Mediaform data protection declaration

This Data Protection Declaration explains to you the nature, scope and purpose of the processing of personal data (hereinafter abbreviated to “Data”) within our Mediaform GmbH online offering, and the websites/pages, functions and contents associated therewith, as well as external online presences, e.g. our social media profiles (hereinafter collectively referred to as “Online Offering”). With regard to the terms used, such as “Processing” or “Controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Mediaform Informationssysteme GmbH
Data protection officer
Borsigstrasse 21
D-21465 Reinbek, Germany
Tel.: +49 40 72 73 60 26
E-mail: datenschutzbeauftragter(at)mediaform.de

Categories of persons affected

Purpose of the Processing

In accordance with Article 4 of the General Data Protection Regulation (GDPR), the following terms used are defined as follows:

“Personal Data” means all and any information relating to an identified or identifiable natural person (hereinafter referred to as “Data Subject”); a natural person is considered to be identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie), or by one or more special characteristic features that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or any such series of operations that is performed in connection with personal data, whether or not with the assistance of automated procedures. The term is far-reaching, and comprises virtually any handling of data.

The natural or legal person, public authority, establishment or other entity which, alone or jointly with others, determines the purposes and means of the processing of personal data is referred to as the “Controller”.

In accordance with Article 13 of the GDPR, we hereby inform you of the legal bases for our data processing operations. Insofar as the legal basis is not specified in the Data Protection Declaration, the following shall apply: The legal basis for obtaining consents is provided by Article 6, Para. 1, Letter a and Article 7 of the GDPR. The legal basis for processing in order to fulfil our services and to implement contractual measures, as well as to answer inquiries, is Article 6, Para. 1, Letter b of the GDPR. The legal basis for processing to fulfil our legal obligations is Article 6, Para. 1, Letter c of the GDPR, and the legal basis for processing to protect our legitimate interests is Article 6, Para. 1, Letter f of the GDPR. In the event that vital interests of the Data Subject or of another natural person necessitate the processing of personal data, Article 6, Para. 1, Letter d of the GDPR shall serve as the legal basis.

Insofar as, in the course of our processing, we disclose your data to other persons and companies (order processors or third parties), or transfer it to them or otherwise grant them access to the data, this shall be done exclusively on the basis of the following circumstances:

legal/statutory permission (e.g. if transmission of the data to third parties is necessary in accordance with Article 6, Para. 1, Letter b of the GDPR, such as to payment service providers for performance of a contract),

Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of making use of third-party services, or disclosing or transferring data to third parties, this will only occur if it takes place:

Subject to legal/statutory or contractual permissions, we only allow your data to be processed in a third country if the special conditions set out in Article 44 ff. of the GDPR exist. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection equivalent to that of the EU (e.g. for the USA through the “Privacy Shield”) or in compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

In accordance with Article 15 of the GDPR, you have the right to request confirmation as to whether the data in question is being processed, and to obtain information about this data. You also have the right to request further information and a copy of the data.

In accordance with Article 16 of the GDPR, you have the right to request the completion of data concerning you, or the correction of inaccurate data concerning you.

In accordance with Article 17 of the GDPR, you have the right to request that the data in question be deleted immediately or, alternatively, in accordance with Article 18 of the GDPR, to request that the processing of the data be restricted.

You have the right to request that you receive the data concerning you which you have provided to us in accordance with Article 20 of the GDPR and to request its transfer to other responsible persons.

Moreover, you have the right to lodge a complaint with the competent supervisory authority in accordance with Article 77 of the GDPR.

Within the framework of contractual and other legal relationships, on the basis of legal/statutory obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use banks, credit institutions and other payment service providers (collectively referred to as “Payment Service Providers”) for this purpose.

The data processed by the Payment Service Providers includes inventory data, e.g. name and address, bank details, such as account numbers or credit card numbers, passwords, TANs (TransAction Numbers) and checksums, as well as contract, sum and recipient-related information. This information is necessary to carry out the transactions. However, the data entered is only processed and stored by the Payment Service Providers. This means that we do not receive any information relating to accounts or credit cards, but only information confirming or rejecting the payment. Under certain circumstances, data may be transmitted by the Payment Service Providers to credit reference agencies. The purpose of this transmission is to verify identity and creditworthiness. For more information, please refer to the general terms and conditions and the privacy policies of the Payment Service Providers.

Payment transactions are subject to the terms and conditions of business and data protection information of the respective Payment Service Providers, which can be accessed on the respective websites/pages or transaction applications. We also refer to these for further information and the assertion of rights of revocation, information and other rights of data subjects.

Services used and service providers:

You have the right to revoke consents granted in accordance with Article 7, Para. 3 of the GDPR with effect for the future.

You can object to the future processing of data concerning you at any time in accordance with Article 21 of the GDPR. In particular, the objection can take place against processing for purposes of direct advertising.

