The protection of your personal data and your privacy is extremely important to us. Therefore, we want to provide you with comprehensive transparency regarding the processing of your personal data (GDPR) as well as regarding the storage of information on your device (TDDDG). Because only if the processing of personal data and information is understandable to you as the affected person, are you sufficiently informed about the scope, purposes, and benefits of the processing.
This privacy policy applies to all processing of personal data carried out by us as well as to the storage of information on your devices. It therefore applies both in the context of providing our services in our services and within external online presences, such as our social media fan pages.
The responsible party in terms of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other data protection regulations is the
Leister AG
Galileo Street 10
CH-6056 Kägiswil
Switzerland
E-Mail: compliance@leister.com
Hereinafter referred to as "Controller" or "we."
The data protection officer is
AGAD Service GmbH
Attorney Dr. Nils Helmke
Waldring 43-47
44789 Bochum
Germany
E-Mail: datenschutz@agad.de
First of all, we would like to provide you with introductory information about what the protection of your personal data means, what personal data is, how we process it, and what security measures we implement in this regard.
Personal data (hereinafter also referred to as "Data") are individual details about personal or factual circumstances of a specific or identifiable natural person.
Individual details about personal or factual circumstances include, for example:
The "processing" of personal data includes, for example, the following measures
We process personal data only within the legally permissible limits. This is already required by law. In particular, the GDPR. As a result, we are required to always base data processing operations on a legal basis. These legal bases are specified in Art. 6 para. 1 GDPR. Here we will name for you the most common legal bases on which we process your personal data.
Personal data will only be processed by us for specific purposes (Art. 5 para. 1 lit. b GDPR). As soon as the purpose of the processing ceases, your personal data will be deleted or protected by technical and organizational measures (e.g., through pseudonymization).
The same applies to the expiration of a prescribed storage period, subject to cases where further storage is necessary for a contract conclusion or contract fulfillment. Furthermore, a legal obligation to store data longer or to pass it on to third parties (in particular to law enforcement authorities) may arise. In other cases, the storage duration and type of collected data as well as the type of data processing depend on which functions you use in each case. We are happy to provide you with information about this in individual cases, according to Art. 15 GDPR.
Data categories include, in particular, the following data:
In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the different probabilities of occurrence and the extent of the threat to your rights and freedoms, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring that your data is stored and processed confidentially, integrally, and is available at all times. Furthermore, controls of access to your data as well as access, input, disclosure, ensuring availability, and separation from data of other natural persons are part of the security measures we implement. Additionally, we have established procedures that ensure the exercise of data subject rights (see under No. 5), the deletion of data, and responses in case of a threat to your data. Moreover, we consider the protection of personal data already in the development of our software and through procedures that comply with the principle of data protection by design and by default.
In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the different probabilities of occurrence and the extent of the threat to your rights and freedoms, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring that your data is stored and processed confidentially, integrally, and is available at all times. Furthermore, controls of access to your data as well as access, input, disclosure, ensuring availability, and separation from data of other natural persons are part of the security measures we implement. Additionally, we have established procedures that ensure the exercise of data subject rights (see under No. 5), the deletion of data, and responses in case of a threat to your data. Moreover, we consider the protection of personal data already in the development of our software and through procedures that comply with the principle of data protection by design and by default.
If your personal data is processed, you are a "data subject" within the meaning of the GDPR and you have the following rights against us as the "controller."
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing occurs, you can request the following information from the controller:
You have a right to rectification and/or completion against the controller, provided that the processed personal data concerning you is inaccurate or incomplete. The controller must rectify it without delay.
Under the following conditions, you can request the restriction of processing of the personal data concerning you:
You can request the controller to delete your personal data immediately, and the controller is obliged to delete this data immediately, provided that one of the following reasons applies:
The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
If the controller has made the personal data concerning you public and is obliged to delete it according to Art. 17 para. 1 GDPR, he shall take appropriate measures, taking into account the available technology and the implementation costs, including technical measures, to inform the data processors who process the personal data that you, as the data subject, have requested the deletion of all links to this personal data or copies or replications of this personal data.
The right to deletion does not exist insofar as the processing of your data is necessary for the following measures:
If you have asserted the right to rectification, deletion or restriction of processing against the controller, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the controller.
We use cookies or. beacons or other technologies to provide our services, evaluate them, and conduct marketing with the evaluated data. Cookies are, for example, small text files that contain data from visited websites or domains and are stored on your device (computer, tablet, or smartphone). When you access a website, the cookie stored on your device sends information to the entity that placed the cookie.
We want you to be able to make an informed decision for or against the use of cookies and other technologies that are not necessarily required for the technical features of the services. Therefore, we allow you, in the event that we use cookies and other technologies that require your consent, to make a voluntary decision upon your first visit to our services and then permanently in the corresponding settings to choose which cookies and other technologies you allow. It is important to note that functional cookies and other technologies are mandatory for visiting our services and are therefore already allowed by our default settings. Statistical and marketing cookies and other technologies are optional. You can allow them by consenting to the placement of these cookies and other technologies in the consent banner. Alternatively, you can refuse statistical and marketing cookies and other technologies. Please note that you may still see advertisements even if you refuse the use of statistical and marketing cookies and other technologies. However, these advertisements will be less tailored to your interests. You can still use the full functionality of the services.
