Data protection
Privacy Policy
Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are not obligated to provide the data. Failure to provide it will have no consequences. This only applies unless otherwise stated during the subsequent processing operations.
"Personal data" means any information relating to an identified or identifiable natural person.
The processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in ensuring the trouble-free operation of our website and in improving our offering.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. An adequacy decision of the EU Commission exists for Canada. An adequacy decision of the EU Commission exists for the USA: the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.
contact
Person responsible
Please contact us if you wish.The person responsible for data processing is: Marc Neumann, Mühlenkamp 44, 22303 Hamburg Germany, 040-20908867, office@cosman-interior.de
Customer's proactive contact via email
If you initiate business contact with us via email, we will only collect your personal data (name, email address, message text) to the extent you provide it. This data processing serves to process and respond to your contact request.
If the contact serves to carry out pre-contractual measures (e.g. advice in the event of purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 (1) (b) GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in processing and answering your enquiry. In this case, you have the right to object at any time to the processing of personal data concerning you based on Art. 6 (1) (f) GDPR, for reasons arising from your particular situation.
We will only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.
Collection and processing when using the contact form
When you use the contact form, we collect your personal data (name, email address, message text) only to the extent you provide it. Data processing serves the purpose of establishing contact.
If the contact serves to carry out pre-contractual measures (e.g. advice in the event of purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 (1) (b) GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in processing and answering your request. In this case, you have the right to object at any time to the processing of personal data concerning you based on Art. 6 (1) (f) GDPR, for reasons arising from your particular situation.
We will only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.
Customer account orders
Customer account
When you open a customer account, we collect your personal data to the extent specified therein. The data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of the consent until the revocation. Your customer account will then be deleted.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. For Canada, there is an adequacy decision of the EU Commission. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified according to the TADPF. This data transfer is based on contractual obligations that are comparable to those of the EU Commission's standard contractual clauses.
Reviews Advertising
Data collection when writing a comment or rating
When you comment on or rate an article or post, we collect your personal data (name, email address, comment text) only to the extent you provide it. The processing serves the purpose of enabling and displaying comments/ratings.
For the purpose of verifying your rating/comment, we also collect the following data: Order number, Customer number, Invoice number, .
By submitting the comment/rating you consent to the processing of the transmitted data. Processing is based on Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of your consent until the revocation. Your personal data will then be deleted.
When your comment/review is published, the name and email address you provided published.
Website logo for Google Customer Reviews
The website logo for Google Customer Reviews of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) is integrated into our website.
The purpose of the integration is to display the number and results of the reviews we have received so far via Google and to promote participation in this program.
To display the logo on our website and to show you personalized ads on Google, Google uses cookies. This may include, among other things, your IP address being processed and transmitted to Google.
Your data may be transferred to the USA. For the USA, the EU Commission has adopted an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is therefore committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent in accordance with Section 25 (1) S1 TTDSG in conjunction with Art. 6 (1) (a) GDPR. Your personal data will be processed with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
For more information about terms of use and privacy when using Google Customer Reviews, please visit https://www.google.com/shopping/customerreviews/static/tos/de/1_01_tos.html as well as under https://policies.google.com/privacy?hl=de
We use the Google Customer Reviews rating tool from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) for our website.
After your order, we would like to ask you to rate and comment on your purchase. For this purpose, we will contact you via email using Google's survey opt-in module. The following information, among others, may be processed and transmitted to Google: order details (e.g., order ID, delivery country, expected delivery date, GTIN of the ordered products) and your email address.
Your data may be transferred to the USA. For the USA, the EU Commission has adopted an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is therefore committed to complying with European data protection principles.
Processing is based on Art. 6 (1) (a) GDPR with your consent, provided you have expressly agreed to the transfer of your data and to receiving the request for feedback. You can revoke your consent at any time with future effect, without affecting the legality of the processing carried out on the basis of the consent until the revocation.
Use of the email address for sending newsletters
We use your email address, regardless of contract processing, exclusively for our own advertising purposes to send newsletters, provided you have expressly consented to this. Data is processed on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the mailing list.
Your data will be forwarded to an email marketing service provider as part of the contract processing. It will not be passed on to any other third parties.
Using Brevo (formerly Sendinblue)
We use the service of Sendinblue GmbH (Köpenicker Straße 126, 10179 Berlin; “Brevo”) to send the newsletter as part of order processing.
