Thank you for visiting our online shop. Protection of your privacy is
very important to us. Below you will find extensive information about
how we handle your data.
1. Responsible for the processing of data is:
Responsible for our website and the processing of date within the
meaning of the General Data Protection
Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as other data protection
regulations
is:
Etienne Aigner AG
Zielstattstraße 27
81379 München
Represented by the managing board: Sibylle Schön (chairman)
Phone: 089 76993-0
Fax: 089 7607785
Chairman of the supervisory board: Evi Brandl
Registered at: Amtsgericht München, HRB 63254
VAT ID number: DE 129272981
Responsible according to § 18 MStV: Sibylle Schön, Zielstattstraße 27, 81379 München
2. Data Protecion Officer
You can contact our data protection officer as follows:
Intersoft consulting services AG
Heidrun Ortmeier
Beim Strohhause 17
20097 Hamburg
3. Access data and hosting
You may visit our website without revealing any personal information. With every visit on the website,
the
web
server stores automatically only a so-called server log file which contains e.g. the name of the
requested
file,
your IP address, the date and time of the request, the volume of data transferred and the requesting
provider
(access data), the operating system of the user's terminal device, information about the browser, the
previous
website from which the user accessed our website.
These access data are analysed exclusively for the purpose of ensuring the smooth operation
of the website and
improving our offer. This serves according to Art. 6 (1) 1 lit. f GDPR the protection of our legitimate
interests in
the proper presentation of our offer that are overriding in the process of balancing of interests. The
data
required
to provide the website is already deleted at the end of the session. All other access data is deleted no
later than
seven days after the end of your visit on our website.
4. Data collection and use for processing the contract, contact form
We collect personal data that you voluntarily submit to us when you
place an order or contact us (e.g. via
contact form or by e-mail). These are contact details such as name, surname, email address, password.
Mandatory
fields are marked as such because we absolutely need those data to perform the contract or process your
contact
request and you would otherwise not be able to complete your order or send the contact request.
We use the data that you disclose to us to perform the contract
according to Art. 6 (1) 1 lit. b GDPR. Insofar
as you send us an enquiry, we process the data provided by you in accordance with Art. 6 (1) 1 lit. f
GDPR
for the
response to you enquiry.
After complete processing of the contract or answering your customer
enquiries, your data will be restricted
for further processing and insofar as it concerns contractual data, deleted after expiry of the
retention
periods
under tax and commercial law §§ 147 AO, 257 HGB 10 years for tax-relevant facts and 6 years for
business/commercial
letters in accordance with § 147 AO, unless you have expressly consented to further use of your data or
we
reserve
the right to use data beyond this, which is permitted by law and about which we inform you in this
declaration.
Insofar as we base data processing in the context of a customer enquiry
on our legitimate interest, we delete
the personal data at the latest after 2 years starting with the calendar year in which the enquiry was
finally
answered, in order to be able to carry out a quality check.
In the case of data processing based on legitimate interest, you can
object to this data processing at any
time. You can send your objection to the following e-mail address
shrug
or to the contact details under 1. All data stored in connection with the contact will be deleted in
this
case.
5. Log-In Registration/opening a customer account
We offer you the opportunity to register at out website by providing
your personal data, such as title, first
name, surname, email address, password and password confirmation. In addition, your IP address as a user
and
the
date and time of the log-in are stored at the time of registration.
The data processing is based on the establishment of a contract and the
implementation of pre-contractual
measures in accordance with Art. 6 (1) lit. b GDPR. It serves the purpose of making the order process
available in a
secure area in the customer account.
As far as the data described above is no longer required for the
purposes also described above, the data will
be deleted. In the case of data in connection with contracts, there may still be legal (tax law §§ 147
AO,
257 HGB)
or contractual obligations (warranty) to continue to store the data after termination of the contract.
The deletion of your customer account/log-in registration is possible
at any time and can be done by sending an
e-mail to
shrug.
6. Transfer of data
In order to fulfil the contract in accordance with Art. 6 (1) 1 lit. b
GDPR
, we pass on your data (title, first name, surname, billing/delivery address, telephone, e-mail address,
articles)
to service providers (print service providers, shipping service providers, logistics providers, banks,
IT
service
providers, marketing service providers) for the processing of orders and payments as well as returns,
insofar as
this is necessary.
We also use your data to assert and enforce our rights and in this case
pass the data on to lawyers, tax
consultants, insurance companies or debt collection agencies.
In addition, we may be obliged to transfer your personal data to public
authorities in order to comply with
legal obligations. These may include tax authorities and customs authorities.
If we use service providers outside the EU or the European Economic
Area (EEA), we first check the level of
data protection in the country of the service provider to determine whether this is sufficient and take
measures in
accordance with Art. 44 ff of the GDPR to achieve a sufficient level of data protection. Where the EU
standard
contractual clauses are used, we have taken additional contractual, organisational and technical
measures to
ensure
the EU level of data protection and have carried out a transfer impact assessment. For more information,
please
visit
shrug.
Hosting services
Data are also processed by a provider that we have engaged to render hosting and website
presentation services on
our behalf. This serves to protect our legitimate interests in the correct presentation of our offer,
which
are
outweighed by a balance of interests. This provider processes on its servers all data that are collected
in
the
manner specified below when you visit our website or fill in forms made available for this purpose in
our
online
shop. Data are processed on other servers only in the scope described herein.
This service provider, the company maxcluster (
maxcluster
GmbH), is located in Germany at
Lise-Meitner-Str. 1b in 33104 Paderborn.
6.1 Processing of orders and returns:
a) the following data for order processing: Salutation, first name,
last name, billing/delivery address,
telephone, e-mail address, article, in order to make and notify deliveries to the customers.
b) ITG receives the following data from us and you for returns processing: Salutation,
first name, last name,
billing/delivery address, telephone, e-mail address, article in order to process the returns.
6.2 Processing of payments:
You can select various payment methods in our webshop (including:
credit card, Klarna pay in 30
days, Klarna slice it, PayPal, Apple Pay). Depending on which payment service provider and which payment
method you select in
the order process, we pass on the payment data collected for this purpose to the credit institution
commissioned
with the payment and, if applicable, to payment service providers commissioned by us.
In some cases, the selected payment service providers (Klarna, PayPal,
Apple Pay) also collect this data themselves if you
create an account with them. In this case, you must log in to the payment service provider with your
access
data
during the ordering process.
