+49 89 9974295550 (9AM - 5PM / MON- FRI)
excellent 5 stars
1–3 days delivery
Your Cart
Your cart is empty!
Start adding items by going to our products
page and find what you are looking for.

Privacy Policy

Privacy policy

Name and contact of the responsible person according to Article 4 (7) GDPR

Nordic Cosmetics GmbH

Sandstr. 3

80335 Munich

Germany

Data Protection Officer: Nordic Cosmetics GmbH

Email: [email protected]

Security and protection of your personal data

We consider it our primary responsibility to maintain the confidentiality of the personal data you provide to us and to protect it from unauthorized access. Therefore, we use the utmost care and state-of-the-art security standards to ensure maximum protection of your personal data.

As a company under private law, we are subject to the provisions of the European Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by our external service providers.

Definitions

The legislator requires that personal data are processed in a lawful manner, in good faith and in a way that is comprehensible to the data subject ("lawfulness, processing in good faith, transparency"). To ensure this, we inform you about the individual legal definitions, which are also used in this privacy policy:

  1. Personal data

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  1. Processing

"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  1. Restriction of processing

"Restriction of processing" means the marking of stored personal data with the aim of limiting their future processing.

  1. Profiling

"Profiling" means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

  1. Pseudonymisation

"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data cannot be attributed to an identified or identifiable natural person.

  1. File system

"File system" means any structured collection of personal data accessible according to specified criteria, whether such collection is maintained centrally, decentrally, or on a functional or geographic basis.

  1. Responsible

"Controller" means a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.

  1. Processor

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

  1. Receiver

"Recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients and the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.

  1. Third Party

"Third party" means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

  1. Consent

"Consent" of the data subject means any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to personal data relating to him or her being processed.

Lawfulness of the processing

The processing of personal data is lawful only if there is a legal basis for the processing. Legal basis for the processing can be according to Article 6 para. 1 lit. a - f GDPR can be in particular:

  1. The data subject has given his/her consent to the processing of personal data relating to him/her for one or more specific purposes;
  2. processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject's request;
  3. processing is necessary for compliance with a legal obligation to which the controller is subject;
  4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  6. processing is necessary for the purposes of the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Information on the collection of personal data

(1) In the following, we inform you about the collection of personal data when using our website. Personal data are e.g. name, address, e-mail addresses, user behavior.

(2) If you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or the processing is restricted if there are legal obligations to retain data.

Collection of personal data when visiting our website

In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f GDPR):

– IP address

– Date and time of the request

– Time zone difference from Greenwich Mean Time (GMT)

– Content of the request (concrete page)

– Access status/HTTP status code

– Data volume transferred in each case

– Website from which the request comes

– Browser

– Operating system and its interface

– Language and version of the browser software.

use of cookies

(1) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

(2) This website uses the following types of cookies, the scope and functionality of which are explained below:

– Transient cookies (for this purpose a.)

– Persistent cookies (for this purpose b.).

  1. Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
  2. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. So-called "third party cookies" are cookies that have been set by a third party, thus not by the actual website on which you are currently located. Please note that by disabling cookies you may not be able to use all the features of this website.
  3. We use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit.
  4. The Flash cookies used are not collected by your browser, but by your Flash plug-in. Furthermore, we use HTML5 storage objects that are stored on your terminal device. These objects store the required data independently of the browser you are using and have no automatic expiry date. If you do not want Flash cookies to be processed, you must install an appropriate add-on, e.g. "Better Privacy" for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend that you regularly delete your cookies and browser history manually.

Further functions and offers of our website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide further personal data that we use to provide the respective service and for which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

(3) Furthermore, we may pass on your personal data to third parties if we offer promotions, competitions, contracts or similar services together with partners. You will receive more information on this when you provide your personal data or below in the description of the offer.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.

Use of our webshop

(1) If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. Mandatory data necessary for the processing of contracts are marked separately, other information is voluntary. We process the data you provide to process your order. For this purpose, we may pass on your payment data to our house bank. The legal basis for this is Art. 6 para. 1 p. 1 lit. b GDPR. You can voluntarily create a customer account, through which we can store your data for future purchases. When you create an account under "My Account", the data you provide will be stored revocably. You can always delete all further data, including your user account, in the customer area.