We will forward the information you provide during newsletter registration (email address, first and last name, if applicable) to Brevo. Data processing serves the purpose of sending the newsletter and its statistical analysis.
To evaluate newsletter campaigns, the email newsletters sent contain a 1x1 pixel graphic (tracking pixel) and/or a tracking link. This allows us to determine whether you have opened the newsletter and whether you have clicked on any integrated links. In this context, your personal data, such as your IP address, browser type and device, and the time of opening, may also be collected. This data can be used to create user profiles under a pseudonym. The collected data will not be used to identify you personally. The collected data will only be used for statistical analysis to improve newsletter campaigns.
Your personal data is processed on the basis of Art. 6 (1) (f) GDPR based on our overriding legitimate interest in a targeted, effective and user-friendly newsletter system. You have the right to object to the processing of personal data concerning you at any time for reasons related to your particular situation.
Further information and Brevo’s privacy policy can be found at: https://www.brevo.com/de/legal/privacypolicy/.
Use of the mobile phone number for sending SMS advertising
Regardless of the contract processing, we will use your mobile phone number exclusively for our own advertising purposes to send SMS advertising, provided you have expressly consented to this.
The processing is based on Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the legality of the processing carried out on the basis of your consent until the revocation. Your mobile phone number will then be removed from the mailing list.
Shipping service provider merchandise management
Passing on the email address to shipping companies to inform them about the shipping status
We will pass on your email address to the shipping company as part of the contract processing, provided you have expressly consented to this during the ordering process. The purpose of this transfer is to inform you about the shipping status by email. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us or the shipping company, without affecting the legality of the processing carried out on the basis of your consent until the revocation.
Use of an external inventory management system
We use a merchandise management system within the framework of order processing to process contracts. For this purpose, your personal data collected as part of the order will be transferred to
deltra Business Software GmbH & Co. KG, Gildestraße 9, D-32760 Detmold
transmitted.
The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is based on Art. 6 (1) (b) GDPR.
Payment service providers
Using PayPal
We use the payment service PayPal from PayPal (Europe) on our website S.à.rl et Cie, S.CA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal"). The data processing serves the purpose of being able to offer you payment via the payment service. By selecting and using payment via PayPal, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Art. 6 (1) (b) GDPR.
All PayPal transactions are subject to the PayPal Privacy Policy, which can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Using PayPal Express
We use the payment service PayPal Express from PayPal (Europe) on our website S.à.rl et Cie, S.CA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal"). The data processing serves the purpose of being able to offer you payment via the PayPal Express payment service. To integrate this payment service, PayPal must collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, location of your device) when you visit the website. Cookies may also be used for this purpose. The cookies enable the recognition of your browser.
Your personal data is processed on the basis of Art. 6 (1) (f) GDPR based on our overriding legitimate interest in offering a customer-oriented range of different payment methods. You have the right to object to the processing of personal data concerning you at any time for reasons related to your particular situation.
By selecting and using PayPal Express, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Art. 6 (1) (b) GDPR. Further information on data processing when using the PayPal Express payment service can be found in the associated privacy policy at www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS.
Using PayPal Check-Out
We use the payment service PayPal Check-Out from PayPal (Europe) on our website S.à.rl et Cie, S.CA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal"). The purpose of data processing is to offer you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data required for payment processing will be transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is based on Art. 6 (1) (b) GDPR.
Cookies may be stored that enable your browser to be recognized. The resulting data processing is based on Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in offering a customer-oriented range of payment methods. You have the right to object to the processing of personal data concerning you at any time for reasons related to your particular situation.
Credit card via PayPal, direct debit via PayPal & “Pay later” via PayPal
For certain payment methods such as credit card via PayPal, direct debit via PayPal, or "Pay later" via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information obtained regarding the statistical probability of a payment default to make a balanced decision regarding the establishment, implementation, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated based on scientifically recognized mathematical-statistical procedures and including address data. Your legitimate interests will be considered in accordance with legal provisions. Data processing serves the purpose of credit assessment for contract initiation. The processing is based on Art. 6 (1) (f) GDPR, based on our overriding legitimate interest in protecting against payment defaults when PayPal makes advance payments.
You have the right to object at any time to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR by notifying PayPal, for reasons arising from your particular situation. Providing this data is necessary for concluding the contract using your preferred payment method. Failure to provide this data will result in the contract not being concluded using your chosen payment method.
