We are very pleased about your interest in our company. The management of Prätorius GmbH attaches particularly great importance to data protection. It is principally possible to use the websites of Prätorius GmbH without entering any personal data. If a data subject would like to use special services of our company via our website, however it could become necessary to process personal data. If the processing of personal data is necessary and if no statutory basis exists for such processing we will generally obtain a consent of the data subject.

The processing of personal data, for example the name, address, e-mail address or telephone number of a data subject, shall always be carried out in line with the General Data Protection Regulation and in compliance with the country-specific data protection provisions applicable to Prätorius GmbH. By means of this privacy statement our company would like to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Data subjects are further informed about the rights to which they are entitled by means of this privacy statement.

Prätorius GmbH as the data controller responsible for the processing has implemented numerous technical and organisational measures in order to ensure an as far as possible consistent protection of the personal data processed via this website. Nevertheless, internet-based data transmissions can principally feature security gaps so that absolute protection cannot be guaranteed. For this reason, each data subject is at liberty to also transmit personal data to us in alternative ways, for example by telephone.

1.         Definitions

The privacy statement of Prätorius GmbH is based on the terms that were used by the European issuers of directives and regulators when the General Data Protection Regulation (GDPR) was issued. Our privacy statement should be easily legible and understandable both for the public as well as for our customers and business partners. In order to guarantee this we would like to first of all explain the used terms.

We use, among others, the following terms in this privacy statement:

a)    Personal data

Personal data is all information, which refers to an identified or identifiable natural person (hereinafter "data subject"). A natural person will be seen as identifiable, who can be identified directly or indirectly, in particular by means of allocation to an identifier, such as a name, to a code number, to location data, to an online identifier or to one or more special features, which are an expression of the physical, physiological, genetic, mental, financial, cultural or social identity of this natural person.

b)    Data subject

A data subject is each identified or identifiable natural person, whose personal data are processed by the data controller responsible for the processing.

c)    Processing

Processing is each activity carried out with or without the aid of automated processes or each such series of activities in connection with personal data, such as the collection, entry, organisation, arrangement, storage, adjustment or change, reading out, query, the use, the disclosure by transmission, distribution or any other form of provision, the comparison or linking, the restriction, erasure or the destruction.

d)    Restriction to the processing

The restriction to the processing is the marking of stored personal data with the aim to restrict their future processing.

e)    Profiling

Profiling is each type of automated processing of personal data, which consists of the fact that these personal data are used in order to assess certain personal aspects that refer to a natural person, in particular in order to analyse or forecast aspects with regard to work performance, financial position, health, personal preferences, interests, reliability, conduct, place of abode or change in location of this natural person.

f)     Pseudonymisation

Pseudonymisation is the processing of personal data in a manner in which the personal data can no longer be allocated to a specific data subject without using additional information, if this additional information is stored separately and is subject to technical and organisational measures, which guarantee that the personal data are not allocated to an identified or identifiable natural person.

g)    Data controller or data controller responsible for the processing

A data controller or data controller responsible for the processing is the natural person or legal entity, authority, institution or other body, which alone or together with others decides about the purposes and means of the processing of personal data. If the purposes and means of this processing are stipulated by Union law or the law of the member state then the data controller or the certain criteria for his or its appointment can be envisaged according to Union law or the law of the member states.

h)    Contract data processor

A contract data processor is a natural person or legal entity, authority, institution or other body, which processes personal data by order of the data controller.

i)     Recipient

A recipient is a natural person or legal entity, authority, institution or other body, to whom or which personal data are disclosed, irrespective whether it concerns a third party or not. Authorities, which possibly receive personal data within the scope of a certain investigation order according to Union law or the law of the member states, shall however not be deemed as recipients.

j)     Third party

A third party is a natural person or legal entity, authority, institution or other body apart from the data subject, the data controller, the contract data processor and the persons, who under the direct responsibility of the data controller or the contract data processor are authorised to process the personal data.

k)    Consent

A consent is each announcement of intention voluntarily and unmistakeably submitted by the data subject for the certain case in an informed manner in the form of a declaration or any other clear, confirming act, with which the data subject gives to understand that he agrees with the processing of the personal data relating to him.

2.         Name and address of the data controller responsible for the processing

The data controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions with a character of data protection law

Prätorius GmbH
Oderstraße, 75
24539 Neumünster
Germany
Tel.: +494321-60288-0
E-mail: info@praetorius-gmbh.de
Website: www.praetorius-gmbh.de

3.         Name and address of the data protection officer

You can contact the data protection officer as follows:

Prätorius GmbH
Oderstraße, 75
24539 Neumünster
-Data protection officer-
E-mail: Datenschutz@Praetorius-gmbh.de
Website: www.praetorius-gmbh.de

Each data subject can contact our data protection officer directly at all times with all questions and suggestions relating to data protection.

