Information about the handling of your data

Table of contents

• I. Person responsible for data processing
  • Data Protection Officer
  • Revocation of your consent to data processing
  • Right to lodge a complaint with the competent supervisory authority
  • Right to data portability
  • SSL or TLS encryption
• II Data collection on our website
  • Cookies
  • Server log files
  • Handling contact data (e.g. contact form, e-mail)
• III Tools and analyses
  • Google Fonts
  • Use of Google Analytics for web analysis
  • Google Maps
  • Google reCAPTCHA
  • Google Language Translator
  • Hotjar
  • Jetpack
  • PixelYourSite
  • Bit Integrations / Bit Integrations Pro
• IV. Use of data
  • WooCommerce (e-commerce platform)
  • Amazon Pay for WooCommerce
  • Payment Plugins for PayPal WooCommerce
  • WooPayments
  • WP Mail SMTP
• V. E-Mail Newsletter
  • E-mail advertising with newsletter registration
• VI Cookies and web analysis
  • Use of cookies and similar technologies
  • Usercentrics Consent Management Platform (CMP)
• VII. Further technologies
• IX. Social media
  • Use of social plugins (e.g. like and share buttons)
  • Our online presence on Facebook and Instagram (fan pages)
  • Social Feed Gallery
• X. Contact options and your rights
  • Right to information (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure („right to be forgotten“) (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object (Art. 21 GDPR)

---

I. Person responsible for data processing

The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the statutory provisions (General Data Protection Regulation - GDPR, Federal Data Protection Act - BDSG). Personal data is all data with which you can be personally identified.

The controller responsible for data processing on this website is

Surface technology Biederbeck-Schöttner

Hermann-Brack-Strasse 7

34497 Korbach Germany

Phone: +49 (0) 15259924457

E-Mail: contact@carbonmodifications.com

Data Protection Officer A data protection officer is not required by law for our company and has therefore not been appointed, as the thresholds under Article 37 of the GDPR in conjunction with Section 38 of the BDSG are not exceeded. This means that we do not process data to an extent that requires comprehensive or systematic monitoring of data subjects, nor do we carry out extensive processing of special categories of data (in accordance with Article 9 GDPR) or data relating to criminal convictions and offenses (in accordance with Article 10 GDPR). Nevertheless, data protection is ensured by complying with all relevant data protection regulations and implementing appropriate technical and organizational measures. If you have any questions about data protection, you can contact us at any time.

Revocation of your consent to data processing Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. All you need to do is send us an informal e-mail. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to lodge a complaint with the competent supervisory authority In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which the company is based. A list of data protection officers and their contact details can be found at the following link:((https://www.bfdi.bund.de/DE/Infothek/Addresses_Links/regulatory-authorities/countries/country-node.html))

Right to data portability You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

SSL or TLS encryption This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

II Data collection on our website

You can visit our website without providing any personal information. Each time you access a website, the web server automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access.

Cookies Our website uses cookies. Cookies are small text files that are stored on your end device and saved by your browser. They serve to make our website more user-friendly, effective and secure.

• What are cookies?
  • Cookies are small text files that are automatically stored on your device when you visit our website. We mainly distinguish between two types:
  • Session cookies: These are automatically deleted at the end of your browser session. They are necessary for smooth navigation on the website.
  • Persistent cookies: These remain stored on your device in order to recognize your browser on your next visit. You can view the exact storage period in the cookie settings of your browser.
• Your control over cookies:
  • You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. Information on changing the settings can be found in the help menu of your browser or via the following links for common browsers: Microsoft Edge,(https://support.apple.com/de-de/guide/safari/sfri11471/mac), Chrome, Firefox, Opera.
• Withdrawal of your consent: You can revoke your consent to the use of cookies and similar technologies at any time with effect for the future by sending us a message via the contact option specified in this privacy policy.
• Legal basis for the processing of cookies:
  • Technically necessary cookies: The storage of technically necessary cookies is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services.
  • Non-essential cookies (e.g. analysis and marketing cookies): Non-essential cookies are stored on the basis of your consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG), which you give via our cookie consent management tool.