Your personal data will be used by the payment service providers to
check whether the selected payment option
can be offered to you. Please note that these recipients claim their own right or duty as a legal basis
for
the data
processing and are therefore considered their own data controllers. Their data protection provisions and
T&Cs
apply.
Furthermore, we would like to inform you that if you do not pay an
invoice, the payment service providers
and/or we may use debt collection agencies. In this case, the collection companies will receive your
personal data,
which are necessary to enforce the claim; the data processing is carried out in this respect in
accordance
with Art.
6 (1) lit. f GDPR.
The following payment service providers process payments for AIGNER:
6.2.1 Credit card payments (VISA, Amex and Master) are made via the company
Mollie
(Mollie B.V.).
Processed data:
Account number or customer ID of the customer, which are used in combination with password, PIN to log
in to
the
respective online banking at Mollie. First name, last name, billing/delivery address, e-mail address,
card
information (combination of card number [PAN], expiry date, verification numbers).
6.2.2 Klarna pay in 30 days, Klarna slice it is carried out via the company
Klarna
(Klarna Bank AB (publ)).
Processed data:
Data used as destination address for ordering payment instruments for payment and customer
authentication:
Postal
address, telephone number, e-mail address, date of birth.
For more information on data protection at
Klarna
(Klarna Bank AB (publ)), please see their
privacy
policy here.
6.2.3 PayPal payment is made through
PayPal
(PayPal
(Europe) S.à r.l. et Cie, S.C.A.).
Data processed:
Data used as destination address for ordering payment instruments for payment and customer
authentication:
Salutation, first name, last name, postal address, telephone number, e-mail address.
You can find more details about data protection at
PayPal
(PayPal (Europe) S.à r.l. et Cie, S.C.A.) in their
privacy
policy here.
6.2.4 Apple Pay payment is made through
Apple
(Apple Inc.).
Data processed:
Data used as destination address for ordering payment instruments for payment and customer
authentication:
Salutation, first name, last name, postal address, telephone number, e-mail address.
You can find more details about data protection at
Apple
(Apple Inc.) in their
privacy
policy here.
Their data protection provisions and general terms and conditions apply. When selecting the
payment service
provider in the order process, we refer to the specifically applicable data protection provisions and
general terms
and conditions of the respective payment service provider.
For detailed information on the individual selectable payment service providers and
possible recipients, you can
contact us at
shrug.
7. Applications
We process your personal data in accordance with § 26 (1) of the German Federal Data
Protection Act (BDSG) insofar
as this data is required for the application procedure in order to make a decision on the establishment
of
an
employment relationship. This is the following data: first name, last name, address, job position,
e-mail
address,
curriculum vitae, certificates of previous activities and regarding acquired professional qualifications
as
well as
voluntary information, such as this may be contained in the covering letter. As a matter of principle,
we
only
process the personal data that we receive from you as part of the application process.
Insofar as you have expressly consented to inclusion in the applicant pool, the data
processing of your personal
data is based on your voluntary and informed consent pursuant to Art. 6 (1) 1 lit. a GDPR, § 26 (2)
BDSG.
You can
revoke your consent at any time, free of charge, also at
shrug
or by post to the contact details under point 1.
Your personal data will be deleted within 6 months after completion of the application
process, unless you have
expressly given us your consent to store your data for a longer period, we need the data to defend
against
legal
claims or an employment relationship has been established with you pursuant to § 26 BDSG. If no
employment
relationship has arisen, but you have given us your consent for further data processing, we will store
this
data for
a maximum of three years.
You can apply to us electronically, via e-mail, among other ways. Please note that unencrypted e-mails
are
not
transmitted in an access-protected form. If you do not wish to do this, please send us your application
by
post to
the contact details under point 1. We will of course only use your details to process your application
and
will not
pass them on to third parties.
The data you send us as part of your application will only be processed in the personnel
department and by the
superior (head of department) responsible for the specific personnel selection.
We only process your personal data listed above for longer than stated above if this is
necessary due to our
overriding legitimate interest pursuant to Art. 6 (1) lit. f GDPR in order to defend ourselves against
claims in the
event of a legal dispute. You can object to this at any time free of charge, also at
shrug.
8. Integration of the Trusted Shops Trustbadge / other widgets
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops
services (seal of approval,
collected reviews) and to offer Trusted Shops products to buyers after an order has been placed.
This serves to safeguard our overriding legitimate interests in optimal marketing by
enabling secure shopping in
accordance with Art. 6 (1) 1 lit. f GDPR. The Trustbadge and the services advertised with it are an
offer
from
Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, with whom we are jointly responsible for data
protection
according to Art. 26 GDPR. In the context of this data protection notice, we will inform you below about
the
essential contents of the contract in accordance with Art. 26 (2) GDPR.
The Trustbadge is provided by an US CDN provider (Content Delivery Network) as part of a
shared responsibility. An
appropriate level of data protection is ensured by standard data protection clauses and other
contractual
measures.
Further information on data protection at Trusted Shops AG can be found
here.
When the Trustbadge is called up, the web server automatically saves a so-called server log
file, which also
contains your IP address, date and time of the call, amount of data transferred and the requesting
provider
(access
data) and documents the call. The IP address is anonymized immediately after collection, so that the
stored
data
cannot be assigned to you personally. The anonymised data is used in particular for statistical purposes
and
for
error analysis.
After the order has been completed, your email address, which has been hashed using a
cryptological one-way
function, is transmitted to Trusted Shops AG. The legal basis is Art. 6 (1) 1 lit. f GDPR. This serves
to
check
whether you are already registered for services with Trusted Shops AG and is therefore necessary for the
fulfillment of our and Trusted Shops overriding legitimate interests in the provision of buyer
protection
linked to
the specific order and the transactional evaluation services in accordance with Art. 6 (1) 1 lit. f GDPR
required.
If this is the case, further processing takes place in accordance with the contractual agreement made
between you
and Trusted Shops. If you are not yet registered for the services, you will then be given the
opportunity to
do so
for the first time. Further processing after registration is also based on the contractual agreement
with
Trusted
Shops. If you do not register, all transmitted data will be automatically deleted by Trusted Shops AG
and a
personal reference is then no longer possible.
Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The
legal basis is Art. 6 (1)
1 lit. f GDPR for the purpose of ensuring trouble-free operation. Processing may take place in third
countries (USA
and Israel). An adequate level of data protection is ensured in the case of the USA through standard
data
protection
clauses and further contractual measures and in the case of Israel through an adequacy decision.
