Privacy Policy

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on data protection can be found in our privacy policy, which is linked below.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Their contact details can be found in the section "Information on the responsible body" in this privacy policy.

How do we collect your data?

Your data is collected, firstly, because you provide it to us. This could include, for example, data that you enter into a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you access this website.

What do we use your data for?

Some data is collected to ensure the website functions correctly. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to obtain information free of charge at any time regarding the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time with regard to this and other questions concerning data protection.

Analytics tools and third-party tools

When you visit this website, your browsing behavior may be statistically analyzed. This is done primarily using so-called analytics programs.

Detailed information about these analytics programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following providers:

Shopify

The provider is Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter referred to as “Shopify”).

Shopify is a tool for building and hosting websites. When you visit our website, Shopify collects your IP address and information about the device you are using and your browser. Shopify also analyzes visitor numbers, visitor sources, and customer behavior, and generates user statistics. If you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment information, and other data related to the purchase (e.g., phone number, sales volume, etc.). Shopify stores cookies in your browser for these analyses.

For details, please refer to Shopify's privacy policy: https://www.shopify.de/legal/datenschutz .

The use of Shopify is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Strato

The provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter "Strato"). When you visit our website, Strato collects various log files, including your IP address.

For further information, please refer to Strato's privacy policy: https://www.strato.de/datenschutz/ .

The use of Strato is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website possible. If corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Order processing

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a legally required contract under data protection law, which ensures that the service provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Cloudflare

We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare offers a globally distributed Content Delivery Network (CDN) with DNS. Technically, the transfer of information between your browser and our website is routed through the Cloudflare network. This enables Cloudflare to analyze the traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. Cloudflare may also use cookies or other technologies to recognize internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website in the most error-free and secure way possible (Art. 6 para. 1 lit. f GDPR).

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.cloudflare.com/privacypolicy/ .

Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/ .

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnZKAA0&status=Active

Order processing

3. General information and mandatory disclosures

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

Please note that data transmission over the internet (e.g., when communicating via email) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Note regarding the responsible body

The responsible body for data processing on this website is:

Leave PCOS GmbH
Unterer Reihberg 3
64711 Erbach

Telephone: +49 6062 9563831
Email: info@leavepcos.de

The responsible entity is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Storage duration

Unless a more specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you submit a legitimate request for erasure or withdraw your consent to data processing, your data will be deleted, provided we have no other legally permissible grounds for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the data will be deleted once these grounds cease to apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Article 6(1)(a) GDPR or Article 9(2)(a) GDPR if special categories of data pursuant to Article 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing also takes place on the basis of Article 49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g., via device fingerprinting), data processing additionally takes place on the basis of Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG). You can withdraw your consent at any time. If your data is required for the performance of a contract or for taking steps prior to entering into a contract, we process your data on the basis of Article 6(1)(b) GDPR. Furthermore, we process your data if it is necessary for compliance with a legal obligation, on the basis of Article 6(1)(c) GDPR. Data processing may also be based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Information on the applicable legal bases in each individual case is provided in the following paragraphs of this privacy policy.

Data Protection Officer

We have appointed a data protection officer.

Björn Zurbriggen
Unterer Reihberg 3
64711 Erbach

Telephone: [Telephone number of the data protection officer]
Email: info@leavepcos.de

Note regarding data transfer to third countries that do not offer adequate data protection and transfer to US companies that are not DPF-certified.

We use, among other things, tools from companies based in third countries with inadequate data protection laws, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to and processed in these countries. Please note that a level of data protection comparable to that of the EU cannot be guaranteed in third countries with inadequate data protection laws.

Please note that the USA, as a safe third country, generally offers a level of data protection comparable to that of the EU. Data transfers to the USA are therefore permitted if the recipient is certified under the EU-US Data Privacy Framework (DPF) or has appropriate additional safeguards in place. Information on transfers to third countries, including data recipients, can be found in this privacy policy.

Recipients of personal data

As part of our business activities, we collaborate with various external parties. This sometimes requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Article 6(1)(f) GDPR, or if another legal basis permits the data transfer. When using data processors, we only transfer our customers' personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Revocation of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time. The legality of data processing carried out before the revocation remains unaffected by the revocation.

Right to object to data processing in special cases and to direct marketing (Art. 21 GDPR)

If data processing is based on Article 6(1)(e) or (f) of the GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you; this also applies to profiling based on these provisions. The specific legal basis for each processing operation can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of establishing, exercising or defending legal claims (objection pursuant to Art. 21 para. 1 GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be processed for direct marketing purposes (objection pursuant to Article 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement. This right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to receive the data that we process automatically based on your consent or in fulfillment of a contract, either for yourself or for a third party, in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if technically feasible.

Information, correction and deletion

Under applicable law, you have the right to request information, free of charge, about your stored personal data, its origin and recipients, and the purpose of the data processing, as well as the right to rectification or erasure of this data. You can contact us at any time with regard to this and any other questions concerning personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do so. The right to restrict processing exists in the following cases:

If you dispute the accuracy of your personal data stored with us, we generally need time to verify this. For the duration of the verification process, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you require it for the establishment, exercise or defense of legal claims, you have the right to request restriction of processing of your personal data instead of erasure.
If you have objected to processing pursuant to Article 21(1) GDPR, a balancing of interests between your interests and ours must be carried out. Until it is determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from being stored – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

SSL or TLS encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the lock symbol in your browser's address bar.

When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.

Encrypted payment transactions on this website

If, after concluding a paid contract, you are obligated to provide us with your payment details (e.g., account number for direct debit), this data is required for payment processing.

Payments via common payment methods (Visa/MasterCard, direct debit) are processed exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the padlock symbol in your browser's address bar.

With encrypted communication, your payment details that you transmit to us cannot be read by third parties.

Objection to advertising emails

The use of contact details published as part of the legal notice for sending unsolicited advertising and informational materials is hereby prohibited. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.

4. Data collection on this website

Cookies

Our website uses so-called "cookies." Cookies are small data packets and do not harm your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after you leave our website. Persistent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).

Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies can be used to analyze user behavior or for advertising purposes.

Cookies that are necessary for carrying out electronic communication, for providing certain functions you have requested (e.g., for the shopping cart function), or for optimizing the website (e.g., cookies for measuring website traffic) (necessary cookies) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically flawless and optimized provision of its services. If consent to the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Article 6(1)(a) GDPR and Section 25(1) TTDSG); this consent can be revoked at any time.

You can configure your browser to notify you when cookies are set and to allow cookies only in individual cases, to accept cookies in certain cases or to generally reject them, and to automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.

You can find information about which cookies and services are used on this website in this privacy policy.

GDPR Legal Cookie by Shopify

Our website uses the GDPR Legal Cookie by Shopify to obtain your consent to the storage of certain cookies on your device or the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is beeclever GmbH, Friedrich-Mohr-Straße 1, 56070 Koblenz (hereinafter referred to as "beeclever").

When you visit our website, a connection is established to the servers of the provider beeclever. Beeclever receives personal data in this way, such as the browser used, the IP address, and a timestamp. A cookie is then stored in your browser to associate your given consent or its revocation with you. The data collected in this way is stored until you request its deletion, delete the cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected. Details can be found at: https://apps.shopify.com/gdpr-legal-cookie .