Server log files The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files must be recorded for this purpose. Server log files are stored for a maximum of 30 days and then automatically deleted.

Handling contact data (e.g. contact form, e-mail) If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The data entered in the contact form is therefore processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

III Tools and analyses Google Fonts

This site uses so-called Google Fonts, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“), for the uniform display of fonts. When you access a page, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google's servers. As a result, Google becomes aware that our website has been accessed via your IP address. The use of Google Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the EU-US Data Privacy Framework (DPF), as Google LLC is certified under this. If your browser does not support Google Fonts, a standard font will be used by your computer.

Use of Google Analytics for web analysis If you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 TTDSG, we use Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“).

• Purpose of data processing: Google Analytics enables us to analyze user behavior on our website, including the number of visitors, pages viewed, time spent on the site and interactions. This information helps us to improve the attractiveness, content and functionality of our website. The data is processed pseudonymously and is not used to identify you personally.
• Processed data categories and functionality: Google Analytics uses methods such as cookies to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server and stored there.
• IP anonymization: We have activated the IP anonymization function (_anonymizeIp()) on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to a Google server. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The pseudonymized IP address transmitted by your browser as part of Google Analytics is generally not merged with other Google data.
• Data transfer to third countries (USA): The transmission of information (including truncated IP addresses) to Google servers in the USA entails risks, as the USA does not currently guarantee a level of data protection comparable to that in the EU. There is a risk that your data may be processed by US authorities for control and monitoring purposes without effective legal remedies. We have agreed standard contractual clauses (SCC) with Google in accordance with Art. 46 GDPR and implemented additional measures to ensure an adequate level of data protection.
• Storage duration: Data collected in this context is processed in accordance with 14 months deleted.
• Withdrawal of your consent and opt-out options: You can withdraw your consent to the use of Google Analytics at any time with effect for the future by using the following options:
  • Browser plugin: You can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
  • Opt-out cookie: Alternatively, you can click [this link to set an opt-out cookie] to prevent future collection by Google Analytics on this website. This will place an opt-out cookie on your device. If you delete your cookies, you must click this link again.

Google Maps We use Google Maps on our website to visually display geographical information and to make it easier to find our locations. Google Maps is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“).

• Purpose and legal basis: Google Maps is used to visually display geographical information. When you access Google Maps, data about the use of the Maps functions, including your IP address and location data, is transmitted to Google and processed there. The use of Google Maps and the associated data processing takes place on the basis of your Consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, which is obtained via our cookie consent management tool. You can withdraw your consent at any time with effect for the future.
• Data processing and transmission: When you use Google Maps, data about your use of the Maps functions is transmitted to Google or processed by Google. This may include your IP address and, if applicable, location data, provided you have allowed this in your device settings. We have no influence on this data processing by Google.
• Data transfer to third countries (USA): The transmission of information to and storage on Google servers in the USA entails risks, as the USA does not currently guarantee a level of data protection comparable to that in the EU. There is a risk that your data may be processed by US authorities for control and monitoring purposes without effective legal remedies. We have agreed standard contractual clauses (SCC) with Google in accordance with Art. 46 GDPR and implemented additional measures to ensure an adequate level of data protection.
• Deactivation of Google Maps: To prevent data transmission to Google via Google Maps, you must deactivate the JavaScript function in your browser. Please note that in this case you will not be able to use Google Maps, or only to a limited extent.
• Shared responsibility: Data processing is carried out on the basis of an agreement on joint responsibility (Art. 26 GDPR) between us and Google, which regulates the respective responsibilities for compliance with data protection regulations.
• Further information: Further information on data processing by Google can be found in Google's privacy policy: https://policies.google.com/privacy and the terms of use for Google Maps:https://www.google.com/intl/de_de/help/terms_maps/.

Google reCAPTCHA To protect our web forms from misuse and spam, we use Google reCAPTCHA, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“), in some forms on this website.

