Data privacy statement
In the following statement, we inform you about the collection of personal data when using our website. Personal data is all data that refers to you personally, e.g. name, address, e-mail addresses, user behaviour. We have taken extensive technical and operational safeguards to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted in line with technological progress.
1 Party responsible for data processing
The person responsible in accordance with Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is trans-o-flex Express GmbH & Co. KGaA, Hertzstr. 10, D-69469 Weinheim, Tel. +49 6201 988 0, e-mail: datenschutzbeauftragter@tof.de (further information can be found in our legal notice).
2 Data protection officers’ contact point
You can contact our data protection officers at datenschutzbeauftragter@tof.de, or by writing to our postal address additionally specifying “the data protection officer”.
3 Your rights
You have the following rights with respect to us as regards your personal data.
3.1 General rights
You have a right to information, correction, deletion, limitation of processing, objection to processing and data portability. As far as processing is based on your consent, you have the right to revoke it with effect for the future.
3.2 Rights in the processing of data on the basis of legitimate interest
In accordance with Art. 21 (1) of the GDPR, you have the right, at any time and for reasons arising from your particular situation, to object to the processing of personal data relating to you pursuant to Art. 6 (1) (e) of the GDPR (data processing in the public interest) or based on Art. 6 (1) (f) GDPR (data processing for the protection of a legitimate interest), which also applies to profiling based on this provision. In the event of you lodging an objection, we will no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
3.3 Rights as regards direct advertising
If we process your personal data in order to conduct direct advertising, you have the right, in accordance with Art. 21 (2) GDPR, to object at any time to the processing of your personal data for the purpose of such advertising, which also applies to profiling, as far as this is associated with such direct advertising. In the event of you objecting to your data being processed for the purpose of direct advertising, we will no longer process your personal data for these purposes.
3.4 Right to complain to a supervisory authority
You also have the right to complain about the processing of your personal data by us to a competent data protection supervisory authority.
4 Collection of personal data when visiting our website
When using our website merely for informative purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following information that is technically necessary for us in order to display our website and to ensure its stability and security. The legal basis for this is Art. 6 (1) (f) GDPR:
IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred, website from which the request comes, browser, operating system, and its interface, language and version of the browser software.
5 Contact by e-mail or contact form
When you contact us by e-mail or via a contact form, the details you provide (category, salutation, last name, address and e-mail address) will be stored by us to enable us to answer your questions. Insofar as we use our contact form to request entries that are not required for contacting us, we have always marked these as optional. This information serves to concretise your enquiry and to improve the handling of your request. Notification of this information is provided expressly on a voluntary basis and with your consent, Art. 6 (1) (a) GDPR. As far as this information relates to communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel to answer your request. You can of course revoke this consent at any time for the future. We delete the data that arises in this context after its storage is no longer required, or limit the processing if there are statutory retention requirements.
6 Newsletter
With your email address you can register for our newsletter, which will inform you about our latest products and services, if you agree to receive the newsletter and thus consent to the processing of your personal data. The legal basis for this processing is Art. 6 Para. 1 S. 1 lit. a GDPR. We will save your email address for as long as you subscribe to our newsletter. Furthermore, we store your IP addresses and the times when registering and confirming in order to prevent misuse of your personal data. The service is provided by our email service provider CleverReach, which processes data in Europe in accordance with the GDPR and therefore also uses the so-called “double opt-in” procedure when giving consent. You will first receive an email with a link that you can use to confirm that you are the owner of the email address and would like to be notified via our email service. If your subscription is not confirmed within 72 hours after requesting the confirmation email, the personal data you have provided will not be processed and will be automatically deleted. You can unsubscribe from the newsletter and thus revoke your consent at any time by clicking on the link contained in each newsletter. Your personal data will not be disclosed to third parties.
6.1 Brevo
This website uses Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Newsletter2Go is a service with which, among other things, the sending of newsletters can be organised and analysed. The data you enter for the purpose of subscribing to the newsletter will be stored on Brevo servers in Germany.
If you do not wish to be analysed by Brevo, you must unsubscribe from the newsletter. You can revoke your consent to the storage of the data, the email address and their use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter.
For more information, see Brevo’s data protection terms at: https://de.brevo.com/legal/privacypolicy/.
6.2 Data Analysis by Brevo
We use Newsletter2Go to enable analysis of our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked on. In this way, we can determine, among other things, which links were clicked particularly often.