Shopify uses the GDPR Legal Cookie to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

Order processing

Server log files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This information includes:

Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of server request
IP address

This data will not be combined with other data sources.

This data is collected on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in the technically flawless presentation and optimization of its website – for this purpose, the server log files must be recorded.

Contact form

If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provided, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for taking steps prior to entering into a contract. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if such consent has been obtained; you may withdraw your consent at any time.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions – in particular, retention periods – remain unaffected.

Inquiries via email, telephone or fax

When you contact us by email, telephone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We will not share this data without your consent.

The data you send us via contact requests will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular, statutory retention periods – remain unaffected.

Communication via WhatsApp

We use the instant messaging service WhatsApp, among others, to communicate with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication is end-to-end encrypted (peer-to-peer), preventing WhatsApp or other third parties from accessing the content of the communication. However, WhatsApp does have access to metadata generated during the communication process (e.g., sender, recipient, and time). We would also like to point out that, according to WhatsApp, it shares its users' personal data with its US-based parent company, Meta. Further details on data processing can be found in WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy .

The use of WhatsApp is based on our legitimate interest in communicating with customers, prospective customers, and other business and contractual partners as quickly and effectively as possible (Art. 6 para. 1 lit. f GDPR). If corresponding consent has been requested, data processing is carried out exclusively on the basis of this consent; this consent can be revoked at any time with effect for the future.

The content of communications exchanged between you and us on WhatsApp will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular, retention periods – remain unaffected.

We use WhatsApp in the "WhatsApp Business" version.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here : https://www.whatsapp.com/legal/business-data-transfer-addendum

We have configured our WhatsApp accounts so that there is no automatic data synchronization with the address book on the smartphones in use.

We have concluded a data processing agreement (DPA) with the above-mentioned provider.

Google Forms

We have integrated Google Forms on this website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google).

Google Forms allows us to create online forms to collect messages, inquiries, and other input from our website visitors in a structured manner. All input you provide is processed on Google's servers. Google Forms stores a cookie in your browser containing a unique ID (NID cookie). This cookie stores various pieces of information, such as your language preferences.

The use of Google Forms is based on our legitimate interest in determining your request in the most user-friendly way possible (Art. 6 para. 1 lit. f GDPR). If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

The data you entered in the form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular, retention periods – remain unaffected.

For more information, please see Google's privacy policy at https://policies.google.com/ .

Order processing

Registration on this website

You can register on this website to use additional features. We will only use the data you provide for the purpose of providing the specific offer or service for which you registered. All required information requested during registration must be provided in full. Otherwise, we will reject your registration.

For important changes, such as changes to the scope of services or technically necessary changes, we will use the email address you provided during registration to inform you.

The data entered during registration is processed for the purpose of carrying out the user relationship established by the registration and, if applicable, for initiating further contracts (Art. 6 para. 1 lit. b GDPR).

The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.

Registration with Google

Instead of registering directly on this website, you can register with Google. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To register with Google, you only need to enter your Google username and password. Google will identify you and confirm your identity to our website.

If you sign in with Google, we may be able to use certain information from your account to complete your profile with us. You decide which information this is and whether it is shared through your Google security settings, which you can find here: https://myaccount.google.com/security and https://myaccount.google.com/permissions .

The data processing associated with Google registration is based on our legitimate interest in providing our users with the simplest possible registration process (Art. 6 para. 1 lit. f GDPR). Since the use of the registration function is voluntary and users can decide for themselves on the respective access options, no overriding rights of the data subjects are apparent.

Registration with Facebook Connect

Instead of registering directly on this website, you can register using Facebook Connect. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.

If you choose to register using Facebook Connect and click the "Login with Facebook" / "Connect with Facebook" button, you will be automatically redirected to the Facebook platform. There, you can log in with your Facebook credentials. This will link your Facebook profile to this website and/or our services. Through this link, we gain access to the data you have stored on Facebook. This includes, in particular:

Facebook name
Facebook profile and cover photo
Facebook cover photo
Email address registered with Facebook
Facebook ID
Facebook friend lists
Facebook Likes (“likes”)
Birthday
Gender
country
Language

This data will be used to set up, provide, and personalize your account.

Registration via Facebook Connect and the associated data processing operations are based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time with effect for the future.

To the extent that personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after the transfer is not part of the joint responsibility. Our joint obligations are set out in a joint controllership agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum . According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of its products. You can assert your data subject rights (e.g., requests for access) regarding data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obligated to forward them to Facebook.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum , https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php .

Further information can be found in the Facebook Terms of Service and the Facebook Data Policy. These can be found at: https://de-de.facebook.com/about/privacy/ and https://de-de.facebook.com/legal/terms/ .

5. Push notifications introduction

Push notification summary
👥 Affected: Push notification subscribers
🤝 Purpose: Notification of system-relevant and interesting events
📓 Data processed: Data entered during registration, usually also location data. More details can be found in the documentation for the respective push notification tool.
📅 Storage duration: Data is usually stored for as long as necessary to provide the services.
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract)

What are push notifications?

We also use push notification services on our website to keep our users up to date. This means that if you have consented to receiving push notifications, we can send you short news updates using a software tool. Push notifications are a form of text message that appears directly on your smartphone or other devices such as tablets or PCs, provided you have subscribed to them. You will receive these messages even if you are not on our website or actively using our services. Data about your location and usage patterns may also be collected and stored.

Why do we use push notifications?

On the one hand, we use push notifications to fully deliver the services we have contractually agreed upon with you. On the other hand, these notifications also serve our online marketing purposes. We can use them to introduce you to our services and products. In particular, we can inform you immediately about any news from our company. We want to understand the preferences and habits of all our users as well as possible in order to continuously improve our offerings.

What data is processed?

To receive push notifications, you must also confirm that you want to receive them. The data collected during the consent process is stored, managed, and processed. This is necessary to prove and verify that a user has agreed to receive push notifications. For this purpose, a so-called device token or push token is stored in your browser. Typically, your location data, or the location of the device you are using, is also stored.

To ensure we always send you interesting and important push notifications, we statistically analyze how you interact with these notifications. This allows us to see, for example, if and when you open the message. Using these insights, we can tailor our communication strategy to your preferences and interests. Although this stored data can be associated with you, we do not intend to monitor you as an individual. Rather, we are interested in the data collected from all our users so that we can make improvements. You can find out exactly what data is stored in the privacy policies of the respective service providers.

Duration of data processing

How long the data is processed and stored depends primarily on the tool we use. You can find more information about the data processing practices of each tool below. The providers' privacy policies usually specify exactly which data is stored and processed, and for how long. Generally, personal data is only processed for as long as necessary to provide our services. If data is stored in cookies, the storage duration varies considerably. The data may be deleted immediately after leaving a website, or it may remain stored for several years. Therefore, you should examine each individual cookie in detail if you want to know more about data storage. You will usually find informative details about the individual cookies in the privacy policies of the respective providers.

Legal basis

Push notifications may also be necessary to fulfill certain contractual obligations, such as informing you of technical or organizational updates. In this case, the legal basis is Article 6(1)(b) GDPR.

If this is not the case, push notifications will only be sent with your consent. Our push notifications may contain advertising content. Push notifications may also be sent based on your location as displayed by your device. The aforementioned analytical evaluations are also based on your consent to receive such notifications. The legal basis for this is Article 6(1)(a) GDPR. You can, of course, withdraw your consent or change various settings at any time in your device settings.