• Purpose and legal basis: Google reCAPTCHA is used to protect web forms from abuse and spam. This service prevents automated software from carrying out abusive activities. Google reCAPTCHA uses JavaScript and cookies to analyze your use of the website, whereby information, including your IP address, is typically transmitted to Google servers in the USA. The use of Google reCAPTCHA and the associated data processing is based on your consent. Consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, which is obtained via our cookie consent management tool. You can withdraw your consent at any time with effect for the future.
• Functionality and data processing: Google reCAPTCHA uses an embedded JavaScript code and methods such as cookies to analyze your use of the website. Information about your website usage, including your IP address, is automatically collected and usually transferred to a Google server in the USA and stored there. Other cookies that are stored in your browser by Google services are also analyzed by Google reCAPTCHA. No personal data is read or stored from the input fields of the respective form.
• Data transfer to third countries (USA): The transmission of information to and storage on Google servers in the USA entails risks, as the USA does not currently guarantee a level of data protection comparable to that in the EU. There is a risk that your data may be processed by US authorities for control and monitoring purposes without effective legal remedies. We have agreed standard contractual clauses (SCC) with Google in accordance with Art. 46 GDPR and implemented additional measures to ensure an adequate level of data protection.
• Your control options: You can prevent the collection of data generated by JavaScript or cookies and related to your use of the website (including your IP address) to Google and the processing of this data by Google by deactivating the execution of JavaScript or the setting of cookies in your browser settings. Please note that this may considerably restrict the functionality of our website for your use.
• Further information: Further information on Google's privacy policy can be found at: https://policies.google.com/privacy.

Google Language Translator We use the „Google Language Translator“ plugin (from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to translate our website content.

• Purpose and legal basis: This plugin enables visitors to display the website in their preferred language, which serves to improve user-friendliness. The processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the provision of a multilingual offer. When using the translation service, data (e.g. the texts to be translated, IP address) may be transmitted to Google servers.
• Data transfer to third countries (USA): If data is transferred to Google servers in the USA, this is based on the EU-US Data Privacy Framework (DPF), as Google LLC is certified under this.
• Further information: Further information on data processing by Google can be found in Google's privacy policy: https://policies.google.com/privacy.

Hotjar We use Hotjar, a web analytics service provided by Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta.

• Purpose and legal basis: Hotjar helps us to better understand user behavior on our website (e.g. how much time is spent on which pages, which links are clicked, what users like and dislike). This enables us to build and maintain our service with user feedback. The processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, which is obtained via our cookie consent management tool.
• Processed data categories: Hotjar collects data about your interactions on the website, such as clicks, scrolls and navigation between pages. Sensitive data that you enter (e.g. credit card details, telephone numbers) will never reach Hotjar's servers by default. IP addresses are anonymized.
• Data transmission: Hotjar stores this information in a pseudonymized user profile on our behalf. Hotjar is contractually obliged not to sell any of the data collected on our behalf.
• Possibility of objection (opt-out): You can prevent Hotjar from collecting data at any time by activating the „Do Not Track“ function in your browser or by setting an opt-out cookie. Further information can be found in Hotjar's privacy policy: https://www.hotjar.com/legal/policies/privacy/.

Jetpack We use the WordPress plugin Jetpack, which is operated by Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack offers various functions to improve website performance, security and analysis.

• Purpose and legal basis: The use of Jetpack serves to optimize our website, improve security and provide analysis data. The legal basis depends on the respective Jetpack function. For functions that set cookies or access end devices, processing is based on your consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG). For technically necessary functions, processing may be based on our legitimate interest (Art. 6 para. 1 lit. f GDPR).
• Processed data categories: Depending on the Jetpack function used, different categories of data may be processed, e.g. IP addresses, browser information, usage data, comments, security logs.
• Data transfer to third countries (USA): As Automattic Inc. is based in the USA, data may be transferred to the USA. The transfer takes place on the basis of the EU-US Data Privacy Framework (DPF), insofar as Automattic Inc. is certified under this, or on the basis of standard contractual clauses.
• Further information: Detailed information on the data processed by Jetpack and your rights can be found in the privacy policy of Automattic Inc: https://automattic.com/privacy/.

PixelYourSite We use the WordPress plugin „PixelYourSite“, which is operated by PixelYourSite.com. This plugin is used to integrate and manage various tracking pixels (e.g. Facebook Pixel, Google Analytics) on our website.

