Grover Group GmbH operates the website www.grover.com ("Website"). If you conclude contracts via the Website, your contracting partner is subject to the rented goods:
Grover Group GmbH (Holzmarktstr. 11, 10179 Berlin, Commercial Register: Amtsgericht Berlin-Charlottenburg, Commercial Register Number: 166467B, VAT Identification Number: DE300852104), hereafter "Grover Group" or
Grover Finance I GmbH (Holzmarktstrasse 11, 10179 Berlin, Commercial Register: Amtsgericht Berlin-Charlottenburg Commercial Register Number: 181384B, VAT Identification Number DE300852104), hereinafter referred to as "Grover Finance I" or
Grover Finance II GmbH (Holzmarktstrasse 11, 10179 Berlin, Commercial Register: Amtsgericht Berlin-Charlottenburg Commercial Register Number: 202381B, VAT Identification No. DE300852104), hereinafter referred to as "Grover Finance II".
Grover Finance I and Grover Finance II are subsidiaries of Grover Group and Grover Group is the sole shareholder of Grover Finance I and Grover Finance II (affiliated companies). Grover Group, Grover Finance I and Grover Finance II hereinafter referred to as “Grover Company Group”.
Customer will be informed of the contracting party (Grover Group or Grover Finance I or Grover Finance II) via e-mail in text form. The Grover Group or the Grover Finance I or the Grover Finance II, hereinafter referred to as "Grover," will be the "provider" within the meaning of these terms and conditions.
In case the contracting party is Grover Finance I or Grover Finance II, it is represented by its parent company, Grover Group who exercises the rights and obligations arising from the contracts on behalf of Grover and handles these for Grover Finance I or Grover Finance II.
This results in the following responsibilities:
Controller regarding the operation of the website is:
Grover Group GmbH, Holzmarktstraße 11, 10179 Berlin, represented by the managing director Michael Cassau
E-mail: [email protected]
Tel.: +31 20 808 0844
Controller regarding the conclusion of contracts through the Website and the execution of these contracts is:
Grover Group GmbH, Holzmarktstraße 11, 10179 Berlin, represented by the managing director Michael Cassau
E-mail: [email protected]
Tel.: +31 20 808 0844
Grover Finance I GmbH, Holzmarktstraße 11, 10179 Berlin, represented by the managing director Michael Cassau
E-mail: [email protected]
Tel.: +31 20 808 0844
Grover Finance II GmbH, Holzmarktstraße 11, 10179 Berlin, represented by the managing director Michael Cassau
E-mail: [email protected]
Tel.: +31 20 808 0844
In the following, all companies will be referred to as "Grover" or "we".
You can contact the data protection officer of both companies at:
Herr Frank Trautwein
Schlesische Str. 26
E-Mail: [email protected]
We process personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act (BDSG) for the following purposes:
2.1 For the performance of contractual and pre-contractual obligations (Article 6 (1) sentence 1 (b) GDPR)
The processing of personal data (Article 4 No. 2 GDPR) occurs to provide this Website and to market the products, in particular to conclude and process contracts, to settle accounts, to carry out pre-contractual actions, to respond to inquiries related to our business relationship and for all activities necessary for the operation and administration of the company.
The purposes of data processing depends primarily on the specific product. Further details on the purpose of data processing in the context of contract performance can be found in the respective contract documents, and terms and conditions.
In particular, Grover processes the personal information that you provide as a user when registering, for contractual purposes or as part of a request. In particular, the following data are processed: name, date of birth, e-mail address, address (invoice and, if applicable, different shipping address), order information, optional telephone number and bank details. In addition, Grover saves the password, which the user can choose freely. The password is not stored in plain text, but only a so-called hash value.
2.2 Based on legitimate interests (Article 6 (1) sentence 1 (f) GDPR)
In addition, we process your data beyond the provision of the website and the actual performance of the contract for pursuing legitimate interests of third parties, or us, in particular in the following cases:
Answering your inquiries which are unrelated to a contract or pre-contractual actions;
advertising or market and opinion research, as long as you have not objected to the use of your data;
asserting legal claims and defense in legal disputes;
ensuring IT security and IT operations;
preventing and investigating criminal offenses;
business management and product development.
Our legitimate interest is to market our products optimally, further develop these products and our company, or to protect our company against adverse effects and threats and to enforce its claims.