“Cookies” are small files that are stored on users’ computers. Various types of information can be stored in cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or even after their visit within an online offering. Temporary cookies, called “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offering and closes their browser. Such a cookie can, for example, store the contents of a shopping cart in an online shop or a login tailback. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be stored if users visit the site after several days. Such cookies can also store users’ interests, which are used for coverage measurement or marketing purposes. Cookies that are offered by providers other than the person responsible for operating the online offering (the Controller) are referred to as “third-party cookies” (otherwise, if they are only the Controller’s cookies, they are referred to as “first-party cookies”).

We may use temporary and permanent cookies, and we provide information about this in our Data Protection Declaration.

If you, as a user, do not want cookies to be stored on your computer, you are requested to deactivate the corresponding option in your browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may lead to functional restrictions of this online offering.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US-American web page http://www.aboutads.info/choices/ or the EU web page https://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by deactivating them in the browser’s settings. Please note that in this case, not all functions of this online offering may be usable.

The data we process will be deleted, or its processing restricted, in accordance with Articles 17 and 18 of the GDPR. Except where expressly stated in this Data Protection Declaration, data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing its deletion. Insofar as data is not deleted because it is required for other, legally permissible purposes, its processing will be restricted. This means that the data will be barred and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

In accordance with legal/statutory requirements in Germany, records are retained in particular for a period of six (6) years pursuant to Section 257, Para. 1 of the German Commercial Code (HGB) (commercial accounting books, inventories, opening balance sheets, annual financial statements, commercial correspondence, accounting documents, etc.), and for ten (10) years in accordance with Section 147, Para. 1 of the AO (German Fiscal Code) (books, records, management reports, accounting documents, commercial and business correspondence, documents relevant for taxation, etc.).

In accordance with legal/statutory requirements in Austria, records must be retained in particular for seven (7) years pursuant to Section 132, Para. 1 of the BAO (Austrian Federal Tax Code) (bookkeeping documents, receipts/invoices, accounts, vouchers, business papers, statements of income and expenditure, etc.), for twenty-two (22) years in connection with real estate, and for ten (10) years for documents in connection with electronically provided services, telecommunications, radio and television services provided to noncorporate entities in EU member states and for which the Mini-One-Stop Shop (MOSS) is used.

We also process the

• Contract data (e.g. subject matter of contract, term, customer category)
• Payment data (e.g. bank details, payment history)

of our customers, prospective customers and business partners for purposes of providing contractual performances, services and customer care, marketing, advertising and market research.

The hosting services we use serve to provide the following performances: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for purposes of operating this online offering.

In so doing, we and/or our hosting provider process the inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors to this online offering on the basis of our legitimate interests in the efficient and safe/secure provision of this online offering in accordance with Article 6, Para. 1, Letter f of the GDPR in conjunction with Article 28 of the GDPR (conclusion of an order-processing contract).

Mediaform GmbH and/or our hosting provider collects data about every access to the server on which this service is located (known as server log files) on the basis of our legitimate interests within the meaning of Article 6, Para. 1, letter f of the GDPR. The access data includes the name of the website/page being accessed, the file, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user’s operating system, the referrer’s URL (previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum period of seven (7) days and is thereafter deleted. Data that must be retained for evidentiary purposes are excluded from deletion until the respective incident has been finally and definitively clarified.

We process our customers’ data as part of the ordering processes in our online shop to enable them to select and order the chosen products and services, as well as to pay for and receive delivery of or fulfilment of their orders.

The processed data includes inventory data, communication data, contract data, payment data and regarding the data subjects of our customers, interested parties and other business partners. Processing is carried out for the purpose of providing contractual services in the context of operating an online shop, invoicing, delivery and customer services. In this context, we use session cookies to store the contents of the shopping basket, and permanent cookies to store the login status.

Processing takes place based on Article 6, Para. 1, Letter b (execution of order processes) and c (legally required archiving) of the GDPR. In this respect, information labelled as required is necessary to justify and fulfil the contract. We disclose the data to third parties solely in the context of delivery, payment or within the scope of legal permissions and obligations vis-à-vis legal advisors and authorities. Data will be processed in third countries only if this is necessary to fulfil the contract (e.g. at the customer’s request at the time of delivery or payment).

Users can optionally create a user account, which allows them to view their orders in particular. During registration, users will be informed of the mandatory information required. User accounts are not public and cannot be indexed by search engines. If/when users have terminated their user account, their data relating to the user account will be deleted, subject to its retention for commercial or tax law reasons pursuant to Article 6, Para. 1, Letter c of the GDPR. Information in the customer account remains until it is deleted, with subsequent archiving in the case of a legal obligation. Users are responsible for backing up their data before the end of the contract upon termination.

In the context of registering and when logging in again and using our online services, we store the IP address and time of the respective user’s action. Storage is based on our legitimate interests, as well as those of users, to protect against misuse and other unauthorised use. This data is not passed on to third parties unless that is necessary to pursue our claims, or there is a legal obligation to do so in accordance with Article 6, Para. 1, Letter c of the GDPR.