• Purpose and legal basis: PixelYourSite facilitates the implementation of tracking codes for marketing and analysis purposes. The plugin itself primarily processes the configuration of the pixels and forwards data to the respective third-party providers. The actual data processing and collection is carried out by the integrated services (e.g. Facebook, Google). The use of PixelYourSite and the associated data forwarding takes place on the basis of your Consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, which is obtained via our cookie consent management tool.
• Processed data categories and data recipients: The categories of data forwarded via PixelYourSite and the recipients depend on the specific services integrated via the plugin (e.g. IP address, browser information, usage behavior to Facebook or Google).
• Data transfer to third countries: If the services integrated via PixelYourSite transfer data to third countries (e.g. USA), the data protection provisions and transfer mechanisms of the respective third-party providers apply (e.g. EU-US Data Privacy Framework, standard contractual clauses).
• Further information: For detailed information on data processing by the individual integrated services, please refer to their respective privacy policies (e.g. Facebook, Google). You can find PixelYourSite's privacy policy here: https://www.pixelyoursite.com/privacy-policy.

Bit Integrations / Bit Integrations Pro We use the plugins „Bit Integrations“ and „Bit Integrations Pro“. These plugins are used to synchronize and automate data between different services and applications.

• Purpose and legal basis: Bit Integrations enables the efficient management of data flows between our website and other services we use (e.g. CRM systems, email marketing tools, databases). The plugins themselves primarily process the configuration of the integrations and forward data to the connected services in accordance with our instructions. The legal basis for data processing depends on the respective integrated service and the purpose of the data transfer (e.g. contract fulfillment, legitimate interest or your consent).
• Processed data categories and data recipients: The categories of data forwarded via Bit Integrations and the recipients depend on the specific services connected via the plugin. Personal data such as names, email addresses, order data or other information relevant to the respective integration may be transferred.
• Data transfer to third countries: If the services connected via Bit Integrations transfer data to third countries, the data protection provisions and transfer mechanisms of the respective third-party providers apply.
• Further information: For detailed information on data processing by the individual integrated services, please refer to their respective privacy policies.

IV. Use of data

In order to fulfill the contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on the payment service provider you have selected, we will pass on the payment data collected for the processing of payments to the credit institution commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves when you create an account with them. In this case, you must log in to the payment service provider with your access data as part of the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

WooCommerce (e-commerce platform) Our website uses WooCommerce, an e-commerce platform from Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. WooCommerce enables the operation of our online store and the processing of orders.

• Purpose and legal basis: The processing of your data by WooCommerce is necessary for the initiation, execution and processing of sales contracts (Art. 6 para. 1 lit. b GDPR). This includes the management of your shopping cart, the processing of orders, the processing of payments and the dispatch of goods.
• Processed data categories: The following categories of data are processed as part of the ordering process and the use of your customer account: Name, address, e-mail address, telephone number, order data (products, quantity, price), payment information, IP address, browser information, time of website visit. Plugins such as „Advanced Product Fields Extended for WooCommerce“, „Checkout Field Editor for WooCommerce“, „WooCommerce Tax“ and „WooCommerce Cart Abandonment Recovery“ extend the functionality of WooCommerce and process data as part of the store's core functions.
• Data transfer to third countries (USA): As Automattic Inc. is based in the USA, data may be transferred to the USA. The transfer takes place on the basis of the EU-US Data Privacy Framework (DPF), insofar as Automattic Inc. is certified under this, or on the basis of standard contractual clauses.
• Storage duration: Data in the shopping cart (session cookies) are deleted at the end of the session. Data in the customer account and order data are stored in accordance with statutory retention periods and then deleted.
• Further information: Detailed information on data processing by Automattic Inc. can be found in their privacy policy: https://automattic.com/privacy/.

Amazon Pay for WooCommerce We offer Amazon Pay as a payment option. This service is operated by Amazon Payments Europe S.C.A., 38 avenue John F. Kennedy, L-1855 Luxembourg.