6. Messenger & Communication Introduction

Messenger & Communication Privacy Policy Summary
👥 Affected: Visitors to the website
🤝 Purpose: Contact requests and general communication between us and you
📓 Data processed: Data such as name, address, email address, telephone number, general content data, and, if applicable, IP address.
More details can be found in the descriptions of the respective tools used.
📅 Storage duration: depends on the messenger & communication functions used
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests), Art. 6 para. 1 sentence 1 lit. b GDPR (contractual or pre-contractual obligations)

What are messenger and communication functions?

We offer various ways to communicate with us on our website (such as messenger and chat functions, online and contact forms, email, and telephone). Your data will also be processed and stored to the extent necessary to answer your inquiry and for our subsequent actions.

In addition to traditional communication methods such as email, contact forms, and telephone, we also use chat and messaging apps. Currently, WhatsApp is the most frequently used messaging service, but there are, of course, many different providers offering messaging features specifically for websites. If content is end-to-end encrypted, this will be indicated in the individual privacy policies or data protection statements of the respective provider. End-to-end encryption simply means that the content of a message is not visible even to the provider. However, information about your device, location settings, and other technical data may still be processed and stored.

Why do we use messenger and communication functions?

Communication options with you are very important to us. We want to talk to you and answer any questions you may have about our service as best we can. Effective communication is a key part of what we offer. With our convenient messenger and communication features, you can choose the method that suits you best. However, in exceptional cases, we may not be able to answer certain questions via chat or messenger. This is the case, for example, when it comes to internal contractual matters. In these situations, we recommend using other communication methods such as email or telephone.

We generally assume that we remain responsible under data protection law even when using the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Article 26 GDPR. Where this is the case, we will indicate this separately and operate on the basis of a corresponding agreement. The key points of the agreement are summarized below under the relevant platform.

Please note that when using our integrated features, your data may also be processed outside the European Union, as many providers, such as Facebook Messenger or WhatsApp, are American companies. This may make it more difficult for you to assert or enforce your rights regarding your personal data.

What data is processed?

Exactly which data is stored and processed depends on the respective provider of the messenger and communication functions. Generally, this includes data such as name, address, telephone number, email address, and content data, such as all the information you enter into a contact form. Information about your device and IP address is usually also stored. Data collected via a messenger and communication function is also stored on the providers' servers.

If you want to know exactly what data is stored and processed by the respective providers and how you can object to data processing, you should carefully read the respective company's privacy policy.

How long is data stored?

How long data is processed and stored depends primarily on the tools we use. You can find more information about the data processing practices of each tool below. The providers' privacy policies typically specify exactly which data is stored and processed, and for how long. Generally, personal data is only processed for as long as necessary to provide our services. When data is stored in cookies, the storage duration varies considerably. The data may be deleted immediately after leaving a website, or it may remain stored for several years. Therefore, you should examine each individual cookie in detail if you want to know more about data storage. You will usually find informative details about the individual cookies in the privacy policies of the respective providers.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. For further information, please refer to the section on consent.

Since messenger and communication functions may use cookies, we also recommend that you read our general privacy policy about cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to the processing and storage of your data through integrated messenger and communication functions, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR) . We process your request and manage your data within the framework of contractual or pre-contractual relationships in order to fulfill our pre-contractual and contractual obligations and/or to answer inquiries. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR . In principle, if consent has been given, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners.

Facebook Messenger Privacy Policy

Facebook Messenger Privacy Policy Summary
👥 Affected: Facebook Messenger users
🤝 Purpose: Communication
📓 Data processed: Contact details, messages, media
📅 Storage duration: after account deletion
⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Facebook Messenger?

We use the Facebook Messenger instant messaging service on our website. The service provider is the American company Meta Platforms Inc. For the European region, Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible.

Facebook Messenger is a chat messaging feature developed by Facebook that allows you to send and receive text messages, voice and video calls, photos and other media files to other Facebook users.
When you use Facebook Messenger, your personal data is also processed on Facebook servers. This includes, in addition to your phone number and chat messages, sent photos, videos, profile data, your address, and your location.

Why do we use Facebook Messenger?

We want to stay in touch with you, and the best way to do that is through messaging services like Facebook Messenger. Firstly, because the service works flawlessly, and secondly, because Facebook is still one of the most popular social media platforms. The service is convenient and allows for quick and easy communication with you.

What data is processed by Facebook Messenger?

Using Facebook Messenger may result in the processing of various types of data, including personal data. This includes account information such as your phone number, profile picture, username, and other information you provide to Facebook when creating and managing your account. Facebook also stores the content of your messages (text, photos, videos, voice messages). Facebook also stores metadata, such as the date and time a message was sent or received. Facebook Messenger can also access your contacts to facilitate communication with them. Furthermore, technical data such as device type, operating system, and location data are also stored.

How long and where will the data be stored?

Generally, Facebook stores data until it is no longer needed for its own services and products. Facebook has servers distributed around the world where its data is stored. However, customer data is deleted within 48 hours after it has been matched with the company's own user data.

How can I delete my data or prevent data storage?

You have the right to access, correct, delete, and restrict the processing of your personal data at any time. You can also withdraw your consent to data processing at any time. Your data will only be permanently deleted if you delete your Facebook account.

Follow these steps to completely delete your Facebook account:

1) Log in to Facebook and then click on “Settings” in the top right corner.

2) Next, click on “Your Facebook Information” in the left column.

3) Now click “Deactivation and Deletion”.

4) Now select “Delete account” and then click “Next and delete account”.

5) Now enter your password, click "Next" and then "Delete account"

Legal basis

The use of Facebook Messenger requires your consent, which we have obtained using our consent tool (popup). According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by Facebook Messenger.

In addition to your consent, we have a legitimate interest in improving our service. Using Facebook Messenger allows us to communicate with you more quickly and effectively. The legal basis for this is Article 6(1)(f) GDPR (legitimate interests) . However, we only use Facebook Messenger if you have given your consent.

Facebook processes your data, among other places, in the USA. Facebook, or rather Meta Platforms, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en .

Furthermore, Facebook uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are model clauses provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Facebook commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Facebook's data processing terms, which refer to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing .

You can find out more about the data processed through the use of Facebook in the Privacy Policy at https://www.facebook.com/about/privacy .

Data Processing Agreement (DPA) Facebook Messenger

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a data processing agreement (DPA) with Facebook. You can find out exactly what a DPA is and, above all, what it must contain in our general section "Data Processing Agreement (DPA)."

This agreement is legally required because Facebook processes personal data on our behalf. It stipulates that Facebook may only process data received from us according to our instructions and must comply with the GDPR. You can find the link to the data processing agreement (DPA) at https://www.facebook.com/legal/terms/dataprocessing .

7. Social media

Facebook

This website integrates elements of the social network Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

An overview of Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE .

When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook then receives the information that you have visited this website with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. Please note that as the provider of this website, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation .

Where consent has been obtained, the aforementioned service is used on the basis of Article 6(1)(a) GDPR and Section 25 TTDSG. This consent can be revoked at any time. Where no consent has been obtained, the service is used on the basis of our legitimate interest in achieving the broadest possible visibility on social media.

