Privacy Policy

General note and mandatory information
Name of the responsible office

The responsible body for data processing on this website is:

WhiteWall Media GmbH

Europaallee 59

50226 Frechen

Germany

The responsible body, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, contact details, etc.).

Withdrawal of your consent to data processing

Only with your express consent are some processes of data processing possible. A revocation of the consent you have already given is possible at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to appeal to the responsible supervisory authority

As the person concerned, you are entitled to file a complaint with the responsible supervisory authority in the event of a breach of data protection law. The responsible supervisory authority with regard to data protection issues is the state data protection officer of the federal state in which the headquarters of our company is located. The following link provides a list of data protection officers and their contact details: hier.

Right to data portability

You have the right to have data that we process on the basis of your consent or automatically in fulfillment of a contract given to you or to third parties. The provision is made in a machine-readable format. If you require the direct transfer of the data to another person, this will only be done insofar as it is technically feasible.

Right to information, correction, blocking, deletion

You have the right at any time in the context of the applicable legal provisions to request free information about your stored personal data, the origin of the data, their recipients and the purpose of data processing and, if necessary, a right to correct, block or delete this data. In this regard and also to further questions on the subject of personal data, you can always contact us via the contact options listed in the legal information on our website.

Data Protection Officer

We have appointed a data protection officer.

Philipp Herold

Rudolf-Diesel-Straße 10

23617 Stockelsdorf

Germany

E-mail: dataprotection@whitewall.com

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as a website user, our website uses an SSL or TLS encryption. Thus, data that you submit via this website is not readable for others. You will recognize an encrypted connection by the "https: //" address bar of your browser and by the lock icon in the browser bar.

Server Log Files

In server log files, the website provider automatically collects and stores information that your browser automatically sends to us. This information is:

Browser type and browser version

Operating system used

Referrer URL

Host name of the accessing computer

Time of the server request

IP address

This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the completion of a contract or precontractual measures.

Data transfer at the conclusion of a contract for the sale of goods and for the dispatch of goods

Personal data will only be transmitted to third parties if necessary within the context of processing the contract. Third parties may be, for example, payment service providers or logistics companies. Further transmission of the data does not take place unless you have expressly consented to it.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or precontractual measures.

Order

We use the data you provide to fulfil and process your order. The basis for the data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Registration on this website

To use certain features, you can register on our website. The transmitted data is used exclusively for the purpose of using the respective offer or service. Required information requested during registration must be given in full. Otherwise we will reject the registration.

In case of important changes, for technical reasons for example, we will inform you by e-mail. The e-mail will be sent to the address provided when registering.

The processing of the data entered during registration takes place on the basis of your consent (Art. 6 (1) lit. GDPR). A revocation of your already given consent is possible at any time. For the revocation, an informal message by e-mail will suffice. The legality of the data processing that has already been completed remains unaffected by the revocation.

We store the data collected during the registration throughout the period you are registered on our website. Should you cancel your registration, your data will be deleted. Legal retention periods remain unaffected.

Contact form

Data submitted via the contact form, including your contact details, will be stored to process your request or to be available for follow-up questions. No disclosure of this data will take place without your consent.

The processing of the data entered into the contact form takes place exclusively on the basis of your consent (Art. 6 (1) lit. GDPR). A revocation of the consent you have already given is possible at any time. For the revocation, an informal message by e-mail will suffice. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

Data submitted via the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or you no longer need to back up your data. Mandatory statutory provisions - especially retention periods - remain unaffected.

Customer Satisfaction Surveys

After shipping your order, you will receive a one-time invitation by e-mail to participate in a voluntary customer satisfaction survey.

The data collected as part of customer satisfaction surveys are used to improve our services and will not be submitted to third parties. If you send us a request to delete your data to dataprotection@whitewall.com, the data from the customer satisfaction surveys will be anonymized. We reserve the right to comply with legal deadlines for data storage.

Newsletter Data

To send our newsletter, we need an e-mail address from you. It is necessary to verify the given e-mail address and to accept the newsletter. Supplementary data is not collected or is voluntary. The use of the data takes place exclusively for sending of the newsletter.

The data provided in the newsletter registration is processed exclusively on the basis of your consent (Art. 6 (1) lit. GDPR). Revocation of the consent you have already given is possible at any time. An informal message by e-mail will suffice for the revocation, or you can use the "unsubscribe" link in the newsletter. The legality of the already completed data processing operations remains unaffected by the revocation.

Data entered to set up the subscription will be deleted in the event of cancellation. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.