(2) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, we will restrict processing after two years, i.e. your data will only be used to comply with legal obligations.

(3) To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process is encrypted using TLS technology.

Data protection provisions when using external payment service providers

(1) We offer several payment methods for the use of the webshop and use different payment service providers. Depending on which payment method you choose, different data will be transmitted to the respective payment service provider. The legal basis for the transmission is Art. 6 para. 1 p. 1 lit. a GDPR. We list our payment service providers below.

  1. Klarna

If you choose the payment method Klarna, including SOFORT transfer, your personal data will be transmitted to the operator of Klarna. The legal basis for the transmission of the data is Article 6 (1) a GDPR (consent) and Article 6 (1) b GDPR (processing for the performance of a contract).

Operator of the payment service Klarna is the:

Klarna Bank AB (publ)

Sveavägen 46111 34 StockholmSweden

Telephone: 0046 8-120 120 00Fax

: 0046 8-120 120 99Contact

: [email protected]

Klarna collects the following data:

- Name, date of birth, title, billing and shipping address, e-mail address, mobile phone number

- Information about ordered products

- Information on income, credit obligations and payment notes

- Site-related information

- IP address

Detailed information on the privacy policy of Klarna Bank AB (publ) can be found at https://www.klarna.com/de/datenschutz/.

  1. Apple Pay

If you choose the payment method Apple Pay, your personal data will be transmitted to the operator of Apple Pay. The legal basis for the transmission of the data is Article 6 (1) a GDPR (consent) and Article 6 (1) b GDPR (processing for the performance of a contract).

The operator of the Apple Pay payment service is the:

Apple Inc.

Infinite Loop, Cupertino,

CA 95014,

Phone: +1 408 996 1010

represented in Europe by Apple Distribution International Ltd.

Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland 

[email protected]

Detailed information on the privacy policy for payment with Apple Pay can be found at:

https://support.apple.com/de-de/HT201469

https://support.apple.com/de-de/HT203027

https://www.apple.com/legal/privacy/de-ww/

https://www.apple.com/de/privacy/

Newsletter

(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

(2) For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration, we will send you an email to the email address you provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

(3) The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail, via this form on the website, by e-mail to [email protected] or by sending a message to the contact details given in the imprint.

(5) We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. For the evaluations, we link the above-mentioned data and the web beacons with your e-mail address and an individual ID. The data is only collected pseudonymously, i.e. the IDs are not linked to your other personal data, a direct personal reference is excluded. You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us via another contact channel. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously.

(6) We use an external service provider to send newsletters. A separate order data processing agreement has been concluded with the service provider to ensure the protection of your personal data. We currently work with the following service provider:

Customer.io

Peaberry Software Inc.,

921 SW Washington St, Suite #820,

Portland, OR 97205

The following data will be transmitted to Customer.io:

- name

- email address

- IP address

Your data will also be stored by customer.io. Customer.io offers evaluation options on how the newsletters are opened and used. Your data will not be passed on to other third parties for the purpose of receiving the newsletter and customer.io does not obtain the right to pass on your data. Your data will not be passed on to third parties for advertising purposes. You can revoke your consent to the use of your data for your own advertising purposes at any time and free of charge, without having to forego our services as a result. Further information can be found in the data protection declaration of customer.io which is available at https://customer.io/privacy-policy.html.

We have a legitimate interest in using services for automated newsletter dispatch in order to ensure fast and reliable dispatch. We are therefore entitled to transfer the aforementioned data to customer.io in accordance with Art. 6 para. 1 p. 1 lit. f) GDPR.

E-mail advertising without subscribing to the newsletter and your right to object

If we receive your e-mail address in connection with the sale of a product or service and you have not objected to this, we reserve the right, on the basis of Section 7 (3) of the German Unfair Competition Act (UWG), to regularly send you offers by e-mail for similar products to those already purchased from our range. This serves to protect our legitimate interests in addressing our customers in an advertising manner, which are outweighed in the context of a balancing of interests. You can object to this use of your e-mail address at any time by sending a message to the contact option described below or via a link provided for this purpose in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic rates.