2.3 On the basis of your consent (Article 6 (1) sentence 1 (a) GDPR)
Insofar as you have given us consent to the processing of personal data for specific purposes (e.g. evaluation or use of data for marketing purposes), the legality of this processing is based on your consent. A given consent can be withdrawn at any time. This also applies to the withdrawal of consents, which you have given us prior to the validity of the GDPR (before 25 May 2018). Please note that the withdrawal takes effect only for the future. Processing that occurred before the withdrawal is not affected by a revocation.
2.4 For compliance with a legal obligation (Article 6 (1) sentence 1 (c) GDPR)
In addition, we are subject to various legal obligations (e.g. Money Laundering Act, tax laws), which require the processing of data.
2.5 Identity verification upon opening a Grover Business Account:
In the course of the ordering process through a Grover Business Account, we may verify the identity of the Company's legal representative to prevent fraud and identity theft. For this purpose, we use the following service provider to help us verify the identity of the legal representative using a photo of his/her ID and person:
Onfido Limited, 3 Finsbury Avenue, London EC2M 2PA, United Kingdom
The legal basis for this verification process and data processing is Article 6 (1) sentence 1 (f) GDPR. The legitimate interest results from our interest in reducing the contract risk, protecting against bad debts as well as misuse of our services by third parties. Your interests will be considered in accordance with the statutory provisions.
Within the respective controlling company, the departments which need your personal data to perform our contractual and legal obligations, obtain access to your data.
Furthermore, we pass them on to the following categories of recipients if this is necessary to fulfill a contractual relationship with you or to carry out pre-contractual measures (Article 6 (1) sentence 1 GDPR), or to pursue legitimate interests (Art 6 (1) sentence 1 lit. f GDPR):
IT service providers, especially software as a service, hosting, storage and cloud computing providers,
logistics service providers,
email marketing service providers and customer service providers,
marketing service providers, especially Google Adwords and WhatsApp consulting service providers,
payment service providers and credit institutions for the collection of fees
and collection agencies to enforce claims
To the extent that processing is required to pursue legitimate interests, such as the use of IT services, our legitimate interest is to outsource functions.
In case your contracting partner is Grover Finance I or Grover Finance II, Grover Finance I and Grover Finance II make your data accessible to Grover Group GmbH for the conclusion and settlement of the contractual relationship as well as for the promotion of its own offers in the extent of the existence of a legal ground.
In addition, your personal data is forwarded or transmitted if required by law (Article 6 (1) sentence 1 (c) GDPR), or if you have consented (Article 6 (1) sentence 1 (a) GDPR).
To the extent necessary, we process and store your personal data for the duration of our contractual relationship, which includes, for example, the initiation and performance of a contract. Note that our contractual relationship is usually a continuing obligation.
When there is a contractual relationship, or another civil law claim, the storage period is also governed by the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code are usually three years, but in certain cases also can be thirty years.
In addition, we are subject to various storage and documentation obligations, which result inter alia from the German Commercial Code (HGB) and the Tax Code (AO). The deadlines for storage or documentation specified therein are 6 years for correspondence in connection with the conclusion of a contract and 10 years for accounting documents and business letters (§§ 238, 257 (1) and (4) HGB, § 147 (1) and (3) AO).
Log files are always deleted after the end of the respective browser session, at the latest after seven days, unless their further storage is exceptionally necessary and lawful. The storage period of cookies depends on the individual case and is usually between 12 and 24 months.
Grover itself does not transmit data to third countries (countries outside the European Economic Area - EEA). However, some of the above mentioned recipients will transfer personal data to third countries, but this will only be done on the basis of an adequacy decision by the EU Commission or, as indicated below, on the basis of standard data protection clauses of the EU Commission (available at https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF) or binding corporate rules.
When visiting our Website, the browser used on your device automatically sends information to the server hosting our Website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion: IP address of the requesting computer, date and time of access, name and URL of the retrieved file, web page from which the access follows ("Referrer-URL "), If applicable, the search engine you are using, the browser used and, if applicable, the operating system of your computer and the name of your access provider.
The legal basis for this type of data processing is Article 6 (1) sentence 1 lit. f GDPR. The legitimate interests pursued by us are in particular:
Ensuring a smooth connection of the website,
ensuring comfortable use of our website,
statistical evaluation using a pseudonym to optimize our website and offer quality and range,
evaluation of system security and stability as well
for further administrative purposes.