Unless we provide you with explicit information about the storage duration of cookies and other technologies (e.g., in the consent banner), you can assume that the storage duration may be up to two years. If cookies and other technologies have been set based on your consent, you have the option at any time to withdraw your consent or to object to the processing of your data by cookies/technologies (collectively referred to as "Opt-Out").
Substantively, we distinguish between
We use "CookieBot" as the consent management tool of Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, in the context of tracking and analysis activities in our services. CookieBot collects log file and consent data via JavaScript. This JavaScript allows us to inform you about your consent to certain tags in our services and to obtain, manage, and document it.
We process the following data: (1) Consent data or. Consent data (anonymized logbook data (Consent ID, Processor ID, Controller ID), Consent Status, Timestamp), (2) Device data or. Data of the devices used (including truncated IP addresses (IP v4, IP v6), device information, Timestamp), (3) User data or. User data (including but not limited to E-mail, ID, browser information, setting IDs, changelog). The Consent ID (contains the data mentioned above) and the consent status including. Timestamps are stored in the local storage of your browser and simultaneously on the cloud servers we use. Further processing only occurs if you make a request for information or revoke your consent. The legal basis for processing personal data using CookieBot as mentioned here results from our legitimate interest and to fulfill legal requirements, thus from Art. 6 para. 1 lit. f and c GDPR. With CookieBot, we aim to comply with legal requirements for data protection and tracking, thereby ensuring that the functionality of our information technology systems is compliant with the law and user-centered.
The use of our services with all their features involves the processing of personal data. We explain how this happens here.
Our services offered through the myLeister app are available through third-party operated distribution platforms, so-called app stores (Google Play Store and Apple Store). Your download may require prior registration with the respective app store and the installation of the app store software. We have no influence on the collection, processing, and use of personal data in connection with your registration and the provision of downloads in the respective app store and the app store software. The responsible party is solely the operator of the respective app store in this regard. Please inquire directly with the respective app store provider if needed.
The purely informational access to our services requires the processing of the following personal data and information: Browser type and browser version, operating system used, address of previously visited websites, IP address of the device you use to access our services, and the time of accessing our services. All this information is automatically transmitted by your browser unless you have configured it to suppress the transmission of information.
This personal data is processed for the purpose of the functionality and optimization of our services, as well as to ensure the security of our information technology systems. These purposes are also legitimate interests under Art. 6 para. 1 lit. f GDPR, thus the processing is carried out on a legal basis.
In addition to the purely informational use of our services, you have the option to register for our services and use our entire offering. In this context, we particularly process master data and contact data such as e.g. your name, your email address, and your password. Furthermore, we automatically process connection data such as e.g. date, device information, and IP address. Our services allow you to select various services and retrieve the respective content. This use of our services may require the processing of personal data and information in the manner described in this section. 5.
Some processing steps may also take place with third parties. The data processing of third parties is carried out under the conditions of the respective applicable privacy policies. In the case of data processing with third parties, it may involve processing on behalf of the meaning of Art. 28 GDPR. This is subject to strict legal requirements, which we comply with in the course of our contractual agreements with our processors.
The use after registration and login, as well as the associated data processing operations, may differ from purely informational use. The collection of this data related to your profile is for the purpose of verifying your status and fulfilling our contractual obligations to you. These are legitimate purposes under Article. 6 para. 1 lit. b GDPR. If your consent is necessary for the processing operation, we will obtain it at the appropriate place (e.g., through the opt-in option in a consent banner when you first use our services). If you have further questions, we are happy to assist you within the scope of your right to information under Article. 15 para. 1 GDPR.
You can create a customer account (hereinafter also referred to as "profile") in our services to utilize our services and their functions. When you do this, the personal data you provide there is transmitted to us by your device and stored in our information technology systems. Your IP address and the time of registration are also stored. When you log into your profile, our service stores tokens on your device to allow you to remain logged in – even if you need to reload our services in the meantime. By creating the profile, you can use the functions of our services.
The processing operations associated with creating a profile serve the purpose of being able to assign future usage operations and to access the entire range of our services. When ordering any supplements and products, the processing of your data also serves the purpose of contract execution, thus being purpose-bound and necessary under Article. 6 para. 1 lit. b GDPR.
The storage of the IP address and the time of registration is necessary to ensure the security of our information technology systems. This also represents our legitimate interest, which is why the processing is also lawful under Article. 6 para. 1 lit. f GDPR.
The storage of the personal data you have entered will last until the deletion of this data within your profile or at the latest until the complete deletion of your profile with us. In contradiction to this, we process certain personal data about you only if we have a legal or contractual authorization to do so. This is the case, for example, when we are allowed to retain contract or payment data even after the deletion of your profile for billing or other reasons necessary for the proper execution of our contractual relationship.
We process your personal data that you provide to us during the contact process for the purpose of answering your inquiry, your email, or your request for a callback. Processed data categories include master data, contact data, content data, if applicable. Usage data, connection data, and if applicable. Contract data. We forward this data in individual cases to affiliated companies or third parties that we engage to process orders. The legal basis for processing is determined by the purpose of the contact. By submitting your inquiry in the contact form or by contacting us via email, you declare that you wish to receive answers or information on specific topics. For this purpose, you also leave your data. We respond to your inquiry as requested and process your data for this purpose. Therefore, the authorization to process your data is based on Art. 6 para. 1 lit. b GDPR, as we process it to respond to your inquiry and thus fulfill the contract.