Third-party providers
When paying using a third-party payment method, the data required for payment processing will be transmitted to PayPal. This processing is based on Art. 6 (1) (b) GDPR. To process this payment method, PayPal may then forward the data to the respective provider. This processing is based on Art. 6 (1) (b) GDPR. Local third-party providers can include, for example:
- Immediately (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main)
Purchase on account via PayPal
When paying via invoice, the data required for payment processing is first transmitted to PayPal. To process this payment method, PayPal then transmits the data to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 (1) (b) GDPR. Ratepay may conduct a credit check based on mathematical-statistical procedures (probability or score values) using credit agencies according to the process already described above. The data is processed for the purpose of credit checks for the initiation of a contract. The processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in protecting against payment default when Ratepay makes advance payments. Further information on data protection and which credit agencies use Ratpay can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.
Further information on data processing when using PayPal can be found in the associated privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Cookies
Our website uses cookies. Cookies are small text files that are stored in the Internet browser or by the Internet browser on a user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is visited again.
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Use of Consent Manager
We use the consent management tool Consentmanager from Consentmanager AB (Håltegelvägen 1b, 72348 Västerås, Sweden; "Consentmanager") on our website.
The tool enables you to give consent to data processing via the website, in particular the setting of cookies, as well as to exercise your right of revocation for consents already given.
The purpose of data processing is to obtain and document the necessary consents to data processing and thus to comply with legal obligations.
Cookies may be used for this purpose. The following information, among others, may be collected and transmitted to Consent Manager: the date and time of the page visit, information about the browser and device you use, an anonymized IP address, and opt-in and opt-out data. This data will not be shared with third parties.
The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 (1) (c) GDPR.
Further information on data protection at Consentmanager can be found at: https://www.consentmanager.net/privacy.php
Use of the Cookie Consent Manager CCM19
We use the Cookie Consent Manager CCM19 from Papoo Software & Media GmbH (Auguststr. 4, 53229 Bonn; "CCM19") on our website.
The plug-in allows you to grant consent to data processing via the website, in particular the use of cookies, as well as to exercise your right to withdraw consent previously granted. Data processing serves the purpose of obtaining and documenting the necessary consent to data processing and thus complying with legal obligations.
Cookies are used for this purpose. Among other things, the following information may be collected, stored and, if necessary, The following information will be transferred to CCM19: randomly assigned ID, consent status, date and time of consent/rejection. The data will be stored for 1 year and 1 month and then deleted. This data will not be shared with other third parties.
The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 (1) (c) GDPR.
Further information on data protection at CCM19 can be found at: https://www.ccm19.de/datenschutzerklaerung.html.
Use of Complianz GDPR Cookie Consent
We use the Complianz GDPR Cookie Consent plugin from Complianz BV (Atoomweg 6B 9743 AK Groningen, Netherlands; "Complianz") on our website.
The plug-in enables you to give your consent to data processing via the website, in particular the setting of cookies, as well as to exercise your right to withdraw consent you have already given. The purpose of data processing is to obtain and document the necessary consents for data processing and thus comply with legal obligations. Cookies may be used for this purpose. The following information, among others, may be collected and transmitted to Complianz: a uniquely identifiable ID, consent status. This data will not be shared with other third parties.
The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 (1) (c) GDPR.
Further information on data protection at Complianz can be found at: https://complianz.io/legal/privacy-statement/?cmplz_region_redirect=true®ion=eu
Analysis Communication
Use of Google Analytics 4
We use the web analysis service Google Analytics from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The data processing serves the purpose of analyzing this website and its visitors, as well as for marketing and advertising purposes. Google will use the information obtained on behalf of the website operator to evaluate your use of the website, to compile reports on website activity, and to provide the website operator with other services related to website activity and internet usage.
The following information may be collected, among others: IP address, date and time of the page visit, click path, information about the browser and device you use, pages visited, referrer URL (website through which you accessed our website), location data, purchasing activities. Google may link your information with other information, such as your search history, your personal accounts, your usage data from other devices, and any other information Google has about you.
The IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area.
Google uses technologies such as cookies, web storage in the browser and tracking pixels that enable an analysis of your use of the website. The use of cookies or similar technologies is based on your consent in accordance with Section 25 (1) S. 1 TTDSG in conjunction with Art. 6 Para. 1 lit. a GDPR.