Deletion takes place after the expiry of legal/statutory warranty and comparable obligations; the necessity to store data is reviewed every three (3) years; in the case of statutory archiving obligations, deletion takes place after the latter’s expiry (end of the commercial law (six (6) years) and tax law (ten (10) years) retention obligation).

To operate our business economically and to identify market trends and customer and user preferences, we analyse the data available to us about business transactions, contracts, enquiries, etc. In so doing, we process inventory data, communication data, contract data, payment data, usage data and metadata on the basis of Article 6, Para. 1, Letter f of the GDPR, whereby the data subjects include customers, interested parties, business partners, visitors to and users of the online offering.

The analyses take place for business evaluation, marketing and market research purposes. In doing so, we may take into account the profiles of registered users, together with information such as their purchasing transactions. We use the analyses to increase user-friendliness, to optimise our offering and to improve business efficiency. The analyses are solely for our own use, and are not disclosed externally unless they involve anonymous analyses with summarised values.

If these analyses or profiles are personal, they will be deleted or anonymised upon termination of the user’s account, otherwise after two years from conclusion of the contract. Furthermore, overall business analyses and general trend assessments will be created anonymously wherever possible.

We process inventory data (e.g. users’ names, addresses and contact details), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and performance of services in accordance with Article 6, Para. 1, Letter b of the GDPR. The entries identified as mandatory in online forms are required for conclusion of the contract.

In the context of the use of our online services, we store the IP address and the time of the respective user action. This storage is based on our legitimate interests, as well as those of users, in protecting against misuse and other unauthorised use. As a basic principle, this data is not passed on to third parties except when that is necessary to pursue our claims or there is a legal/statutory obligation to do so in accordance with Article 6, Para. 1, Letter c of the GDPR.

We process usage data (e.g. web sites/pages visited in our online offering, interest in our products) and content data (e.g. entries into the contact form or user profile) and for advertising purposes in a user profile, in order to display, for example, product information to the user based on the services they have used to date.

Data is deleted after the expiry of legal/statutory warranty and comparable obligations; the need to store data is reviewed every three years; in the case of statutory archiving obligations, data will be deleted after their expiry. Information in any customer account will remain until it is deleted.

We process data in the context of administration tasks and the organisation of our business, financial accounting and compliance with legal obligations such as archiving. In doing so, we process the same data that we process in the context of providing our contractual services. The legal bases for processing are Article 6, Para. 1, Letter c of the GDPR and Article 6, Para. 1, Letter f of the GDPR. The processing affects customers, interested parties, business partners and website visitors. The purpose and our interest in processing lies in administration, financial accounting, office organisation and data archiving, i.e. tasks that serve to maintain our business activities, to perform our duties and to provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information specified for these processing activities.

In this respect, we disclose or transfer data to the tax authorities and to advisors such as tax consultants or auditors, as well as to other fee collection agencies and payment service providers.

Furthermore, based on our business interests, we store information about suppliers, event organisers and other business partners, e.g. for the purpose of contacting them at a later date. We generally store this data, most of which is company-related, permanently.

As an option, users can create a user account. During registration, users will be informed of the required mandatory information that must be provided. Data entered during registration will be used for purposes of using the service. Users can be informed by e-mail about information relevant to the offering or registration, such as changes in the scope of the offering or technical circumstances. If and when users terminate their user account, their data relating to the user account will be deleted, unless it needs to be retained for commercial or tax reasons in accordance with Article 6, Para. 1, Letter c of the GDPR. Users are responsible for backing up their data before the end of the contract upon termination. We are entitled to irretrievably delete all user’s data stored during the term of the contract.

During the use of our registration and login functions and use of the user account, the IP address and the time of the respective user action will be stored. Storage takes place based on our legitimate interests, and also those of users, in protection against misuse and other unauthorised use. As a basic principle, this data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6, Para. 1, Letter c of the GDPR. IP addresses are anonymised or deleted after 7 days at the latest.

When contacting us (e.g. via the contact form, e-mail, telephone or social media), the user’s information will be processed for the purpose of handling the contact request and its processing in accordance with Article 6, Para. 1, Letter b of the GDPR and in compliance with the standard contractual clauses of the EU (European) Commission.

For this purpose, we use a customer relationship management system (CRM system), currently Microsoft Dynamics 365 Sales, a cloud-based service provided by Microsoft Corporation, USA. In addition to general contact data (e.g. name, company name, telephone number, e-mail address), this system also records communication processes such as requests for quotations, meeting notes or appointments dates/times for the purpose of processing and documenting your enquiry and for any subsequent inquiries or follow-up contacts.

Furthermore, we use a cloud-based telephone system, currently provided by 3CX Ltd., Cyprus, in conjunction with our CRM system. We record the following data for every incoming or outgoing call:

• Date and time of day
• number called and/or calling number
• call duration
• assigned contact file or company file
• responsible employee

This processing of the aforementioned data serves the purpose of complete documentation of business transactions, efficient customer care, quality assurance and the optimisation of our customer service. No voice recording takes place.