We process your personal data that you provide to us during the application process (e.g., via the relevant contact/application form in our services) for the purpose of processing your application and conducting the application procedure. At your request, we will also consider your application in future application procedures. Processed data categories include master data, contact data, content data, usage data (not for postal applications), connection data (not for postal applications), and contract data. In the case of unsuccessful applications, we will delete your data within 3 months after the rejection. In the case of successful applications, we will transfer your data into our systems, such as into the personnel file. The legal basis for processing your data in the context of applicant management is based on Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 S. 1 BDSG. The legal basis for applying to subsidiaries and for storing data for future application processes is Art. 6 para. 1 lit. a GDPR in conjunction with Art. 7 DS-GVO, § 26 para. 2 BDSG; Art. 6 para. 1 lit. f GDPR.
We use the Online Communication Tools to conduct conference calls, customer meetings, online meetings, video conferences, and/or webinars (hereinafter: "Online Meetings"). The scope of data processing depends on the specific purpose for which we hold the online meeting and what data you provide before or during participation in an "Online Meeting." Relevant data categories include master data, contact data, content data, if applicable. Usage data, connection data, and if applicable. Contract data. Recipients of the data are the online communication tool providers we have engaged and mentioned below. If these providers transfer data to a third country (e.g., the USA), this only occurs on a case-by-case basis, based on a data processing agreement concluded with them and according to standard contractual clauses agreed with them and other security measures permitted by the GDPR that ensure the security of processing your personal data with a level of protection identical to that in the EU, and if a data transfer to the USA occurs, particularly based on the EU-US Data Privacy Framework (DPF). As additional protective measures, we have further configured the respective online communication tools as much as possible so that for conducting "Online Meetings" only data centers in the EU, the EEA, or secure third countries such as. Canada or Japan can be used. Our legal basis for using online communication tools is derived from Art. 6 para. 1 lit. b GDPR (contract fulfillment), provided that the online meeting takes place due to contract negotiations or based on a request expressed by you, such as in the context of contacting us. With the online communication tools we have integrated, we aim to fully digitize communication between us. Online communication tools should enable us to gain a personal impression of each other in the online meeting, which is essential for a trusting contractual relationship.
Provider of the online communication tools we use
"Microsoft Teams"
Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
D18 P521
Ireland
In our services, we use artificial intelligence services ("AI services"). The AI services provide us with the ability to deliver our services with state-of-the-art quality and individual target accuracy, which is particularly valuable for our relationship. With the AI services, we can provide you with an intelligent system in the context of data processing to deliver our services, which processes all interactions in our services, in which the AI services are integrated, in the most efficient and useful way for you. The specific services into which we have integrated AI services will be clear to you from the use of the services themselves or from the corresponding labeling by us. The purpose of data processing by the AI services is to provide such an advanced system that enables us to always deliver the best possible performance for you. Processed data categories include master data, contact data, content data, if applicable. Usage data, connection data, and if applicable. Contract data. The recipients of the data are the AI service providers we have engaged and mentioned below. If these AI services transfer data to a third country (e.g., the USA), this is done based on a data processing agreement concluded with them and in accordance with the standard contractual clauses agreed with them and other security measures permitted by the GDPR that ensure the security of processing your personal data with a level of protection identical to that in the EU,and provided that a data transfer to the USA occurs, particularly based on the EU-US Data Privacy Framework (DPF). Our legal basis for using AI services results from Art. 6 para. 1 lit. b GDPR (contract fulfillment), provided that the respective AI service takes place within the use of our services or based on a request expressed by you, such as in the context of contacting us. With the AI services we have integrated, we aim to fully digitize the provision of our services and particularly optimize communication between us according to your needs.
Provider of the AI services we use
ChatGPT
OpenAI Ireland Limited
1st Floor
The Liffey Trust Centre
117-126 Sheriff Street Upper
Dublin 1
D01 YC43
Ireland
https://openai.com/policies/eu-privacy-policy/
Wonderchat
Wonderchat Private Limited
7 Temasek Boulevard #12-07
Suntec City Tower One
038987 Singapore
For communication with you, especially for the preparation, execution, mediation, clarification, or billing of order processes, we use the instant messaging service "WhatsApp" of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2. In this context, personal data such as name, phone number, email address, address, customer number, i.e., master data, contact data, and usage data, are processed. WhatsApp accesses all contacts from your individual phone book in this context. All data may be shared by WhatsApp with other companies within and outside the Meta corporate group. Further information is contained in WhatsApp's privacy policy at: https://www.whatsapp.com/legal/privacy-policy-eea. Should WhatsApp or Meta transfer this data to a third country (e.g., the USA), this only occurs on a case-by-case basis, based on a data processing agreement concluded with Meta and according to standard contractual clauses agreed with Meta and other security measures permitted by the GDPR that ensure the security of processing your personal data with a level of protection identical to that in the EU, particularly based on the EU-US Data Privacy Framework (DPF). The legal basis for using WhatsApp results from Art. 6 para. 1 lit. a GDPR. If you have not granted us your consent to use WhatsApp (no opt-in or withdrawal of your consent), we do not use WhatsApp in the context of communication with you (anymore).