4.         Cookies

The websites of Prätorius GmbH use cookies. Cookies are text files, which are placed and stored on a computer system via an internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie-ID. A cookie-ID is a clear identifier of the cookie. It consists of a string, through which websites and servers can be allocated to the specific internet browser, in which the cookie was stored. This makes it possible to distinguish the visited websites and servers, the individual browser of the data subject from other internet browsers, which contain other cookies. A certain internet browser can be recognised and identified via the clear cookie-ID.

By the use of cookies Prätorius GmbH can make more user-friendly services available to the users of this website, which would not be possible without setting the cookie.

By means of a cookie the information and offers on our website can be optimised in the interest of a user. Cookies enable us, as mentioned already, to recognise the users of our website. The purpose of this recognition is to facilitate the use of our website for the users. The user of a website that uses cookies, does not for example have to enter his access data once again with each visit to the website, because this is taken over by the website and the cookies place on the user’s computer system. A further example is the cookie of a shopping basket in the online shop. The online shop notes the articles that a customer has placed in the virtual shopping basket, through a cookie.

The data subject can prevent the setting of cookies by our website at all times by means of a corresponding setting of the used internet browser and therefore permanently object to the setting of cookies. Further already set cookies can be deleted at all times via an internet browser or other software programmes. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the used internet browser, under certain circumstances it will not be possible to use all functions of our website in full.

5.         Entry of general data and information

The website of Prätorius GmbH records a host of general data and information each time the website is called by a data subject or an automated system. These general data and information are stored in the log files of the server. The (1) used browser types and versions, (2) the operating system used by the accessing system, (3) the website, from which an accessing system comes to our website (so-called referrer), (4) the sub-websites, which are guided via an accessing system to our website, (5) the data and the time of an access to the website, (6) an internet protocol address (IP address), (7) the Internet-Service-Provider of the accessing system and (8) other similar data and information, which serve the defence of risks in the event of attacks against our IT systems can be recorded.

With the use of these general data and information Prätorius GmbH does not draw any conclusions about the data subject. This information is rather required in order to (1) correctly supply the contents of our website, (2) to optimise the contents of our website as well as the advertising for this, (3) to guarantee the permanent functionality of our IT systems and the technology of our website as well as (4) in order to make information that is necessary for criminal prosecution available to criminal prosecution authorities in the event of a cyber-attack. These anonymously collected data and information are therefore evaluated by Prätorius GmbH on the one hand statistically and further with the aim to improve the data protection and the data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed by us. The anonymous data of the Server-Logfiles are stored separately from all personal data entered by a data subject.

6.         Registration on our website

The data subject has the possibility to register on the website of the data controller responsible for the processing by entering personal data. Which personal data are transmitted hereby to the data controller responsible for the processing, can be derived from the respective input mask, which is used for the registration. The personal data entered by the data subject are exclusively collected and stored for the internal use at the data controller responsible for the processing and for own purposes. The data controller responsible for the processing can arrange for the forwarding to one or more contract data processors, for example a parcel service provider, which will also exclusively use the personal data for an internal use, which is to be attributed to the data controller responsible for the processing.

By a registration on the website of the data controller responsible for the processing the IP address allocated by the Internet-Service-Provider (ISP) of the data subject will further store the date as well as the time of the registration. The storage of these data will be carried out against the background that only this way can the misuse of our services be prevented, and these data will, if required, make it possible to clarify committed criminal offences. Insofar the storage of these data is necessary to protect the data controller responsible for the processing. These data are principally not forwarded to third parties if there is no statutory obligation to transfer data or the transfer serves the purpose of criminal prosecution.

The registration of the data subject under the voluntary entry of personal data serves the data controller responsible for the processing to offer the data subject contents or services, which owing to the nature of the matter can only be offered to registered users. Registered persons are at liberty to change the personal data entered with the registration at all times or to have these full deleted from the database of the data controller responsible for the processing.

The data controller responsible for the processing shall provide each data subject information at all times upon request which personal data are stored about the data subject. Further the data controller responsible for the processing will rectify or erase personal data at the request or indication of the data subject, insofar as this is not opposed by any statutory storage obligations. All employees of the data controller responsible for the processing shall be available as contacts to the data subject in this context.

7.         Subscription to our newsletter

On the website of Prätorius GmbH the users are granted the possibility to subscribe to the newsletter of our company. Which personal data are transmitted to the data controller responsible for the processing with the order of the newsletter, can be derived from the input mask used in this respect.