• Purpose and legal basis: If you choose Amazon Pay as your payment method, your payment data and order data will be transmitted to Amazon Pay to process the payment transaction. The processing is carried out to fulfill the contract (Art. 6 para. 1 lit. b GDPR).
• Processed data categories: Name, address, e-mail address, order data, payment information (which you have stored with Amazon).
• Data transfer to third countries: If data is transferred to Amazon servers outside the EU/EEA, this is done on the basis of suitable guarantees (e.g. standard contractual clauses).
• Further information: You can find Amazon Pay's privacy policy here: https://pay.amazon.com/help/201751600.

Payment Plugins for PayPal WooCommerce We use the plugin „Payment Plugins for PayPal WooCommerce“ to offer PayPal as a payment method. This service is operated by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

• Purpose and legal basis: If you choose PayPal as your payment method, your payment data and order data will be transmitted to PayPal to process the payment transaction. The processing takes place for the fulfillment of the contract (Art. 6 para. 1 lit. b GDPR).
• Processed data categories: Name, address, e-mail address, order data, payment information (which you have deposited with PayPal).
• Data transfer to third countries: If data is transferred to PayPal servers outside the EU/EEA, this is done on the basis of suitable guarantees (e.g. standard contractual clauses).
• Further information: You can find PayPal's privacy policy here:https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

WooPayments We use WooPayments as a payment option, a service provided by Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. WooPayments is directly integrated into WooCommerce and is based on Stripe.

• Purpose and legal basis: WooPayments enables the processing of credit card and other payments directly in our store. Your payment data is processed to fulfill the contract (Art. 6 para. 1 lit. b GDPR).
• Processed data categories: Name, address, e-mail address, order data, credit card information and other relevant payment data.
• Data transfer to third countries (USA): As Automattic Inc. is based in the USA and WooPayments is based on Stripe (Stripe Inc. is also based in the USA), data may be transferred to the USA. The transfer takes place on the basis of the EU-US Data Privacy Framework (DPF), provided that the providers are certified under this framework, or on the basis of standard contractual clauses.
• Further information: The privacy policy of Automattic Inc. can be found here: https://automattic.com/privacy/. You can find information about Stripe here: https://stripe.com/de/privacy.

WP Mail SMTP We use the „WP Mail SMTP“ plugin to manage the sending of emails via our website. This plugin enables us to reliably send emails (e.g. order confirmations, contact form inquiries).

• Purpose and legal basis: The use of WP Mail SMTP serves to ensure reliable email communication with our users and customers. The processing is based on our legitimate interest in a functional and secure website in accordance with Art. 6 para. 1 lit. f GDPR. If you send us an email that serves to fulfill a contract, the legal basis is Art. 6 para. 1 lit. b GDPR.
• Processed data categories and data recipients: The plugin itself does not process any personal data directly, but forwards emails via an SMTP service provider configured by you. Depending on the SMTP service provider selected (e.g. your web host or an external email service provider such as SendGrid, Mailgun etc.), email addresses, subject lines and content of the emails can be transmitted to this service provider.
• Data transfer to third countries: If the SMTP service provider you have chosen is based outside the EU/EEA, the data will be transferred on the basis of suitable guarantees (e.g. EU-US Data Privacy Framework, standard contractual clauses).
• Further information: Please inform yourself about the data protection regulations of the SMTP service provider you have configured in WP Mail SMTP.

V. E-Mail Newsletter E-mail advertising with newsletter registration

If you subscribe to our newsletter, we use the data required for this or separately provided by you to send you our e-mail newsletter irregularly on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. We use the WordPress plugin „Newsletter“ (from The Newsletter Team, Stefano Lissa & Andrea Marchesini) for this purpose.

• Purpose and legal basis: The newsletter provides information about our products, offers and news. Your e-mail address and any other data you provide will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR).
• Double opt-in procedure: Registration for our newsletter takes place using the double opt-in procedure. This means that after you have registered, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to ensure that no one can register with other people's e-mail addresses.
• Processed data categories: E-mail address, time of registration and confirmation, IP address. If applicable, other data voluntarily provided by you (e.g. name).
• Storage duration: Your e-mail address will be stored for the newsletter mailing as long as you have subscribed to the newsletter.
• Deregistration and revocation: Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your e-mail address from the list of recipients, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

VI Cookies and web analysis Use of cookies and similar technologies In order to make visiting our website attractive and to enable the use of certain functions, such as the display of suitable products or for market research purposes, we use cookies and similar technologies on various pages, but only if you have given us your consent to do so in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 TTDSG.