Your personal data will be processed with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. For the USA, the EU Commission has adopted an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is therefore committed to complying with European data protection principles. Both Google and US government agencies have access to your data.
Further information on terms of use and data protection can be found at https://policies.google.com/technologies/partner-sites and under https://policies.google.com/privacy?hl=de&gl=de.
Using Shopify Statistics
We use the statistics and analysis functions of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") as part of a contract processing agreement. Shopify is a service provider affiliated with Shopify Inc. (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada) affiliated company.
Data processing serves the purpose of analyzing this website and its visitors. For this purpose, data is stored for marketing and optimization purposes and provided in reports, analyses, and statistics. Among other things, the following device information is collected and processed: information about the web browser, IP address, time zone, and some of the cookies installed on your device. As you navigate the website, information about the web pages or products you visit, the referrer URL (website from which you accessed our website), and information about how you interact with the website are also collected. Technologies such as cookies, web beacons, tags, and pixels (electronic files that collect information about how you navigate the website) are used for this purpose.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. An adequacy decision of the EU Commission exists for Canada. An adequacy decision of the EU Commission exists for the USA: the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.
The use of cookies or similar technologies is based on your consent in accordance with Section 25 (1) S1 TTDSG in conjunction with Art. 6 (1) (a) GDPR. Your personal data will be processed with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
You can find more information about Shopify’s privacy policy at https://www.shopify.com/de/legal/datenschutz, Information on the order processing contract at https://www.shopify.com/de/legal/dpa and information about the cookies used at https://www.shopify.com/de/legal/cookies.
We use the live chat system Shopify Inbox on our website of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") as part of a contract processing agreement. Shopify is a service provider affiliated with Shopify Inc. (151 O'Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada) affiliated company.
Data processing serves the purpose of direct and efficient communication between you and us as the provider. Data is stored and processed for the operation of the system and to optimize the service.
To operate the live chat system, cookies may be used to enable browser recognition. The following information may be collected and processed: IP address and personal data provided by you when using the chat system.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. An adequacy decision of the EU Commission exists for Canada. An adequacy decision of the EU Commission exists for the USA: the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to those of the EU Commission's standard contractual clauses.
The use of cookies or similar technologies is based on your consent in accordance with Section 25 (1) S1 TTDSG in conjunction with Art. 6 (1) (a) GDPR. Your personal data will be processed with your consent on the basis of Art. 6 (1) (a) GDPR. a GDPR. You may revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
For more information about Shopify’s privacy policy, please visit https://www.shopify.com/de/legal/datenschutz and https://www.shopify.com/de/legal/dpa.
Plugins and Miscellaneous
We use the Google Tag Manager of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.
This application manages JavaScript tags and HTML tags, which are used, in particular, to implement tracking and analysis tools. Data processing serves the purpose of tailoring and optimizing our website to meet your needs.
The Google Tag Manager itself does not store cookies, nor does it process personal data. However, it does allow the activation of additional tags that can collect and process personal data.
Further information on terms of use and data protection can be found here.
Use of social plug-ins
We use social network plug-ins on our website. The integration of social plug-ins and the associated data processing serves the purpose of optimizing advertising for our products.
When social plug-ins are integrated, a link is established between your computer and the servers of the social network provider. The plug-in is displayed on the page by notification to your browser, provided you have expressly consented to this. Both your IP address and information about which of our pages you have visited are transmitted to the provider's servers. This applies regardless of whether you are registered or logged in to the social network. Data is also transmitted to unregistered or unlogged-in users. If you are connected to one or more of your social network accounts at the same time, the collected information can also be assigned to your corresponding profiles. When you use the plug-in functions (e.g., by clicking the button), this information is also assigned to your user account. You can prevent this assignment by logging out of your social media accounts before visiting our website and before activating the buttons.
The use of cookies or similar technologies is based on your consent in accordance with Section 25 (1) S1 TTDSG in conjunction with Art. 6 (1) (a) GDPR. Your personal data will be processed with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
The social networks listed below are integrated into our website via social plug-ins. Further information on the scope and purpose of data collection and use, as well as your rights and options for protecting your privacy, can be found in the linked privacy policies of the providers.
https://www.addthis.com/privacy/privacy-policy
Your data may be transferred to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). AddThis is not certified under the TADPF. Data transfers are based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.