Prätorius GmbH informs its customers and business partners at regular intervals about offers of the company by way of a newsletter. The newsletter of our company can principally only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject has registered for the newsletter dispatch. A confirmation e-mail is sent to the e-mail address entered by a data subject for the first time for the newsletter dispatch for legal reasons in the Double-Opt-In process. This confirmation e-mail serves to check whether the holder of the e-mail address as the data subject authorised the receipt of the newsletter.

With the registration for the newsletter we further store the IP address allocated by the Internet-Service-Provider (ISP) of the computer system used by the data subject at the time of the registration as well as the date and the time of the registration. The collection of these data is necessary in order to be able to track the (possible) misuse of the e-mail address of a data subject at a later time and therefore serves the purpose of the legal protection of the data controller responsible for the processing.

The personal data collected within the scope of a registration for the newsletter are exclusively used for the sending of our newsletter. Subscribers of the newsletter can further be informed by e-mail if this is necessary for the operation of the newsletter service or a registration in this respect, as could be the case in the event of changes to the newsletter offer or with the change to the technical conditions. Personal data collected within the scope of the newsletter service will not be forwarded to third parties. The subscription to our newsletter can be terminated by the data subject at all times. The consent to the storage of personal data, which the data subject granted for the sending of the newsletter, can be revoked at all times. A corresponding link can be found in each newsletter for the purpose of revocation of the consent. There is further the possibility to also de-register from the newsletter dispatch at all times directly on the website of the data controller responsible for the processing or to inform the data controller responsible for the processing hereof in another manner.

8.         Newsletter tracking

The newsletter of Prätorius GmbH contains so-called tracking pixel. A tracking pixel is a miniature graphic that is embedded in such e-mails, which is sent in the HTML format in order to enable a log file recording and a log file analysis. This way a statistical evaluation is carried out of the success or failure of online marketing campaigns. Based on the embedded tracking pixel Prätorius GmbH can recognise whether and when an e-mail was opened by a data subject and which links located in the e-mail were called by the data subject.

Such personal data collected via the tracking pixels embedded in the newsletters are stored and evaluated by the data controller responsible for the processing in order to optimise the newsletter dispatch and to adjust the content of future newsletters even better to the interests of the data subject. These personal data will not be forwarded to third parties. Data subjects are entitled at all times to revoke the declaration of consent submitted separately in this respect via, the Double-Opt-In-process. After a revocation these personal data will be erased by the data controller responsible for the processing. A de-registration from the receipt of the newsletter shall be automatically interpreted as a revocation by Prätorius GmbH.

9.         Contact possibility via the website

Owing to statutory regulations the website of Prätorius GmbH contains details, which enable a fast electronic contact to our company as well as a direct communication with us, which also comprises a general address of the so-called electronic post (e-mail address). If a data subject makes contact with the data controller responsible for the processing by e-mail or via a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the data controller responsible for the processing will be stored for purposes of the processing or for contacting the data subject. These personal data will not be forwarded to third parties.

10.       Routine erasure and blocking of personal data

The data controller responsible for the processing only processes and stores personal data of the data subject for the period of time, which is necessary for achieving the purpose of the storage or if this was envisaged the European issuer of directives and regulator or another legislator in laws or regulations, which the data controller responsible for the processing is subject to.

If the purpose of the storage ceases to apply or if a storage deadline stipulated by the European issuers of directives and regulators or another responsible legislator expires, the personal data will be blocked or erased as a routine and in line with the statutory regulations.

11.       Rights of the data subject

• a)    Right to confirmation

Each data subject has the right granted by the European issuers of directives and regulators to request a confirmation from the data controller responsible for the processing whether personal data relating to him are processed. If a data subject would like to exercise this right to confirmation he can contact an employee of the data controller responsible for the processing for this purpose at all times.

• b)    Right to information

Each person affected by the processing of personal data has the right granted by the European issuers of directives and regulators to receive free information about the personal data stored in relation to his person at all times from the data controller responsible for the processing and a copy of this information. The European issuers of directives and regulators further conceded the data subject the right to details about the following information:

• • the purpose of the processing
  • the categories of personal data, which are processed
  • the recipients or categories of recipients, towards whom the personal data have been disclosed or will be disclosed still, in particular with recipients in third countries or at international organisations
  • if possible the planned duration, for which the personal data are stored, or, if this is not possible, the criteria for the stipulation of this duration
  • the existence of a right to rectification or erasure of the personal data relating to them or to restriction to the processing by the data controller or a right to object to this processing
  • the existence of a right to lodge a complaint at a supervisory authority
  • if the personal data are not collected from the data subject: All available information about the origin of the data
  • the existence of an automatic decision-making including profiling pursuant to Article 22 Para. 1 and 4 GDPR and – at least in these cases – feasible information about the involved logic as well as the scope and the intended implications of such a processing for the data subject
    The data subject furthermore has a right to information concerning whether personal data were transmitted to a third country or to an international organisation. If this is the case then the data subject is incidentally entitled to the right to receive information about the suitable guarantees in connection with the transmission.