If you use our online shop, we process your data for the purpose of processing and delivering your orders as well as ensuring the security of our information technology systems. We process your personal data to enable you to purchase the selected products as well as their payment and delivery. For this purpose, we forward the data necessary for the payment and processing of your order to our partners. For the delivery of our products, we or our partners use service providers, particularly postal, freight, and shipping companies. For processing payment transactions, we or our partners use the services of banks and payment service providers. Please see our explanations below for this. Processed data categories include master data, contact data, usage data, connection data, contract data, payment data. We do not share your data with unauthorized third parties. The legal basis for these processing measures results from
We use the Shopify system in our services, a tool of Shopify International Limited, Victoria Buildings, 2. Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Shopify is a system for creating and processing your purchases in our online shop. Shopify serves the purpose of displaying and presenting our products and services to you as easily and quickly as possible in our online shop. All data categories mentioned in section. 2.3 can be processed by Shopify. The actual data processed here depends on the actions you choose in our online shop. If your data is transferred to a third country (e.g., the USA), this will only occur on a case-by-case basis, based on a data processing agreement concluded with Shopify and in accordance with standard contractual clauses agreed with Shopify and other security measures permitted by the GDPR that ensure the security of processing your personal data at a level equivalent to that in the EU, particularly based on the EU-US Data Privacy Framework (DPF). With Shopify, we are able to provide you with our paid services in the first place and offer them for booking. With Shopify, the entire booking process as well as the processing and management of your booking is handled. The legal basis for processing your data with Shopify when using our online shop arises from Art. 6 para. 1 lit. b GDPR, as we use Shopify to fulfill our contractual promises to you.
To process payment requests, we offer various payment methods. For this purpose, we integrate the payment service providers described below. We do this for the purpose of providing our services properly and according to demand. Processed data in this context includes usage data, connection data, master data, payment data, contact data, or also contract data, such as. account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, amount, and recipient-related information. The information is necessary to carry out the transactions. The entered data is only processed by the payment service providers and stored with them. We do not receive account or credit card-related information, but only information about the confirmation or a negative report of the payment. In some cases, your data may be transmitted by the payment service providers to credit agencies. This transmission aims at identity and credit checks. For this, we refer to the terms and conditions and the privacy notices of the payment service providers. The legal basis for using the payment service providers results from Art. 6 para. 1 lit. b GDPR. The services promised to you with our services and thus the fulfillment of our contractual obligations can only be provided if we use third parties, such as payment service providers, for the processing of payment transactions. We have concluded a data processing agreement with each of the payment service providers to ensure the security of your data processing at all times.
Shopify Payments
We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, the payment processing is carried out by the technical service provider Shopify International Limited, Victoria Buildings, 2. Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, to whom we pass on the information you provided during the ordering process along with the information about your order (name, address, account number, bank code, possibly. credit card number, invoice amount, currency, and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. The transfer of your data takes place exclusively for the purpose of payment processing with Shopify Payments Europe Ltd. and only to the extent necessary for this purpose. Further information on the data protection of Shopify Payments can be found at the following internet address: https://www.shopify.com/legal/privacy.
PayPal
It is possible to process the payment transaction with the online payment service PayPal. PayPal allows you to make online payments to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, the data required for the payment process will be automatically transmitted to PayPal. This usually involves the following data:
Name, address, company, email address, phone and mobile number, IP address. The data transmitted to PayPal may be shared with credit reporting agencies by PayPal. This transmission aims at identity and credit checks. PayPal may also share your data with third parties as necessary to fulfill contractual obligations or if the data is to be processed on behalf of others. You can view PayPal's privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.
The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, as the processing of data is necessary for payment with PayPal and thus for the execution of the contract.
Klarna
We have integrated Klarna as another payment service provider. Klarna is an online payment service provider that enables purchases on account or flexible installment payments. Additionally, Klarna offers further services, such as buyer protection or identity and credit checks. The operating company of Klarna is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden. If you select Klarna as the payment method during the ordering process in our online shop, either "purchase on account" or "installment purchase," your data will be automatically transmitted to Klarna. By selecting one of these payment options, you consent to the transmission of personal data necessary for processing the invoice or installment purchase or for identity and credit checks. The personal data transmitted to Klarna usually includes first name, last name, address, date of birth, gender, email address, IP address, phone number, mobile phone number, and other data necessary for processing an invoice or installment purchase. Personal data that is necessary for the execution of the purchase contract is also required in connection with the respective order. In particular, there may be mutual exchange of payment information, such as bank account details, card number, expiration date, and CVC code, quantity of items, item number, data on goods and services, prices and taxes, information on previous purchasing behavior, or other information about your financial situation. The purpose of data transmission is particularly for identity verification, payment administration, and fraud prevention. The data controller will transmit personal data to Klarna especially when there is a legitimate interest for the transmission. The personal data exchanged between Klarna and us will be transmitted by Klarna to credit reporting agencies. This transmission aims at identity and credit checks. Klarna also shares personal data with affiliated companies (Klarna Group) and service providers or subcontractors as necessary to fulfill contractual obligations or if the data is to be processed on behalf of others. To decide on the establishment, execution, or termination of a contractual relationship, Klarna collects and uses data and information about your past payment behavior as well as probability values for your future behavior (so-called scoring). The calculation of the scoring is carried out based on scientifically recognized mathematical-statistical methods. You have the option to revoke your consent to the processing of personal data at any time with Klarna. A revocation does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, as the processing of the data is necessary for payment with Klarna and thus for the execution of the contract. The applicable data protection regulations of Klarna can be accessed at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy.
In order to provide you with our services, we use the services of the hosting providers listed below. Our services are retrieved from the servers of these hosting providers. For these purposes, we use the infrastructure and platform services, computing capacity, storage space, and database services as well as security services and technical maintenance services of the web hosting providers.