The data is regularly reviewed and deleted insofar as it is no longer required. We review the necessity every two years. Furthermore, the statutory/legal archiving obligations apply.

By the following information, we provide you with details about the contents of our Newsletter, the registration, dispatch and statistical evaluation procedures, and your rights of objection. By subscribing to the Mediaform GmbH Newsletter, you declare your agreement to receive it and to the procedures described.
The Newsletter is sent and its success measured based on the recipient’s consent in accordance with Article 6, Para. 1, Letter a and Article 7 of the GDPR in conjunction with Section 7, Para. 2, No. 3 of the UWG (German Unfair Competition Act) and/or based on legal permission granted pursuant to Section 7, Para. 3 of the UWG.
Content of the Newsletter: We send Newsletters, e-mails and other electronic notifications with promotional information (hereinafter referred to as “Newsletters”) only with the consent of the recipients or with legal permission. Insofar as the Newsletter’s content is specifically described during a registration process, this description is decisive for users’ consent. In addition, Mediaform GmbH Newsletters contain information on current (discount) promotion campaigns, the range of services offered and information about the company.

Double opt-in and logging: Registration for our Newsletter is carried out using the double opt-in procedure. This means that after registering, you will receive an e-mail with a confirmation link in which you are asked to confirm your registration by a mouse-click on the link. This confirmation is necessary to ensure that no unauthorised persons can register using your e-mail address. Newsletter registrations are logged to enable verification of the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, together with the IP address. Likewise, changes to your data stored by the mailing service provider are also logged.

Registration data: To register for the Newsletter, simply enter your e-mail address. Optionally, we ask you to enter a name so that we can address you personally in the Newsletter.

Logging of the registration process is based on our legitimate interests pursuant to Article 6, Para. 1, Letter f of the GDPR. Our interest focuses on employing a user-friendly, secure newsletter system that both serves our business interests and meets users’ expectations, as well as allowing us to prove consent.

Cancellation/revocation: You can cancel receiving the Mediaform Newsletter at any time, i.e. revoke your consent. You will find a link to cancel the Newsletter at the end of each newsletter. Based on our legitimate interests, we are allowed to store discharged e-mail addresses for up to three years before deleting them for purposes of sending the newsletter, in order to be able to prove that consent had previously been given. Processing of this data is restricted to the purpose of possible defence against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time.

The Newsletter is sent using the “MailChimp” mailing service provider, a newsletter mailing platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the mailing service provider’s privacy policy here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee that it complies with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The delivery service provider is used based on our legitimate interests pursuant to Article 6, Para. 1, Letter f of the GDPR and a data processing agreement in accordance with Article 28, Para. 3, Clause 1 of the GDPR.

The delivery service provider can/is permitted to use and utilise the recipient’s data in pseudonymous form (i.e. without assigning to a user) for the following purposes:

• to optimise or improve its own services (e.g. for technical optimisation of the dispatch and presentation of the Newsletter)
• for statistical purposes

However, the delivery service provider does not use the data of our Newsletter recipients to contact the latter itself or to pass on the data to third parties.

The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a mailing service provider, from their server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected.

This information is used for technical improvement of the services based on the technical data or target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether:

• the Newsletters are opened,
• when they are opened, and
• which links are clicked on.

For technical reasons, this information can be assigned to the individual Newsletter recipients. However, it is not our intention – nor (insofar as used) that of the mailing service provider – to monitor individual users. Rather, the evaluations serve to help us recognise our users’ reading habits, and to adapt our contents accordingly, or to send different contents in line with the interests of our users.

We use Google Analytics, a web analysis service provided by Google LLC (“Google”), on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Article 6, Para. 1, Letter f of the GDPR). Google uses cookies. The information generated by the cookie about the use of the online offering by users is usually transferred to a Google server in the USA, where it is stored.

Google is certified under the Privacy Shield Agreement, and thereby offers a guarantee that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports about activities within this online offering, and to provide us with further services associated with the use of this online offering and the internet. Pseudonymous user profiles of users can be created from the processed data at the same time.

We use Google Analytics in the form of “Google Analytics 4”. No individual IP addresses are logged or stored in Google Analytics.

Users can prevent cookies from being stored by adjusting their browser software settings accordingly. Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offering, as well as preventing Google from processing this data, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on data usage by Google, settings and options for objection, can be found on Google’s websites/pages: https://www.google.com/intl/de/policies/privacy/partners ((“Data usage by Google when you use our partners’ websites or apps”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to display advertisements to you”).

As part of Google Analytics, we also use the Google Signals extension, which enables tracking across multiple peripheral devices. To do this, Google uses the data of users who are at the same time logged into a Google service during website/page visits, and who have enabled the “personalised advertising” option in their Google account settings (https://adssettings.google.com/authenticated). Google Signals is also used only with IP anonymisation enabled.