If a data subject would like to exercise this right to information he can contact an employee of the data controller responsible for the processing for this purpose at all times.

• c)    Right to rectification

Each person affected by the processing of personal data has the right granted by the European issuers of directives and regulators to request rectification without delay of incorrect personal data relating to him. The data subject furthermore has the right, by taking consideration of the purposes of the processing, to request the completion of incomplete personal data – also by means of a supplementary declaration.

If a data subject would like to exercise this right to rectification he can contact an employee of the data controller responsible for the processing for this purpose at all times.

• d)    Right to erase (right to be forgotten)

Each person affected by the processing of personal data has the right granted by the European issuers of directives and regulators to request from the data controller that the personal data relating to him are erased without delay if one of the following reasons applies and if the processing is not necessary:

• • The personal data were collected for such purposes or are processing in any other manner for which they are no longer necessary.
  • The data subject revokes his consent, on which the processing is supported pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR, and there is a lack of any other legal basis for the processing.
  • The data subject files an objection against the processing pursuant to Art. 21 Para. 1 GDPR, and there are no prior legitimate reasons for the processing, or the data subject files an obligation against the processing pursuant to Art. 21 Para. 2 GDPR.
  • The personal data were processed unlawfully.
  • The erasure of the personal data is necessary in order to fulfil a legal obligation according to Union law or the law of the member states which the data controller is subject to.
  • The personal data were collected with reference to offered services of the information society pursuant to Art. 8 Para. 1 GDPR.
    If one of the aforementioned reasons applies and a data subject would like to arrange for the erasure of personal data, which have been stored at Prätorius GmbH, he can contact an employee of the data controller responsible for the processing for this purpose at all times. The employee of Prätorius GmbH will arrange for the erasure request to be satisfied without delay.

If the personal data were published by Prätorius GmbH and if our company as the data controller pursuant to Art. 17 Para. 1 GDPR is obligated to erase the personal data then Prätorius GmbH shall take appropriate measures, by taking the available technology and the implementation costs into consideration, also of a technical kind, in order to inform other data controllers responsible for the data processing, which process the published personal data, that the data subject has requested the deletion of all links to these personal data or of copies or replications of these personal data from these other data controllers responsible for the data processing, insofar as the processing is not necessary. The employee of Prätorius GmbH will arrange for that which is necessary in an individual case.

• e)    Right to restriction to the processing

Each person affected by the processing of personal data has the right granted by the European issuers of directives and regulators to request from the data controller the restriction to the processing if one of the following prerequisites exists:

• • The accuracy of the personal data is disputed by the data subject, for a duration, which enables the data controller to check the accuracy of the personal data.
  • The processing is unlawful, the data subject refuses the erasure of the personal data and requests instead the restriction to the use of the personal data.
  • The data controller no longer requires the personal data for the purpose of the processing, the data subject requires these however for the assertion, exercising or defence of legal claims.
  • The data subject has filed an objection against the processing pursuant to Art. 21 Para. 1 GDPR and it has not been determined yet whether the legitimate reasons of the data controller outweigh those of the data subject.
    If one of the aforementioned perquisites exists and a data subject would like to request the restriction of personal data, which have been stored at Prätorius GmbH, he can contact an employee of the data controller responsible for the processing for this purpose at all times. The employee of Prätorius GmbH will arrange for the restriction to the processing.

• f)     Right to data portability

Each person affected by the processing of personal data has the right granted by the European issuers of directives and regulators to receive the personal data relating to them, which were made available to a data controller by the data subject, in a structured, common and machine-readable format. He additionally has the right to transmit these data to another data controller without impediment by the data controller, to which the personal data were made available, if the processing is based on the consent pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract pursuant to Art. 6 Para. 1 lit. b GDPR and the processing is carried out by using an automated process if the processing is not necessary for performing a task, which is in the public interest or is carried out while exercising a public authority, which was assigned to the data controller.

The data subject furthermore has the right when exercising his right to data portability pursuant to Art. 20 Para. 1 GDPR, to achieve that the personal data are transmitted directly by a data controller to another data controller, insofar as this is technically possible and if the rights and freedoms of other persons are not impaired hereby.