To the extent that you have expressly consented in accordance with Art. 6 para. 1 sentence 1 (a) GDPR we use your e-mail address to inform you with our newsletter by e-mail about us, our offers and special promotions. Your consent will be logged.
For the receipt of the newsletter the indication of an e-mail address is sufficient.
The withdrawal of the consent is possible at any time, for example via the link at the end of each e-mail. Alternatively, you can also send your withdrawal notice at any time by e-mail at [email protected]. In this case, your e-mail address will be deleted from our e-mail distribution list and added to our black list. The withdrawal of your consent takes effect only for the future. Processing that occurred before is not affected.
Note that we evaluate the behavior of the recipients of our emails using pseudonymous usage statistics. For this purpose, the emails contain so-called web beacons or tracking pixels and links, which are each linked with an individual ID. Thus, we record the time of opening and forwarding the e-mail as well as the clicking of the links contained therein, a part of the IP address (to determine an approximate location of retrieval) and the email program used. This data is not linked to your email address or other personal data, so that a direct personal relationship is excluded for us. The evaluation is based on aggregated usage statistics (delivery rate, opening rate, click rate, number of redirects, number of clicks on the links contained in the email, email programs used, openings and clicks by time of day and date, country of retrieval). Only in the event of cancellations or failed deliveries will we additionally receive information about the name and email address. This is (also) in your interest, so that we can immediately delete you from our email distribution list or correct the delivery problem. The pseudonymous evaluation of usage behavior serves to check the success of our email marketing and to constantly improve it. For these purposes, we have a legitimate interest in data processing. The legal basis is Art. 6 (1) sentence 1 (f) GDPR.
Shipping and evaluation by MailChimp
We use MailChimp, a service of The Rocket Science Group LLC, 675 Ponce De Leon Ave. NE, Suite 5000, Atlanta, GA 30308, USA ("MailChimp") for the purposes of sending and analyzing the e-mails.
We also use Braze in the USA to control, design content and transmit communications. For this purpose, personal data such as the name and email address are also processed in order to personalize the communication. The data is passed on to Braze via direct interfaces with our products (SDKs and APIs). The transmission of your information to a third country outside the EU, in this case the USA, is protected by data protection law, because Braze has submitted to the EU-US Privacy Shield (https: //www.privacyshield.gov/EU-US-Framework). Braze works for us as a processor in the sense of Art. 28 GDPR.
7.2 Existing customer advertising
To the extent that you have already ordered our products for a fee, we will inform you from time to time by e-mail or letter about similar goods and services from us, if you have not objected.
The legal basis for data processing are § 7 (3) of the German Act Against Unfair Competition and Art. 6 (1) sentence 1 (f) GDPR. We have a legitimate interest in direct marketing of similar own products and services (Recital 47 GDPR).
You may object to the use of your e-mail address and postal address for promotional purposes at any time at no additional charge, for example via the link at the end of each e-mail or by e-mail to [email protected].
In the course of ordering processes, we may review your credit rating. For this purpose, we provide the following data to so-called credit bureaus cooperating with us: name, address, date of birth. For this purpose, we will submit your personal data for the credit rating to Experian Nederland B.V. Grote Marktstraat 49, (2511 BH) Den Haag. You find detailed information on data processing by Experian in accordance with Article 14 GDPR on the Experian website: https://www.experian.nl/privacy-statement/index
For the decision on the conclusion, performance or termination of a contractual relationship, we use not only an address check, but also information about your previous payment behavior as well as probability values for your future behavior, which include, among other things, address data. We also obtain this information from Experian Nederland B.V. Grote Marktstraat 49, (2511 BH) Den Haag.
The creditworthiness information and own analyzes can contain probability values (score values), which are calculated on the basis of scientifically recognized mathematical-statistical procedures and whose calculation includes, among other things, address data. The legal basis for this is Article 6 (1) sentence 1 (f) GDPR. The legitimate interest results from our interest in reducing the contract risk, protecting against bad debts as well as misuse of our services by third parties. Your interests will be considered in accordance with the statutory provisions.
We also provide information about payment delays or any default on loans to credit agencies cooperating with us in compliance with any legal requirements. The legal basis for this is Article 6 (1) sentence 1 (f) GDPR. Our legitimate interest results from our and the interest of third parties in reducing contract risks for future contracts.
On our Website we use technically necessary cookies, functional cookies, web analytics cookies and tracking cookies for advertising purposes.