Product Recommendations via email

To make existing customers aware of products from their area of interest, we inform them of these products by email. Existing customers will also receive these individual product recommendations if they are subscribed to our newsletter. We make the selection of individual product recommendations based on data and information: a) you have entered while shopping, and b) that are legally allowed to be used.

If you are no longer interested in our individual product recommendations, you can deactivate this service here at any time. Contact our customer service team +44 (0) 20 3411 1846.

Cookies

Our website uses cookies. These are small text files that your web browser stores on your device. Cookies help us make our service more user-friendly, effective and secure.

Some cookies are "session cookies." Such cookies are automatically deleted after the end of your browser session. Other cookies remain on your device and enable us to recognize your browser during the next visit (persistent cookies). Further information as well as personalised cookie settings can be found in the footer of the page under the headline "Cookie Settings".

With a modern web browser, you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured to automatically delete cookies when the program is closed. The deactivation of cookies may result in limited functionality of our website.

When opening the pages, users will be informed about the use of cookies for analytical purposes and their consent to processing of the personal data used in this context will be requested. To comply with our legal obligation, we use the consent management solution from Usercentrics that saves your consent on the basis of Art. 6 para. 6 1 lit c) EU GDPR to fulfil the documentation requirement acc. to Art. 7 para. 1 EU GDPR.

As the operator of this website, we have a legitimate interest in the storage of cookies for the technically flawless and smooth provision of our services. If other cookies are set (e.g. for analysis functions), they are treated separately in this privacy policy.

Contentful CDN

We use Contentful CDN to properly deliver content to our website. Contentful CDN is a service provided by Contentful GmbH, which acts as a content delivery network (CDN) on our website.

A CDN helps to provide content of our online offer, especially files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Contentful GmbH, Ritterstr. 12-14 10969 Berlin Germany, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Contentful CDN.

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimization of our online offer according to Art. 6 para. 1 lit. f. GDPR.

The concrete storage period of the processed data cannot be influenced by us, but is determined by Contentful GmbH. Further information can be found in the privacy policy for Contentful CDN: https://www.contentful.com/legal/de/privacy/.

Payment service provider

Use of Paypal

Our website enables payment via PayPal. The payment service provider is PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg.

When you pay with PayPal, the payment data you enter is transmitted to PayPal.

The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). A revocation of your already given consent is possible at any time. Previous data processing operations remain in place in the event of a revocation.

All PayPal transactions are subject to the PayPal privacy policy. This can be found at https://www.paypal.com/webapps/mpp/ua/privacy-full.

Use of the payment service provider Adyen

We use Adyen, a service for online payment processes, for our website. The service provider is the Dutch company Adyen N.V., PO Box 10095 1001 EB Amsterdam, The Netherlands.

To learn more about the data processed through the use of Adyen, please see the privacy policy at https://www.adyen.com/policies-and-disclaimer/privacy-policy.

YouTube

For integration and presentation of video content, our website uses plugins from YouTube. Provider of the video portal is the YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When you visit a page with an integrated YouTube plug-in, it will connect to YouTube's servers. YouTube will find out which of our pages you viewed.

YouTube may associate your browsing behavior directly with your personal profile should you be logged into your YouTube account. By logging out beforehand you have the option to prevent this.

The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

For details on how to handle user information, please refer to the YouTube Privacy Policy at: www.google.com/intl/en/policies/privacy.

Google Analytics

Our website uses functions of the web analytics service Google Analytics. Web analytics service provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Google Analytics uses "cookies." These are small text files that your web browser stores on your device and allow analysis of website usage. Information generated by cookies about your use of our website is transmitted to a Google server and stored there. Server location is usually in the USA.

Google Analytics cookies are set on the basis of Art. 6 para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in the analysis of user behavior in order to optimize our website and possibly also advertising.

For details on how to handle user data on Google Analytics, please refer to the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en.

You can prevent Google Analytics from collecting your data by deactivating it in our cookie settings.

IP Anonymization

We use Google Analytics in conjunction with the IP anonymization feature. It ensures that Google shortens your IP address within member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. There may be exceptions where Google transmits and truncates the full IP address to a server in the United States. Google will use this information on our behalf to evaluate your use of the website, to report on website activity, and to provide us with other services related to website activity and internet usage. There is no merger of the Google Analytics transmitted IP address with other Google data.