The processed data includes all such data that you enter in connection with your use and communication during your visit to our services or that are collected from you in this context (e.g. your IP address). Our legal basis for using hosts to provide our services results from Art. 6 para. 1 lit. f GDPR (legitimate interest).
Hosting provider
Vercel
440 N Barranca Ave #4133
Covina, CA 91723
United States
https://vercel.com/legal/privacy-policy
Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
D18 P521
Ireland
https://www.microsoft.com/privacy/privacystatement
Akamai
Akamai145 Broadway
Cambridge, MA 02142
United States
https://www.akamai.com/legal/compliance/privacy-trust-center
Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2. Etage, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online store based on processing on our behalf. All data collected in our services is processed on Shopify's servers. As part of the aforementioned services from Shopify, data may also be transmitted for further processing on behalf of Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc., or Shopify (USA) Inc. In the event of data transmission to Shopify Inc. in Canada, the appropriate level of data protection is ensured by an adequacy decision of the European Commission. Further information on Shopify's data protection can be found at the following website: https://www.shopify.com/legal/privacy
Further processing on servers other than those mentioned by Shopify only takes place within the framework communicated below.
The services we use from the host may also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients of your emails as well as the senders and other information regarding the email dispatch (e.g., the involved providers) and the contents of the respective emails are processed. The aforementioned data is processed, among other things, for the purpose of detecting SPAM. Emails are generally not sent encrypted over the internet. In general, emails are encrypted during transport, but (unless end-to-end encryption is used) not on the servers from which they are sent and received. We cannot therefore assume any responsibility for the transmission path of the emails between the sender and the reception on our server. Our legal basis for using hosts for receiving and sending emails is based on Art. 6 para. 1 lit. f GDPR (legitimate interest).
We ourselves (or our hosting providers) collect data on each access to the server (server log files). The server log files may include the address and name of the accessed services and files, date and time of access, transferred data volumes, notification of successful access, browser type and version, your operating system, referrer URL (the previously visited page), and usually IP addresses as well as the requesting provider.
The server log files can be used for security purposes, e.g., to avoid server overload (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand, to ensure the load and stability of the servers. Our legal basis for using the hosts to collect access data and log files is based on Art. 6 para. 1 lit. f GDPR (legitimate interest).
To ensure a smooth technical process and optimal user-friendly use of our services, we use the following services:
EqualWeb (including the use of Cloudflare Rocket Loader as a subprocess)
In our services, we use the service EqualWeb, a provider of digital accessibility solutions. EqualWeb processes personal data on our behalf and uses, in the context of technical provision, security, and performance optimization of its services, among other things, the service "Cloudflare Rocket Loader" from Cloudflare, Inc. as a subprocessor. The Cloudflare Rocket Loader is used to optimize the loading times of websites by accelerating the delivery of JavaScript resources, thereby improving the performance and stability of our services.
In the context of using EqualWeb, only those technical information are processed that are necessary for the operation, security, and optimization of the services. This includes in particular the IP address, information about the browser used, as well as other usage and connection data. The recipient of the personal data is initially EqualWeb Ltd. as the processor. EqualWeb uses Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA, as a subprocessor to provide its services.
A transfer of personal data to a third country, especially to the USA, cannot be excluded. However, this is done exclusively on the basis of a data processing agreement concluded with EqualWeb and a subprocess data processing agreement existing between EqualWeb and Cloudflare, and in compliance with appropriate guarantees according to Art. 44 et seq. GDPR. This includes in particular the use of the standard contractual clauses approved by the European Commission and – where applicable – Cloudflare's participation in the EU-US Data Privacy Framework, which ensures an adequate level of data protection that corresponds to that within the European Union.
The legal basis for the processing of personal data in connection with the use of EqualWeb, including the use of Cloudflare Rocket Loader, is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to provide our services in an accessible, secure, stable manner and with the shortest possible loading times. We ensure that only a minimal amount of personal data is processed and that the interests and fundamental rights of the affected persons are always respected.
Google Analytics
We use Google Analytics for the purpose of statistical evaluation of your use of our services. Your IP address is collected by us before it is anonymized by Google through truncation before permanent storage on their servers. Google Analytics allows us to track how our services are used by you and how we can improve and further develop them accordingly. For example, Google Analytics shows which content is clicked or visited repeatedly by you. Processed data includes usage data & connection data. The recipient of the data is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland (as joint controller, Art. 26 GDPR). If Google transfers this data to a third country (e.g., the USA), this only occurs on a case-by-case basis, based on a data processing agreement concluded with Google and in accordance with standard contractual clauses agreed with Google and other security measures permitted by the GDPR that ensure the security of processing your personal data with a level of protection identical to that in the EU, particularly based on the EU-US Data Privacy Framework (DPF). The legal basis for using Google Analytics is your consent (e.g., via an opt-in in the consent banner), provided you have given this to us during your visit to our services and therefore results from Art. 6 para. 1 lit. a GDPR. Based on your consent, cookies, so-called. "beacons" or similar (text) files are stored on your device and thereby personal data is read out. If you have not given us your consent to use Google Analytics (no opt-in in the consent banner or withdrawal of your consent), we do not use Google Analytics during your visits to our services (anymore).