You can delete existing cookies in your browser,
you can prevent the storage of (third party) cookies in your browser settings,
you can use tools like Ghostery (https://www.ghostery.com/de/) that block tracking tools,
you can opt out of personalized ads from vendors that are part of the About Ads self-regulatory campaign (http://www.aboutads.info/choices).
Further possibilities to prevent the processing of data by cookies are described in the links printed hereinafter to privacy policies of providers. Many vendors provide special opt-out tools.
Please note that that you may not be able to use all features of our website when blocking cookies.
9.1 Technically necessary cookies
Many of the cookies we use are technically necessary to enable you to use our Website and the services offered on them ("session cookies"). These cookies allow e.g. the insertion of goods in a shopping cart or the login in the protected area. The legal basis for the processing is Art. 6 (1) sentence 1 (b) GDPR. The data will not be combined with other personal information and will not be used for promotional purposes. Session cookies are deleted after the end of the respective browser session, at the latest after seven days.
9.2 Functional cookies
We use temporary cookies to improve usability. These cookies are stored on your device for a certain time period, allowing that they will be recognized when you re-enter our site and your preferences and preferences are automatically set. The legal basis for the processing is Art. 6 (1) sentence 1 (f) GDPR.
9.3 Web Analytics Cookies
9.3.1 Google Analytics with anonymization function
For this web analysis we use the service Google Analytics, which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
On our behalf, Google uses this information as a processor within the meaning of Art. 28 GDPR to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services associated with website use and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
9.3.2 Google AdSense
We reserve the right to use Google AdSense on our website. Google AdSense is a service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, referred to here as “Google,” for the inclusion of advertisements.
Google AdSense uses “cookies,” text files that are stored on your computer and allow analysis of your use of our website. Google AdSense also uses “web beacons”. Through these web beacons, Google can evaluate information, such as the flow of traffic on our site. This information, in addition to your anonymized IP address and tracking of the displayed advertising formats, is transmitted to Google in the US, stored there, and may be used by Google to other parties. However, Google will not match your IP address with other data you have stored.
You can prevent the installation of cookies in your browser settings, however, you may then not be able to fully use all functions of our website. By using our website, you agree to the processing of data about you by Google in the manner described above and for the purpose stated above.
9.3.3 Other cookies
9.4 Tracking cookies for promotional purposes
We also use tracking cookies for the purpose of targeted and interest-based online advertising ("advertising cookies"). These cookies collect and store information about your use of our website in a pseudonymous form. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. your consent. You can withdraw your consent at any time. The legal basis for the processing carried out on the basis of your consent until the withdrawal remains unaffected.
We use the information to place advertisements that are in line with your interests on our Website and on the websites of third parties (if they are part of our advertising network). You benefit from this because you will be shown less advertising that is not tailored to your interests. We also use the information to measure and optimize the success of our advertising campaigns.
Specifically, we use the following tracking cookies (and tracking pixels) for promotional purposes:
9.4.1 Google Adwords with conversion tracking
This Website uses the online advertising service Google Adwords with conversion operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). We use the service to place ads on the results page of a Google search or a Google advertising network website using Google (so-called AdWords). Our purpose is to draw your attention to our offers. Conversion tracking enables us to measure how successful our individual advertising measures are by means of certain parameters (e.g. insertion of advertisements or clicks by the user).
When you click on an ad placed by Google, Google stores a conversion tracking cookie on your computer. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.
These cookies help Google recognize your browser. If you visit certain websites on an AdWords customer's website and the cookie has not yet expired, Google and the customer may recognize that you clicked on the ad and were redirected to the website. A different cookie is assigned to each AdWords customer. Cookies therefore cannot be traced through the websites of AdWords customers. We do not collect and process any personal data when using Google AdWords. We only receive statistical evaluations from Google with the total number of users who clicked on an ad and were redirected to a website with a conversion tracking tag. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.
Due to the technologies used, your browser automatically establishes a direct connection to a Google server in the USA. The transfer of your information to a third country outside the EU is covered by an adequacy decision of the Commission within the meaning of Art. 45 GDPR, as Google has self-certified its adherence to the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). By integrating AdWords with conversion tracking, Google receives the information that you have called up the corresponding website of our web presence or clicked on an advertisement from us. If you are registered with a Google service, Google may associate the data with your account. Even if you are not registered or logged in to Google, it is possible that Google may obtain and store your IP address.
Further information on data processing in the context of Google AdWords can be found at http://www.google.com/intl/de/policies/privacy.