Browser Plugin

The setting of cookies through your web browser can be prevented. However, some features of our website may be restricted. Likewise, you can prevent the collection of data regarding your website use, including your IP address and subsequent processing by Google. This is possible by downloading and installing the browser plug-in that can be accessed via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Order Processing

To fully comply with legal data protection requirements, we have entered into an order processing agreement with Google.

Demographic features in Google Analytics

Our website uses the demographics feature of Google Analytics. It can be used to generate reports that contain statements on the age, gender and interests of the site visitors. This data is from interest-based advertising from Google and from third-party visitor data. Assignment of the data to a specific person is not possible. You can disable this feature at any time. This is possible through the ad settings in your Google Account or by generally prohibiting the collection of your data by Google Analytics by deactivating it in our cookie settings.

Google Ads and Conversion Tracking

Our website uses the online marketing program "Google Ads", including conversion tracking (evaluation of user actions). Google conversion tracking is a service operated by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). If you are ordinarily resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller responsible for your data. Google Ireland Limited is therefore the company affiliated with Google responsible for processing your data and for compliance with the applicable data protection legislation.

If you click on adverts placed by Google, a cookie is placed on your computer for conversion tracking. These cookies have limited validity, do not contain any personal data and thus cannot be used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognise that you have clicked on the advert and were forwarded to this page. Every Google Ads customer receives a different cookie. It is therefore not possible to track cookies relating to the websites of Ads customers.

The information collected using the conversion cookie serves the purpose of producing conversion statistics. This allows us to find out the total number of users who have clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. However, they do not receive any information with which could be used to personally identify users.

Your data may be transmitted to the USA. For the USA, no adequacy decision from the EU Commission is available.The data transfer takes place, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks.

The use of cookies or comparable technologies is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal.

You will find more information as well as Google’s data privacy policy at: https://policies.google.com/privacy

Google reCAPTCHA

To protect our web forms from abuse and against spam, we use the Google reCAPTCHA service on this website. Google reCAPTCHA is an offer from Google Ireland Limited, headquartered at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.com). By checking a manual entry, this service prevents automated software (so-called bots) from performing inappropriate activities on our website. According to Art. 6 para. 1 s. 1 lit. f GDPR, this is meant to protect our legitimate interests, which prevail after due consideration of interests, in protecting our website against misuse as well as in trouble-free display of our online presence.

By means of a code embedded in the website, a so-called JavaScript, Google reCAPTCHA uses methods as part of the check, that enable an analysis of the website use by you, such as cookies. The automatically collected information about your use of this website including your IP address will usually be transmitted to a server in the U.S. and stored there. In addition, other cookies saved in your browser by Google services will be analysed by Google reCAPTCHA. No personal data are read or saved from the input boxes of the relevant form.

To the extent that information is transmitted to Google servers in the U.S. and saved there, the U.S. company Google LLC is certified under the EU-U.S. Privacy Shield. An updated certificate can be read here.

You can avoid collection of the data created by the JavaScript and/or the cookie and related to your use of the website (including your IP address) by Google as well as processing of such data by Google by disabling the activation of JavaScripts or the placement of cookies in your browser set-tings. Please bear in mind that this may restrict the functionality of our web content for your use.

Further information on the privacy policy of Google can be found here.

Google Fonts

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offer. To obtain these fonts, you establish a connection to servers of Google Ireland Limited, whereby your IP address is transmitted.

The use of Google Fonts is based on our legitimate interests, i.e. interest in a uniform provision as well as the optimisation of our online offer pursuant to Art. 6 para. 1 lit. f. GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.

Google Tag Manager

We use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and allows us to control the precise integration of services on our website.

This allows us to integrate additional services flexibly in order to evaluate user access to our website.

The use of Google Tag Manager is based on our legitimate interests, i.e. interest in optimising our services in accordance with Art. 6 para. 1 lit. f. GDPR.

The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

Google Customer Match

We use Google Ads Customer Match lists as part of our advertising activities only with your consent. For the use of Customer Match, lists with encrypted user data (e.g. names, email addresses, customer-specific identifiers) are uploaded to Google. Google then compares whether the transmitted user data matches existing Google customers. The use of Customer Match serves us to optimize our web offer and to individualize it to the respective users. Once the Customer Match lists have been created, the encrypted data records are automatically deleted again. The providers do not obtain new addresses as a result.

The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as an order processor. We have concluded an order processing agreement with Google for this purpose. Google LLC, based in California, USA, and possibly US authorities may access the data stored by Google.

You can object to this use by preventing the installation of cookies through a corresponding setting in your browser software (deactivation option). Likewise, you can adjust personal advertising in your Google user account in the Privacy tab according to your wishes. To do this, log in to Google and go to "Manage Google Account" in the "Data and Privacy" section.