We can also see whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can see whether you made a purchase after clicking on the newsletter.
Brevo also allows us to segment (“cluster”) newsletter recipients based on different categories. In this way, the newsletters can be better adapted to the respective target groups.
Detailed information on the functions of Brevo can be found at the following link: https://de.brevo.com/informationen-newsletter-empfaenger/?rtype=n2go.
We have concluded an order processing contract with this service provider in order to protect your data.
7 Applications
You can apply to our company electronically, in particular via e-mail or web forms. Needless to say, we will only use your information for the purpose of processing your application and will not pass it on to third parties. Please note that unencrypted e-mails are not transmitted with access protection.
You can also apply online to our company via our application portal. Your online application will be forwarded via an encrypted connection directly to our HR department and, as you might expect, will be treated confidentially. Needless to say, we will only use your information for the purpose of processing your application and will not pass it on to third parties.
If you have applied for a specific vacancy and it has already been filled, and we would like to consider you for another job for which we deem you to be better suited, we may forward your application within the company. Please let us know if you do not consent to your application being forwarded.
Your personal data will be deleted immediately after completion of the application process, or after a maximum of six months, unless you have explicitly given us your consent for your data to be stored for longer or a contract has been concluded. The legal basis is Art. 6 (1) (a), (b) and (f) GDPR as well as § 26 Federal Data Protection Act (‘BDSG’).
8 Mytof
Mytof provides you with an interactive tool for consignment tracking andcommunication with trans-o-flex customer service. If you are already a trans-o-flex customer, you will have received your access data for Mytof from customer service and which you can amend and correct at any time under the user profile menu item. The processing of your personal data in the event of changes will be carried out for the further fulfilment of the contract (Art. 6 (1) lit. b GDPR).
8.1 Registration
Registration of a mytof master account is possible via the responsible contact person in sales if you are a customer and we have recorded you as a customer in our master data. When you register for the first time without already being a customer, the data provided by you (first and last name, e-mail address, telephone number, fax number, company name, department, address) will be collected and stored in order set up a customer master account and provide the services for consignment tracking and damage reports. Insofar as we use the user profile creation form to request information that is not required for the creation of an account and the use of the services, we have always inform you. This information helps us to process our services better. The e-mail address you provide will also be used to send you a new password if necessary. We process this data on the basis of Art. 6 (1) lit. b, f GDPR.
8.2 Consignment tracking
As a registered user you have the possibility to track the consignment and the associated consignment events and to retrieve damage reports. We will use the e-mail address you provide to notify you in the event of non-delivery so that you can make arrangements for the delivery. The processing of sender data for the purpose of transmitting consignment tracking and notifications takes place on the basis of Art. 6 (1) lit. b GDPR.
8.3 Create employee accounts
When using the Mytof tool, you also have the option of creating employee accesses. The employee master data provided by you (first and last name, e-mail address, company, address) will be processed on the basis of Art. 6 (1) lit. f GDPR, whereby our legitimate interests are the execution of the contract and the proper and smooth course of business. The employees concerned have the right at any time to object to this processing with effect for the future.
If you create sub-accounts for additional employees, we will also collect the personal data listed above from the employee. Please note that in this case we do not collect the personal data directly from the respective employee (you), but from the employee creating the employee account and this is the source of the personal data according to Art. 14 (2) lit. f GDPR.
9. “trans-o-flex insight”
With”trans-o-flex insight”, we provide trans-o-flex recipients a shipment tracking option. You can use this recipient service both via our app and via our homepage. trans-o-flex insight can be used with or without registration.
9.1. trans-o-flex insight without registration
Without registration you can use the shipment tracking for individual shipments. To do so, you must enter the shipment number, the postal code and the house number in the corresponding field. Personal data will not be collected.
9.2. trans-o-flex insight with registration
9.2.1 Registration
To register for the app and the web service on our homepage, the data you provide (e-mail address, password, first and last name, address) will be collected and stored in order to successfully complete the registration, create a user account for you and provide a verification code for it so that you can make full use of the consignee service for tracking shipments. As part of the use of the recipient service, the sender data, the shipment number and shipment-related characteristics are processed. The e-mail address you provide will also be used to enable you to use the “Reset password” function if necessary. The use of the recipient service for shipment tracking via a user account is governed by the terms of use, which the customer confirms each time he logs in. The processing of personal data associated with the registration and provision of the consignee service for shipment tracking is primarily carried out for the fulfillment of the contract pursuant to Art. 6 (1) (b) GDPR. In addition, the aforementioned data categories are processed to ensure the data security of the user account pursuant to Art. 6 (1) (f) GDPR. In this context, changes to user data in the “Profile” area are also logged. To ensure the data security of the user account, a verification code must be entered during initial registration. For this reason, we have a legitimate interest in processing your data.