The controller has integrated DoubleClick by Google components on this website. DoubleClick is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google's operating company is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
DoubleClick by Google transmits data to the DoubleClick server with every impression, click, or other activity. Each of these data transfers triggers a cookie request to the affected person's browser. If the browser accepts this request, DoubleClick sets a cookie on the information technology system of the person concerned. What cookies are, has already been explained above. The purpose of the cookie is to optimize and display advertising. The cookie is used, among other things, to serve and display user-relevant advertisements, as well as to generate reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid multiple impressions of the same advertising.
DoubleClick uses a cookie ID required to complete the technical process. For example, the cookie ID is needed to display an ad in a browser. DoubleClick can also use the cookie ID to see which ads have already appeared in a browser to avoid duplication. DoubleClick also allows the cookie ID to track conversions. Conversions are captured, for example, when a user has previously shown a DoubleClick ad and then, with the same internet browser, makes a purchase on the advertiser's website.
A DoubleClick cookie does not contain any personally identifiable information. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier identifies the campaigns the user was already in contact with.
Each time one of the pages of this website is accessed and a DoubleClick component is integrated, the Internet browser on the subject's information technology system is automatically prompted by the relevant DoubleClick component for purposes to submit online advertising and commission billing to Google. As part of this technical process, Google will be aware of data that Google uses to create commission billing. Google can understand, among other things, that the person has clicked on certain links on our website.
The affected person can prevent the setting of cookies through our website, as shown above, at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, cookies already set by Google can be deleted at any time via an internet browser or other software programs.
On our website, through technologies provided by HotJar (HotJar Ltd., St Julian’s Business Center, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) with the analysis service “HotJar” visitor interaction data is collected and stored to optimize the user experience and improve customer satisfaction. For this, mouse clicks, mouse movements, and scrolling movements as well as keyboard input can be saved.
HotJar will not record this data on websites that do not use the HotJar system. The collection and storage of data can be objected to at any time, and you can opt out here: https://www.hotjar.com/opt-out. In certain cases, deactivation may result in a restriction of the functionality of our website.
9.6 New Relic
On this Website, New Relic, a web analytics service provided by New Relic Inc., collects and stores data that is used to create usage profiles using pseudonyms. These user profiles are used to analyze visitor behavior and are evaluated to improve and tailor our services. Cookies may be used: small text files that are stored locally on the site visitor’s computer, allowing them to be recognized when revisiting our website. The pseudonymised user profiles will not be combined with personal data about the bearer of the pseudonym without the specific, express consent of the person concerned. You can prevent the installation of cookies in your browser settings, for example by deactivating the automatic storing of cookies, or specifically blocking only cookies from the domain “newrelic.com”.
9.7 Trustpilot and Typeform
To collect customer reviews, and product reviews by customers, we work with Trustpilot S/A, Valhalvej 1 Abyhoj, 8230 Denmark: We want our customers to be able to post a review after a transaction. For this we, we aim at sending you an email after the goods have been dispatched, and ask you to submit a rating. You have the right to object to this at any time, or to ignore the customer evaluation. We do not transfer any personal data to Trustpilot.
We use Typeform SL, Carrer Bac de Roda, 163, local, 08018 Barcelona, Spain for the purposes of market and opinion research as well as customer reviews. To do this, we will send you an email or a message in your account in a popup asking you to give your opinion. You have the right to object to the use or not to participate in the research/evaluation at any time. Typeform is committed to the data protection-compliant handling of your transmitted data. It takes all organizational and technical measures to protect your data. If you participate in the research/evaluation, your answers to the survey as well as where required your user ID or your email address will be transmitted to Typeform via an interface. By placing an order with us you agree to electronic market and opinion research and customer evaluation, however you are free to participate in the research / evaluation at any time and to ignore this request.
You can find more information in the data protection regulations of Typeform (https://admin.typeform.com/to/dwk6gt/).
9.8 Trusted Shops
To display our Trusted Shops seal of approval and any collected reviews as well as to offer the Trusted Shops products for buyers after placing an order, the Trusted Shops Trust Badge is included on this website.
This happens to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in the optimal marketing of our offer pursuant to Art. 6 (1) sentence 1 lit. f DSGVO. The Trustbadge and the services advertised are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. When the Trustbadge is called, the Web server automatically stores a so-called server log file, which, for example, contains your IP address, date and time of the retrieval, transferred amount of data and the requesting provider (access data) and documents the call. These access data will not be evaluated and automatically overwritten within seven days after the end of your page visit.