• What are cookies?
  • Cookies are small text files that are automatically stored on your device when you visit our website. We mainly distinguish between two types:
  • Session cookies: These are automatically deleted at the end of your browser session.
  • Persistent cookies: These remain stored on your device in order to recognize your browser on your next visit.
• Your control over cookies:
  • You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. Please note that if you do not accept cookies, the functionality of our website may be restricted. Information on changing the settings can be found in the help menu of your browser or via the following links for common browsers: Microsoft Edge,(https://support.apple.com/de-de/guide/safari/sfri11471/mac), Chrome, Firefox, Opera.
• Withdrawal of your consent: You can revoke your consent to the use of cookies and similar technologies at any time with effect for the future by sending us a message via the contact option specified in this privacy policy.

Usercentrics Consent Management Platform (CMP) We use the Usercentrics Consent Management Platform („Usercentrics“), a service provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany.

• Purpose of data processing: Usercentrics enables us to transparently obtain, manage, store and document your consent for the technologies used on our website (cookies, tracking tools, etc.). This serves to fulfill our legal obligations under the GDPR and the TTDSG, in particular the obligation to provide evidence pursuant to Art. 7 para. 1 GDPR.
• Legal basis: The processing of data by Usercentrics is based on our legal obligation pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, in conjunction with Art. 7 para. 1 GDPR and the requirements of the TTDSG.
• Processed data categories: When you visit our website, Usercentrics collects your IP address (shortened or anonymized), the date and time of your visit, device and browser information, your consent behavior and a unique Consent ID. This data is necessary to store your consent decisions and to be able to check them later.
• Storage duration: Your consent decisions and the associated data (Consent ID, anonymized IP address) will be stored by Usercentrics for three years in order to comply with the obligations to provide evidence pursuant to Art. 7 para. 1 GDPR. The data will be deleted or anonymized after revocation of consent or after the three years have expired, unless longer storage is required by law or reserved.
• Processor: Usercentrics acts as our processor in accordance with Art. 28 GDPR. A corresponding contract has been concluded to ensure that data processing is carried out strictly in accordance with our instructions and the requirements of the GDPR.

VII. Further technologies

Other technologies may be used on our website that are not listed individually here, such as additional cookies, web analysis tools, online marketing tools or social plugins.

• Transparency and control through Usercentrics: Detailed information on these technologies and their respective legal basis can be found on our Usercentrics Consent Management Platform, which is integrated into our website. There you can give or withdraw your consent for each technology individually.
• Access to the Usercentrics platform: You can access the Usercentrics platform at any time by clicking on the fingerprint button in the bottom left-hand corner of our website. There you can adjust your settings and view comprehensive information on the technologies used.

IX. Social media Use of social plugins (e.g. like and share buttons) Social plugins („plugins“) from the social networks Facebook and Instagram (both operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are used on our website.

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of the respective social network. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. Through this integration, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider (possibly in the USA) and stored there.

If you are logged in to one of the services, the providers can directly assign the visit to our website to your profile in the respective social network. If you interact with the plugins, for example by clicking the „Like“ or „Share“ button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information is also published on the social network and displayed to your contacts there.

• Legal basis: The use of social plugins and the associated data processing takes place exclusively on the basis of your consent. Consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. We obtain this consent via a corresponding cookie consent management tool (CMP) before the plugins are loaded. You can revoke your consent at any time with effect for the future.
• Third country transfer: If data is transferred to the USA, this is based on the EU-US Data Privacy Framework (DPF), if the respective provider is certified under this. Otherwise, the transmission takes place on the basis of Standard contractual clauses of the EU Commission, which offer suitable guarantees for the protection of your data.
• Purpose and scope of data collection: The purpose and scope of the data collection and the further processing and use of the data by the providers on their pages as well as your rights in this regard and setting options to protect your privacy can be found in the providers' data protection notices:
  • Facebook: https://www.facebook.com/policy.php
  • Instagram https://help.instagram.com/155833707900388

• Possibility of objection (opt-out): If you do not want the social networks to assign the data collected via our website directly to your profile in the respective service, you must log out of the respective service before visiting our website. You can also completely prevent the plugins from loading with add-ons for your browser, e.g. with the script blocker „NoScript“.