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Article 6, Para. 1, Letter f of the GDPR), we use the marketing and remarketing services (abbreviated “Google-Marketing-Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).

Google is certified under the Privacy Shield Agreement, and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner, in order to show users only those advertisements that potentially match their interests. For example, if a user is shown advertisements for products in which they have shown interest on other websites, this is referred to as “Remarketing”. For these purposes, when our websites/pages and other websites/pages on which Google Marketing Services are active are accessed, a code from Google is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website/page. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). Cookies can be set by various domains, including by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites/pages the user has visited, what contents interest them, and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, visit time and other information about the use of the online offer. The IP address of users is also recorded, whereby we inform you within the scope of Google Analytics that the IP address is truncated within member states of the European Union or in other signatory states to the Agreement on the European Economic Area, and only in exceptional cases is it transferred in full to a Google server in the USA and truncated there. The IP address is not merged with user data within other Google offerings. The above-mentioned information may also be linked by Google to such information from other sources. When users subsequently visit other websites, advertisements tailored to their interests may be displayed to them.

User data is processed pseudonymously within the framework of Google Marketing Services. For example, this means that Google does not store and process user’s names or e-mail addresses, but processes the relevant data in a cookie-related way within pseudonymous user profiles. This means that, from Google’s perspective, the advertisements are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google Marketing Services about users is transmitted to Google and stored on Google’s servers in the USA.

Inter alia, the Google marketing services we use include the online advertising programme “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Thus, cookies cannot be tracked across the websites of AdWords customers. The information collected with the assistance of the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to allow customers to be personally identified.

We may integrate third-party advertisements based on Google’s “AdSense” marketing service. AdSense uses cookies that enable Google and its partner websites to display advertisements based on users’ visits to this website or to other websites on the Internet.

Furthermore, we may use “Google Tag Manager” to integrate and manage Google’s analysis and marketing services in our website.

For more information about Google’s use of data for marketing purposes, please visit the overview page: https://www.google.com/policies/technologies/ads, and Google’s data protection policy is available at https://www.google.com/policies/privacy.

If you wish to object to interest-based advertising via Google Marketing Services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.

Google Ads “Form Extension”

Lead form extensions enable us to capture leads, i.e. contact enquiries, directly via our Google advertisements. This allows us to provide our interested parties and potential customers with a simple option to contact us directly.

In this way, the following personal data can be collected: name, e-mail address and telephone number.

Use of this service takes place in accordance with Article 6, Para. 1, Letter f of the GDPR, based on our legitimate interest in arousing the interest of potential customers who use Google to search for our company.

Google Ads – Enhanced Conversions (expanded conversions)

“Enhanced Conversions” to improve the effectiveness of our advertising campaigns. In this process, certain customer data (such as e-mail address, name, address or telephone number) that you have input on our website (e.g. in the context of a purchase or form) is hashed (encrypted) and transmitted to Google. This takes place exclusively for better measurement of conversions, and to optimise advertisement performance.

Data are encrypted using a secure hash algorithm (SHA256) before transmission, and are used by Google only to recognise user interactions with our advertisements. Processing is based on your consent in accordance with Article 6, Para. 1, Letter a of the GDPR, insofar as you have given your consent to this via our consent management system (cookie banner).
Further information can be found at: https://support.google.com/google-ads/answer/9888656?hl=de

Google Ads – Conversion-based customer lists

As part of Google Ads, we use the “conversion-based customer lists” function on our website to analyse the effectiveness of our advertising actions and to enable targeted advertising. These lists enable us to specifically re-address (remarketing) users who have already shown interest in our products.

Processing takes place based on your consent in accordance with Article 6, Para. 1, Letter a of the GDPR. In addition, there is a legitimate interest in optimising our marketing measures in accordance with Article 6, Para. 1, Letter f of the GDPR.

You can prevent cookies from being stored by adjusting your browser software settings accordingly or by opting out at the following link:
https://support.google.com/ads/answer/7395996

Further information about data processing by Google can be found at:
https://policies.google.com/privacy

Based on your consent (Article 6, Para. 1, Letter a of the GDPR), we use the “Conversion Linker” from Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland, to measure click data and for conversion tracking purposes.

Please click here to read the data processor’s data protection rules: https://policies.google.com/privacy?hl=en

Please click here to revoke on all of the processing company’s domains: https://safety.google/privacy/privacy-controls/

Please click here to read the data processor’s cookie code of practice: https://policies.google.com/technologies/cookies?hl=en

Our website uses Microsoft Bing Ads, an analysis tool from the Microsoft Corporation, One Microsoft Way, Redmond, USA 98052-6399, USA. Like Google Analytics, Microsoft Bing Ads also works by setting cookies that can be used to track your visit to our website and to enable its use for advertising purposes (remarketing).

By using remarketing and based on so-called “Universal Event Tracking (UET)”, we can cause our customers to receive interest-based advertising by recognising end users’ visits and their activity on our website after a click on one of our adverts, and by saving this information in remarketing lists. These remarketing lists are created in compliance with legal requirements. In particular, no sensitive data is stored, nor is any other additional personal data linked to our remarketing lists, or made available to Microsoft.