Other personal data will only be transferred to Trusted Shops, as far as you have consented to this, decided after the completion of an order for the use of Trusted Shops products or have already registered for use. In this case, the contractual agreement between you and Trusted Shops applies.
The controller has integrated Twitter components on this website. Twitter is a multilingual publicly available microblogging service where users can post and distribute so-called tweets, which are limited to 280 characters. These short messages are available to anyone, including non-Twitter subscribers. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user's tweets. Twitter also allows you to address a broad audience via hashtags, links or retweets.
The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Each time one of the individual pages of this website, which is operated by the controller and on which a Twitter component (Twitter button) has been integrated, the Internet browser on the information technology system of the person concerned is automatically activated by the respective Twitter component causes to download a presentation of the corresponding Twitter component of Twitter. Further information on the Twitter buttons is available at https://about.twitter.com/en/resources/buttons. As part of this technical process, Twitter receives information about which specific subpage of our website is visited by the person concerned. The purpose of the integration of the Twitter component is to allow our users to redistribute the contents of this website, to promote this website in the digital world and to increase our visitor numbers.
If the data subject is simultaneously logged in to Twitter, Twitter recognizes with each visit to our website by the data subject and during the entire duration of the respective stay on our website, which specific underside of our website visits the data subject. This information is collected through the Twitter component and assigned through Twitter to the affected person's Twitter account. If the person concerned activates one of the Twitter buttons integrated on our website, the data and information transmitted with it are assigned to the personal Twitter user account of the person concerned and stored and processed by Twitter.
Twitter always receives information via the Twitter component that the person concerned has visited our website if the person concerned simultaneously logs on to Twitter at the time of access to our website; this happens regardless of whether or not the subject clicks on the Twitter component. If such a transfer of this information to Twitter is not wanted by the person concerned, the user can prevent the transfer by logging out of their Twitter account before calling our website.
The applicable privacy policies of Twitter are available at https://twitter.com/privacy?lang=en.
We integrated components from LinkedIn Corporation on our website. LinkedIn is an Internet-based social network that allows users to connect to existing business contacts and make new business contacts.
Each time you visit our website, which has a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the subject to download a corresponding representation of the LinkedIn component. More information about the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical process, LinkedIn learns about the specific bottom site of our website visited by the affected person.
If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes with each visit to our website by the data subject and during the entire duration of the respective stay on our website which specific bottom site of our website the data subject visits. This information is collected through the LinkedIn component and linked by LinkedIn to the affected person’s LinkedIn account. If the affected person activates a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the person concerned and saves this personal data.
LinkedIn always receives information via the LinkedIn component that the person concerned has visited our website if the person concerned is simultaneously logged into LinkedIn at the time of accessing our website; this happens regardless of whether the person clicks on the LinkedIn component or not. If the affected person does not want to transmit this information to LinkedIn, the latter can prevent it from logging out of their LinkedIn account before visiting our website.
The controller has integrated components of the company Facebook on this website. Facebook is a social network.
A social network is an Internet-based social meeting place, an online community that typically allows users to communicate with each other and interact in virtual space. A social network can serve as a platform to exchange views and experiences, or allows the Internet community to provide personal or business information. Facebook allows social network users to create private profiles, upload photos and socialize via friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Persons responsible for the processing of personal data, if an affected person lives outside the US or Canada, are Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
Each visit to one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the person concerned automatically by the respective Facebook Component causes a representation of the corresponding Facebook component of Facebook to download. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_US. As part of this technical process, Facebook receives information about which specific underside of our website is visited by the person concerned.
If the data subject is simultaneously logged into Facebook, Facebook recognizes with each visit to our website by the data subject and during the entire duration of the respective stay on our website, which specific underside of our website the data subject visits. This information is collected through the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the person concerned activates one of the Facebook buttons integrated on our website, for example the "Like" button, or if the person concerned makes a comment, Facebook assigns this information to the personal Facebook user account of the person concerned and saves this personal data.
Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged in to Facebook at the same time as accessing our website; this happens regardless of whether the person clicks on the Facebook component or not. If such a transfer of this information to Facebook is not wanted by the data subject, it can prevent the transfer by logging out of their Facebook account before calling our website.
The data policy published by Facebook, which is available at https://www.facebook.com/about/privacy/update?ref=old_policy provides information on the collection, processing and use of personal data by Facebook. It also explains which options Facebook offers to protect the privacy of the data subject.