In order to assert the right to data portability the data subject can contact an employee of Prätorius GmbH at all times.

• g)    Right to object

Each person affected by the processing of personal data has the right granted by the European issuers of directives and regulators, for reasons, which arise from his particular situation, to file an objection at all times against the processing of personal data relating to him that is carried out owing to Art. 6 Para. 1 lit. e or f GDPR. This shall also apply to a profiling supported on these provisions.

Prätorius GmbH shall no longer process the personal data in the event of an objection, unless we can prove mandatory reasons worthy of protection for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves the purpose of the assertion, exercising or defence of legal claims.

If Prätorius GmbH processes personal data in order to conduct direct marketing then the data subject has the right to file an objection at all times against the processing of the personal data for the purpose of such advertising. This shall also apply to profiling insofar as it is associated with such direct marketing. If the data subject files an objection towards Prätorius GmbH against the processing for purposes of direct marketing then Prätorius GmbH will no longer process the personal data for these purposes.

Moreover, the data subject has the right, for reasons which arise from his particular situation, to file an objection against the processing of personal data relating to him, which are carried out at Prätorius GmbH for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 Para. 1 GDPR, unless such processing is necessary to fulfil a task that is in the public interest.

In order to exercise the right to object the data subject can directly contact each employee of Prätorius GmbH or another employee. The data subject is furthermore at liberty, in connection with the use of services of the information society, irrespective of the Directive 2002/58/EC, to exercise his right to object by means of an automated process, with which technical specifications are used.

• h)    Automatic decision-making in an individual case including profiling

Each person affected by the processing of personal data has the right granted by the European issuers of directives and regulators, not to be subjected to a decision-making exclusively based on an automatic processing – including profiling -, which has a legal effect towards him or substantially impairs him in a similar manner, if the decision (1) is not necessary for the conclusion or the fulfilment of a contract between the data subject and the data controller, or is admissible (2) owing to legal regulations of the Union or the member states, which the data controller is subject to, and these legal regulations contain adequate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject or (3) is carried out with the explicit consent of the data subject.

If the decision (1) is necessary for the conclusion or the fulfilment of a contract between the data subject and the data controller or (2) if it is carried out with the explicit consent of the data subject, Prätorius GmbH will take adequate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which shall at least include the right to achieve the intervention of a person on the part of the data controller, to the presentation of the own point of view and to contestation of the decision.

If the data subject would like to assert the rights with reference to automatic decisions, he can contact an employee of the data controller responsible for the processing for this purpose at all times.

• i)     Right to revocation of a consent under data protection law

Each person affected by the processing of personal data has the right granted by the European issuers of directives and regulators to revoke a consent to the processing of personal data at all times.

If the data subject would like to assert his right to revocation of a consent, he can contact an employee of the data controller responsible for the processing for this purpose at all times.

12.       Data protection with applications and in the application procedure

The data controller responsible for the processing collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing can also be carried out by using electronic means. This is in particular the case if an applicant transmits corresponding application documents to the data controller responsible for the processing by using electronic means, for example by e-mail or by using a web form on the website. If the data controller responsible for the processing concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship by complying with the statutory regulations. If no employment contract is concluded with the applicant by the data controller responsible for the processing the application documents will be deleted automatically two months after announcement of the rejection decision if a deletion does not oppose any other legitimate interests of the data controller responsible for the processing. Another legitimate interest within this meaning is, for example, an obligation for proof in proceedings according to the General Equal Treatment Act (AGG).

13.       Data protection provisions relating to the use of Google Analytics (with anonymization function)

The data controller responsible for the processing has integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the survey, collection and evaluation of data regarding the behaviour of visitors of websites. A web analysis service records, among others, data concerning from which website  a data subject has come to a website (so-called referrer), which sub-sites of the website were accessed or how often and for which dwell-time a sub-site was viewed. A web analysis is primarily for the optimisation of a website and for the cost-benefit-analysis of internet advertising.

The operator company of the Google-Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The data controller responsible for the processing uses the supplement "_gat._anonymizeIp" for the web analysis via Google Analytics. By means of this supplement the IP address of the internet connection of the data subject is abbreviated by Google and anonymised if the access to our websites is carried out from a member state of the European Union or from another contracting state of the Treaty on the European Economic Area.

The purpose of the Google-Analytics component is to analyse the visitor flows on our website. Google uses the acquired data and information, among others, to evaluate the use of our website in order to compile online reports for us, which demonstrate the activities on our websites, and in order to provide further services associated with the use of our website.