As part of the shared responsibility between us and Trusted Shops AG, if you have questions
about data protection
and to assert your rights, please contact Trusted Shops AG, whose contact options you can find
here.
Irrespective of this, you can always contact us using the contact option described in this data
protection
declaration. If necessary, your request will then be forwarded to the other person responsible for an
answer.
9. Email newsletter
If you register for the Etienne Aigner AG newsletter on the website, we will use the data
required from you in the
form (e-mail address, gender) to inform you weekly about the products and services of Etienne Aigner AG
based on
your consent in accordance with Art. 6 (1) 1 lit. a GDPR. You can revoke your consent at any time for
the
future in
the unsubscribe link of the newsletter or by email to
shrug.
In order to obtain your consent in a legally secure manner, we will send you a confirmation
link to the email
address you have provided. Only when you have clicked on this confirmation link is your consent deemed
to
have been
granted (double opt-in procedure).
The newsletter is sent within the scope of processing on our behalf and according to our
instructions by our
service provider
ActiveCampaign, to whom we pass
on your email address for this purpose. This service provider is located in the USA.
10. Sending out of review reminders by e-mail
10.1 If you have given us your express consent to this during or after your order in
accordance with Art. 6 (1) 1
lit. a GDPR, we will use your e-mail address, order number as a reference for the reminder to submit an
evaluation
of your order via the evaluation system used by us. This consent can be revoked at any time by sending a
message to
shrug
as well as to the
contact option described below under point 14.2 as well as in the evaluation mail itself for the future
without any
disadvantages for you.
10.2 Review reminder by Trusted Shops
If you have given us your express consent to this during or after your order in accordance
with Art. 6 (1) 1 lit. a
GDPR, we will transmit your e-mail address, order number as a reference to Trusted Shops AG,
Subbelrather
Str.
15c, 50823 Cologne (www.trustedshops.de).
This consent can be revoked directly to Trusted Shops.
We store the data collected as part of the evaluation for a maximum of 2 years for quality
assurance purposes.
11. Cookies and web-analysis
Cookies are small text files that are automatically stored on your end device. Some of the
cookies used by us are
deleted again after the end of the browser session, i.e. after closing your browser (so-called session
cookies).
Other cookies remain on your end device and enable us to recognize your browser the next time you visit
us
(persistent cookies).
11.1 Basic information
In order to make your visit to our website more attractive and to enable the use of certain
functions, to display
suitable products or for market research, we use so-called cookies or other tools on various pages,
insofar
as you
have explicitly given your consent to this in accordance with Art. 6 (1) 1 lit. a GDPR. This is done in
the
cookie
consent banner, in which we inform you in detail about the individual cookies, their purpose, storage
period, the
data processed by them and about the provider, as well as in section 15.
You can revoke your consent at any time by sending a message to the contact option described in the
privacy
policy
to
shrug,
among others, as
well as in the cookie consent banner and/or footer under cookie settings.
11.2 Browser settings
You can set your browser to inform you when cookies are set. Each browser differs in the
way it manages cookie
settings. This is described in the help menu of each browser, which explains how you can change your
cookie
settings. You can find this for each browser at the following links:
11.3 Cookies / tools
11.3.1 Necessary cookies and functional cookies
These cookies are necessary for you to be able to use our website, i.e. for its display and
delivery. These
include, for example, cookies with which you can log in to the customer area or place items in your
shopping
cart.
We do not require your consent for this. The legal basis is Art. 6 (1) lit. f GDPR in connection with §
25
Telecommunications and Telemedia Data Protection Act (TTDSG).
11.3.2 Analysis / performance cookies
These cookies enable collecting anonymised data about user behaviour on our website. We
analyse them e.g. to
improve the functionality of our website and recommend products that are of interest to you. In order to
be
able to use these, we request your consent in the cookie consent banner pursuant to Art. 6 (1) 1 lit. a
GDPR.
11.3.3 Targeting cookies
These cookies record information about your visit to the website, previously viewed pages
and links you have
clicked on. We use this information to customise our website and tailor ads to your interests. In order
to
be able
to use these, we request your consent in the cookie consent banner pursuant to Art. 6 (1) 1 lit. a GDPR.
11.3.4 Third-party cookies
In order to analyse our website, we sometimes work together with partners who also use
cookies for their own
purposes. In order to be able to use these partners, we ask for your consent in the cookie consent
banner
beforehand.
Some of our partner companies are located in third countries, i.e. countries outside the
EU/EEA, so that your
personal data may also be processed in a third country that does not have an EU data protection level.
We
select our
partners carefully and check whether they can be replaced by European providers. If this is not the
case, we
conclude appropriate contracts in accordance with Art. 44ff GDPR and take suitable measures to ensure
the EU
level
of data protection. If data is transferred to an unsafe third country, you will be informed in advance
and
asked for
your consent pursuant to Art. 49 (1) a GDPR in the cookie consent banner.
12. Analysis tools
12.1
Using of Google (Universal) Analytics for web analytics
Insofar as you have given your consent according to Art. 6 (1) 1 lit. a GDPR, this website
uses Google (Universal)
Analytics. Google Universal Analytics is an offer from Google Ireland Limited, a company incorporated
and
operated
under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland
(www.google.co.uk).
Google (Universal) Analytics uses methods, like e.g. cookies, that enable an analysis of your use of the
website.
The information collected automatically by cookies about your use of this website are as a rule
transmitted
to and
stored on a Google server in the United States.
At the same time, as IP anonymisation is enabled on this website, the IP address will be
shortened before being
transmitted within the area of member states of the European Union or other parties to the Agreement on
the
European
Economic Area. Only in exceptional cases, the full IP address will be sent to a Google server in the USA
and
shortened there. Generally, Google does not associate the anonymised IP address, transmitted from your
browser
through Google Analytics, with any other data held by Google.
During your website visit, your user behavior is recorded in the form of "events".
Events can be:
- Page views
- First visit on the website
- Start of session
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- Clicks on external links
- Internal search queries
- Interaction with videos
- Seen / clicked ads
Also recorded:
- Your approximate location (region)
- Your IP address (in shortened form)
- Technical information about your browser and the end devices you use (e.g. language
setting, screen resolution)
- Your internet service provider
- The referrer URL (via which website / via which advertising medium you came to this
website)
On behalf of the operator of this website, Google will use this information for the purpose
of evaluating your
anonymous use of the website and compiling reports on website activity. The reports provided by Google
Analytics are
used to analyze the performance of our website and the success of our marketing campaigns.