X (formerly Twitter)

This website integrates features of the service X (formerly Twitter). These features are offered by the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. For data processing of individuals residing outside the USA, the branch Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible.

When the social media element is active, a direct connection is established between your device and the X server. X (formerly Twitter) then receives information about your visit to this website. By using X (formerly Twitter) and the "Retweet" or "Repost" function, the websites you visit are linked to your X (formerly Twitter) account and made public to other users. Please note that as the website provider, we have no knowledge of the content of the transmitted data or how X (formerly Twitter) uses it. Further information can be found in X's (formerly Twitter's) privacy policy at: https://twitter.com/de/privacy .

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here : https://gdpr.twitter.com/en/controller-to-controller-transfers.html

You can change your privacy settings at X (formerly Twitter) in your account settings at https://twitter.com/account/settings .

Instagram

This website integrates features of the Instagram service. These features are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram then receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that as the provider of this website, we have no knowledge of the content of the transmitted data or its use by Instagram.

To the extent that personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The subsequent processing by Facebook or Instagram is not part of this joint responsibility. Our joint obligations are set out in a joint controllership agreement. You can find the text of this agreement at: https://www.facebook.com/legal/controller_addendum . According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for ensuring the tool's data protection-compliant implementation on our website. Facebook is responsible for the data security of its products. You can assert your data subject rights (e.g., requests for access) regarding data processed by Facebook or Instagram directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum , https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381 .

Further information can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy/ .

Tumblr

This website uses buttons and other elements of the Tumblr service. The provider is Tumblr, Inc., 35 East 21st St, 10th Floor, New York, NY 10010, USA.

When the social media element is active, a direct connection is established between your device and the Tumblr server. Tumblr then receives information about your visit to this website.

The Tumblr buttons allow you to share a post or page on Tumblr or follow the provider on Tumblr. When you visit one of our websites with a Tumblr button, your browser establishes a direct connection to Tumblr's servers. We have no control over the scope of data that Tumblr collects and transmits using this plugin. Currently, the user's IP address and the URL of the respective website are transmitted.

Further information can be found in Tumblr's privacy policy at: https://www.tumblr.com/privacy/de .

This website uses elements of the social network Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

When you visit a page containing such an element, your browser establishes a direct connection to Pinterest's servers. This social media element transmits log data to Pinterest's server in the USA. This log data may include your IP address, the address of the websites you visit that also contain Pinterest features, your browser type and settings, the date and time of your request, your use of Pinterest, and cookies.

For more information on the purpose, scope and further processing and use of data by Pinterest, as well as your related rights and options for protecting your privacy, please see Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy .

8. Analytics tools and advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to integrate tracking and analytics tools and other technologies into our website. The Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It serves solely to manage and deploy the tools integrated through it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and easy integration and management of various tools on their website. If corresponding consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Google Analytics

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.

By default, Google Analytics sets four cookies when you visit the website. These cookies are small text files stored on your device and collect certain information. This information includes your IP address, which Google, however, shortens by removing the last digits to prevent direct identification of individuals.

The information is transferred to Google servers and processed there. This may also involve transfers to Google LLC, which is based in the USA.

Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activity for us, and to provide other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics and shortened will not be merged with other Google data. The data collected as part of the use of Google Analytics 4 is stored for a period of two months and then deleted.

All processing described above, in particular the setting of cookies on the device used, will only take place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.
Without your consent, Google Analytics 4 will not be used during your visit to our website. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service using the "Cookie Consent Tool" provided on the website.

We have entered into a data processing agreement with Google that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further legal information regarding Google Analytics 4 can be found at https://business.safety.google /intl /de /privacy / , https://policies.google.com/privacy ?hl=de &gl=de and under https://policies.google.com/technologies/partner-sites

Demographic characteristics
Google Analytics 4 uses the special feature "demographic characteristics" to generate statistics that provide information about the age, gender, and interests of website visitors. This is achieved by analyzing advertising and information from third-party providers. This allows for the identification of target groups for marketing activities. However, the collected data cannot be linked to any specific individual and is deleted after a storage period of two months.

Google Signals
As an extension to Google Analytics 4, this website may use Google Signals to generate cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics pursuant to Art. 6 para. 1 lit. a GDPR, analyze your usage behavior across devices and create database models, including those related to cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can deactivate the "Personalized advertising" feature in your Google account settings. To do so, follow the instructions on this page: https://support.google.com /My-Ad-Center-Help /answer /12155764 ?hl=de
For more information about Google Signals, please see the following link: https://support.google.com /analytics /answer /7532985 ?hl=de

UserIDs
As an extension to Google Analytics 4, the "UserIDs" function may be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 para. 1 lit. a GDPR, have created an account on this website, and log in with this account on different devices, your activities, including conversions, can be analyzed across devices.

Collection of data provided by users
To improve the analysis results for users whose contact details we have obtained in the context of business or business-like relationships, we use the "collect user-provided data" function.
Subject to your explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, we will, within the scope of this function, electronically transmit one or more files containing aggregated customer data relating to you (primarily email address and telephone number) to Google. Google does not gain access to unencrypted data, but automatically encrypts the information in the customer files during the transmission process using a special algorithm. Google can then only use the encrypted information to associate it with existing Google accounts that the data subjects have created.
The processing serves to refine measurement data, improves cross-device user tracking, and enables the integration of analysis results into Google Ads' advertising personalization and conversion tracking functions.
You can withdraw your consent at any time with effect for the future. Further information on Google's data protection measures regarding the transfer of customer data can be found here: https://support.google.com /google-ads /answer /6334160 ?hl=de &ref_topic=10550182

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

IP anonymization

Google Analytics IP anonymization is activated. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de .

For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de .

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, YouTube history, and demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signals. If you have a Google account, the visitor data from Google Signals will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.

Demographic characteristics in Google Analytics

This website uses the "demographic characteristics" feature of Google Analytics to display relevant advertisements to website visitors within the Google advertising network. This allows reports to be generated that contain information about the age, gender, and interests of website visitors. This data comes from Google's interest-based advertising and from third-party visitor data. This data cannot be attributed to any specific individual. You can deactivate this feature at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section "Objection to data collection."

Order processing

We have concluded a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics E-Commerce Measurement

This website uses the "E-commerce Measurement" feature of Google Analytics. E-commerce measurement allows the website operator to analyze the purchasing behavior of website visitors to improve their online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing to purchasing a product are collected. This data can be aggregated by Google under a transaction ID that is assigned to the respective user or their device.

Microsoft Advertising

The website operator uses Microsoft Advertising. Microsoft Advertising is an online advertising program of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft Advertising allows us to display ads in the Bing search engine or on third-party websites when users enter specific search terms into Bing (keyword targeting). Furthermore, targeted ads can be displayed based on user data held by Microsoft (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our ads and how many ads resulted in clicks.

We use Microsoft Advertising's Universal Event Tracking (UET) on this page. This involves collecting pseudonymized data to track your actions on our website after clicking on a Microsoft Advertising ad. UET collects your IP address (anonymized), device identifiers, information about device and browser settings, Microsoft Click ID (stored in a cookie), time spent on the website, which areas of the website were accessed, which ad led you to the website, and the keyword you clicked.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. This consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here : https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses

Order processing

Hotjar

This website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (Website: https://www.hotjar.com).