9.2.2 Use of Google reCAPTCHA
In order to ensure sufficient data security when submitting forms, we use in certain cases the service reCAPTCHA of the company Google Inc. This serves primarily to distinguish whether the input is made by a natural person or abusively by machine and automated processing. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google. The deviating data protection regulations of Google Inc. apply here. Further information on the data protection guidelines of Google Inc. can be found at http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/.
9.2.3 Automatic account deletion
You can delete your account at any time. For this purpose, you will find a button within the app. Your data will be deleted immediately if there are no legal retention periods to the contrary.
10. tof.now
Via tof.now, entrepreneurs have the possibility, according to § 14 BGB (German Civil Code), to place shipping orders and to track shipping orders. This possibility exists on the one hand by creating a customer account or ordering as a “guest”.
10.1 Customer account
You do not have to create a customer account in order to place a shipping order or use the shipment tracking function via tof.now. You can therefore use tof.now as a “guest” without registering.
However, you have the option to voluntarily create a customer account with us if you are an entrepreneur according to § 14 BGB (German Civil Code). Our services are only available to entrepreneurs according to § 14 BGB. To register, you must enter the relevant data once and can log in conveniently for subsequent shipping orders using your e-mail address and the password you have chosen yourself. To set up a customer account, go to tof.now and select “Login” at the top right and then “Register now To do this, enter the relevant data in the input mask provided. This data will be stored by us to create the customer account. In the next step, you will receive an e-mail from us to confirm the customer account and complete the data for the customer account to the e-mail address provided by you. This data will not be passed on to third parties. The following data will be collected during the registration process:
– Company name
– Name and first name
– address of your company/association
– business e-mail address
– business phone number
– VAT identification number of your company/association
At the time of registration, the following data will also be stored:
– Your IP address
– date and time of registration
The primary purpose of registering with tof.now is to create a customer account, which you can use to place shipping orders. In this respect, your voluntary consent pursuant to Art. 6 (1) lit. a. GDPR legal basis for the processing of personal data. You can delete this consent at any time for the future by sending an email to datenschutzbeauftragter@tof.de.
In addition, the e-mail address you provide will be used to send you a new password if necessary as well as to be able to send you the order confirmation and the shipping label as well as the invoice after placing a shipping order.. We process this data on the legal basis according to Art. 6 (1) lit. b, f GDPR.
You can change the e-mail address stored in your customer account at any time. To do this, please contact us by e-mail at profile@tof-now.de .. If you would like to change any other data stored in your customer account (e.g. new/different company address, new/different business telephone number, etc.), you can make a request to change the data stored in your account under the menu item “My account”. We will process your request to change your stored data by the end of the next business day. .
If you no longer require your customer account, you can have it deleted by sending us a short message by e-mail to: datenschutzbeauftragter@tof.de . Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collected during registration, this is usually the case when you cancel your registration or delete your access. If this data is also required for the fulfillment of a contract or for the implementation of pre-contractual measures, however, premature deletion can only take place if contractual or legal obligations permit this. We may be contractually or legally obligated to store data even after termination of the contract (e.g., for tax purposes). Which storage periods apply here must be determined individually for the respective contracts and contractual parties.
You can only view your customer account after entering your personal password under the “My Account” button. You should always treat access information such as passwords confidentially and store them securely.
For security reasons, changes to customer data and when using the customer account are also logged. Data processing is carried out in accordance with Art. 6.(1) lit. f GDPR to ensure security and smooth contract processing.
When using tof.now, personal data is transmitted to the website operator via the Internet in encrypted form using “Secure Socket Layer (SSL)”.
10.2 Ordering shipping and payment services
In the context of the commissioning of a shipping order, the data collected during the ordering process will be stored, processed and used by us in order to provide the transport service. The following data will be stored and processed by us at the time of placing a shipping order, both if you have registered a customer account with us or if you order only as a “guest”:
– Sender data (e.g. shipping method, additional services, pick-up address, company/association, last name, first name, business e-mail address, business telephone number, VAT identification number).