Individual advertising

Information we receive from you helps us to permanently improve your shopping experience and to make it customer-friendly and individual for you. The information you provide and automatically generated is used to tailor advertising to you and your interests. We use existing information for this purpose, such as confirmations of receipt and reading of e-mails, information about your computer and connection to the Internet, operating system and platform, your order history, service history, date and time of your visit to the homepage, products you have viewed. We use this information exclusively in pseudonymous form. By analyzing and evaluating this information, we are able to improve our websites and our Internet offering, as well as to send you personalized advertising. If you do not wish to receive personalised advertising, you can object to this at any time, either in full or for specific measures.

Sweepstakes, market and opinion research

In the case of competitions, we use your data for the purpose of prize notification and advertising for our offers. Detailed information can be found in our conditions of participation for the respective competition. We also use your data for market and opinion research. Of course, we use this data exclusively anonymously for statistical purposes and only for Nordic Cosmetics GmbH/nordiccosmetics.de. Your answers to surveys will not be passed on to third parties or published. You can object to the use of data for market and opinion research at any time, either in full or for specific measures.

Credit check

Only after explicit consideration of interests do we carry out a credit check before concluding the purchase contract. This is done to protect us against default in payments on account and by direct debit. In addition, the credit check serves your and our security, as fraud and other crimes are prevented. As part of the credit check, we check all the data available to us and thus determine which payment methods can be offered for an order. Among other things, all previous orders in your customer account are checked. In addition, we also check whether the delivery address differs from the billing address, whether it is a new delivery address or whether the order is to be delivered to a packing station. In addition to the data available to us, data from external service providers is also required. For this purpose, we transmit the personal data required for a credit assessment (first name and surname, your address and, if applicable, your date of birth) to one or more service providers. Your date of birth) to one or more of the following creditworthiness service providers: infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden - SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden - Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden - Arvato Finance A/S, Østbanegade 55, 2. tv, DK-2100 København Ø - Financial Tech Sweden AB, Mäster Samuelsgatan 42, 111 57 Stockholm. This creditworthiness service provider uses the aforementioned data transmitted by us in order to carry out a corresponding evaluation of your creditworthiness with regard to the respective order on the basis of mathematical-statistical procedures (scoring). Furthermore, the creditworthiness service provider uses the aforementioned data for other companies (e.g. other online retailers) for the purpose of address verifications or identity checks as well as for scoring applications based on this. Your address data is also included in the calculation of the probability value. Under certain circumstances, it may be possible to draw conclusions about hard negative features. In the course of the ordering process we also compare your bank details (only IBAN and BIC or account number and sort code) with the Return-debit Prevention Pool (RPP) of infoscore Consumer Data GmbH (ICD), Rheinstr. 99, 76532 Baden-Baden. The RPP has the function of a blocking file. In addition, in the event of dishonour of the direct debit, we will, as far as permissible, enter your bank details (IBAN and BIC only, no personal details) in the RPP of ICD, which will transmit this blocking to other companies involved in the information procedure on request. After payment of the return debit note, we will report the settlement in the RPP. If you do not agree with the payment method(s) offered to you, you may notify us in writing by letter or by email to [email protected] We will then reconsider the decision taking into account your point of view. You can both revoke your consent at any time with future effect to us in writing or in text form to [email protected] and obtain information about the stored data from us and from our creditworthiness service provider (at the above addresses).

Children

Our offer is basically directed at adults. Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians.

Rights of the data subject

(1) Revocation of consent

If the processing of personal data is based on a granted consent, you have the right to revoke the consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

You can contact us at any time to exercise your right of withdrawal.

(2) Right of confirmation

You have the right to request confirmation from the controller as to whether we are processing

personal data relating to you. You can request confirmation at any time using the contact details

above.