Google Ad Manager
We use the "Google Marketing Platform" (and services such as "Google Ad Manager") to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). Through the Google Marketing Platform, ads can be displayed in real-time based on presumed user interests. This allows us to display ads more targeted, presenting you only with ads that correspond to your potential interests. Processed data includes usage data & connection data. The recipient of the data is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland (as joint controller, Art. 26 GDPR). If Google transfers this data to a third country (e.g., the USA), this only occurs on a case-by-case basis, based on a data processing agreement concluded with Google and in accordance with standard contractual clauses agreed with Google and other security measures permitted by the GDPR that ensure the security of processing your personal data with a level of protection identical to that in the EU, particularly based on the EU-US Data Privacy Framework (DPF). The legal basis for using the Google Ad Manager is your consent (e.g., via an opt-in in the consent banner), provided you have given this to us during your visit to our services and therefore results from Art. 6 para. 1 lit. a GDPR. Based on your consent, cookies, so-called. "beacons" or similar (text) files are stored on your device and thereby personal data is read out. If you have not given us your consent to use the Google Ad Manager (no opt-in in the consent banner or Withdrawal of your consent), we do not use Google Ad Manager during your visits to our services (anymore).
Google Ads Conversion Tracking
We use Google Ads Conversion Tracking to measure the success of our Google Ads advertising campaigns. Initially, ads are placed in the Google advertising network (e.g., in search results, in videos, on websites, etc.) to be shown to users who have a presumed interest in the ads. Subsequently, we measure the conversion of the ads. We only receive anonymous overall feedback on the number of users who clicked on our ad and were redirected to a page equipped with a so-called "conversion tracking tag." We do not receive any information that would allow us to identify users. Processed data includes usage data & connection data. The recipient of the data is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland (as joint controller, Art. 26 GDPR). If Google transfers this data to a third country (e.g., the USA), this only occurs on a case-by-case basis, based on a data processing agreement concluded with Google and in accordance with standard contractual clauses agreed with Google and other security measures permitted by the GDPR that ensure the security of processing your personal data with a level of protection identical to that in the EU, particularly based on the EU-US Data Privacy Framework (DPF). The legal basis for using Google Ads Conversion Tracking is your consent (e.g., via an opt-in in the consent banner), provided you granted this during your visit to our services, and tracking therefore results from Art. 6 para. 1 lit. a GDPR. Based on your consent, cookies, so-called. "beacons" or similar (text) files are stored on your device and thereby personal data is read out. If you have not granted us your consent to use Google Ads Conversion Tracking (no opt-in in the consent banner or. Withdrawal of your consent), we do not use Google Ads Conversion Tracking during your visits to our services (anymore).
Google Global Site-Tag
We use the Google Global Site-Tag to measure conversions in Google Ads. With the Google Global Site-Tag, new cookies are set in our online shop, which store a unique ID for you as a user or your click on an ad that led you to our services, especially our online shop. Thus, with the Google Global Site-Tag, we can measure conversions more accurately in this way. With the Google Global Site-Tag, we determine which interactions in our services should be considered Google Ads conversions. Processed data includes usage data & connection data. The recipient of the data is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland (as joint controller, Art. 26 GDPR). If Google transfers this data to a third country (e.g., the USA), this only occurs on a case-by-case basis, based on a data processing agreement concluded with Google and in accordance with standard contractual clauses agreed with Google and other security measures permitted by the GDPR that ensure the security of processing your personal data with a level of protection identical to that in the EU, particularly based on the EU-US Data Privacy Framework (DPF). The legal basis for using the Google Global Site-Tag is your consent (e.g., via an opt-in in the consent banner), provided you granted this during your visit to our services, and therefore results from Art. 6 para. 1 lit. a GDPR. Based on your consent, cookies, so-called. "beacons" or similar (text) files are stored on your device and thereby personal data is read out. If you have not granted us your consent to use the Google Global Site-Tag (no opt-in in the consent banner or. Withdrawal of your consent), we do not use the Google Global Site-Tag during your visits to our services (anymore).
SalesViewer
We use "SalesViewer" for the purpose of statistical evaluation of your use of our services. Your IP address is collected by us before it is anonymized by SalesViewer through shortening before permanent storage on their servers. SalesViewer allows us to track how our services are used by you and how we can improve and further develop them accordingly. For example, SalesViewer shows which products are purchased most often or which companies are behind the visits to our services and the purchase of our products. Processed data includes master data, contact data, usage data & connection data. The recipient of the data is SalesViewer GmbH, Universitätsstrasse 60, 44789 Bochum, Germany (as joint controller, Art. 26 GDPR). If SalesViewer transfers this data to a third country (e.g., the USA), this only occurs on a case-by-case basis, based on a data processing agreement concluded with SalesViewer and in accordance with standard contractual clauses agreed with SalesViewer and other security measures permitted by the GDPR that ensure the security of processing your personal data with a level of protection identical to that in the EU, particularly based on the EU-US Data Privacy Framework (DPF). The legal basis for using SalesViewer is your consent (e.g., via an opt-in in the consent banner), provided you have given this during your visit to our services and therefore results from Art. 6 para. 1 lit. a GDPR. Based on your consent, cookies, so-called. "beacons" or similar (text) files are stored on your device and thereby personal data is read out. If you have not given us your consent to use SalesViewer (no opt-in in the consent banner or withdrawal of your consent), we do not use SalesViewer during your visits to our services (anymore).