Hotjar is a tool for analyzing your user behavior on this website. With Hotjar, we can record your mouse movements, scrolling, and clicks, among other things. Hotjar can also determine how long you hover your mouse over a specific area. From this information, Hotjar creates heatmaps that show which areas of the website are most frequently viewed by visitors.

Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).

Furthermore, Hotjar allows you to collect direct feedback from website visitors. This feature helps improve the website operator's online offerings.

Hotjar uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting).

Where consent has been obtained, the aforementioned service is used exclusively on the basis of Article 6(1)(a) GDPR and Section 25 TTDSG. This consent can be revoked at any time. Where no consent has been obtained, this service is used on the basis of Article 6(1)(f) GDPR; the website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

Disabling Hotjar

If you wish to disable data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/

Please note that Hotjar must be deactivated separately for each browser and each device.

For more information about Hotjar and the data it collects, please see Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy

Order processing

Google Optimize

We have integrated Google Optimize on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google Optimize).

Google Optimize allows us to optimize our website by conducting tests (A/B testing) and personalizing the website. For this purpose, Google Optimize processes the IP addresses of website visitors. The collected personal data can then be processed by other analytics tools.

The use of Google Optimize is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the optimal design of its online presence. If corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., for device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

For further details, please refer to the provider's privacy policy at https://business.safety.google/adsprocessorterms/ .

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/ .

Order processing

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our advertisements and how many advertisements resulted in clicks.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. This consent can be revoked at any time.

Google AdSense (non-personalized)

This website uses Google AdSense, a service for integrating advertisements. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use Google AdSense in "non-personalized" mode. Unlike personalized mode, the ads are not based on your previous browsing behavior, and no user profile is created. Instead, so-called "contextual information" is used to select the ads. The selected ads are then based, for example, on your location, the content of the website you are visiting, or your current search terms. You can find more information about the differences between personalized and non-personalized targeting with Google AdSense here : https://support.google.com/adsense/answer/9007336

Please note that even when using Google AdSense in non-personalized mode, cookies or similar tracking technologies (e.g., device fingerprinting) may be used. According to Google, these are used to combat fraud and abuse.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. This consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/ .

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://adssettings.google.com/authenticated .

Further information about Google's advertising technologies can be found here: https://policies.google.com/technologies/ads and https://www.google.de/intl/de/policies/privacy/ .

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting).

Furthermore, advertising audiences created with Google Ads Remarketing can be linked to Google's cross-device features. This allows interest-based, personalized advertising messages, tailored to you based on your previous usage and browsing behavior on one device (e.g., mobile phone), to also be displayed on another of your devices (e.g., tablet or PC).

If you have a Google account, you can opt out of personalized advertising at the following link: https://www.google.com/settings/ads/onweb/ .

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. This consent can be revoked at any time.

Further information and the data protection regulations can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de .

Target group formation with customer matching

To create target audiences, we use, among other things, the customer matching feature of Google Ads Remarketing. In this process, we transfer certain customer data (e.g., email addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they will be shown relevant advertising messages within the Google network (e.g., on YouTube, Gmail, or in the search engine).

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether a user has performed certain actions. For example, we can analyze which buttons on our website are clicked most frequently and which products are viewed or purchased most often. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. This consent can be revoked at any time.

For more information about Google Conversion Tracking, please see Google's privacy policy: https://policies.google.com/privacy?hl=de .

Klaviyo

We have integrated Klaviyo into this website. The provider is Klaviyo Inc., 125 Summer Street, Floor 6, Boston, MA, 02110, USA (hereinafter referred to as Klaviyo).

Klaviyo is a marketing automation tool for sending emails, SMS, push notifications and collecting customer reviews for eCommerce merchants.

For this purpose, Klaviyo stores consent for email marketing. In particular, the following data may be processed: name, telephone number, email address, address data, IP address, device identifiers, usage data (such as interactions between a user and Klaviyo's online system, website or email, browser used, operating system used, referrer URL).

The use of Klaviyo is based on Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TTDSG. Consent can be withdrawn at any time.

For further details, please refer to the provider's privacy policy at https://www.klaviyo.com/legal/privacy .

This provider uses standard contractual clauses for the transfer of personal data to third countries. Details can be found here: https://www.klaviyo.com/legal/data-processing-agreement .

Order processing

Amazon SES
Our email newsletters are sent via this provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA
Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provided when registering for the newsletter to this provider in accordance with Art. 6 para. 1 lit. f GDPR, so that they can take over the newsletter distribution on our behalf.
Subject to your explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the provider also conducts statistical performance analysis of newsletter campaigns using web beacons or tracking pixels in the sent emails, which can measure open rates and specific interactions with the newsletter content. Device information (e.g., time of access, IP address, browser type, and operating system) is also collected and analyzed, but not combined with other data sets.
You can revoke your consent to newsletter tracking at any time with effect for the future.
We have concluded a data processing agreement with the provider, which protects the data of our website visitors and prohibits its transfer to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

Using the app “ES Back in Stock”

In our online shop, we use the "ES Back in Stock" app from Channelwill. This app allows you to be notified by email as soon as an item that is currently sold out becomes available again.

If you use this function, we will process the data you provide (in particular your email address and details of the desired product) to inform you about its availability.
The processing is based on Article 6(1)(a) GDPR (your consent). You can withdraw your consent at any time with effect for the future – for example, via the unsubscribe link in the notification email or by contacting us using the contact details provided in the legal notice.

Your data may also be processed on servers outside the European Union. If processing takes place in third countries, Channelwill ensures that an adequate level of data protection is guaranteed in accordance with Art. 44 et seq. GDPR (e.g., through standard contractual clauses).

Further information on data processing by Channelwill can be found in the provider's privacy policy:
https://channelwill.com/privacy-policy

Judge.me

Provided you expressly grant us (Leave PCOS GmbH) your consent during or after your order in accordance with Art. 6 Para. 1 lit. a GDPR, we will transfer personal data, such as your email address, order number, and order date, to the review service provider Judge.me, which is operated by Judge.me (LLC, PO Box 7403, Jackson, Wyoming 83002, United States of America). This allows Judge.me to send you a review reminder via email. You have the right to withdraw your consent at any time by contacting the data controller (info@leavepcos.de).

Furthermore, functions from Judge.me, such as the recording and display of product reviews, are integrated into our website. When reviews are submitted, personal data is processed to verify the authenticity of customer reviews. When you leave a review on our website, personal information (first name, last name, email address, order date, order number, and, if applicable, international references (GTIN/ISDN)) is collected and transmitted to Judge.me. Judge.me analyzes this data to determine the legitimacy of the customer review for a specific order. In accordance with Article 6(1)(f) of the General Data Protection Regulation (GDPR), this processing is based on our legitimate interest. Our goal is to ensure the authenticity of customer reviews by guaranteeing transactional relevance and preventing review misuse. All of the aforementioned data processing may involve the transfer of personal data to Judge.me servers in the USA. Further information about Judge.me can be found at the following link: https://judge.me/privacy .

Order processing

Meta-Pixel (formerly Facebook Pixel)

This website uses the Facebook/Meta pixel for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

This allows the behavior of website visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This enables the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising campaigns to be optimized.

The data collected is anonymous for us as the operators of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Policy ( https://de-de.facebook.com/about/privacy/ ). This allows Facebook to display advertisements on Facebook pages as well as on websites outside of Facebook. We, as the website operators, have no influence over this use of data.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. This consent can be revoked at any time.