(3) Right to information

If personal data are processed, you can request information about these personal data and about the

following information at any time:

  1. the purposes of processing;
  2. the categories of personal data processed;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
  4. if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
  5. the existence of a right to obtain the rectification or erasure of personal data concerning you or to obtain the restriction of processing by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. if the personal data are not collected from the data subject, any available information on the origin of the data;
  8. the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

If personal data are transferred to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer. We will provide a copy of the personal data that is the subject of the processing. For any further copies you request person, we may charge a reasonable fee based on the administrative costs. If you make the request electronically, the information must be provided in a commonly used electronic format unless it states otherwise. The right to receive a copy under paragraph 3 shall not affect the rights and freedoms of other persons.

(4) Right of rectification

You have the right to request that we correct any inaccurate personal data relating to you without

undue delay. Taking into account the purposes of the processing, you have the right to request the

completion of incomplete personal data, including by means of a supplementary declaration.

(5) Right to erasure ("right to be forgotten")

You have the right to request the controller to delete personal data concerning you without undue

delay and we are obliged to delete personal data without undue delay if one of the following reasons

applies:

  1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. The data subject withdraws the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR and there is no other legal basis for the processing.
  3. The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
  4. The personal data have been processed unlawfully.
  5. The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  6. The personal data have been collected in relation to information society services offered, in accordance with Article 8(1) of the GDPR.

If the controller has made the personal data public and is obliged to erase it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that a data subject has requested that they erase all links to or copies or replications of that personal data.

The right to erasure ("right to be forgotten") does not exist insofar as the processing is necessary:

– to exercise the right to freedom of expression and information;

– for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

– for reasons of public interest in the field of public health, in accordance with Article 9(2)(h) and (i) and Article 9(3) of the GDPR;

– for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes as referred to in Article 89(1) of the GDPR, where the right referred to in paragraph 1 is likely to make impossible or seriously prejudice the achievement of the purposes of such processing, or

– for the assertion, exercise or defence of legal claims.

(6) Right to restrict processing

You have the right to request that we restrict the processing of your personal data if one of the

following conditions is met:

  1. the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data,
  2. the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data;
  3. the controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the establishment, exercise or defence of legal claims, or
  4. the data subject has objected to the processing pursuant to Article 21(1) of the GDPR, as long as it is not yet established whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted in accordance with the above conditions, such personal data shall be processed, apart from being stored, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.

In order to exercise the right to restrict the processing, the data subject may at any time contact us using the contact details provided above.

(7) Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that:

  1. the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) of the GDPR; and
  2. the processing is carried out with the aid of automated procedures.

When exercising the right to data portability referred to in paragraph 1, you have the right to obtain that the personal data be transferred directly from one controller to another controller, where technically feasible. The exercise of the right to data portability is without prejudice to the right to erasure ("right to be forgotten"). This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

(8) Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you carried out on the basis of Article 6(1)(e) or (f) of the GDPR, including any profiling based on those provisions. The controller shall no longer process the personal data unless he can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If personal data are processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

In the context of the use of information society services, notwithstanding Directive 2002/58/EC, you may exercise your right to object by means of automated procedures using technical specifications.

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes, or for statistical purposes as referred to in Article 89(1), unless the processing is necessary for the performance of a task carried out in the public interest.

You can exercise the right of objection at any time by contacting the respective person responsible.

(9) Automated decisions in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

  1. is necessary for the conclusion or performance of a contract between the data subject and the controller,
  2. is authorised by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
  3. with the express consent of the data subject.

The controller shall take reasonable steps to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which shall include, at least, the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and contest the decision.

The data subject may exercise this right at any time by contacting the relevant controller.

(10) Right to complain to a supervisory authority

They shall also have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of their residence, place of work or the place of the alleged infringement, if the data subject considers that the processing of personal data relating to them infringes this Regulation.

(11) Right to an effective judicial remedy

Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article77 of the GDPR, you shall have the right to an effective judicial remedy if you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data not in compliance with this Regulation.

Use of Google Analytics

(1) This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

(2) The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

(3) You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

(4) This website uses Google Analytics with the extension "anonymizeIP". This means that IP addresses are processed in abbreviated form, which means that personal references can be ruled out. Insofar as the data collected about you has a personal reference, this is therefore immediately excluded and the personal data is deleted immediately.

(5) We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f GDPR.

(6) Third party information provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. user conditions:

http://www.google.com/analytics/terms/de.html, and privacy policy: https://policies.google.com/privacy?hl=de&gl=de.