Recipients
Recipients of the data are/may be:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor
according to Art. 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities access the data stored by Google.
Insofar as data is processed outside the EU/EEA and there is no level of data protection
corresponding to the
European standard, we have concluded EU standard contractual clauses with the service provider to
establish
an
appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in
California, USA.
A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled
out.
You do
not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies
against
access by
authorities.
After the end of the purpose, usually after 2 months or the end of the use of Google
Analytics by us, the data
collected in this context will be deleted by us.
You may revoke your consent at any time in the cookie consent banner or footer under cookie
settings by changing
your settings there.
Alternatively, you can prevent the storage of cookies from the outset by setting your
browser software accordingly.
However, if you configure your browser to reject all cookies, this may restrict functionality on this
and
other
websites. You can also prevent the collection of data generated by the cookie and related to your use of
the
website
(including your IP address) to Google and the processing of this data by Google, by
a. Not giving your consent to the setting of the cookie or
12.2 Advertising with Google Ads remarketing
We use the Google Ads service. Google Ads is an online advertising programme of Google LLC,
1600 Amphitheatre
Parkway Mountain View, CA 94043, USA. The responsible party for users in the EU/EEA and Switzerland is
Google
Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
This means that we place Google Ads and also use Google Remarketing and Conversion Tracking
as part of this. The
ads are displayed after search queries on websites of the Google advertising network. In addition, we
use
Ads
remarketing lists for search ads. This allows us to customise search ad campaigns for users who have
visited
our
website before. Through the services, we have the ability to combine our ads with specific search terms
or
to serve
ads to previous visitors that, for example, advertise services that they have viewed on our website.
This
means that
we can display interest-based advertising to users of our website on other websites within the Google
advertising
network (as a "Google Ad" within Google Search or on other websites).
An analysis of online user behaviour is necessary for interest-based offers. Google uses
cookies to carry out this
analysis. When clicking on an advertisement or visiting our website, a cookie is set on the user's
computer
by
Google. These cookies have a duration of 180 days. Further information on the cookie technology used can
also be
found in Google's notes on website statistics and in the privacy policy. With the help of this
technology,
Google
and we as the customer receive information about the fact that a user has clicked on an advertisement
and
has been
forwarded to our web pages. The information obtained in this way is used exclusively for statistical
analysis to
optimise advertisements. We do not receive any information with which visitors can be personally
identified.
Your IP
address is transmitted to Google, but since we use Google Analytics on this website, your IP address is
anonymised.
The statistics provided to us by Google include the total number of users who clicked on one of our ads
and,
if
applicable, whether they were redirected to a page on our website that was tagged with a conversion tag.
These
statistics allow us to track which search terms were clicked on particularly often and which ads lead to
the
user
contacting us via the contact form. By integrating Adwords Conversion, Google receives the information
that
you have
called up a specific part of our website or clicked on one of our ads. If you are registered with
Google,
Google can
assign you to your account. Even if you are not registered or logged in to the account, Google may be
able
to find
out your IP address and thus who you are.
Insofar as data is processed outside the EU/EEA, where there is no level of data protection
corresponding to the
European standard, we have concluded EU standard contractual clauses with the service provider to
establish
a secure
level of data protection and have taken further supplementary contractual, organisational and technical
measures.
Insofar as data is processed outside the European Economic Area / the EU, where there is no level of
data
protection
that corresponds to the European standard, Google states that it uses
standard
contractual clauses.
The collection and storage of data only takes place after explicit consent according to
Art. 6 (1) 1 lit. a, 49 (1)
1 lit. a GDPR. This can be revoked at any time with effect for the future. You can revoke your consent
at
any time
for the future in the cookie consent banner or footer under cookie settings by changing your settings
there.
However, we and Google still receive statistical information about how many users have
visited this page and when.
If you do not wish to be included in these statistics, you can prevent this by using additional programs
for
your
browser (e.g. with the Ghostery add-on).
In addition to Google Adwords Conversion, we use the Google Adwords Remarketing application
based on your
previously given consent to the use of cookies and the third country transfer in the Cookie Consent
Banner.
Through
Google Adwords Remarketing, our advertisements can be displayed to you after a visit to our website in
the
subsequent internet use by you. This is done by means of cookies stored in your browser, which are used
by
Google to
record and evaluate your usage behaviour when visiting various websites. In this way, Google can
determine
your
previous visit to our website. According to its own statements, Google does not combine the data
collected
in the
course of Google Remarketing with your personal data that may be stored by Google (e.g. because you have
registered
for a Google service such as GMail). According to Google, pseudonymisation is used in remarketing.
You can revoke your consent to Google Ads, remarketing and conversion tracking for the
future at any time in the
cookie consent banner or footer under cookie settings by changing your settings there.
12.3 Google Tag Manager
For reasons of transparency, we would like to point out that we use the Google Tag Manager
of the provider Google
LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible party for users in the
EU/EEA
and
Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5,
Ireland.
The Google Tag Manager itself does not collect any personal data. Google Tag Manager makes
it easier for us to
integrate and manage our tags. Tags are small code elements that are used, among other things, to
measure
traffic
and visitor behaviour, to record the impact of online advertising and social channels, to set up
remarketing
and
targeting, and to test and optimise websites. We use the Tag Manager for the Google Analytics service.
If
you have
deactivated it, this deactivation will be taken into account by the Google Tag Manager. For more
information
on the
Google Tag Manager, see:
https://www.google.com/intl/de/tagmanager/use-policy.html.
12.4 Google reCAPTCHA
We use reCaptcha
v2 on our websites. reCAPTCHA
is a service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The
responsible
party
for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4
Barrow
St,
Dublin, D04 E5W5, Ireland.
The information collected via fingerprinting about your use of this website is generally
transferred to a Google
server in the USA and stored there.
ReCaptcha is used to prevent the misuse of automated entries in web forms and thus to
protect the technical systems
of the hoster.
When you call up one of our websites in which reCaptcha is integrated, a connection is
established to Google's
servers. A reCaptcha cookie is set. Your IP address is transmitted to Google.