Facebook of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Meta Platforms Ireland and we are jointly responsible for the collection of your data when integrating the service and the transmission of this data to Facebook. This is based on an agreement between us and Meta Platforms Ireland regarding the joint processing of personal data, which defines the respective responsibilities. The agreement is available at https://www.facebook.com/legal/controller_addendum We are therefore particularly responsible for fulfilling the information obligations pursuant to Art. 13 and 14 GDPR, for adhering to the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations pursuant to Art. 33 and 34 GDPR, to the extent that a personal data breach affects our obligations under the Joint Processing Agreement. Meta Platforms Ireland is responsible for enabling the rights of data subjects under Articles 15–20 GDPR, complying with the security requirements of Article 32 GDPR with regard to the security of the service, and fulfilling the obligations under Articles 33 and 34 GDPR, to the extent that a personal data breach affects Meta Platforms Ireland's obligations under the Joint Processing Agreement.
Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself according to the TADPF and is therefore committed to complying with European data protection principles.
For more information about the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy, please see Facebook’s privacy policy at https://www.facebook.com/about/privacy/.
https://help.instagram.com/155833707900388
Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself according to the TADPF and is therefore committed to complying with European data protection principles.
LinkedIn from LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA)
https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
Your data may be transferred to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). LinkedIn is not certified under the TADPF.
Pinterest from Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA)
https://policy.pinterest.com/de/privacy-policy
Your data may be transferred to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified under the TADPF.
https://twitter.com/personalization
Your data may be transferred to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). X is not certified under the TADPF.
https://www.xing.com/privacy
Your data may be transferred to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Xing is not certified under the TADPF. Data transfers are based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.
SoundCloud Global Limited & Co. KG (Rheinsberger Str. 76/77, 10115 Berlin, Germany)
https://soundcloud.com/pages/privacy
Your data may be transferred to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). SoundCloud is not certified under the TADPF. Data transfers are based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.
Use of social plug-ins via “Shariff”
We use social network plug-ins on our website. To ensure you retain control over your data, we use the privacy-safe "Shariff" buttons.
Without your express consent, no links will be established to the social network servers and consequently no data will be transmitted.
"Shariff" is a development by specialists at the computer magazine c't. It enables more privacy online and replaces the usual "share" buttons on social networks. More information about the Shariff project can be found here. https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.
When you click the buttons, a pop-up window appears where you can log in to the respective provider using your data. Only after you actively log in will a direct connection to the social networks be established.
By logging in, you consent to the transfer of your data to the respective social media provider. This includes, among other things, your IP address and information about which of our pages you have visited. If you are connected to one or more of your social network accounts at the same time, the collected information will also be assigned to your corresponding profiles. You can only prevent this assignment by logging out of your social media accounts before visiting our website and before activating the buttons. The social networks listed below are integrated using the "Shariff" function.
Further information on the scope and purpose of the collection and use of data as well as your rights and options for protecting your privacy can be found in the linked data protection notices of the providers.
AddThis from Oracle America, Inc. (500 Oracle Parkway, Redwood Shores, CA 94065, USA) https://www.addthis.com/privacy/privacy-policy
Your data may be transferred to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). AddThis is not certified according to the TADPF. Data transfer takes place, among other things, based on standard contractual clauses as appropriate guarantees for the protection of personal data, available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.
Facebook of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
https://www.facebook.com/policy.php
Your data may be transferred to the USA. For the USA, there is an adequacy decision of the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself according to the TADPF and is therefore committed to complying with European data protection principles.
Instagram of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland) https://help.instagram.com/155833707900388.
Your data may be transferred to the USA. For the USA, the EU Commission has adopted an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself according to the TADPF and is therefore committed to complying with European data protection principles.
LinkedIn from LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA)
https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
Your data may be transferred to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). LinkedIn is not certified under the TADPF.
Pinterest from Pinterest Inc. (635 High Street, Palo Alto, CA, 94301, USA)
https://policy.pinterest.com/de/privacy-policy
Your data may be transferred to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not certified under the TADPF.
https://twitter.com/personalization
Your data may be transferred to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). X is not certified under the TADPF.
Xing of XING SE (Dammtorstraße 30, 20354 Hamburg):
https://www.xing.com/privacy
Your data may be transferred to the USA. For the USA, the EU Commission has issued an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Xing is not certified under the TADPF. Data transfers are based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.
Use of Google Maps
We use the function for embedding Google Maps from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, "Google") on our website.