Google Analytics sets a cookie on the IT system of the data subject. It was explained above already what cookies are. With the setting of the cookie Google is able to analyse the use of our website. Each time one of the individual pages of this website, which is operated by the data controlled responsible for the processing and on which a Google-Analytics component was integrated, is called the internet browser on the IT system of the data subject is automatically induced by the respective Google-Analytics component to transmit data to Google for the purpose of the online analysis. Within the scope of this technical process Google gains knowledge of personal data, such as the IP address of the data subject, which among others serve Google to determine the origin of the visitors and clicks and consequently to enable commission settlements.

Personal information, for example, the access time, the place, from where an access emanated and the frequency of the visits to our website by the data subject, are stored by using the cookie. With each visit to our websites these personal data, including the IP address of the internet connection used by the data subject, are transferred to Google in the United States of America. These personal data are stored by Google in the United States of America. Google will under certain circumstances forward these personal data collected via the technical process to third parties.

The data subject can prevent the setting of cookies by our website, as presented above already, at all times by means of a corresponding setting of the used internet browser and thus permanently object to the setting of cookies. Such a setting of the used internet browser would also prevent Google from setting a cookie on the IT system of the data subject. Moreover, a cookie already set by Google Analytics can be deleted at all times via the internet browser or other software programmes.

There is furthermore the possibility for the data subject to object to an entry of the data generated by Google Analytics, which refers to a use of this website, as well as the processing of these data by Google and to prevent such occurrences. For this purpose the data subject must download and install a browser Add-On under the link tools.google.com/dlpage/gaoptout. This browser Add-On informs Google Analytics via JavaScript that no data and information relating to the visits of websites may be transmitted to Google Analytics. The installation of the browser Add-On will be assessed an objection by Google. If the IT system of the data subject is deleted, formatted or newly installed at a later time, a renewed installation of the browser Add-On must be carried out by the data subject in order to deactivate Google Analytics. If the browser Add-On is de-installed or deactivated by the data subject or another person, who is to be attributed to its scope of control, there is the possibility of the new installation or the renewed activation of the browser Add-On.

Further information and the applicable data protection provisions of Google can be called under www.google.de/intl/de/policies/privacy/ and under www.google.com/analytics/terms/de.html. Google Analytics is explained more precisely under this link www.google.com/intl/de_de/analytics/.

14.       Data protection provisions relating to the use of Google-AdWords

The data controller responsible for the processing has integrated Google AdWords on this website. Google AdWords is a service for internet advertising, which permits advertisers to place both advertisements in the search engine results of Google as well as in the Google-advertising network. Google AdWords enables an advertiser to stipulate certain key words in advance by means of which an advert is exclusively displayed in the search engine results of Google when the user call a keyword-relevant search result with the search engine. In the Google advertising network the advertisements are distributed over websites relevant to the topic by means of an automatic algorithm and by paying attention to the previously stipulated keywords.

The operator company of the services of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our website by the fading in of advertising relevant to interests on the websites of third party companies and in the search engine results of the Google search engine and a fading in of third party advertising on our website.

If a data subject comes to our website via a Google advertisement, a so-called conversion cookie is placed on the IT system of the data subject by Google. It was explained above already what cookies are. A conversion cookie will cease to be valid after thirty days and does not serve to identify the data subject. It is determined via the conversion cookie, if the cookie has not expired yet, whether certain sub-sites, for example the shopping basket of an online shop system, were called on our website. Through the conversion cookie both we as well as Google can track whether a data subject, who has come to our website via an AdWords advertisement, generated revenue, therefore a product was purchased or this purchase was discontinued.

The data and information collected by using the conversion cookie are used by Google in order to create visit statistics for our website. These visit statistics are, on the other hand, used by us in order to determine the total number of users, who were conveyed to us via AdWords advertisements, therefore in order to determine the success or failure of the respective AdWords advertisement and in order to optimise our AdWords advertisements for the future. Neither our company, nor other advertising customers of Google-AdWords receive information from Google, through which the data subject can be identified.

Personal information, for example the websites visited by the data subject, are stored by means of the conversion cookies. Each time our website is visited personal data, including the IP address of the internet connection used by the data subject, are accordingly transferred to Google in the United States of America. These personal data are stored by Google in the United States of America. Google will under certain circumstances forward these personal data collected via the technical process to third parties.

The data subject can prevent the setting of cookies by our website, as presented above already, at all times by means of a corresponding setting of the used internet browser and thus permanently object to the setting of cookies. Such a setting of the used internet browser would also prevent Google from setting a conversion cookie on the IT system of the data subject. Moreover, a cookie already set by Google AdWords can be deleted at all times via the internet browser or other software programmes.