Our online presence on Facebook and Instagram (fan pages) We maintain online presences within social networks and platforms in order to communicate with our customers and interested parties and to inform them about our products and special offers.

When you visit our online presence on social media, your data may be automatically collected and stored for market research and advertising purposes. This data is used to create so-called user profiles using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used on your end device to store visitor behavior and user interests.

• Joint responsibility (Art. 26 GDPR): We are jointly responsible for data processing in connection with the operation of our Facebook fan page with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can view the main contents of the agreement on joint responsibility in accordance with Art. 26 GDPR here: https://www.facebook.com/legal/terms/page_controller_addendum.

• Legal basis: Your data is processed on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in an optimized presentation of our offer and effective communication with customers and interested parties. If the respective social media platform operators ask you for your consent to data processing, e.g. with the help of a checkbox, the legal basis for data processing is Art. 6 para. 1 lit. a GDPR.
• Third country transfer: Insofar as the aforementioned social media platforms have their headquarters in the USA, the data transfer to the USA takes place on the basis of the EU-US Data Privacy Framework (DPF). Meta Platforms is DPF certified; a current certificate can be viewed here: https://www.dataprivacyframework.gov/s/participant-search/participant-detailid=a2zt0000000GnywAAC&status=Active.

• Your rights and options to object: Detailed information on this can be found at:
  • Facebook: https://www.facebook.com/about/privacy/
  • Instagram: https://help.instagram.com/519522125107875

• • Possibility of objection (opt-out):
    • Facebook: https://www.facebook.com/settings?tab=ads
    • Instagram: https://help.instagram.com/519522125107875

Social Feed Gallery We use the „Social Feed Gallery“ plugin to display content from Instagram on our website. This plugin enables the integration of Instagram feeds into our website.

• Purpose and legal basis: The integration of Instagram content serves to present our products and activities in an appealing and up-to-date manner and to interact with our community. The processing takes place on the basis of your Consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, which is obtained via our cookie consent management tool.
• Processed data categories and data recipients: When loading the feed, data (e.g. your IP address, browser information) may be transmitted to Instagram (Meta Platforms Ireland Limited). Instagram can use this data to assign your visit to your Instagram account if you are logged in there.
• Data transfer to third countries (USA): Since Meta Platforms is headquartered in the USA, data is transferred to the USA on the basis of the EU-US Data Privacy Framework (DPF), provided Meta Platforms is certified under this framework.
• Further information: Detailed information on data processing by Instagram can be found in their privacy policy: https://help.instagram.com/519522125107875.

X. Contact options and your rights

SYou have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing as well as a right to correction, blocking or deletion of this data at any time. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of data protection.

Right to information (Art. 15 GDPR) You have the right to obtain confirmation as to whether or not personal data concerning you is being processed. If this is the case, you have a right to information about this personal data and to the following information:

• the purposes of processing;
• the categories of personal data processed;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed;
• the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing;
• the existence of a right of appeal to a supervisory authority;
• if the personal data are not collected from the data subject, all available information about the origin of the data;
• the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to rectification (Art. 16 GDPR) You have the right to obtain from us without undue delay the rectification of inaccurate personal data or the completion of incomplete personal data.

Right to erasure („right to be forgotten“) (Art. 17 GDPR) You have the right to obtain from us the erasure of personal data concerning you without undue delay and we are obliged to erase personal data without undue delay where one of the following grounds applies:

• The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
• You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
• You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
• The personal data was processed unlawfully.
• The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which we are subject.
• The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

Right to restriction of processing (Art. 18 GDPR) You have the right to obtain from us restriction of processing where one of the following applies:

• the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or
• you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

Right to object (Art. 21 GDPR) You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.