If you are on a remarketing list, we may offer you interest-based advertising the next time you search via Bing or Yahoo. However, you can deactivate this behaviour-based targeting by changing your browser settings so that cookies are no longer stored. Furthermore, you can deactivate Microsoft’s tracking behaviour via the following link: http://choice.microsoft.com/de-DE/opt-out

You can view more detailed information about the use of cookies in relation to Microsoft Bing Ads on the Bing-Ads website at the following link: https://help.ads.microsoft.com/#apex/3/de/53056/2 and at Microsoft’s website at the following link: https://privacy.microsoft.com/de-de/privacystatement.

Alternatively, with the assistance of the pages of the deactivation page for consumers of the Network Advertising Initiative (NAI) or the Deactivation page of the Digital Advertising Alliance (DAA), you can make use of your right to deactivate behaviour-based tracking. Further information on this topic is also available on the website
https://www.youronlinechoices.com/de/.

Within our online offering, based on our legitimate interests in the analysis, optimisation and economic operation of our online offering, and for these purposes, we use the so-called “Facebook Pixel” from the Facebook social network, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

Facebook is certified under the Privacy Shield Agreement, and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

Firstly, with the help of the Facebook Pixel, Facebook is able to identify visitors to our online offering as a target group for the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook Pixel to show the Facebook ads displayed by us only to those Facebook users who have also shown an interest in our online offering, or who exhibit certain characteristics (e.g. interests in particular topics or products, which are determined based on the websites visited) and which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook Pixel, we also aim to ensure that our Facebook Ads correspond to the potential interests of users, and do not appear to be intrusive. Furthermore, with the help of the Facebook pixel, we can also track the effectiveness of Facebook Ads for statistical and market research purposes, by seeing whether users were redirected to our website after clicking on a Facebook advertisement display (called a “Conversion”).

Facebook processes data within the framework of Facebook’s Data Use Policy. Accordingly, general information on the representation of Facebook Ads can be found in Facebook’s Data Use Policy: https://www.facebook.com/policy.php. In the Facebook help section, you can find specific information and details about the Facebook Pixel and how it works: https://www.facebook.com/business/help/651294705016616.

You can object to the recording of data by the Facebook Pixel and the use of your data to display Facebook Ads. To set which types of advertisement displays are shown to you within Facebook, you can visit the page set up by Facebook, where you can follow the instructions about the settings for usage-based advertising:
https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are accepted by all devices, such as desktop PC computers or mobile devices.

Furthermore, you can reject the use of cookies for coverage measurement and advertising purposes via the Network Advertising Initiative’s deactivation page (https://optout.networkadvertising.org/?c=1) as well as via the US-American web page
(http://www.aboutads.info/choices) or the European web page (https://optout.aboutads.info/?c=2&lang=EN).

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Article 6, Para. 1, Letter f of the GDPR), we use social plugins (“Plugins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Plugins can display interactive elements or contents (e.g. videos, graphics or text posts), and are recognisable by one of the Facebook logos (a white “f” on a blue tile, the terms “Like”, “I Like It” or a “Thumbs Up” sign), or are identified by the addition of “Facebook Social Plugin”. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Agreement, and thereby offers a guarantee that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When a user invokes a function of this online offering that contains such a Plugin, their device establishes a direct connection to Facebook’s servers. The content of the Plugin is transmitted directly from Facebook to the user’s device and integrated by the latter into the online offering. At the same time, the processed data can be used to create user’s usage profiles. Therefore, we have no influence on the extent of the data that Facebook collects with the help of this Plugin and therefore inform users in accordance with our state of knowledge.

By incorporating the Plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to his/her Facebook account. When users interact with the Plugins, for example by clicking the Like Button or posting a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out and store their IP address. According to Facebook, only an anonymised IP address is stored in Germany.

The purpose and scope of the data collection and further processing and use of the data by Facebook, as well as the rights and setting options with reference to it to protect the privacy of users, can be found by the latter in Facebook’s Data Protection Notice: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about them via this online offering and link it to their membership data stored on Facebook, they must log out of Facebook and delete their cookies before using our online offering. Additional settings and objections to the use of data for advertising purposes are possible within the Facebook Profile Settings:
https://www.facebook.com/settings?tab=ads or via the US-American page
http://www.aboutads.info/choices/ or the EU page
https://www.youronlinechoices.com/. The settings take place in a platform-independent way, i.e. they are accepted by all devices, such as desktop computers or mobile devices.

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there, and to inform them about our services. When accessing the respective networks and platforms, the Terms and Conditions and the Data Processing Guidelines of their respective operators shall apply.

Unless otherwise stated in our Data Protection Declaration, we process the data of users if they communicate with us within social networks and platforms, e.g. by posting on our online presences or sending us messages.