There is furthermore the possibility for the data subject to object to the interest-related advertising by Google. For this purpose the data subject must call the link www.google.de/settings/ads from each of the internet browsers used by him and carry out the requested settings there.

Further information and the applicable data protection provisions of Google can be called under www.google.de/intl/de/policies/privacy/.

15.       Payment type: Data protection provisions relating to Klarna as a payment type

The data controller responsible for the processing has integrated components of Klarna on this website. Klarna is an online payment service provider, which enables the purchase on account or a flexible instalment payment. Other services, such as for example a buyer protection or an identity and credit rating check, are further offered by Klarna.

The operator company of Klarna is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.

If the data subject chooses as payment option either the "purchase on account" or "instalment purchase" during the order process in our online shop, data of the data subject are automatically transmitted to Klarna. With the selection of one of these payment options the data subject agrees to this transmission of personal data that is necessary for the processing of the purchase on account or instalment purchase or for the identity and credit rating check.

The personal data transmitted to Klarna as a rule concern the first name, last name, address, date of birth, sex, e-mail address, IP address, telephone number, mobile telephone number as well as other data, which are necessary for processing a purchase on account or instalment purchase. Such personal data are also necessary for processing the purchase contract, which are associated with the respective order. There may in particular be a reciprocal exchange of payment information, such as bank details, card number, date of validity and CVC Code, number of articles, article numbers, data relating to goods and services, prices and tax levied, details relating to previous purchasing behaviour or other details relating to the financial situation of the data subject.

The purpose of the transmission of the data is in particular the identity check, the payment administration and the prevention of fraud. The data controller responsible for the processing will transmit personal data to Klarna in particular if there is a legitimate interest for the transmission. The personal data exchanged between Klarna and the data controller responsible for the processing will be transmitted by Klarna to credit agencies. The purpose of this transmission is the identity and credit rating check.

Klarna will also forward the personal data to affiliated companies (Klarna Group) and service providers or subcontractors, insofar as this is necessary in order to fulfil the contractual obligations or the data are to be processed by order.

In order to make a decision about the establishment, execution or termination of a contractual relationship Klarna collects and uses data and information about the previous payment behaviour of the data subject as well as probability values for their behaviour in the future (so-called scoring). The calculation of the scoring is carried out based on scientifically recognised mathematical-statistical methods.

The data subject has the possibility to revoke the consent to the handling of personal data at all times towards Klarna. A revocation will not have an effect on personal data, which must essentially be processed, used or transmitted for payment processing (as per contract).

The applicable data protection provisions of Klarna can be called under cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf.

16.       Payment type: Data protection provisions relating to PayPal as a payment type

The data controller responsible for the processing has integrated components of PayPal on this website. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which represent virtual private or business accounts. Moreover, there is the possibility with PayPal to process virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is kept through an e-mail address, which is why there is no classical account number. PayPal makes it possible to trigger off online payments to third parties or also to receive payments. PayPal further assumes trustee functions and offers buyer protection services.

The European operator company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject chooses "PayPal" as payment option during the order process in our online shop, data of the data subject are automatically transmitted to PayPal. With the selection of this payment option the data subject agrees to the transmission of personal data that is necessary for the payment processing.

The personal data transmitted to PayPal as a rule concern the first name, last name, address, e-mail address, IP address, telephone number, mobile telephone number or other data, which are necessary for payment processing. Personal data are also necessary for processing the purchase contract, which are associated with the respective order.

The purpose of the transmission of the data is the payment processing and the prevention of fraud. The data controller responsible for the processing will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and the data controller responsible for the processing will under certain circumstances be transmitted by PayPal to credit agencies. The purpose of this transmission is the identity and credit rating check.

PayPal will also forward the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary in order to fulfil the contractual obligations or the data are to be processed by order.

The data subject has the possibility to revoke the consent to the handling of personal data towards PayPal at all times. A revocation will not have an effect on personal data, which must essentially be processed, used or transmitted for payment processing (as per contract).

The applicable data protection provisions of PayPal can be called under www.paypal.com/de/webapps/mpp/ua/privacy-full.

17.       Payment type: Data protection provisions relating to Sofortüberweisung as a payment type

The data controller responsible for the processing has integrated components of Sofortüberweisung on this website. Sofortüberweisung is a payment service, which enables a cashless payment of products and services in the internet. Sofortüberweisung depicts a technical process, through which the online dealer immediately receives a confirmation of payment. A dealer is therefore place in the position to deliver goods, services or downloads to the customer immediately after the order.

The operator company of Sofortüberweisung is SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.