In addition, reCaptcha collects the following data by means of
"fingerprinting":
- Browser plugins used
- cookies set by Google in the last 6 months
- number of mouse clicks and touches you have made on this screen
- CSS information for the page you are viewing
- Javascript objects
- the date
- the browser language
You may refuse the use of cookies and fingerprinting by selecting the appropriate settings
on your browser, however
please note that if you do this you may not be able to use the full functionality of this website.
Insofar as data is processed outside the European Economic Area / the EU, where there is no
level of data
protection corresponding to the European standard, Google states that it uses
standard contractual clauses.
The collection and storage of data only takes place after explicit consent according to
Art. 6 (1) 1 lit. a, 49 (1)
a GDPR.
You can revoke your consent to Google reCaptcha for the future at any time in the cookie
consent banner or footer
under cookie settings by changing your settings there.
12.5 ADCELL Partner Programme
This website uses tracking cookies of
Firstlead
GmbH
(Rosenfelder Str. 15-16, 10315 Berlin) with the brand
ADCELL. You
can find more information on data protection
here. As soon as the
visitor clicks on an advertisement with the
partner link, a cookie is set. Firstlead GmbH / ADCELL uses cookies to track the origin of orders. In
addition,
Firstlead GmbH / ADCELL uses so-called tracking pixels. These allow information such as visitor traffic
on
the pages
to be evaluated. The information generated by cookies and tracking pixels about the use of this website
(including
user agent information and IP address) and the delivery of advertising formats is transmitted to a
server of
Firstlead GmbH / ADCELL and stored there. The servers are located at Firstlead GmbH in Berlin and
Hetzner
Online GmbH in Falkenstein.
Detailed information as well as a list of cookies used for ADCELL tracking can be found in ADCELL's
privacy
policy. Among other things, Firstlead
GmbH / ADCELL can recognise that the partner link on this website has been clicked. Firstlead GmbH /
ADCELL
may pass
this (anonymised) information on to contractual partners under certain circumstances, but data such as
the
IP
address will not be merged with other stored data.
12.6 Criteo
This website uses technology from the provider
Criteo, based at 32
Rue Blanche, 75009 Paris, France.
Criteo enables us to collect information about the surfing behaviour of our website
visitors for advertising and
marketing purposes in anonymised or pseudonymised form. The service collects browsing behaviour data via
cookies
and/or advertising IDs that record the following:
- Events related to your activity on our website (for example, number of pages viewed,
products viewed on this
website, searches you have made on this website).
- Information about your terminal device (device type, operating system, version)
- Vague information about your location and information derived from your shortened IP
address so that we can only
serve ads for products that are actually available in your country, region or city.
- Events related to Criteo's ad delivery, such as the number of ads displayed to you.
The data collected in this way is used to create user profiles under a pseudonym.
Further information on the scope and storage period can be obtained from Criteo's privacy policy:
https://www.criteo.com/privacy/.
There you can
also prevent the collection of data for "Criteo Dynamic Retargeting" and "Criteo
Sponsored
Products" by making the
appropriate settings.
The collection and storage of data only takes place with your express consent in accordance
with Art. 6 (1) 1 lit.
a GDPR. You can revoke your consent for the future at any time in the cookie consent banner or footer
under
cookie
settings by changing your settings there.
To refuse this interest-based advertising, please visit the following websites:
12.7 Smartlook
This website uses Smartlook located at Šumavská 524/31, Veveří, 602 00
Brno, Czech Republic, EU.
Smartlook records movements on the website
in so-called heat maps. This makes it possible to recognise anonymously where visitors click and how far
they scroll. This allows the website to be designed in a better and more customer-friendly way. All data
is
collected without it being possible to assign it to specific users. Only how the mouse is moved, where
it is
clicked and how far it is scrolled can be traced. Furthermore, the screen size of the device, the type
of
device, information on the browser, the country from which access was made and the preferred language
are
recorded. If personal data of you or third parties are displayed on a website, these are automatically
hidden by Smartlook. They are therefore not traceable for us.
The legal basis for the use of Smartlook is Art. 6 (1) lit. f GDPR.
You can find Smartlook's privacy policy here.
12.8 New Relic
This website uses New Relic (188 Spear Street, Suite
1200, San Francisco, CA 94105, USA).
This serves the purpose of
recording real-time statistical evaluations of the speed, accessibility and performance of the website
in
order to be able to ensure that the online shop is displayed to website visitors and, in the event of a
malfunction, the technical source of the error can be determined in order to restore the accessibility
of
the website. The placement of this cookie is insofar technically absolutely necessary for the provision
of
the website. Personal data is not processed in this context.
The data is processed on the basis of our overriding interest in the optimal marketing of our
online services in accordance with Art. 6 (1) lit. f GDPR.
Further data on data protection can be found here.
13. Social media plugins
We make reference to social media on our websites, for example by means of a link to
In addition, so-called social media plug-ins ("plug-ins") are used. We use the
so-called "shariff" solution. With
the help of shariff, you can determine yourself whether and when data is transmitted to the operators of
the
respective social networks. When you visit our websites, no data is therefore automatically transmitted
to
the
above-mentioned social networks. Only when you yourself actively click on the respective button does
your
internet
browser establish a connection to the servers of the respective social network, i.e. by clicking on the
respective
social media button, you consent to your internet browser establishing a connection to the servers of
the
respective
social network and transmitting usage data to the respective operator of the social network. Before this
happens,
you will be informed that data will be transmitted, to whom it will be transmitted and whether it will
be
transmitted to an unsafe third country.
13.1 YouTube video plug-ins
We use services from YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary
of Google Inc,
Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who are habitually
resident in
the
European Economic Area or Switzerland, Google Ireland Limited ("Google"), Gordon House, Barrow
Street, Dublin 4,
Ireland is the data controller for your data.
Here, we use a two-click solution to protect your personal data. When you call up a page in
which a YouTube video
is embedded, a connection to the YouTube servers is only established when you click on the "confirm"
button and
thereby also give your consent Art. 6 (1) lit. a GDPR and to the transfer of data to a third country in
accordance
with Art. 49 (1) lit. a GDPR. In this case, YouTube will set cookies and use your visit data for its own
purposes.
If you are logged in to YouTube at this time, the information about the videos you have viewed will be
assigned to
your YouTube member account. You can prevent this by logging out of your member account before visiting
our
website.
Insofar as data is processed outside the European Economic Area / the EU, where there is no level of
data
protection
corresponding to the European standard, Google states that it uses standard contractual clauses. Further
information
on YouTube's data protection is provided by Google at the following link:
https://policies.google.com/privacy?hl=en-GB&gl=de.