– (Substitute) recipient data (name and address, as well as e-mail address or telephone number, if applicable)
– Data in the context of the payment process (if applicable, credit card data, account data, etc.)
The legal basis for the processing of personal data is Art. 6 (1) lit. b. GDPR for the performance of the contract and the transport service.
In the context of the commissioning of the shipping order, various payment methods are offered.
Payment by invoice is only possible with the use and registration of a customer account. When paying by invoice, we receive the data that you provide in the ordering process from your account-holding bank.
For payment processing, we have commissioned the payment service provider SIX Payment Services Europe S.A., 10 rue Gabriel Lippmann, L-5365 Munsbach. SIX Payment Services Europe S.A. in turn uses PayOne GmbH, Lyoner Straße 9, 60528 Frankfurt am Main, Germany, to provide the service and process the data. If you pay by credit card, the data required for payment processing will be collected and processed by the payment service provider or PayOne. You enter your credit card number, the expiry date and, if applicable, the CVC number in the corresponding input fields of the window. Our service provider or PayOne transmits this data, as do we, your personal details and information about the transaction as well as other information in connection with the transaction to the respective companies involved in the payment process, e.g.
– MasterCard, MasterCard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium
– for VISA, your card-issuing bank
The privacy policy of the payment service provider can be found here: https://www.six-payment-services.com/de/services/legal/privacy-statement.html
PayOne’s privacy policy can be found here: https://www.payone.com/DE-de/dsgvo
Payment via Paypal is also possible. The European operating company of Paypal is PayPal (Europe) S.á.r.l. & Cie. S.C.A. 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. If you have chosen PayPal as a payment method, ourrr payment service provider or PayOne pass on your data required for the payment process and the transaction to Paypal. As a rule, the following data is transmitted to Paypal: Name, address, company, e-mail address, telephone and mobile number, IP address. For the processing of the contract, such personal data are also necessary, which are related to the respective shipping order. This requires that you have created an account with Paypal or have agreed to the processing of your personal data there as a guest. Please also note the privacy policy of Paypal at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
The legal basis for the processing of personal data in the payment process is Art. 6 (1) lit. b. GDPR, as the processing of the data is necessary within the different payment methods and thus for the execution of the contract,
If necessary, in order to protect the legitimate interests of trans-o-flex Express GmbH & Co. KGaA, your data will be transmitted to a credit agency in order to carry out an identity and credit check. The legal basis for data processing in the context of a check by a credit agency is Art. 6 (1) lit. f. GDPR.
10.3 Additional service insurance
When booking the additional service “Insurance”, you will be given the option to book transport insurance for the shipping order under the specified conditions. In doing so, we transmit the data of the shipping order (e.g. name and address of the sender and (substitute) recipient, shipping method, weight, number of pieces) to our insurance broker (Aktiv Assekuranz Makler GmbH, Hanauer Straße 67, 80993 Munich, Germany) for the purpose of fulfilling the transport insurance. The data processing is therefore carried out for the fulfillment of the contract in accordance with the legal basis pursuant to Art. 6 (1) lit. b GDPR.
10.4 Further functions for registered customers in the user account
As a registered customer, you also have the option within your customer account to save pick-up and delivery addresses. In doing so, we store the data you provide (last name and first name, company, country, address) in order to simplify the selection of the desired pick-up and delivery address for future shipping orders.
As a registered customer, you also have the option of viewing your past orders within your customer account.
The data processing is carried out in accordance with our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest is to be able to offer you an improved service in the recording of your shipping orders and your shipping orders.
10.5 Satisfaction analysis/submission of offer
When you place a shipping order, we will also ask you for your telephone number. We need this number if we need to contact you, for example, in the event of operational difficulties in collecting the goods or carrying out the transport service (see sections 8.1 and 8.2). In addition, we use them to inquire about your satisfaction by telephone afterwards and, if necessary, to present other contract models of trans-o-flex. The legal basis for the processing of your personal data for these purposes of telephone contact and satisfaction survey/offer submission is our legitimate interest in direct advertising pursuant to Art. 6 (1) lit. f GDPR and, in the case of interest in other contract models, the implementation of pre-contractual measures pursuant to Art. 6 (1) lit. b GDPR. You can object to the processing of your telephone number for the purpose of direct advertising at any time with effect for the future by sending an e-mail to datenschutzbeauftragter@tof.de.