(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data", "Personal data".

Google Web Fonts

This site uses so-called web fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Opt-out: https://adssettings.google.com/authenticated

Google Ads

(1) This website uses the offer of Google Adwords to draw attention to our offers with the help of advertising media (so-called Google Adwords) on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, we pursue the interest of showing you advertising that is of interest to you, of making our website more interesting for you and of achieving a fair calculation of advertising costs. These advertisements are delivered by Google via so-called "Ad Servers". For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as display of the ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies usually lose their validity after 90 days and, according to Google, are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

These cookies enable Google to recognise your internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and we can recognize that the user has clicked on the ad and was redirected to this page. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked via the websites of Adwords customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media, in particular we cannot identify the users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.

(2) You can prevent participation in this tracking process in various ways:

- by an appropriate setting of your browser software, in particular the suppression of third party cookies leads to the fact that you do not receive any advertisements from third party providers

- by disabling conversion tracking cookies by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads, which setting will be deleted when you delete your cookies.

- by deactivating the interest-based ads of the providers that are part of the self-regulation campaign "About Ads" via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies.

- by permanently deactivating it in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

(3) The legal basis for the processing of your data is Art. 6 (1)f GDPR. Further information provided by Google on data protection can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.

Google Tag Manager

(1) This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The tool itself (which implements the tags) is a cookie-less domain and does not store any personal data. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

(2) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. So-called standard contractual clauses according to Art. 46 GDPR have been concluded with this service provider as suitable guarantees. Further information can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de

The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interest).

Sleeknote

(1) This website uses Sleeknote. In order to provide quick access to downloads and registration to promotions, we used a contact facility via a registration tool. This software is operated via an external system by Sleeknote ApS, Jens Baggesens Vej 90A, 8200 Aarhus, Denmark.

(2) The use of the registration tool is optional. On our website, Sleeknote collects and stores data from which user profiles are created using pseudonyms. Cookies can be used for this purpose. These are small text files that are stored locally on the computer of the site visitor and thus enable recognition when visiting our website again. The pseudonymised usage profiles are not combined with personal data about the bearer of the pseudonym without the express consent of the person concerned, which must be given separately. You can object to the collection and storage of data for the purpose of web analysis at any time with future effect by contacting Sleeknote (Tel: +45 71 99 77 07).

(3) Further information on data protection can be found at: https://sleeknote.com/privacy-policy.

Zendesk

(1) We use the tool Zendesk. Zendesk is a chat tool, which allows you to easily contact our customer support. The legal basis for this is Art. 6 para. 1 p. 1 lit. f. GDPR. We have a legitimate interest in providing simple and convenient contact options. In addition, we are also legally obliged to ensure the fast electronic contact option, so that we also base the processing on Art. 6 para. 1 p. 1 lit. c GDPR.

The operator of the service Zendesk is the:

Zendesk Inc.

1019 Market St

San Francisco, CA 94103

USA

(2) Further information on data protection can be found at https://www.zendesk.de/company/customers-partners/eu-data-protection/#gdpr-sub.

Helpwise

(1) We use the tool Helpwise. Helpwise is a mail tool, which makes it possible to easily contact our customer support. The legal basis for this is Art. 6 para. 1 p. 1 lit. f. GDPR. Operator of the service Helpwise is the:

SaaS Labs, Inc.

3260 Hillview Avenue

Palo Alto, CA 94304

USA

(2) Further information on data protection can be found at https://www.helpwise.io/privacy.

Using Cloudtalk

(1) We use the tool Cloudtalk. Cloudtalk is a call tool, which makes it possible to easily contact our customer support. The legal basis for this is Art. 6 para. 1 p. 1 lit. f. GDPR. The operator of the Cloudtalk service is:

CloudTalk, s.r.o.

Západný rad 31, 811 04 Bratislava

Slovakia

(2) Further information on data protection can be found at https://www.cloudtalk.io/privacy-policy-and-gdpr-faq.