You can revoke your consent at any time in the cookie consent banner or footer under cookie
settings by changing
your settings there.
13.2 Instagram
Etienne Aigner AG uses the technical platform and services for Instagram of Meta Platforms
Inc., 1601 Willow Road,
Menlo Park, CA, 94025 USA, which is managed in Europe by Meta Platforms Limited Ireland, Ltd. 4 Grand
Canal
Square,
Grand Canal Harbour, D2 Dublin Ireland, for the information service offered. You use the Instagram page
and
its
functions under your own responsibility, in particular the interactive functions.
When you visit our Instagram page, Instagram collects, among other things, your IP address
and other information
that is present on your PC in the form of cookies. This information is used to provide us, as the
operator
of the
Instagram page, with statistical information about the use of the Instagram page. It is used for
authentication,
security, website and product integrity, advertising and measurement, website features and services,
performance,
and analysis and research. For more information, please visit the Instagram Help section at the
following
link:
https://help.instagram.com/1896641480634370?cms_id=1896641480634370&published_only=true.
Unless you have an Instagram account, you can manage interest-based online ads through the
European Interactive
Digital Advertising Alliance settings. The data collection and storage through the use of the
above-mentioned
cookies by Facebook can additionally, but also at any time with effect for the future, be objected to
via
the
following opt-out link:
https://www.youronlinechoices.com/uk/your-ad-choices.
Under the aforementioned link, you can manage your preferences regarding usage-based online
advertising. If you
object to usage-based online advertising with a particular provider using the preference manager, this
only
applies
to the particular business data collection via the web browser you are currently using. The preference
management is
cookie-based. Deleting all browser cookies will also remove the preferences you have set using the
preference
manager.
You can also configure your browser before visiting our Instagram page so that no cookies
are stored by Facebook.
Information on how to adjust the settings for cookies in your browser can be found in the help section
of
the
browser you are using.
We have no influence on whether and which cookies Facebook sets via our Instagram page and
how this data is
processed.
The processing of your data by us when you contact us or interact with us via our Instagram
page is based on our
legitimate interest pursuant to Art. 6 (1) 1 lit. f GDPR. Our overriding legitimate interest is to
contact
and
communicate with our interested parties and to respond to their specific requests. If your message is
directed
towards the conclusion of a contract or concerns the implementation of an existing contractual
relationship,
the
legal basis for the processing is also Art. 6 (1) 1 lit. b GDPR.
As a matter of principle, we only store personal data until the respective purpose for
which the data was collected
has been achieved. In the context of a business relationship with you, we store your personal data for
as
long as
the business relationship lasts; this also includes the initiation and execution of a contract as well
as
the
regular limitation period. In addition, we store the data if and insofar as we are subject to statutory
retention
obligations. Such obligations may arise, for example, from the German Commercial Code (HGB) or the
German
Fiscal
Code (AO).
If you have given us consent for a processing operation, the data related to the granting
of consent will be stored
until revoked or at the longest for the duration of the processing operation and after its termination
within the
scope of the statute of limitations.
There is no legal or contractual obligation to provide your personal data to us or to Meta
Plaforms Inc. Failure to
provide such data will not have any negative consequences.
For statistical evaluation purposes, we use the Instagram insights function. In this
context, we receive anonymised
data in the form of statistics, which Meta Platforms Inc. collects via cookies and pixels, among other
things, on
the visitors to our Instagram page. This does not allow us to draw any conclusions about your person.
The following information is provided to us by Facebook with Instagram insights:
- Interactions: Promotional clicks as well as the percentage of clicks to the profile.
- Discovery: How many people were reached, impressions as well as new subscribers.
- Promotion: Gives an overview of how long the promotion has been running and how much has
been spent so far.
- Target group: Demographic data such as gender, age and most popular locations.
Meta Platforms provides more detailed information on the insights functions in its
Instagram privacy statement (
https://instagram.com/about/legal/privacy).
In the Instagram help section, there is a guide explaining which settings need to be made in order to
decide
in
which form targeted advertising is displayed. You can access these by selecting the "Manage your
account" tab under
the link https://help.instagram.com/ and then "Instagram ads".
The data collected about you in this context will be processed by Meta Platforms Limited Ireland. and in
the
process
may be transferred to countries outside the European Union, at least a transfer to the parent company in
the
USA is
not excluded. Instagram describes in its privacy policy at
https://help.instagram.com/1896641480634370?ref=ig
what information about you is transferred here and how it is processed.
In what way Instagram processes the data for its own purposes and to what extent activities
on the Instagram page
are assigned to individual users, the storage period, the transfer to third parties, is not conclusively
defined in
concrete terms by Meta Platforms Limited Ireland. We are not aware of this. When accessing the Instagram
page, the
IP address of your end device is transmitted anonymously for German addresses and deleted after 90 days.
Meta
Platforms Limited Ireland also stores information about the end devices of its users so that it may be
possible for
Instagram Inc. to assign them to individual users.
13.3 Meta Pixel
For marketing purposes, this website uses so-called conversion and retargeting tags (also
"meta pixels") of the provider Meta, i.e. Metaplatforms Ireland Ltd., 4 Grand Canal Square,
Grand
Canal Harbour, Dublin 2, Ireland (hereinafter Meta).
If we have your
consent, the meta pixel will be set in your terminal device and the following information will be read
out
and the following data will be collected when you visit the website: Web pages visited, interest in
content,
access times, page views, first visit on the website, internal search queries, device information, your
IP
address, your location, your e-mail address, your telephone number, your gender, your first and last
name,
your date of birth, your user ID, your address.
We process this data
for the following events, i.e. for the following purposes: page view (number of views of a particular
website under a web browser), view content (pure visit on the website), add to cart (adding an item to
the
shopping cart), purchase (completion of the purchase with order confirmation) and initiate checkout
(start
the purchase process) have been collected and transmitted from there to our server. This website uses
the
meta pixel to analyse the general use of the website and to track the effectiveness of meta advertising
("conversion").
In addition, the meta pixel is used to show you individualised advertising messages based on your
interest ("retargeting").
For this purpose, Meta processes data that the service collects via cookies and similar technologies on
this
website.