10.6 Cookies at tof.now
When you use our website (https://tof-now.de/home), cookies are stored on your computer. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet offer as a whole more user-friendly and effective. We also use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit. To allow a choice of different cookies, we use a cookie content manager , to allow you to customize your settings. This website uses the following types of cookies, the scope and functionality of which are explained below:
10.6.1 Transient cookies
These cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
10.6.2 Persistent cookies
These cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
10.6.3 Prevention of cookies
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may then not be able to use all functions of this website.
10.6.4 Legal basis and storage period
The legal basis for the use of cookies is your consent pursuant to Art. 6 (1) a) GDPR, insofar as cookies are not technically necessary.
Further information on the cookies at the website https://tof-now.de/home and on revoking your consent is available here.
11. Parcel announcement (shipment AVIS)
With the parcel notification, you will be informed by trans-o-flex as the recipient of the expected delivery date of the parcels to be delivered to you. In addition, we will inform you in case of delivery delays or if you were not met during delivery. In order to be able to send you a notification of the expected delivery day and the whereabouts of your shipment by e-mail, trans-o-flex Express GmbH & Co. KGaA and/or trans-o-flex ThermoMed GmbH require your e-mail address. We receive your e-mail address from the sender of the shipment if the sender makes use of the parcel notification service (notification) accordingly. The legal basis for this is Art. 6 (1) lit. f GDPR. The data processing follows our legitimate interest to deliver the shipment as promptly and efficiently as possible , thus also increasing the presence of the recipient at the delivery attempt.
12 Use of social plugins
This website uses social plugins from the following providers: Youtube (operator: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA); Xing (operator: XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany); Linkedin (operator: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland); Instagram (operator: Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA). These plugins usually collect data from you by default and transmit it to the server of the respective provider. In order to ensure the protection of your privacy, we have taken technical measures to ensure that your data cannot be recorded by the providers of the respective plugin without your consent. When you call up a page on which the plugins are integrated, they are initially deactivated. The plug-ins are only activated when you click on the respective symbol, and you thereby give your consent for your data to be transferred to the respective provider. The legal basis for using the plugins is Art. 6 Para. 1 a and f GDPR. After activation, the plugins also collect personal data such as your IP address and send this to the server of the respective provider, where it is stored. In addition, activated social plugins set a cookie with a unique identifier when the relevant website is accessed. This also allows the providers to create profiles of your usage behaviour. This also happens if you are not a member of the social network of the respective provider. If you are a member of the provider’s social network and you are logged in to the social network during your visit to this website, your data and information about your visit to this website can be linked to your profile on the social network. If you do not want the providers to directly assign the data collected via our website to your account, you must log out before visiting our website. We have no influence on the exact scope of the data collected from you by the respective provider.
For more information about the scope, type and purpose of data processing and about rights and setting options to protect your privacy, please refer to the data protection information of the respective provider of the social network. These can be accessed at the following addresses:
Youtube: https://policies.google.com/privacy?hl=de&gl=de
Xing: https://privacy.xing.com/de/datenschutzerklaerung
Linkedin: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
Instagram: https://help.instaqram.com/15583370790Q388
12.2. YouTube (advanced data protection mode)
We use services from YouTube, LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, a subsidiary of Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA, on our website. For users who have their habitual residence in the European Economic Area or Switzerland, Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland is responsible for your data.
To protect your personal data, we use the advanced data protection option provided by YouTube. If you load a page in which a YouTube video is embedded, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser. According to information from YouTube, data is only transmitted to the YouTube server in “advanced data protection mode” if you actively start the video. If you are logged in to YouTube at this time, the information about the videos you have viewed will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website. If data is processed outside the European Economic Area / EU, where there is no data protection level corresponding to the European standard, Google uses standard contractual clauses according to its own statements.
Further information on YouTube’s data protection is provided by Google under the following link: https://www.google.de/intl/de/policies/privacy/
The legal basis for use is Section 15 Para. 3 TMG and/or Art. 6 Para. 1 f GDPR.
13 Use of cookies
When you use our website, cookies are stored on your computer. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and that provide certain information to the body that sets the cookie. Cookies cannot run programmes or transmit viruses to your computer. They serve to make the Internet offering altogether more user-friendly and effective. We also use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit. In order to allow a choice of the different cookies, we use a cookie content manager to provide you with individual settings. This website uses the following types of cookies, the scope and functioning of which are explained below.