Use of Smartlook

(1) This website uses the service Smartlook. Operator of the service Smartlook is:

Smartsupp.com, s.r.o

Lidicka 2030/20

602 00 Brno

Czech Republic

(2) Smartlook uses so-called "cookies", text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a server of Smartlook and stored there. The legal basis for the use of Smartlook is Art. 6 para. 1 p. 1 lit. f. GDPR.

(3) The prevention of the use of Smartlook is possible by activating the corresponding opt-out plug: https://www.smartlook.com/opt-out.

(4) Further information on Smartlook's data protection can be found at https://www.smartlook.com/help/gdpr/.

Microsoft

(1) This website uses the conversion tracking from Microsoft:

Microsoft Corporation

One Microsoft Way, Redmond

WA 98052-6399

USA

(2) Microsoft Bing Ads sets a cookie on your computer if you have reached our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognize that someone has clicked on an ad, has been redirected to our website and has reached a previously determined target page (conversion page).

(2) We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is disclosed. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example, via a browser setting that generally deactivates the automatic setting of cookies.

(3) Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement.

Microsoft Azure

(1) This website uses Microsoft Azure, among other web hosting providers.

Microsoft Corporation

One Microsoft Way, Redmond

WA 98052-6399

USA

(2) Microsoft also processes data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

Microsoft uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. These clauses oblige Microsoft to comply with the EU level of data protection when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among others, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

(3) To learn more about the data processed through the use of Microsoft, see the privacy policy at https://privacy.microsoft.com/de-de/privacystatement.

Using Post Affiliate Pro

(1) The responsible party uses the tracking tool "Post Affiliate Pro" to provide users with targeted offers. The operator of the tool is the:

Quality Unit, LLC

3 Germany Dr Unit 4-1130

Wilmington, DE 19808

USA

(2) According to the operator, personal data is not transmitted to the USA but stored on servers within the European Union.

(3) Further information on data protection can be found at https://www.postaffiliatepro.com/gdpr/.

Taboola

(1) The responsible party uses Taboola technologies to provide users with targeted offers. The legal basis for this is Art. 6 para. 1 p. 1 lit. f. GDPR. The operator of the tool is the:

Taboola Inc.

1115 Broadway, 7th Floor,

New York, NY 10010, USA

(2) Further information on data protection can be found at https://www.taboola.com/privacy-policy.

Push messages

(1) The responsible party uses PushAlert. The legal basis for this is Art. 6 para. 1 p. 1 lit. f. GDPR. PushAlert is the automated push notification. The operator of the tool is the:

InkWired Tech. Priv. Limited

C-101 Mahesh Nagar

Jaipur - 302015 Rajasthan

India

(2) Further information on data protection can be found at https://pushalert.co/privacy-policy.html.

Tracdelight Affiliate Program

(1) The responsible party participates in the partner program of tracdelight GmbH. The legal basis for this is Art. 6 para. 1 p. 1 lit. f. GDPR. The operator of this offer is:

Burda Studios Publishing GmbH

Arabellastrasse 23, 81925 Munich, Germany

Germany

(2) Thus on this Internet offer by tracdelight various advertisements and links of partner shops of tracdelight are merged, over which the operator of this Internet offer can generate additional incomes by means of the "advertising cost refund".

For the purpose of traceability and the remuneration of orders, tracdelight uses so-called "cookies". Cookies are small text files that are stored locally in the cache of the browser software of a site visitor and which allow an analysis of the use of this website by the visitor.

(3) The operator of this Internet offer has a legitimate interest in this, since only through the cookies the amount of his affiliate remuneration can be determined.

(4) The storage of cookies can be prevented by the site visitor by means of a corresponding setting in the respective browser software; however, the operator of this Internet offer expressly points out that in this case not all functions of this website can be used to their full extent.

(5) More detailed information is provided by tracdelight in its privacy policy: https://www.tracdelight.com/privacy.

Use of social media links

We currently use various links to different social media platforms, such as Facebook, Instagram, Tik Tok and Pinterest. These are not social media plugins, but merely links. If you click on one of the links, you will be taken to the respective website provider and your IP address will be transmitted in the process. If you are logged in to the respective social media account at the same time, further data may be collected by the respective provider.

Existence of automated decision making

We do not use automatic decision-making or profiling.


 

Need help?

Our customer service team will be happy to assist you.