Due to the combined marketing tools used (Meta Pixel and
Conversions API), your browser automatically establishes a direct connection with the server of
Metaplatforms Ireland Ltd. (Meta) as soon as we have your consent pursuant to Art. 6 (1) lit. a, 49 (1)
lit.
a GDPR in connection with § 25 (1) Telecommunications and Telemedia Data Protection Act (TTDSG). Insofar
as
the above-mentioned data is collected, processed and also transmitted to Meta for the event add to cart
(adding an item to the shopping cart), purchase (completion of the purchase with order confirmation) and
initiate checkout (starting the purchase process), this is done in accordance with § 25 (2) 2
Telecommunications and Telemedia Data Protection Act (TTDSG), because this information which is
collected
and processed is required for the desired telemedia service of the user, selection of the product and
insertion into the shopping cart, the payment function and for the completion of the ordering process
and
the purchase. In terms of data protection law, on the other hand, the transmission to Meta and thus also
to
the USA is based on your consent in accordance with Art. 6 (1) lit. a, 49 (1) lit. a GDPR.
The meta pixel is integrated by Meta when you call up our
website immediately after you have given us your consent to user-based advertising (the creation of
individualised or suitable advertisements, as well as for their optimisation) in accordance with § 25
para.
1 TTDSG in conjunction with Art. 6 para. 1 lit. a, 49 para. 1 lit. a DSGVO and can save a so-called
cookie,
i.e. a small file, on your device. If you subsequently log in to Facebook (Meta) or visit Facebook
(Meta)
while logged in, your visit to our website will be noted in your profile. The data collected about you
is
anonymous for us, so it does not allow us to draw any conclusions about the identity of the user.
However,
the data is stored and processed by Meta so that a connection to the respective user profile is
possible.
The processing of the data by Meta takes place within the framework of Meta's data usage policy.
Accordingly, you can find more information on how the remarketing pixel works and generally on the
display
of Facebook ads in Facebook's data usage policy: https://www.facebook.com/privacy/policy.
It is not excluded that Metaplatforms Ireland Ltd. also
transmits the collected data to the parent company in the USA, i.e. to an insecure third country where
there
is no level of data protection comparable to that in the EU. In this respect, your consent also
constitutes
consent to data processing in the USA.
You can revoke your consent at
any time in the cookie consent banner or footer under cookie settings by changing your settings there.
You
can revoke your consent for data processing by Metaplatforms Ireland Ltd. with Meta Pixel at any time
with
effect for the future (
https://www.facebook.com/off_facebook_activity), by adjusting your preferences in the cookie
settings. To do this, simply deselect the cookie in the "marketing" area. The storage period
of
the user data used for matching is deleted immediately when the matching is completed. This usually
happens
within 48 hours. The meta-event data may be retained for up to two years in accordance with the terms of
use. The storage period of the cookies is 180 days.
The service
provider of this tool, Meta Pixel, is the American company Meta Platforms Inc., 1601 S. California
Avenue,
Palo Alto, CA 94304, USA. The company Meta (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand
Canal
Harbour, Dublin 2, Ireland) is responsible for the European region. You can find out more about data
protection at Meta under https://www.facebook.com/about/privacy and
https://www.facebook.com/settings?tab=ads.
The standard
contractual clauses of the EU Commission have been concluded for data transfer to the USA. You can find
further details here: https://www.facebook.com/legal/EU_data_transfer_addendum
and https://www.facebook.com/help/566994660333381.
At the same time, there are data security conditions under https://www.facebook.com/legal/terms/data_security_terms. For more information
on when Facebook discloses personal data to security authorities, see https://www.facebook.com/safety/groups/law/guidelines. Meta also publishes a
transparency report at https://transparency.fb.com/data/?source=https%3A%2F%2Ftransparency.facebook.com%2f
and https://www.facebook.com/legal/terms/data_security_terms.
With regard to the collection of data on our website with the help of this meta tool
(Meta Pixel) and the transfer of this data to Meta, we are jointly responsible with Meta Platforms
Ireland
Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland pursuant to Art. 26 GDPR for the
collection of data and the transfer to Meta Platforms Ireland Limited. Insofar as Meta Platforms Ireland
Limited transfers this data to the parent company in the USA or to a third party, this is not covered by
the
joint responsibility. The substantive joint responsibility agreement between Metaplatforms Ireland
Limited
and us can be found at
https://www.facebook.com/legal/controller_addendum. In this agreement, we have assumed
responsibility for the implementation of the tool on our homepage and the provision of the privacy
notice,
whereas Metaplatforms Ireland Limited is responsible for data security. You can exercise your data
subject
rights in relation to the data processed by Metaplatforms directly against Metaplatforms Ireland
Limited. If
you exercise these rights against us, we will promptly forward these requests (e.g. access, deletion) to
Metaplatforms Ireland Limited.
We do not know how Meta further
processes your data for its own purposes. You can find out more about this under: https://www.facebook.com/legal/terms/dataprocessing.
Further information on data protection at Meta (Facebook) can be found at: https://www.facebook.com/privacy/policy/.
You can object to the collection by the Meta pixel and use of
your data for the display of Meta ads. To do so, you can visit the page set up by Meta and follow the
instructions there on the settings for usage-based advertising: https://www.facebook.com/settings
or declare the objection via the page
https://www.aboutads.info/choices/ or https://www.youronlinechoices.com/.
The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers
or
mobile devices.
For more details, see:
https://www.facebook.com/about/privacy
https://www.facebook.com/settings?tab=ads
13.4 Use of the Meta Conversion API
This website uses the Meta Conversion API, a server-side event tracking tool that can be used
to enrich not only web events but also data from offline events.
The
Meta Conversion API is a server-side data interface. Via this interface, we share with Meta the data
that we
collect on our website about your behaviour during the event (purchase) and that was transmitted from
there
to our server in order to send you an order confirmation when you complete the purchase. On the server
side,
the following personal data is collected:
- Visited websites
- Interest in content
- Access times
- Page impressions
- First visit on the website
- Internal search queries
- Device information
- Your IP address
- Your location
- Your email address
- Your telephone number
- Your gender
- Your first and last name
- Your date of birth
- Your user ID
- Your address
Etienne Aigner processes the following data from you email address, telephone number, gender,
first and last name, date of birth and address. This data is transferred via the Meta Conversion API to
Meta
Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta).
We
do not enrich the data transmitted to Meta. Meta uses this data to create user statistics in order to be
able to play out user-specific advertising in order to achieve an increase in reach and higher sales.