The use of our Facebook page is usually possible without providing additional personal information, apart from those that were already entered on Facebook when registering. Insofar as personal data (e.g. name, address, or e-mail addresses) are collected on our website, for example by contacting us directly via Facebook message, this is always done on a voluntary basis. These data will not be disclosed to third parties without your explicit consent.
Processing of personal data by Facebook
In its judgment of 05.06.2018, the European Court of Justice (ECJ) ruled that the operator of a Facebook page, together with Facebook, is responsible for the processing of personal data. Facebook processes users' data for the following purposes:
Advertising, analysis, creation of personalized advertising
Creation of user profiles
When this page is accessed, Facebook automatically saves information in a log file that your browser sends to Facebook. We expressly point out that we have no knowledge of the scope and content of the data collected by Facebook and their processing and use or, if necessary, transmission to third parties through Facebook.
Facebook Inc., the US parent company of Facebook Ireland Ltd. is under the EU-US. Privacy Shield certifies that it is committed to adhering to European privacy policies.
For more information about the Privacy Shield status of Facebook, please visit https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active .
The transmission and further processing of personal data of users to third countries, such as the USA, as well as the associated possible risks for the users can not be excluded by us as operator of the site.
Statistical data about the different categories of Facebook page visitors is available to us in Facebook "Insights." These statistics are generated and provided by Facebook. On the generation and representation we have no influence as the operator of the site.
You can find the option to opt-out here: https://www.facebook.com/policies/cookies/ and here: http://www.youronlinechoices.com/de/praferenzmanagement/.
The display of read recommendations by Outbrain via cookies is done on a purely pseudonymous basis, personal data of the user is not stored. The data collected by Outbrain are: device source, browser type, and the user's anonymized IP address. To anonymize the IP address, the last octet of the IP address is removed to ensure full anonymization.
9.14 Bing Ads Conversion Tracking
Our online services also use Microsoft Conversion Tracking (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads places a cookie on your computer if you have accessed our website via a Microsoft Bing ad. Microsoft Bing and we can thus recognize that someone clicked on an ad, was redirected to our website and reached a previously determined landing page (conversion page). We only record the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is given. If you do not want to participate in the tracking process, you can also refuse the required setting of a cookie - for example, via a browser setting that generally disables the automatic setting of cookies. For more information about privacy and cookies used with Microsoft Bing, visit the Microsoft Web site: privacy.microsoft.com/en-us/privacystatement
We have integrated components of the Instagram service on our website. Instagram is a service that qualifies as an audiovisual platform, allowing users to share photos and videos, as well as to redistribute such data across social networks.
The operating company of Instagram's services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Each time you visit one of the individual pages of this website which is operated by us and on which an Instagram component (Insta-Button) has been integrated, the internet browser on the information technology system of the person concerned is automatically prompted by the respective Instagram component, a representation of the corresponding component of Instagram. As part of this technical process, Instagram is aware of which specific page of our website is visited by the person concerned.
If the person concerned is simultaneously logged in to Instagram, Instagram recognizes each visit to our website by the data subject and which specific subpage the person concerned visits during the entire duration of the respective stay on our website. This information is collected through the Instagram component and assigned through Instagram to the affected person's Instagram account. If the person concerned activates one of the Instagram buttons integrated on our website, the data and information transmitted with it are assigned to the personal Instagram user account of the person concerned and saved and processed by Instagram.
Instagram always receives information via the Instagram component that the person concerned has visited our website if the person concerned is simultaneously logged in to Instagram at the time of accessing our website; this happens regardless of whether the person clicks on the Instagram component or not. If such information is not intended to be transmitted to Instagram by the person concerned, the subject can prevent the transmission by logging out of their Instagram account before accessing our website.
We have incorporated YouTube components on this site. YouTube is an internet video portal that allows video publishers to freely watch video clips and other users for free viewing, rating and commenting. YouTube allows the publication of all types of videos, so that both complete film and television broadcasts, but also music videos, trailers or user-made videos via the Internet portal are available.
YouTube's operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
Each time you visit any of the pages on this site operated by us and which has a YouTube component (YouTube video) incorporated into it, the internet browser on the subject's information technology system is automatically prompted by the particular YouTube component, a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at https://www.youtube.com/yt/about/en/. As part of this technical process, YouTube and Google will be aware of which specific page of our site the person is visiting.