Bing Universal Event Tracking
We use Bing Universal Event Tracking. When visiting our services through an advertisement served by Bing Ads, a cookie is stored in your browser. To this end, we have integrated a "UET tag" in our services. This is a code through which pseudonymized data about the use of our services is stored in connection with the cookie. This tag captures pseudonymized data in combination with the cookie to track which actions you take in our services after clicking on an advertisement on Bing Ads. The following data is collected pseudonymously: Visited pages, duration of stay, lead (which advertisement led you to us). In addition, Microsoft can track your usage behavior across multiple of your electronic devices through so-called cross-device tracking. The recipient of the data is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (as joint controller, Art. 26 GDPR). If Microsoft transfers this data to a third country (e.g., the USA), it will only do so on a case-by-case basis, based on a data processing agreement concluded with Microsoft and in accordance with standard contractual clauses agreed with Microsoft and other security measures permitted by the GDPR that ensure the security of processing your personal data with a level of protection identical to that in the EU, particularly based on the EU-US Data Privacy Framework (DPF). The legal basis for using Bing Universal Event Tracking is your consent (e.g., via an opt-in in the consent banner), provided you have given it during your visit to our services and therefore results from Art. 6 para. 1 lit. a GDPR. Based on your consent, cookies, so-called. "beacons" or similar (text) files are stored on your device and thereby personal data is read out. If you have not given us your consent to use Bing Universal Event Tracking (no opt-in in the consent banner or withdrawal of your consent), we do not use Bing Universal Event Tracking during your visits to our services (anymore).
Meta (formerly Facebook) Facebook Custom Audiences (“Meta Pixel”)
We use Facebook Custom Audiences (“Meta Pixel”) for the purpose of delivering personalized advertisements in the Facebook advertising network (Facebook Ads) based on your pseudonymized recorded browsing behavior. We use the Meta Pixel for remarketing purposes to be able to reach you again within 180 days on the social network "Facebook". Due to the Meta Pixel used, your browser automatically establishes a direct connection with Facebook's server. By integrating the Meta Pixel, Meta receives the information that you have accessed our services or clicked on an advertisement from us. If you are registered with Facebook, Meta can associate the visit with your account. In addition to the IP address and marketing identifier, Meta also receives information about your device used and the time and can associate this data with your Facebook account. Meta processes this data on its own responsibility. We have no influence on the data collection and further processing by Meta. Processed data includes usage data & connection data. The recipient of the data is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (as joint controller, Art. 26 GDPR). If Meta transfers this data to a third country (e.g., the USA), it will only do so on a case-by-case basis, based on a data processing agreement concluded with Meta and in accordance with standard contractual clauses agreed with Meta and other security measures permitted by the GDPR that ensure the security of processing your personal data with a level of protection identical to that in the EU, particularly based on the EU-US Data Privacy Framework (DPF). The legal basis for using the Meta Pixel is your consent (e.g., via an opt-in in the consent banner), provided you have given it during your visit to our services and therefore results from Art. 6 para. 1 lit. a GDPR. Based on your consent, cookies, so-called. "beacons" or similar (text) files are stored on your device and thereby personal data is read out. If you have not given us your consent to use the Meta Pixel (no opt-in in the consent banner or withdrawal of your consent), we do not use the Meta Pixel during your visits to our services (anymore).
PostHog
We use PostHog for the purpose of statistical evaluation of your use of our services. Your IP address is collected by us before it is anonymized by PostHog through truncation before permanent storage on their servers. PostHog allows us to track how our services are used by you and how we can improve and develop them accordingly. For example, PostHog shows which content is clicked or revisited by you. Processed data includes usage data & connection data. The recipient of the data is PostHog Inc, 965 Mission Street, San Francisco, CA 94103 USA (as joint controller, Art. 26 GDPR). If PostHog transfers this data to a third country (e.g., the USA), this only occurs on a case-by-case basis, based on a data processing agreement concluded with PostHog and in accordance with standard contractual clauses agreed with PostHog and other security measures permitted by the GDPR that ensure the security of processing your personal data with a level of protection identical to that in the EU, particularly based on the EU-US Data Privacy Framework (DPF). The legal basis for using PostHog is your consent (e.g., via an opt-in in the consent banner), provided you have given this during your visit to our services and therefore results from Art. 6 para. 1 lit. a GDPR. Based on your consent, cookies, so-called. "beacons" or similar (text) files are stored on your device and thereby personal data is read out. If you have not given us your consent to use PostHog (no opt-in in the consent banner or. withdrawal of your consent), we do not use PostHog during your visits to our services (anymore). For more information on PostHog's data protection, please see here https://posthog.com/privacy.
LinkedIn Insight Tag
We use the website analysis feature LinkedIn Insight Tag. The recipient of the data is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2 Ireland (as joint controller, Art. 26 GDPR). The LinkedIn Insight Tag allows the collection of data from your visit to our services, including URL, referrer URL, IP address, device and browser properties (User Agent), as well as timestamps. IP addresses are truncated or hashed. LinkedIn uses the data collected in our services for reports (in which you are not identified as a natural person) about website visitors and ad performance. LinkedIn also offers retargeting for website visitors on LinkedIn, allowing us to display targeted advertising outside of our services using this data. Processed data includes usage data & connection data. If LinkedIn transfers this data to a third country (e.g., the USA), this only occurs on a case-by-case basis, based on a data processing agreement concluded with LinkedIn and in accordance with standard contractual clauses agreed with LinkedIn and other security measures permitted by the GDPR that ensure the security of processing your personal data with a level of protection identical to that in the EU, particularly based on the EU-US Data Privacy Framework (DPF). The legal basis for using the LinkedIn Insight Tag is your consent (e.g., via an opt-in in the consent banner), provided you have given this during your visit to our services and therefore results from Art. 6 para. 1 lit. a GDPR. Based on your consent, cookies, so-called. "beacons" or similar (text) files are stored on your device and thereby personal data is read out. If you have not given us your consent to use the LinkedIn Insight Tag (no opt-in in the consent banner or withdrawal of your consent), we do not use the LinkedIn Insight Tag during your visits to our services (anymore). We do not use the LinkedIn Insight Tag during your visits to our services (anymore).