In doing so, your personal data may be processed by Meta in the
USA, an insecure third country. There is no equivalent level of EU data protection in the USA. The use
of
the Conversion API and the data transfer of the above-mentioned data to the USA is based on Art. 6 (1)
lit.
a, 49 (1) lit. a GDPR and § 25 (1) Telecommunications and Telemedia Data Protection Act (TTDSG). With
your
consent, you therefore also agree to data processing in the USA. The consent can be freely revoked at
any
time for the future. You can object to your consent for data processing by the Conversion API for this
web
domain at any time with effect for the future at Meta (Facebook) and check at https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Foff_facebook_activity,
https://www.facebook.com/help/2207256696182627/?ref=ofa and https://www.facebook.com/help/contact/1994830130782319.
Insofar as the above data is collected, processed and transmitted to Meta for the
event purchase (conclusion of the purchase with order confirmation), this is done in accordance with §
25
(2) 2 Telecommunications and Telemedia Data Protection Act (TTDSG), because this information, which is
collected and processed, is required for the telemedia service of the purchase requested by you. In
terms of
data protection law, however, the transmission to Meta and thus also to the USA is based on your consent
in
accordance with Art. 6 (1) lit. a, 49 (1) lit. a GDPR.
The service
provider of this tool, Meta Conversion API, is the American company Meta Platforms Inc, 1601 S.
California
Avenue, Palo Alto, CA 94304, USA. Meta (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal
Harbour, Dublin 2, Ireland) is responsible for the European region. You can find out more about data
protection at Meta under https://www.facebook.com/about/privacy and https://www.facebook.com/ads/settings.
We have concluded the standard contractual clauses of the EU
Commission with Meta for data transfer to the USA. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://www.facebook.com/help/566994660333381.
At the same time, there are data security conditions under https://www.facebook.com/legal/terms/data_security_terms. For more information
about when Meta discloses personal data to security authorities, see https://www.facebook.com/safety/groups/law/guidelines. Meta also publishes a
Transparency Report at https://transparency.fb.com/data/?source=https%3A%2F%2Ftransparency.facebook.com%2f
and https://www.facebook.com/legal/terms/data_security_terms.
With regard to the data collection on our website with the help of this Meta Tool
(Conversion Api) and the transfer of this data to Meta, we are jointly responsible with Meta Platforms
Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta) for the
data
collection and the transfer to Meta Platforms Ireland Limited in accordance with Art. 26 GDPR. Insofar
as
Meta Platforms Ireland Limited transfers this data to the parent company in the USA or to a third party,
this is not covered by the joint responsibility. The substantive joint responsibility agreement between
Meta
Platforms Ireland Limited and us can be found at https://www.facebook.com/legal/controller_addendum. In this agreement, we have
assumed responsibility for the implementation of the tool on our website and the provision of the
privacy
notice, whereas Meta Platforms Ireland Limited is responsible for data security. You can exercise your
data
subject rights in relation to the data processed by Meta Platforms Ireland Limited directly against Meta
Platforms Ireland Limited. If you assert these against us, we will forward these requests (e.g.
information,
deletion) to Meta Platforms Ireland Limited without delay. The storage period of the user data for the
Purchase event (see above), which is used for matching, is deleted immediately when the matching is
completed. This usually happens within 48 hours. The meta-event data may be retained for up to two years
in
accordance with the terms of use.
We do not know how Meta Platforms
Ireland Limited further processes your data for its own purposes. You can find out more about this at:
https://www.facebook.com/legal/terms/dataprocessing.
You can find further information on data protection at Meta Platforms Ireland
Limited (Facebook) at: https://www.facebook.com/privacy/policy.
14. Contact possibilities and your
rights
14.1 You have the following rights:
+ Art. 15 GDPR, the right to obtain information about your personal data which we
process, within the scope described therein;
+ Art. 16 GDPR, the right to immediately demand rectification of incorrect or
completion of your personal data stored by us;
+ Art. 17 GDPR, the right to request erasure of your personal data stored with us,
unless further processing is
required
- to exercise the right of freedom of expression and information;
- or compliance with a legal obligation;
- for reasons of public interest or
- for establishing, exercising or defending legal claims;
+ Art. 18 GDPR, the right to request restriction of processing of your personal data,
insofar as
- the accuracy of the data is contested by you;
- the processing is unlawful, but you refuse their erasure;
- we no longer need the data, but you need it to establish, exercise or defend legal
claims, or
- you have lodged an objection to the processing in accordance with Art. 21 GDPR;
+ Art. 20 GDPR, the right to receive your personal data that you have provided to us in
a structured, commonly used
and machine-readable format or to request its transmission to another controller;
+ Art. 7 (3) GDPR, the right to revoke your consent at any time without detriment for
the future, gladly also by
email to
shrug.
+ Art. 77 GDPR, the right to complain to a supervisory authority . As a rule, you can
contact the supervisory
authority at your habitual place of residence or workplace or at our company headquarters. In our
case,
the Bavaria
DPA (Data Protection Authority ), Promenade 18, 91522 Ansbach or online at
https://www.lda.bayern.de/de/beschwerde.html
is responsible.
+ Art. 21 GDPR, the right to object at any time to data processing based on Art. 6 (1)
lit. e and f GDPR if your
interest in not having the data processed exceeds our interest in the data processing or if we use
the
data
processing for reasons of direct advertising or for profiling which is related to direct
advertising.
You can also
lodge your objection by e-mail to
shrug
or by post to the company's address.
********************************************************************
Right to object
If we process
personal data as described above to protect our legitimate
interests that are overriding in the process of balancing of interests, you may object to such data
processing with
future effect. If your data are processed for direct marketing purposes, you may exercise this right
at
any time as
described above. If your data are processed for other purposes, you have the right to object only on
grounds
relating to your particular situation.
After you have exercised
your right to object, we will no longer
process your personal data for such purposes unless we can demonstrate compelling legitimate grounds
for
the
processing which override your interests, rights and freedoms or for the establishment, exercise or
defence of legal
claims.
This does not apply to the processing of personal data
for direct marketing purposes. In such a
case we will no longer process your personal data for such purposes.
To exercise your above rights, please contact us by email at shrug
or by post at the company's address. The exercise of your above rights is free of charge for
you.
********************************************************************
14.2 Contact option
If you have any questions regarding the collection, processing or use of your personal
data, for information,
correction, restriction or deletion of data as well as revocation of consent given or objection to a
certain use of
data, please contact us directly via the contact details in our imprint or also directly to the data
protection
officer by email
shrug