We use the extended matching function within the meta-pixels.

Advanced Matching allows us to share various types of data (e.g., city, state, postal code, hashed email addresses, names, gender, date of birth, or phone number) of our customers and prospects, which we collect through our website, with Meta (Facebook). By activating this feature, we can tailor our Facebook advertising campaigns even more precisely to people interested in our offers. Advanced Matching also improves the attribution of website conversions and expands Custom Audiences.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381 .

You can find further information on protecting your privacy in Facebook's data policy: https://de-de.facebook.com/about/privacy/ .

You can also deactivate the "Custom Audiences" remarketing feature in the ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . You must be logged in to Facebook to do this.

If you do not have a Facebook account, you can deactivate Facebook's interest-based advertising on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/ .

Facebook Conversion API

We have integrated the Facebook Conversion API into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, however, the collected data is also transferred to the USA and other third countries.

The Facebook Conversion API allows us to track website visitors' interactions with our website and share this information with Facebook to improve advertising performance on Facebook.

For this purpose, the following data is collected: the time of access, the website accessed, your IP address and user agent , and possibly other specific data (e.g., products purchased, shopping cart value, and currency). A complete overview of the data that can be collected can be found here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. This consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381 .

You can find further information on protecting your privacy in Facebook's data policy: https://de-de.facebook.com/about/privacy/ .

Order processing

Facebook Custom Audiences

We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites and apps, take advantage of our free or paid services, submit data to us, or interact with our company's Facebook content, we collect your personal data. If you give us your consent to use Facebook Custom Audiences, we will transmit this data to Facebook, which Facebook can then use to display relevant advertising to you. Furthermore, your data can be used to define target groups (Lookalike Audiences).

Facebook processes this data as our data processor. Details can be found in Facebook's Terms of Service: https://www.facebook.com/legal/terms/customaudience .

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. This consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing .

TikTok Pixel

We have integrated the TikTok pixel on this website. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter referred to as TikTok).

Using the TikTok Pixel, we can display interest-based advertising on TikTok (TikTok Ads) to website visitors who have viewed our offers. At the same time, the TikTok Pixel allows us to determine the effectiveness of our advertising on TikTok. This enables us to evaluate the effectiveness of TikTok ads for statistical and market research purposes and optimize future advertising campaigns. Various usage data is processed, such as IP address, page views, time spent on the site, operating system used, user origin, information about the ad a person clicked on on TikTok, or an event that was triggered (timestamp). This data is aggregated into a user ID and assigned to the respective device of the website visitor.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. This consent can be revoked at any time.

Data transfers to third countries are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE and https://ads.tiktok.com/i18n/official/policy/controller-to-controller .

Order processing

Pinterest tag

We have integrated the Pinterest tag on this website. The provider is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

The Pinterest tag is used to track certain actions you perform on our website. This data can then be used to display interest-based advertising to you on our website or on other sites within the Pinterest tag advertising network.

For this purpose, the Pinterest tag collects, among other things, a tag ID, your location, and the referrer URL. Furthermore, action-specific data such as order value, order quantity, order number, category of purchased items, and video views can be collected.

The Pinterest tag uses technologies that enable cross-site user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting).

Pinterest is a global company, so data may be transferred to the USA. According to Pinterest, this data transfer is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://policy.pinterest.com/de/privacy-policy .

Further information about the Pinterest tag can be found here: https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag .

Order processing

9. Newsletter and direct mail advertising

Newsletter data

If you wish to subscribe to the newsletter offered on this website, we require your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not share it with third parties.

The processing of the data entered in the newsletter registration form is based solely on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of your data, your email address, and its use for sending the newsletter at any time, for example, via the "Unsubscribe" link in the newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of subscribing to our newsletter will be stored by us or our newsletter service provider until you unsubscribe. After you unsubscribe or the purpose for receiving the newsletter no longer applies, your data will be deleted from the newsletter distribution list. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion, based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Data that we have stored for other purposes remains unaffected.

After you unsubscribe from our newsletter mailing list, your email address may be stored on a blacklist by us or our newsletter service provider if this is necessary to prevent future mailings. The data on the blacklist will only be used for this purpose and will not be combined with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage on the blacklist is not time-limited. You can object to this storage if your interests outweigh our legitimate interest.

Direct advertising

We use your address for sending postal advertising (postal advertising) in compliance with all legal regulations.

The legal basis for this is our legitimate interest in direct marketing pursuant to Article 6(1)(f) in conjunction with Recital 47 of the GDPR. If corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; this consent can be revoked at any time. More specific regulations may be communicated to you during data collection and take precedence over this regulation.

Your address will remain with us until the purpose for data processing no longer applies. If you submit a legitimate request for erasure or withdraw your consent to postal advertising, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will occur once these grounds cease to apply.

We use the following service provider for sending our direct mail campaigns:

Deutsche Post AG
Am Listholze 72
30177 Hannover

Order processing

10. Plugins and Tools

billbee Privacy Policy

We use the multichannel software billbee. The service provider is the German company Billbee GmbH, Arolser Str. 10, 34477 Twistetal, Germany.

You can find out more about the data processed through the use of billbee in the privacy policy at https://www.billbee.io/rechtliches/datenschutz .

Order processing

Easy DHL

For shipping purposes, we (Leave PCOS GmbH) use the Shopify application easyDHL from the provider 247APPS UG (limited liability), located at "In der Goldgrube 28, 56073 Koblenz". The easyDHL app is used to provide an interface between the eCommerce platform Shopify and the shipping service provider DHL. In this process, personal data required for shipping (first name, last name, company name, address, email address, telephone number) is transferred to DHL. Further information on data protection at 247APPS UG (limited liability) can be found in the 247APPS privacy policy: https://www.247apps.dev/datenschutz/ .

Order processing

GoAffPro

We (Leave PCOS GmbH) use the Goaffpro service to manage our affiliate partner network. This service is provided by Oxybit Enterprises Pvt Ltd, 16, Sector 20, Part 1, HUDA, Sirsa, Haryana -125055, India (Goaffpro). This allows our affiliate partners to place individual and personalized links on their websites and social media platforms, among other platforms. These links redirect users to our online shop. During this process, Goaffpro places cookies on the affiliate's website in the form of text files, which are stored on your device. In this case, we are not responsible for the data protection practices associated with these cookies. The goal is to track the transactions (leads) generated through affiliate links in order to attribute sales on our website to the respective partner. If personal data is included, the processing of this personal information is based on our legitimate financial interest in processing commission payments with our partners and Goaffpro (pursuant to Article 6(1)(f) of the General Data Protection Regulation (GDPR)). According to Goaffpro, any personal data collected is processed exclusively on servers in Falkenstein, Germany.

For further information regarding Goaffpro's data usage, please refer to their privacy policy. You can find it at https://goaffpro.com/privacy . You can configure your browser settings to be notified when cookies are set. Furthermore, you can choose to accept or reject cookies individually or generally for specific cases if you wish to prevent the analysis of your usage behavior via cookies.