We embed videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Data Protection Declaration: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

We integrate the bot detection function, e.g. for entries in online forms (“ReCaptcha”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Data Protection Declaration: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

We also conduct user surveys via our online offering. For this purpose, we use the survey tool from SurveyMonkey (SurveyMonkey Europe UC, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland).
Participation in surveys is always voluntary, but if you do participate in a survey, the following personal data will be collected from you:

IP Address, Logfiles

Self-evidently, we also need to collect your IP address via SurveyMonkey, as otherwise we will not be able to display to you the respective survey, which is stored on the SurveyMonkey server. The relevant data processing is carried out based on Article 6, I b) of the GDPR.

In addition to the IP address, the other standard log file data are processed, including the version of your operating system, device type, and information about your system, performance, and browser type. If you participate in our surveys via a mobile device, we also process the device’s UUID (Universally Unique IDentifier), which is a unique ID automatically generated in connection with the use of the SurveyMonkey survey.

This log file data is processed for security reasons, e.g. to detect and prevent brute force attacks or to detect and prevent misuse. This processing is carried out on the basis of Article 6 I f, since ensuring functional IT security is also in our legitimate interest when conducting surveys.

Cookies

We also use cookies via SurveyMonkey. However, we only use necessary and functional cookies. For example, to authenticate you as a user (not: which user) during the session, and to enable the prevention of multiple participations. Or so that we can save your settings, such as your chosen language. We also use cookies for load balancing, i.e. to manage data traffic on SurveyMonkey’s servers. This allows us to offer faster website/page response times by distributing data traffic across various servers.
As a rule, we do not collect any personal data in this context. In any event, the setting of necessary and functional cookies is based on a legitimate interest within the meaning of Art. 6 I f of the GDPR in order to maintain the website’s functionality.

Of course, you can prevent cookies from being installed. To do this, you must deactivate cookie storage (under “Settings” in your web browser). You can also delete existing cookies.
Detailed information about the cookies used in SurveyMonkey’s survey tools can be found here:
https://help.surveymonkey.com/articles/de/kb/About-the-cookies-we-use.

Data collection by inviting participation in surveys via e-mail

We usually invite you to participate in our surveys by e-mail. These e-mails contain cookies and page tags that enable us to recognise whether you have opened the e-mail and which link you have clicked on. As this data is linked to your e-mail address, it constitutes personal data.
You give us your consent to this evaluation at the latest when you access the survey on our introductory page for the survey. Data processing is therefore based on Article 6 I a in conjunction with Article 7 of the GDPR.
If you do not give us your consent, you will not be able to participate in the survey. In addition, we will of course delete your tracking data, if it is now present.

Anonymity of surveys, content data

As a rule, surveys are always anonymous. This means that we cannot identify which user provides which answers within the surveys. This content data remains anonymous. None of this changes even if you are invited to a survey by e-mail. The only thing that is recorded (see Section No. 1.3) is that you clicked on a link to a survey. There is no tracking as to whether or how you complete the survey.
Should we ever conduct personal surveys, we will inform you separately and explicitly about all related data processing before the survey.

Order processing, EU standard clauses

SurveyMonkey processes, on our behalf, all personal data that may arise in connection with our surveys. We are therefore the Data Controller. However, this does not exclude the transfer of data to the United States. However, we have concluded a data processing agreement with SurveyMonkey that includes EU standard contractual clauses. In accordance with Articles 44, 46 Para. 2d and 93 Para. 2 of the GDPR, this guarantees that SurveyMonkey complies with European Data Protection Standards.

Further information on data processing at SurveyMonkey can be found here: https://www.surveymonkey.de/mp/legal/privacy-policy/

The Trusted Shops Trustbadge is integrated into this website to display any reviews we may have collected, and to offer Trusted Shops products to buyers after they have placed an order.

This serves to safeguard our legitimate interests, which prevail in the context of a balancing of interests, in optimal marketing by enabling secure shopping in accordance with Article 6 (1) (f) of the GDPR. The Trustbadge and the services advertised with it are offered by Trusted Shops GmbH, Subbelrather Strasse 15C, 50823 Cologne, Germany. The Trustbadge is provided as part of order processing by a CDN (Content Delivery Network) provider. Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured. Further information on data protection at Trusted Shops GmbH can be found here: https://www.trustedshops.de/impressum-datenschutz/#datenschutz

When the Trustbadge is called up, the web server automatically stores a so-called server log file, which also contains your IP address, date and time of access, amount of data transferred and the requesting provider (access data) and documents the access. Individual access data is stored in a security database for the analysis of conspicuous security incidents. The log files are automatically deleted no later than 90 days after creation.

Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. The contractual agreement entered into between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you as a buyer are already registered to use a product is automatically checked using a neutral parameter, the e-mail address hashed via a cryptological one-way function. Before transmission, the e-mail address is converted into a hash value that cannot be decrypted by Trusted Shops. After checking for a match, the parameter is automatically deleted.