13.1 Transient cookies
These cookies are automatically deleted when you close the browser. In particular, these are the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
13.2 Persistent cookies
These cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
13.3 Prevention of cookies
You can configure your browser setting according to your wishes and for example refuse to accept third-party cookies or all cookies. Please be aware that you may not be able to use all the functions of this website.
13.4 Legal basis and storage duration
The legal bases for possible processing of personal data and its duration of storage vary and are presented in the following sections.
14 Website analysis
For purposes of analysing and optimising our websites, we use various services, which are presented below. For example, we can analyse how many people visit our site, which information is most requested, or how people find it. Among other things, we collect data on the website from which a person came to a website (a referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. This helps us to design and improve our offers in a user-friendly way. The data collected is not used to personally identify individual users. Anonymous or at most pseudonymous data is collected. The legal basis for this is your permission due to Art. 6 (1) (a) GDPR.
14.1 Google Analytics
Provided you have given your consent, Google Analytics, a web analysis service provided by Google LLC, is used on this website. The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Scope of processing
Google Analytics uses cookies, which enable an analysis of the use of our websites by you. The information collected by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there.
We use the User ID function. User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and analyse user behaviour across devices.
We use Google Signals. With this, additional information about users who have activated personalised ads (interests and demographic data) is recorded in Google Analytics and ads can be delivered to these users in cross-device remarketing campaigns.
With Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your visit to the website, your user behaviour is recorded in the form of “events”. Events might be:
– Page views
– First visit to the website
– Start of session
– Your “click path”, interaction with the website
– Scrolls (whenever a user scrolls to the bottom of the page (90%))
– Clicks on external links
– Internal searches
– Interaction with videos
– Ads seen / clicked
In addition, the following is recorded:
– Your approximate location (region)
– Your IP address (in abbreviated form)
– Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
– Your internet provider
– The referrer URL (from which website/which advertising medium you reached this website)
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.
Recipient
Recipients of the data are/might be
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities will access the data stored by Google.
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no data protection level corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to create an appropriate level of data protection. Google Ireland’s parent company, Google LLC, is based in California, USA. The transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. From a data protection perspective, the USA is currently considered a third country. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
Storage duration
The data sent by us and linked to cookies are automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month.
Legal basis
The legal basis for this data processing is your consent in accordance with Art.6 Para.1 S.1 lit.a GDPR.
Revocation
You can revoke your consent at any time with effect for the future by going to the cookie settings here and changing your selection there.
Configure Cookie PreferencesThe lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
Alternatively, you can prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser so that all cookies are rejected, functionalities on this and other websites may be restricted. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google
- Do not give your consent to the setting of the cookie or
- Download and install the browser add-on to disable Google Analytics HERE.
You can find more information about the terms of use of Google Analytics and data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.
15 Transfer of your data to Google Play/App Store.
You can use the link to our app on our website. When downloading the app, the necessary information is transferred to Google Play/the App Store, i.e. in particular username, email address and customer number of your account, time of download, payment information and the individual device identification number. However, we have no influence on this data collection and are not responsible for it. We process this provided data as far as this is necessary for downloading the APP to your smartphone. You can obtain further information within the app or the websites of the app store providers.
Google Play (Google LLC, 1600 Amphitheatre Parkway, Mountain View; CA 94043 USA): https://policies.google.com/privacy
App Store (Apple Inc., Infinite Loop. Cupertino, CA 95014 USA): https://www.apple.com/legal/privacy/de-ww/
16 Data transfer
As a rule, we never transfer your data to third parties, unless we are legally obliged to do so, or the data transfer is necessary for the execution of the contractual relationship or you have previously expressly consented to the forwarding of your data.
External service providers and partner companies, such as online payment providers or the shipping company commissioned with the delivery only receive your data if this is necessary for the processing of your order. In these cases, however, the amount of data transmitted is limited to the minimum required. Insofar as our service providers come into contact with your personal data, we ensure within the scope of order processing pursuant to Art. 28 GDPR that they comply with the provisions of data protection laws in the same way. Please also note the respective privacy policies of the providers. The respective service provider is responsible for the content of third-party services, whereby we check – within the bounds of what is reasonable – the services for their compliance with legal requirements.
We attach great importance to processing your data within the EU / EEA.
17 Data security
We have taken extensive technical and operational safeguards to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted in line with technological progress.
As of October 2023