Order processing

Fraud Filter

We (Leave PCOS GmbH) use the Shopify app "Fraud Filter". This app allows us to detect and filter potentially fraudulent and suspicious transactions in our online shop. To fulfill this purpose, personal data may be processed, which is listed below:

Customer information such as name, address, email address, and any other details may be collected. This information is used to identify and assign customers.
Transaction data such as order number, order date, item, amount, and payment information. This provides further information about orders.

Please note that the processing of the data listed above is solely for the purpose of fraud detection and prevention. The legal basis for this processing of personal data is Article 6(1)(f) of the General Data Protection Regulation (GDPR). Securing and maintaining the integrity of our website against fraudulent activity is in our legitimate interest.
To ensure the app functions correctly, certain transaction data may be shared with third parties, such as payment service providers. However, this sharing with third parties will only occur as necessary to fulfill the aforementioned purpose and in compliance with data protection regulations.

If individuals are affected by the collection of their data, they have the right to access, rectification, erasure, and restriction of the processing of their personal data. For any concerns regarding data protection in connection with the use of the Shopify Fraud Filter app, affected individuals can send an email to info@leavepcos.de.

Order processing

YouTube with enhanced privacy

This website embeds videos from the YouTube website. The operator of the site is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode prevents YouTube from storing information about visitors to this website before they watch the video. However, enhanced privacy mode does not necessarily prevent data from being shared with YouTube partners. For example, YouTube establishes a connection to the Google marketing network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to YouTube's servers is established. This informs the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after a video starts playing, YouTube may store various cookies on your device or use similar recognition technologies (e.g., device fingerprinting). This allows YouTube to obtain information about visitors to this website. This information is used, among other things, to compile video statistics, improve user-friendliness, and prevent fraud.

Additional data processing operations may be triggered after a YouTube video starts, over which we have no control.

The use of YouTube is in our legitimate interest in presenting our online content in an appealing way. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de .

Vimeo

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages that includes a Vimeo video, a connection is established to Vimeo's servers. This informs the Vimeo server which of our pages you have visited. Vimeo also receives your IP address. This applies even if you are not logged into Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to Vimeo's servers in the USA.

If you are logged into your Vimeo account, you are allowing Vimeo to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your Vimeo account.

Vimeo uses cookies or similar recognition technologies (e.g. device fingerprinting) to recognize website visitors.

The use of Vimeo is in our legitimate interest in presenting our online content in an appealing way. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telemedia Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Data transfers to the USA are based on the EU Commission's standard contractual clauses and, according to Vimeo, on "legitimate business interests." Details can be found here: https://vimeo.com/privacy .

Further information on how Vimeo handles user data can be found in Vimeo's privacy policy at: https://vimeo.com/privacy .

Google Fonts Privacy Policy

What are Google Fonts?

We use Google Fonts on our website. These are the “Google fonts” from Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.

You don't need to register or provide a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don't need to worry about your Google account data being transmitted to Google while using Google Fonts. Google collects data on the usage of CSS (Cascading Style Sheets) and the fonts used, and stores this data securely. We will examine the specifics of this data storage in more detail later.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users free of charge.

Many of these fonts are released under the SIL Open Font License, while others are released under the Apache License. Both are free software licenses.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our own website without having to upload them to our own server. Google Fonts is an important component for maintaining the high quality of our website. All Google fonts are automatically optimized for the web, which saves data volume and is a significant advantage, especially for use on mobile devices. When you visit our site, the small file size ensures fast loading times. Furthermore, Google Fonts are secure web fonts. Different rendering systems in various browsers, operating systems, and mobile devices can lead to errors. Such errors can sometimes distort text or even entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts so that we can present our entire online service as beautifully and consistently as possible.

What data does Google store?

When you visit our website, the fonts are loaded from a Google server. This external request transmits data to Google's servers. This allows Google to recognize that you, or rather your IP address, have visited our website. The Google Fonts API was developed to minimize the use, storage, and collection of end-user data to only what is necessary for the proper delivery of fonts. API stands for "Application Programming Interface" and serves, among other things, as a data transmitter in the software field.

Google Fonts securely stores CSS and font requests with Google, thus protecting them. The collected usage statistics allow Google to determine the popularity of individual fonts. Google publishes these results on internal analytics pages, such as Google Analytics. Additionally, Google uses data from its own web crawler to identify which websites use Google Fonts. This data is published in the Google Fonts BigQuery database. Businesses and developers utilize the Google web service BigQuery to analyze and manipulate large datasets.

It should be noted, however, that every Google Font request also automatically transmits information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google servers. Whether this data is also stored is unclear and not explicitly communicated by Google.

How long and where will the data be stored?

Google stores requests for CSS assets on its servers, which are primarily located outside the EU, for one day. This allows us to use the fonts with a Google stylesheet. A stylesheet is a formatting template that makes it easy and quick to change, for example, the design or font of a website.

The font files are stored at Google for one year. Google's goal is to improve website loading times in general. When millions of websites reference the same fonts, they are cached after the first visit and appear instantly on all subsequent visits. Google sometimes updates font files to reduce file size, increase language coverage, and improve design.

How can I delete my data or prevent data storage?

The data that Google stores for a day or a year cannot be easily deleted. This data is automatically transmitted to Google when you visit our website. To delete this data prematurely, you must contact Google Support at https://support.google.com/?hl=de&tid=312726780 . In this case, you can only prevent data storage by not visiting our website.

Unlike other web fonts, Google Fonts grants us unrestricted access to all its fonts. This means we can access a vast array of fonts and choose the perfect one for our website. You can find more information about Google Fonts and other frequently asked questions at https://developers.google.com/fonts/faq?tid=312726780 . While Google addresses data privacy issues there, truly detailed information about data storage is not included. Obtaining precise information from Google about the data they store is relatively difficult.

Legal basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur when Google Fonts collects it.

We also have a legitimate interest in using Google Fonts to optimize our online service. The legal basis for this is Article 6(1)(f) GDPR (legitimate interests) . However, we only use Google Fonts if you have given your consent.

Google processes your data, among other things, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en .

Furthermore, Google uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are model clauses provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/ .

You can also read about what data Google collects and what this data is used for at https://www.google.com/intl/de/policies/privacy/ .

Google Fonts Local Privacy Policy

Our website uses Google Fonts from Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible. We have integrated the Google fonts locally, i.e., on our web server – not on Google's servers. Therefore, there is no connection to Google servers and consequently no data transfer or storage.

What are Google Fonts?

Google Fonts, formerly known as Google Web Fonts, is an interactive directory of over 800 fonts provided free of charge by Google . Google Fonts allows users to utilize fonts without uploading them to their own servers. However, to prevent any data transfer to Google servers, we have downloaded the fonts to our own server. This ensures our compliance with data protection regulations and prevents us from sending any data to Google Fonts.

Adobe Fonts

This website uses web fonts from Adobe for the consistent display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you visit this website, your browser loads the necessary fonts directly from Adobe to display them correctly on your device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This allows Adobe to know that this website was accessed via your IP address. According to Adobe, no cookies are stored when the fonts are provided.

The data is stored and analyzed based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here : https://www.adobe.com/de/privacy/eudatatransfers.html

Further information about Adobe Fonts can be found at: https://www.adobe.com/de/privacy/policies/adobe-fonts.html .

Adobe's privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html

Google Maps

This page uses the Google Maps service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is generally transmitted to and stored on a Google server in the USA. The provider of this website has no influence on this data transfer. When Google Maps is activated, Google may use Google Fonts for the purpose of consistent font display. When you access Google Maps, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.