If the person is logged in to YouTube at the same time, YouTube recognizes by calling a sub-page containing a YouTube video, which specific page of our website the person concerned visited. This information will be collected by YouTube and Google and associated with the affected person's YouTube account.
YouTube and Google always receive information through the YouTube component that the data subject has visited our website if the data subject is simultaneously logged in to YouTube at the time of access to our website; this happens regardless of whether the person clicks on a YouTube video or not. If such information is not intended to be passed on to YouTube and Google by the person concerned, the subject may prevent the transmission by logging out of their YouTube account before accessing our website.
10.1 PayPal as payment method
We have integrated PayPal components on this website. PayPal is an online payment service provider. Payments are made through so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal has the ability to process virtual payments through credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also takes on trustee functions and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the data subject selects "PayPal" as a payment option during the order process in our online shop, data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing.
The personal data sent to PayPal are usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing. For the execution of the purchase contract, also such personal data are necessary, which are in connection with the respective order. Payment transactions via PayPal are made exclusively via an encrypted SSL or TLS connection.
The purpose of the transmission of the data is payment processing and fraud prevention. The controller will provide PayPal with personally identifiable information, in particular if there is a legitimate interest in the transfer. The personal data exchanged between PayPal and the controller may be transferred by PayPal to credit reporting agencies. This transmission is for the purposes of the identity and credit check.
PayPal may disclose personal information to affiliates and service providers or subcontractors, to the extent necessary to fulfill its contractual obligations or to process the data on behalf of the controller.
The data subject has the option to revoke the consent to the handling of personal data against PayPal at any time. A revocation has no effect on personal data which must be processed, used or transmitted for (contractual) payment processing.
10.2 Visa and Mastercard as payment method
Payment transactions via the offered means of payment take place exclusively via an encoded SSL or TLS connection. You can recognize an encrypted connection by changing the address line of the browser from "http: //" to "https: //" and the lock symbol in your browser line. In the case of encrypted communication, your payment details that you submit to us can not be read by third parties.
For the payment transactions, the terms and conditions and the privacy notices of the respective payment service providers, which are available within the respective websites, or transaction applications apply. We also refer to these for further information and assertion of rights of withdrawal, information and other data subjects.
10.3 SEPA-Direct Mandate as payment method
We use external payment service providers through whose platforms you can issue a SEPA direct debit mandate (SEPA Express, B4Payment GmbH, Lilienthalstr. 8, 93049 Regensburg, Germany / UAB Finolita Unio, Lvovo str. 25, Vilnius, 09320 Lithuania / FinTecSystems GmbH, Gottfried-Keller-Str. 33, 81245 Munich).
The SEPA direct debit mandate is issued exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http: //" to "https: //" and by the lock symbol in your browser line. With encrypted communication, your bank details that you transmit to SEPAExpress cannot be read by third parties.
The data processed by the payment service providers include inventory data, such as the name and address, bank details, such as IBAN, account number, passwords, TANs and test number as well as the contract amount and recipient-related information. The information is required to complete the transactions. However, the data entered will only be processed and saved by the payment service providers. That we do not receive any account-related information, only information with confirmation or negative information about the payment.
The terms and conditions and the data protection notices of the respective payment service providers apply to the payment transactions, which can be called up within the respective websites or transaction applications.
You have against us the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Article 20 GDPR). With regard to the right of access and the right to erasure, the restrictions stipulated in §§ 34 and 35 BDSG apply. You also have the right to object to data processing by us (Article 21 GDPR). Insofar as our processing of your personal data is based on consent (Art. 6 (1), sentence 1 (a) GDPR), you can withdraw it at any time; the lawfulness of the data processing carried out on the basis of the consent until the withdrawal remains unaffected.
To assert all these rights and for further questions on personal data related issues, you can always contact our data protection officer or our postal address (see paragraph 1).
In addition, you have the right to lodge a complaint with a supervisory authority - in particular in the EU Member State where your place of residence or your place of work or the place of alleged infringement is - if you believe that the processing of your personal data is contrary to the GDPR, or other applicable data protection laws (Art. 77 GDPR, § 19 BDSG).
As part of the conclusion and performance of the contractual relationship, we use fully automated individual decision-making in the context of credit checks in accordance with Art. 22 GDPR. If you do not agree, you can notify us in writing or by e-mail to [email protected]. We will then re-examine the decision, taking your point of view into account.
As of: 01.07.2020