer/76610096?hl=de
Google Ads and Google Conversion Tracking
This website uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use so-called conversion tracking as part of Google Ads. If you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser stores on the user’s computer. These cookies lose their validity after 30 days and are not used to personally identify users. If the user visits certain pages on this website and the cookie has not yet expired, we and Google can see that the user clicked on the ad and was redirected to this page.
Each Google Ads customer receives a different cookie. The cookies cannot be tracked through the websites of Google Ads customers. The information obtained using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. The customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not want to participate in tracking, you can object to this use by easily deactivating the Google conversion tracking cookie in your internet browser under user settings. You will then not be included in the conversion tracking statistics.
The storage of “conversion cookies” and the use of this tracking tool are based on Art. 6(1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.
You can find more information about Google Ads and Google Conversion Tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de .
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted.
Google DoubleClick
This website uses functions from Google DoubleClick. The provider is Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (hereinafter “DoubleClick”).
DoubleClick is used to show you interest-based advertisements across the entire Google advertising network. With the help of DoubleClick, the advertisements can be tailored to the interests of the respective viewer. For example, our advertising can be displayed in Google search results or in advertising banners linked to DoubleClick.
In order to be able to show the users interest-based advertising, DoubleClick must be able to recognize the respective viewer. For this purpose, a cookie is stored in the user’s browser, behind which the websites visited by the user, clicks and various other information are stored. This information is summarized in a pseudonymous user profile in order to display interest-based advertising to the user concerned.
Google DoubleClick is used in the interest of targeted advertising. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.
You can set your browser so that it no longer stores cookies. However, this may restrict the website functions that can be accessed. It should also be noted that DoubleClick may also use other technologies to create user profiles. Switching off cookies therefore does not guarantee that user profiles will no longer be created.
For more information on how to object to the advertisements shown by Google, please refer to the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated .
12 . Plugins and Content Delivery Networks
YouTube
This website integrates videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. Furthermore, YouTube can save various cookies on your device. With the help of these cookies, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent attempted fraud. The cookies remain on your device until you delete them.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.
Further information on handling user data can be found in YouTube’s data protection declaration at: https://policies.google.com/privacy?hl=de .
Google Tag Manager
This website uses the Google Tag Manager. Google Tag Manager is a solution that enables marketers to manage website tags from one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in effect for all tracking tags that are implemented with Google Tag Manager. The use of Google Tag Manager is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the use of a functional and useful tool.
Google Web Fonts
This page uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that this website has been accessed via your IP address. The use of Google WebFonts is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the uniform representation of the typeface on his website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR; the consent can be revoked at any time.
If your browser does not support web fonts, a standard font will be used by your computer.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s data protection declaration: https://policies.google.com/privacy?hl=de .
13. Our social media appearances
Data processing through social networks
We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presence triggers numerous data protection-related processing operations.
In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data can also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is recorded, for example, using cookies that are stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-related advertising can be displayed on all devices on which you are or were logged in.
Please also note that we cannot retrace all processing processes on the social media portals. Depending on the provider, further processing operations can therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and data protection provisions of the respective social media portals.
Legal basis
Our social media appearances are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (fa GDPR).
Responsible and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we and the operator of the social media platform are responsible for the data processing operations triggered during this visit. In principle, you can exercise your rights (information, correction, deletion, restriction of processing, data portability and complaint) against us as well as claim against the operator of the respective social media portal (e.g. against Facebook).
Please note that, despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely based on the company policy of the respective provider.
Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for their storage no longer applies, you ask us to delete them, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
Social networks in detail
Facebook
We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. According to Facebook, the data collected will also be transferred to the USA and other third countries.
We have concluded an agreement on joint processing (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
Twitter
We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
You can adjust your Twitter data protection settings yourself in your user account. To do this, click on the following link and log in: https://twitter.com/personalization.
Details can be found in Twitter’s data protection declaration: https://twitter.com/de/privacy.
Instagram
We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Details on how they handle your personal data can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875.
14. Additional information for business contacts
Type of data that we process from our business contacts and purposes of the processing of personal data
We process personal data of our customers that we receive directly as part of our business relationship. If we have received data from you, we generally only process it for the purposes for which we received or collected it.
As a rule, we process the following categories of data from you:
• Name first Name
• Gender / title
• company
• Company address
• Telecommunication data
• E-mail address
• professional function and / or position
• Company bank details / other payment details
• Data on the history of the business relationship
Customer and supplier history
As part of the business initiation phase and
during the business relationship, in particular through personal, telephone or written contacts, initiated by you or one of our employees, additional personal data is generated, e.g. B. Information about the contact channel, date, occasion and result; (Electronic) copies of the correspondence and any information about participation in direct marketing measures.