This is necessary for the fulfilment of our and Trusted Shops’ overriding legitimate interests in providing buyer protection linked to the specific order and transactional evaluation services in accordance with Article 6, Para. 1, Clause 1, Letter f of the GDPR. Further details, including information on how to object, can be found in the Trusted Shops Data Protection Declaration linked above and in the Trustbadge.

This website uses cookie consent technology from Usercentrics to obtain your consent to the storage of certain cookies on your device, and to document this in accordance with Data Protection Regulations. This technology is provided by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany,
Website: https://usercentrics.com/de/ (hereafter “Usercentrics”).

When you visit our website, the following personal data is transferred to Usercentrics:

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign to you the consents that were given and/or their revocation. The data collected in this way is stored until you request us to delete it, you delete the Usercentrics cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.

Usercentrics is used to obtain the legally prescribed consents for the use of cookies. The legal basis for this is Article 6, Para. 1, Clause 1, Letter c of the GDPR.

We use Google Forms to create and conduct surveys to improve our services. We use the Data Protection Regulations compliant professional version of “Google Workspace”. Data collected using a Google Forms form is stored on “Google Drive”, a cloud storage service provided for us by Google. For more information about data processing in connection with Google Forms and Google Drive, please refer to Google’s data protection information: https://www.google.com/intl/de/policies/privacy/

Further instructions on managing your own data in connection with Google products can be found on the page operated by Google: https://www.dataliberation.org/.

An Addendum to the data processing and standard contractual clauses of Google Workspace ensures compliance with the adequacy and security requirements of the EU General Data Protection Regulation (GDPR).

Google LLC (formerly known as Google Inc.),1600 Amphitheatre Parkway, Mountain View, California 94043 USA

You can obtain Google’s Data Protection Declaration on this matter at the following links: https://workspace.google.com/terms/mcc_terms.html
and https://workspace.google.com/terms/dpa_terms.html

Our website uses the conversion tool “LinkedIn Insight Tag” from the LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that enables the collection of the following data, among other things: IP address, device and browser characteristics, and page events (e.g. page views). This data is encrypted and anonymised within seven days, and the anonymised data is deleted within 90 days. LinkedIn does not share any personal data with Mediaform, but provides anonymised reports about the website target group and advertisement performance. In addition, LinkedIn offers the option of retargeting via the Insight Tag. Mediaform can use this data to display targeted advertising outside of its website, without thereby identifying you as a website visitor. For more information on data protection at LinkedIn, please refer to the LinkedIn data protection policy.

The legal basis for this data processing is Article 6, Para. 1, Letter a of the GDPR.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website (“Opt-out”), please click here.

We use Hotjar to better understand our users’ needs, and to optimise the offering and experience on this website. Hotjar’s technology helps us to better understand our users’ experiences (e.g. how much time users spend on which pages, which links they click on, what they like and what they do not, etc.) and this helps us to tailor our offering to our users’ feedback. Hotjar works with cookies and other technologies to collect data about our users’ behaviour and their terminal devices, in particular the IP address of the device (which is only collected and stored in anonymised form during your use of the website), screen size, device type (unique device identifiers), information about the browser used, location (country only), and the preferred language in which to display our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

The legal basis for this data processing is Article 6, Para. 1, Letter a of the GDPR.

Further information can be found in the section ‘About Hotjar’ at Hotjars Help-Page.

We advertise our products via the price comparison portal billiger.de (= cheaper.de).
The portal’s provider is Solute GmbH, Zeppelinstrasse 15, 76185 Karlsruhe, Germany. (Hereinafter “Solute”)

Solute sets a cookie on a visitor’s device to correctly record sales and/or leads. The cookies used by Solute are accepted in the Internet browser’s default settings. If you do not want these cookies to be stored, please deactivate the acceptance of cookies from the relevant domains in your internet browser. Solute cookies only store the ID and value of the order placed. The legal basis for this data processing is Article 6, Para. 1, Letter a of the GDPR.

Details about data protection can be found at: https://www.solute.de/ger/datenschutz/
and https://company.billiger.de/service/datenschutz/Datenverarbeitung_E-Mail_Eingang.php

We advertise our products via the AWIN affiliate network. The network is provided by AWIN AG, Otto-Ostrowski-Strasse 1A, 10249 Berlin, Germany. (Hereinafter referred to as “AWIN”)

AWIN places a cookie on a visitor’s device to correctly record sales and/or leads. The cookies used by AWIN are accepted in the internet browser’s default settings. If you do not want these cookies to be stored, please deactivate the acceptance of cookies from the relevant domains in your Internet browser. AWIN cookies only store the ID of the referring partner and the reference number of the advertising material clicked on by the visitor (banner, text link, etc.), which are required for payment processing. The partner’s ID is used at the conclusion of a transaction to assign the commission payable to the referring partner to that partner. The legal basis for this data processing is Article 6, Para. 1, Letter a of the GDPR.

Details on data protection can be found at: DataProtectionStatement | Awin