For further information, please refer to Google's privacy policy at: https://policies.google.com/privacy.

Microsoft Advertising

We use Microsoft Advertising from Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; "Microsoft") on our website. The data processing serves marketing and advertising purposes and the purpose of measuring the success of the advertising measures (conversion tracking). We learn the total number of users who clicked on one of our ads and were redirected to a page tagged with a conversion tracking tag. However, this does not allow us to personally identify these users.

Microsoft Advertising uses technologies such as cookies and tracking pixels to help analyze how you use the Site. When you click on an ad placed by Microsoft Advertising, a cookie for conversion tracking is placed on your computer. This cookie has a limited validity and is not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Microsoft and we can recognize that you clicked on the ad and were redirected to that page. In doing so, the following information may be collected, among other things: IP address, identifiers (identifiers) assigned by Microsoft, information about the browser you are using and about the device you are using, referrer URL (web page from which you accessed our website), URL of our website.

Your data may be transferred to the USA. There is no EU Commission adequacy decision for the USA. The use of cookies or comparable technologies takes place with your consent on the basis of § 25 para. 1 p. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation. You can find more information about data protection and the cookies used by Microsoft Bing here.

Criteo

Criteo Ads

We have integrated Criteo Ads on our website. Criteo Ads is a service provided by Criteo S.A. that displays targeted advertising to users. Criteo Ads uses cookies and other browser technologies to analyse user behaviour and recognise users. Criteo Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of the advertising. Furthermore, Criteo Ads delivers targeted advertising based on behavioural profiling and geographic location. Your IP address and other identifiers such as your user agent are transmitted to the provider. In this case, your data is passed on to the operator of Criteo Ads, Criteo S.A., Paris, Ile-de-France, FR. Web tracking technologies are used to create pseudonymised user profiles. These profiles cannot be linked to you as a natural person, but are used, for example, for segmentation when displaying advertisements.

We process data with the help of Criteo Ads for the purpose of optimising our advertising campaigns and for marketing purposes on the basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Criteo S.A.. Further information can be found in the privacy policy for Criteo Ads: https://www.criteo.com/privacy/.

Criteo CDN

We use Criteo CDN to properly deliver the content of our website. Criteo CDN is a service of Criteo S.A., which acts as a content delivery network (CDN) on our website to ensure the functionality of other services of Criteo S.A.. For said services, you will find a separate section in this privacy policy. This section only deals with the use of the CDN.

A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Criteo S.A., Paris, Ile-de-France, FR, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Criteo CDN.

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimisation of our online offer pursuant to Art. 6 para. 1 lit. f. GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Criteo S.A.. Further information can be found in the privacy policy for Criteo CDN: https://www.criteo.com/privacy/.

Awin

Our website uses features of the affiliate and advertising company AWIN AG (Landsberger Allee 104 BC, 10249 Berlin, Germany). Awin is a performance marketing network that provides an interface between affiliates and advertisers. Awin uses tracking tools to run its services in order to store and track a user action. As a result, data from you is sent to the company in pseudonomized form and stored there.

When you click on an ad on our website, this is documented by cookies. The cookies are set in your browser when you click on one of our ads on our website. The cookies store information such as when which ad was clicked on at what time on which website. All this data is only used to track a publisher's marketing efforts and sales.

Your data is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). Insofar as the information collected in this way has a personal reference, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in optimizing our online services and our marketing measures. The data stored within the scope of Awin will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. Further information can be found in the privacy policy for Awin: https://www.awin.com/gb/privacy.

You have the option to prevent the collection of your data by cookies at any time by managing, deactivating or deleting them in your browser.

Integration of the Trusted Shops Trustbadge

To display our Trusted Shops seal of quality and any reviews collected, as well as to offer the Trusted Shops products to buyers after placing an order, the Trusted Shops Trustbadge is integrated on this website.

This is to protect our legitimate interests in optimal marketing, which prevail after due consideration of all interests, by enabling secure shopping in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. The Trustbadge and the services advertised through it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided as part of an order processed by a content delivery network (CDN) provider. Trusted Shops GmbH also uses service providers from the U.S. An adequate level of data protection is ensured. Further information on data protection by Trusted Shops GmbH can be found here.

When the Trustbadge is accessed, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the access, the amount of transmitted data and the requesting provider (access data), and documents the access. Individual access data are stored in a security database for the analysis of security anomalies. The log files are automatically deleted no later than 90 days after creation.

Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or if you have already registered for use. The contractual agreement between you and Trusted Shops shall apply. For this purpose, personal data is automatically collected from the order data. Whether you as a buyer are already registered for product use is automatically checked using a neutral parameter, i.e. the email address hashed by a one-way cryptological function. Prior to submission, the e-mail address is converted into this hash value that cannot be decrypted by Trusted Shops. After checking for a match, the parameter is deleted automatically.

This is required to pursue our and Trusted Shops’ predominant legitimate interests in ensuring the buyer protection that is linked to each specific order and the transactional evaluation services in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Further details, also regarding objection, can be found in the Trusted Shops Privacy Policy linked above and in the Trustbadge.

Use of Zendesk Chat

On our website, you have the option to contact us using "Zendesk Chat". This software is operated via an external system by Zendesk Inc, 1019 Market Street, San Francisco, CA 94103, USA (www.zendesk.de). This is an optional option and you can also contact us by email or phone instead, for example. When using the chat, data is collected and stored for the purpose of web analytics and to operate the chat system to respond to live support requests. In doing so, Zendesk tracks which page of our website was accessed. Usage profiles can be created from this data. Cookies may be used for this purpose. Conducted chats are logged and stored.

If the information collected in this way has a personal reference, the processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in effective customer service and the statistical analysis of user behavior for optimization purposes.

To avoid the storage of Zendesk cookies, you can set your internet browser to prevent cookies from being placed on your computer in the future or to delete cookies that have already been placed. However, switching off all cookies may mean that some functions on our Internet pages can no longer be executed.

Salesforce

We use Salesforce on our website, a service for our customer relationship management (CRM). The service provider is the American company salesforce.com Inc, One Market Street, Suite 300, San Francisco, CA 94105, USA.

Salesforce also processes data from you in the USA, among other places. Salesforce uses standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Through these clauses, Salesforce undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

The Data Processing Addendum, which corresponds to the standard clauses, can be found at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf.

To learn more about the data that is processed through the use of Salesforce, see the Privacy Policy at https://www.salesforce.com/eu/company/privacy/.

Meta Platforms Inc.

On our website we use the plug-in of the social network Facebook from Meta Platforms Ireland Limited.

Meta Platforms Ireland Limited

4 Grand Canal Square

Grand Canal Harbour

Dublin 2, Ireland

Meta Platforms Ireland has the responsibility to enable data subject rights under Art. 15 - 20 GDPR, to comply with the security requirements of Art. 32 GDPR with respect to the security of the Service, and to comply with the obligations under Art. 33, 34 GDPR to the extent that a personal data breach affects Meta Platforms Ireland's obligations under the Joint Processing Agreement.

"Facebook" Social plug-in

Facebook is an internet service of facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is again operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter referred to as "Facebook".

Certified under the EU-US Privacy Shield www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active Facebook guarantees that EU data protection standards will be respected, even when processing data in the US.

Legal basis is Art. 6 para. 1 lit. f) GDPR . Our legitimate interest lies in the quality improvement of our website.

Facebook offers further information about the possible plug-ins as well as their respective functions at https://developers.facebook.com/docs/plugins/.

If the plug-in is stored on one of the pages you visit on our website, your Internet browser downloads a display of the plug-in from the Facebook servers in the USA. For technical reasons, it is necessary that Facebook processes your IP address. In addition, however, the date and time of the visit to our website are recorded.

If you are logged in to Facebook while visiting one of our plug-ins, the information collected by the plug-in will be recognized by Facebook. The information collected in this way may be assigned to your personal user account by Facebook. For example, if you use the so-called "Like" button from Facebook, this information will be stored in your Facebook user account and, if applicable, published via the Facebook platform. If you want to prevent this, you must either log out of Facebook before visiting our website or prevent the loading of the Facebook plug-in by using an add-on for your Internet browser.

Facebook offers further information about the collection and use of data as well as your related rights and protections Facebook in its https://www.facebook.com/policy.php privacy policy.

Hotjar

On our website we use Hotjar. This is a web analysis service of Hotjar Ltd, Level 2, St Julian's Business Center, 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe, hereafter referred to simply as "Hotjar".

Hotjar serves us to analyze the usage behavior of our website. Legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimization and economic operation of our website.

Hotjar allows us to log and analyze your usage behavior on our website, such as your mouse movements or mouse clicks. Your visit to our website will be anonymous. In addition, Hotjar will evaluate and statistically process information about your operating system, Internet browser, incoming or outgoing links, geographic origin, and the type and location of the device you are using. Also, Hotjar can get some direct feedback from you. In addition, Hotjar offers more privacy information at https://www.hotjar.com/privacy.