If the data subject chooses "Sofortüberweisung" as payment option during the order process in our online shop, data of the data subject are automatically transmitted to Sofortüberweisung. With the selection of this payment option the data subject agrees to the transmission of personal data that is necessary for the payment processing.

With the purchase processing via Sofortüberweisung the buyer sends the PIN and the TAN to Sofort GmbH. After the technical check of the account balance and after calling further data in order to check the account coverage Sofortüberweisung subsequently carries out a transfer to the online dealer. The online dealer will then be notified of the execution of the financial transaction automatically.

The personal data exchanged with Sofortüberweisung concern the first name, last name, address, e-mail address, IP address, telephone number, mobile telephone number or other data, which are necessary for the payment processing. The purpose of the transmission of the data is the payment processing and the prevention of fraud. The data controller responsible for the processing will also transmit other personal data to Sofortüberweisung if there is a legitimate interest in the transmission. The personal data exchanged between Sofortüberweisung and the data controller responsible for the processing will under certain circumstances be forwarded by Sofortüberweisung to credit agencies. The purpose of this transmission is the identity and credit rating check.

Sofortüberweisung will also forward the personal data to affiliated companies and service providers or subcontractors, insofar as this is necessary in order to fulfil the contractual obligations or the data are to be processed by order.

The data subject has the possibility to revoke the consent to the handling of personal data towards Sofortüberweisung at all times. A revocation will not have an effect on personal data, which must essentially be processed, used or transmitted for payment processing (as per contract).

The applicable data protection provisions of Sofortüberweisung can be called under www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.

18.       Legal basis for the processing

Art. 6 I lit. a GDPR serves our company as the legal basis for processing activities, with which we obtain a consent for a certain processing purpose. If the processing of personal data is necessary in order to fulfil a contract, of which the data subject is a contractual party, as is the case for example with processing activities that are necessary for a delivery of goods or the provision of another service or consideration, then the processing is based on Art. 6 I lit. b GDPR. The same shall apply to those processing activities that are necessary in order to carry out pre-contractual measures, for example in cases of enquiries for our products or services. If our company is subject to a legal obligation through which a processing of personal data becomes necessary, such as for example in order to fulfil tax obligations, then the processing is based on Art. 6 I lit. c GDPR. In rare cases it could be necessary to process personal data in order to protect vital interests of the data subject or another natural person. This would, for example, be the case if a visitor were injured in our company and subsequently his name, his age, his health insurance data or other vital information had to be forwarded to a doctor, a hospital or other third party. The processing would then be based on Art. 6 I lit. d GDPR. In the end, processing activities could be based on Art. 6 I lit. f GDPR. Processing activities are based on this legal basis, which are not covered by any of the aforementioned legal bases if the processing is necessary in order to safeguard a legitimate interest of our company or if a third party if the interests, fundamental rights and basic freedoms of the data subject do not prevail. We are in particular permitted to carry out such processing activities, because they were particularly mentioned by the European legislator. It was insofar of the opinion that a legitimate interest could be assumed if the data subject is a customer of the data controller (recital 47 Sentence 2 GDPR).

19.       Legitimate interests in the processing, which are pursued by the data controller or a third party

If the process of personal data is based on Article 6 I lit. f GDPR our legitimate interest is the execution of our business activity for the benefit and welfare of all of our employees and our shareholders.

20.       Duration, for which the personal data are stored

The criterion for the duration of the storage of personal data is the respective statutory storage deadline. After expiry of the deadline the corresponding data will, as a routine, be erased, if they are no longer required for the fulfilment of the contract or initiation of a contract.

21.       Statutory or contractual regulations relating to the provision of the personal data; necessity for the conclusion of the contract; obligation of the data subject to make the personal data available; possible consequences of the failure to provide data

We inform you that the provision of personal data is partly stipulated by law (e.g. tax regulations) or may also be derived from contractual regulations (e.g. details relating to the contractual partner). It may among others be necessary for the conclusion of a contract that a data subject makes personal data available to us, which consequently have to be processed by us. The data subject is, for example, obliged to provide us personal data if our company concludes a contract with him. A failure to provide the personal data would result in the fact that the contract could not be concluded with the data subject. Before personal data are provided by the data subject the data subject must contact one of our employees. Our employee will inform the data subject individual-case-based whether the provision of the personal data is stipulated by law or by contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and which consequences the non-provision of the personal data would have.

22.       Existence of an automatic decision-making

As a responsible company we refrain from an automatic decision-making or profiling.

This privacy statement was created by the privacy statement generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which operates as the data protection officer, in cooperation with the Data protection lawyers of the law firm WILDE BEUGER SOLMECKE | lawyers.