The use of Google Maps is in our legitimate interest in presenting our online services in an appealing manner and ensuring that the locations we specify on the website are easy to find. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/ .

For more information on how user data is handled, please see Google's privacy policy: https://policies.google.com/privacy?hl=de .

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to verify whether data entry on this website (e.g., in a contact form) is done by a human or an automated program. To do this, reCAPTCHA analyzes the website visitor's behavior based on various characteristics. This analysis begins automatically as soon as the visitor enters the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g., IP address, the visitor's time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analysis runs entirely in the background. Website visitors are not notified that an analysis is taking place.

The data is stored and analyzed based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web services from abusive automated access and spam. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

For more information about Google reCAPTCHA, please see the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de .

hCaptcha

We use hCaptcha (hereinafter referred to as "hCaptcha") on this website. The provider is Intuition Machines, Inc., 2211 Selig Drive, Los Angeles, CA 90026, USA (hereinafter referred to as "IMI").

hCaptcha is used to verify whether data entry on this website (e.g., in a contact form) is done by a human or by an automated program. To do this, hCaptcha analyzes the website visitor's behavior based on various characteristics.

This analysis begins automatically as soon as a website visitor enters a website with hCaptcha enabled. For the analysis, hCaptcha evaluates various pieces of information (e.g., IP address, the visitor's time spent on the website, or mouse movements). The data collected during the analysis is forwarded to IMI. If hCaptcha is used in "invisible mode," the analysis runs entirely in the background. Website visitors are not notified that an analysis is taking place.

Data processing is based on standard contractual clauses contained in the data processing addendum to IMI's general terms and conditions or the data processing agreements.

For further information about hCaptcha, please refer to the privacy policy and terms of service at the following links: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms .

11. eCommerce and payment providers

Processing of customer and contract data

We collect, process, and use personal customer and contract data to establish, define the content of, and modify our contractual relationships. We collect, process, and use personal data relating to the use of this website (usage data) only to the extent necessary to enable the user to access the service or for billing purposes. The legal basis for this is Article 6(1)(b) GDPR.

The collected customer data will be deleted after completion of the order or termination of the business relationship and expiry of any applicable statutory retention periods. Statutory retention periods remain unaffected.

Data transfer during contract conclusion for online shops, retailers and shipping companies

When you order goods from us, we share your personal data with the transport company responsible for delivery and the payment service provider handling your payment. Only the data required by each service provider to fulfill their task will be shared. The legal basis for this is Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or for taking steps prior to entering into a contract. If you have given your consent in accordance with Article 6(1)(a) GDPR, we will share your email address with the transport company responsible for delivery so that they can inform you about the shipping status of your order via email; you can withdraw this consent at any time.

Data transfer upon conclusion of contracts for services and digital content

We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to the credit institution commissioned with processing the payment.

Your data will not be transmitted further, or only if you have expressly consented to such transmission. Your data will not be shared with third parties without your express consent, for example for advertising purposes.

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Payment services

We integrate payment services from third-party companies on our website. When you make a purchase with us, your payment data (e.g., name, payment amount, bank account details, credit card number) is processed by the payment service provider for the purpose of payment processing. The respective terms and conditions and privacy policies of the respective providers apply to these transactions. The use of these payment service providers is based on Article 6(1)(b) GDPR (contractual necessity) and in the interest of ensuring the smoothest, most convenient, and most secure payment process possible (Article 6(1)(f) GDPR). Where your consent is requested for specific actions, Article 6(1)(a) GDPR serves as the legal basis for data processing; consent can be withdrawn at any time for the future.

We use the following payment services/payment providers on this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full .

For details, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full .

Apple Pay

The payment service provider is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Apple's privacy policy can be found at: https://www.apple.com/legal/privacy/de-ww/ .

Google Pay

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google's privacy policy can be found here: https://policies.google.com/privacy .

Klarna

The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). Klarna offers various payment options (e.g., installment payments). If you choose to pay with Klarna (Klarna Checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna Checkout solution. Details on the use of Klarna cookies can be found at the following link : https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf

You can find details about this in Klarna's privacy policy at the following link: https://www.klarna.com/de/datenschutz/ .

Instant bank transfer

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter referred to as "Sofort GmbH"). Using the "Sofortüberweisung" (instant bank transfer) method, we receive real-time payment confirmation from Sofort GmbH and can immediately begin fulfilling our obligations. If you have chosen the "Sofortüberweisung" payment method, you will submit your PIN and a valid TAN to Sofort GmbH, which they will use to log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and executes the transfer to us using the TAN you provided. They then immediately send us a transaction confirmation. After logging in, your transactions, overdraft limit, and the existence and balances of any other accounts you may have are also automatically checked. In addition to your PIN and TAN, the payment details you enter and your personal data are also transmitted to Sofort GmbH. The personal data we collect includes your first and last name, address, telephone number(s), email address, IP address, and any other data required for payment processing. This data is necessary to verify your identity beyond doubt and to prevent fraud. For details on payment via Sofortüberweisung (instant bank transfer), please see the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/ .

Shopify Payment

The provider of this payment service in the EU is Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter referred to as “Shopify Payment”).

For details, please refer to Shopify Payment's privacy policy: https://www.shopify.de/legal/datenschutz .

American Express

The provider of this payment service is American Express Europe SA, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter referred to as "American Express").

American Express may transfer data to its parent company in the USA. This data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/ .

For further information, please refer to the American Express privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html .

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as “Mastercard”).

Mastercard may transfer data to its parent company in the USA. This data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf

VISA

The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as “VISA”).

The UK is considered a safe third country with regard to data protection. This means that the UK has a level of data protection equivalent to that of the European Union.

VISA may transfer data to its parent company in the USA. This data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html

For further information, please refer to VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html .

elopage

On this website, we offer digital goods and services for purchase. We use elopage to sell these products on our website. The provider is elopage GmbH, Kurfürstendamm 208, 10719 Berlin, Germany (hereinafter referred to as elopage).

When you click on one of our products, you will be redirected to our sales page on elopage. The transaction will then be processed via elopage. For details, please see elopage's privacy policy at: https://elopage.com/privacy?locale=de .

The use of elopage is based on Article 6(1)(f) GDPR. We have a legitimate interest in using a fast and professional sales page to market our products. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Recurring payments & subscription with the "Seal Subscriptions" app

We offer subscriptions for our products on our website. We use the "Seal Subscriptions" program (developer: Seal Subscriptions – Amai Technologies doo, Slovenia) for the technical processing of these recurring orders.

Should you subscribe, the personal data required for the subscription, such as your name, email address, postal address, payment details, and subscription details, will be transmitted to Seal Subscriptions and processed there under a data processing agreement pursuant to Article 28 of the GDPR. The app allows us to reliably and automatically manage your recurring orders.

Data processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR for the performance of the contract or the implementation of pre-contractual measures within the framework of recurring payments/subscription model. All data required for the subscription will only be stored for as long as it is necessary for processing the subscription. Any applicable statutory retention periods will be observed.

Further information on data processing by Seal Subscriptions can be found here:
https://www.sealsubscriptions.com/privacy-policy

Since subscription payments may be processed through payment providers such as Shopify Payments, please also refer to Shopify's privacy policy: https://www.shopify.com/legal/privacy