In addition, you have the option of terminating the analysis of your usage behavior by opting out. By confirming the link https://www.hotjar.com/opt-out a cookie is stored on your device via your Internet browser, which prevents further analysis. Please note, however, that you will need to press the link above again if you delete the cookies stored on your device.

Kameleoon

This website uses the personalization and web analytics service Kameleoon. The program enables an analysis of user behavior based on (automated) user segmentations. We can determine how the individual user segments visit the website, which landing pages are visited and how an increase in click-through rates can be achieved by analyzing the log file data. The system analyzes your behavior and its context when using this website and assigns it to target groups anonymously.

For the analyses, as described above, cookies/local storage of the browser are used, which are linked to a pseudonymized ID. Your IP address is completely anonymized and not stored for this purpose. The information generated by the cookie/local storage about your use of this website is transmitted to a Kameleoon server in Germany and stored there in aggregated and pseudonymized form. The IP address transmitted by your browser within the framework of Kameleoon will not be merged with other data from Kameleoon.

The use of Kameleoon serves to evaluate your use of the website and to compile reports on website activities so that we can regularly improve our offer. The legal basis for the storage of the cookie is the consent given (Art. 6 para. 1 p. 1 lit. a GDPR). The further evaluation of the collected data takes place over a period of max. 365 days on the basis of Art. 6 para. 1 p. 1 lit. f GDPR.

You may refuse the use of cookies / local storage by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Sentry

We use the Sentry service (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to improve the technical stability of our service by monitoring system stability and identifying code errors.

Sentry serves these purposes alone and does not evaluate data for advertising purposes. User data, such as device details or time of error, are collected anonymously and are not used in a personalized manner and are subsequently deleted.

For more information, please see Sentry's privacy policy: https://sentry.io/privacy/.

Noibu

Our website utilizes the error tracking service provided by Noibu Technologies Inc., located at 979 Bank St, Ottawa, ON K1S 5K5, Canada. The purpose of this service, referred to as Noibu, is to gather information about unidentified user interactions on our website for the purpose of identifying and correcting ecommerce errors that may impact user experience. Noibu only collects browser and device information for debugging purposes.

The processing of user data through Noibu is based on your consent as per Article 6(1)(a) of the General Data Protection Regulation (GDPR). Should you wish to opt out of this data processing, you may do so at any time by revoking your consent by sending an email to privacy@noibu.com.

Users of our website have the option to deactivate the data processing by Noibu at any time. We have entered into a data processing agreement with Noibu in accordance with the EU Standard Contractual Clauses."

Data subjects' rights

When processing your personal data, the EU General Data Protection Regulation grants you certain rights:

1. right of access (Art. 15 EU GDPR):

You have the right to request confirmation as to whether personal data concerning you are being processed. If this is the case, you have the right to be informed about this personal data and to receive the information listed in detail in Art. 15 EU-GDPR.

2. right to rectification (Art. 16 EU GDPR):

You have the right to request without undue delay the rectification of any inaccurate personal data concerning you and, where applicable, the completion of any incomplete personal data.

3. right to erasure (Art. 17 EU GDPR):

You also have the right to request that personal data concerning you be deleted without delay, provided that one of the reasons listed in detail in Art. 17 EU-GDPRapplies, e.g. if the data is no longer required for the purposes pursued.

4. right to information (Art. 19 EU-GDPR):

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

5. right to restriction of processing (Art. 18 EU-GDPR):

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 EU GDPR applies, e.g. if you have objected to the processing, for the duration of any review.

6. right to data portability (Art. 20 EU-GDPR):

In certain cases, which are listed in detail in Art. 20 EU-GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

7. revocation of consent (Art. 7 para. 3 EU-GDPR):

You have the right to revoke your consent at any time. This means that we will no longer continue the data processing that we previously carried out on the basis of your consent. Your revocation does not affect the lawfulness of the processing of the data that has already taken place.

8. right to lodge a complaint with a supervisory authority (Art. 77 EU-GDPR):

According to Art. 77 EU-GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of the data concerning you violates data protection regulations. The right to lodge a complaint may in particular be asserted before a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged infringement.

9. right to object (Art. 21 EU-GDPR):

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or Article 6(1)(f) EU GDPR, in accordance with Article 21(2) EU GDPR.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

Last Update: February 2023