This feature enables the visual display of geographical information and interactive maps. Google also collects, processes, and uses data from website visitors when they access pages that incorporate Google Maps.
Your data may also be transferred to the USA. For the USA, the EU Commission has adopted an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is therefore committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent in accordance with Section 25 (1) S. 1 TTDSG in conjunction with Art. 6 Para. 1 lit. a GDPR. Your personal data will be processed with your consent on the basis of Art. 6 (1) (a) GDPR. You may revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
For more information about the collection and use of data by Google, please see Google’s privacy policy at https://www.google.com/privacypolicy.htmlThere you also have the option to change your settings in the privacy center so that you can manage and protect the data processed by Google.
Use of YouTube
We use the function for embedding YouTube videos from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”) on our website. YouTube is an affiliated company of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
This feature displays videos stored on YouTube in an iFrame on the website. The "Enhanced Data Protection Mode" option is activated. This means that YouTube does not store any information about website visitors. Only when you watch a video is information about it transmitted to YouTube and stored there. Your data may be transferred to the USA. For the USA, the EU Commission has adopted an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified itself according to the TADPF and is therefore committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent in accordance with Section 25 (1) S1 TTDSG in conjunction with Art. 6 (1) (a) GDPR. Your personal data will be processed with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
For more information about the collection and use of data by YouTube and Google, your rights in this regard and options for protecting your privacy, please see YouTube’s privacy policy at https://www.youtube.com/t/privacy.
Use of Vimeo
We use plug-ins from Vimeo Inc. (555 West 18th Street New York, New York 10011, USA; “Vimeo”) on our website to embed videos from the “Vimeo” portal.
When you access pages of our website that contain such a plug-in, a connection is established to the Vimeo servers and the plug-in is displayed on the page by sending a message to your browser. This means that both your IP address and information about which of our pages you have visited are transmitted to Vimeo’s servers.
If you are logged in to Vimeo, Vimeo assigns this information to your personal user account. When you use the plug-in functions (e.g., by starting a video by clicking the corresponding button), this information is also assigned to your Vimeo account.
Your data may be transferred to the USA. For the USA, the EU Commission has adopted an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Vimeo is not certified under the TADPF. Data transfers are based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.
The use of cookies or similar technologies is based on your consent in accordance with Section 25 (1) S1 TTDSG in conjunction with Art. 6 (1) (a) GDPR. Your personal data will be processed with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
Further information on the purpose and scope of the collection and further use and processing of the data by Vimeo as well as your rights and options for protecting your privacy can be found in Vimeo's privacy policy: https://vimeo.com/privacy
Use of Google Fonts
We use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The data processing serves the purpose of ensuring a consistent display of fonts on our website. To load the fonts, a connection to Google servers is established when the page is accessed. Cookies may be used for this purpose. This process includes, among other things, processing your IP address and information about the browser you use and transmitting it to Google. This data is not linked to your Google account.
Your data may be transferred to the USA. For the USA, the EU Commission has adopted an adequacy decision, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is therefore committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent in accordance with Section 25 (1) S. 1 TTDSG in conjunction with Art. 6 Para. 1 lit. a GDPR. Your personal data will be processed with your consent on the basis of Art. 6 (1) (a) GDPR. You may revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until the revocation.
Further information on data processing and data protection can be found at https://www.google.de/intl/de/policies/ as well as under https://developers.google.com/fonts/faq.
Rights of data subjects and storage period
Duration of storage
After the contract has been fully processed, the data will initially be stored for the duration of the warranty period, then in accordance with statutory retention periods, in particular those under tax and commercial law, and then deleted after the expiry of the period unless you have consented to further processing and use.
Rights of the data subject
If the legal requirements are met, you are entitled to the following rights under Articles 15 to 20 GDPR: Right to information, to rectification, to erasure, to restriction of processing, to data portability.
In addition, according to Art. 21 (1) GDPR, you have the right to object to processing based on Art. 6 (1) (f) GDPR and to processing for the purposes of direct marketing.
Right to lodge a complaint with the supervisory authority
According to Art. 77 GDPR, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful.
Right of objection
Are the personal data processing operations listed here based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, you have the right to object to this processing at any time with future effect for reasons arising from your particular situation.
Once you have objected, the processing of the data in question will be stopped unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
last updated: 29.11.2023