Customer loyalty measures Within the scope of the legal permissions, we reserve the right to carry out customer loyalty measures in accordance with Art. 6 (1) (f) GDPR and Section 7 Paragraph 3 UWG. You have the right to object at any time, please address this to the above-mentioned responsible body.
Changes in purpose
Data processing for other purposes can only be considered if the necessary legal requirements in accordance with Art. 6 (4) GDPR are available. In this case, we will of course observe any information obligations pursuant to Art. 13 (3) GDPR and Art. 14 (4) GDPR.
Legal basis according to which we process personal data
On the basis of your consent (Art. 6 (1) (a) GDPR)
We process personal data for one or more specific purposes if you have given us your consent. If personal data is processed on the basis of your consent, you have the right to revoke your consent to us at any time with effect for the future.
Data processing for the fulfillment of contracts (Art. 6 (1) (b) GDPR)
We process personal data for the fulfillment of contracts. The fulfillment of contracts includes, for example, the conclusion, processing and reversal of a contract. In addition, we process personal data that are required to carry out pre-contractual measures, for example to initiate a contract, and which are made upon your request.
Data processing based on a legal obligation (Art. 6 (1) (c) GDPR)
Like every company, we have to meet retention requirements and other documentation requirements; this can also affect documents with personal information. Insofar as we process data for these purposes, the processing takes place based on a legal obligation.
Data processing based on a balancing of interests (Art. 6 (1) (f) GDPR)
If we process data based on a balancing of interests, you as the data subject have the right to process personal data, taking into account the requirements of Art. 21 GDPR contradict. As far as the specific purpose allows, we process your data pseudonymized or anonymized.
Further legal bases result from the commercial and tax law requirements.
Other recipients of your data
Disclosure to processors within the scope of Art. 28 GDPR Processors employed
by us (Art. 28 GDPR), in particular in the area of IT services and, for example, printing services, who process your data for us in accordance with our instructions. If we commission service providers to fulfill our tasks, we always observe the data protection regulations; in particular, data is only passed on after contract processing has been concluded.
For the implementation of a contractual relationship
If it is necessary for the implementation of the contract with you, we will pass on your data to banks, for example.
Disclosure due to a legal obligation
If there is a legal or official obligation, we pass on your data to public bodies or institutions (authorities, for example in the context of criminal prosecution).
Other bodies, insofar as you have
given us your consent. If you have given us explicit consent, we will also pass on your data to other bodies. However, this is done within the limits if you have proven your consent.
General information on deletion periods for personal data
Principle of earmarking and observance of the statutory retention periods
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract.
In addition, like every company, we are obliged to comply with the statutory retention periods, for example the periods under commercial and tax law. Insofar as there are statutory retention requirements, the relevant personal data will be stored for the duration of the retention requirement. The storage period is also based on the statutory limitation periods, which, for example, according to §§ 195 ff. Of the German Civil Code (BGB) can usually be three years, but in certain cases also up to thirty years. After the retention period has expired, a check is carried out to determine whether there is any further requirement for processing. If it is no longer necessary, the data will be deleted.
Specific example
If you enter into a legal transaction with us (Art. 6 (1) (b) GDPR), we will store your data for ten years until the commercial and tax law requirements have expired. After this period, we check whether we can delete the data and, if necessary, delete them.
E-mails and business letters
We archive all of our e-mail traffic for ten years. If you write us an e-mail, your data and the entire e-mail content will be stored for 10 years. Most e-mails count as business letters, and e-mails can also contain information relevant to tax law. In our opinion, the effort to check every single email is not in proportion to the benefit and the legitimate interests of the sender. Of course, you can ask us to delete it at any time and we will carry out a case-by-case check and we will inform you of the result. This can lead to deletion or restriction of processing, depending on the content of the correspondence.
Revocation of your consent
If we process your data on the basis of your consent (Art. 6 (1) (a) GDPR), we will delete it after your revocation. Unless there is a legitimate interest against a complete deletion. For example, we keep the declaration of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 (1) (a) GDPR). We only keep the consent with the restriction of processing in order to be able to defend ourselves in the event of a dispute.
Legal or contractual obligation to provide personal data
The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the required personal data, we will not be able to conclude and fulfill a contract with you.
Transmission to a third party country
We generally process your personal data in data centers in the Federal Republic of Germany, the European Union or secure third countries such as Switzerland.
A transfer to a third country with an inadequate level of data protection is only possible if you have given us your consent or if we have concluded an order processing contract in accordance with Art. 28 GDPR, taking into account suitable guarantees or other suitable guarantees.