Google Maps
We use Google Maps to display location plans and geographical maps to present our services attractively and to enable easy findability of our locations. In the context of using Google Maps, technical information is processed, particularly the IP address as well as usage and connection data. The recipient of the data is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
The transmission of personal data to a third country, particularly to the USA, cannot be excluded. This is done exclusively on the basis of appropriate guarantees according to Art. 44 et seq. GDPR, particularly the standard contractual clauses approved by the European Commission and – where applicable – the EU-US Data Privacy Framework (DPF).
The use of Google Maps is based on your consent according to Art. 6 para. 1 lit. a GDPR, which you have given us via the consent banner. Without your consent, Google Maps will not be loaded. For more information, please refer to Google's privacy policy at https://www.google.de/intl/de/policies/privacy/. The service provider is Google Ireland Ltd.
With your consent (regularly through subscribing), we send you newsletters, emails, and other electronic notifications (hereinafter "newsletters"). Our newsletters usually contain technical, commercial, and promotional information about our services.
To subscribe to our newsletter, it is generally sufficient to provide your email address. If necessary, we ask you to provide additional information such as your name or similar.
The registration for our newsletter always takes place in a so-called double opt-in procedure. After registering for our newsletter, you will receive an email asking you to confirm your registration by clicking a confirmation link. This confirmation is necessary to prevent someone else from registering for a newsletter with your email address. We log the registrations for the newsletter in order to be able to prove the registration process in accordance with legal requirements. To this end, we store the registration and confirmation time as well as your IP address. Changes to your data stored with the mailing service provider are also logged.
You can unsubscribe from our newsletter at any time. To do this, simply click the "Unsubscribe" button included in the footer of each newsletter. If you unsubscribe from our newsletter, your email address may be stored for up to three years based on our legitimate interests before we delete it, so that we can prove your previously given consent.
As far as we engage a service provider for sending emails, this is done based on our legitimate interests in an efficient and secure mailing system.
Our newsletters may contain a so-called "web beacon." A web beacon is a pixel-sized file that is retrieved from our server (or from the server of a mailing service provider when used) when the newsletter is opened. As part of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, is collected.
This information is used to technically improve our newsletter based on technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our aim nor, if used, that of the mailing service provider, to monitor individual users. Rather, the evaluations serve to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The evaluation of the newsletter and the measurement of success take place, subject to the express consent of the users, based on our legitimate interests for the purpose of using a user-friendly and secure newsletter system, which serves both our business interests and meets the expectations of the users.
The legal basis for sending newsletters and thus also for the use of web beacons is your consent, provided you have given it by subscribing to the newsletter and therefore results from Art. 6 para. 1 lit. a GDPR. If you have not given us your consent to send newsletters, we will not send any newsletters (anymore) to you. This also automatically eliminates the use of web beacons.
Brevo
We use the services of Brevo for sending newsletters. Brevo is a service that can organize and analyze the sending of newsletters, among other things. The provider is Sendinblue GmbH, Köpenicker Strasse 126, 10179 Berlin, Germany. The data you entered for the purpose of receiving the newsletter (e.g. email address) will be stored on Brevo's servers. Our newsletters sent via Brevo allow us to analyze the behavior of newsletter recipients. This can include analyzing how many recipients opened the newsletter message and how often which link in the newsletter was clicked. All links in the email are so-called tracking links, which can count your clicks. If you do not want analysis by Brevo, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message. Furthermore, you can also revoke your consent at any time with effect for the future by email to the address specified in our imprint. The data you provided for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from Brevo's servers after unsubscribing from the newsletter. Data that has been stored with us for other purposes (e.g. email addresses for the member area) remains unaffected by this. For more details, please refer to Brevo's privacy policy at: https://www.brevo.com/de/datenschutz-uebersicht/ and https://www.brevo.com/de/legal/privacypolicy/.
The processing of the data entered in the newsletter registration form is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke the consent given for the storage of data, the email address, and their use for sending the newsletter at any time, for example, via the "Unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
We maintain fan pages on the websites of social networks on the internet and process personal data in this context to communicate with users active there or to provide information about us. We would like to point out that your data may be processed when visiting our fan pages outside the territory of the European Union. The operators of the respective social networks are responsible for this. A detailed presentation of the respective forms of processing and the options for objection (e.g. Opt-Out) can be found in the privacy policies of the operators of the respective social networks.
We operate a so-called. Facebook fan page for our company. When visiting the Facebook fan page, Facebook can evaluate your usage behavior and provide us with information obtained from this (“Insights”). The use of page insights is for the purposes of economic optimization and needs-based design of our services. Processed data categories may include. Master data, if applicable. Contact data, content data, usage data, connection data. The recipient of the data is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, as a joint controller according to Art. 26 GDPR. The legal basis for processing the data according to the provisions mentioned here results from our legitimate interest and thus from Art. 6 para. 1 lit. f GDPR.
Facebook is responsible for the implementation of your rights as a data subject. Facebook informs you about your rights as a data subject at: https://www.facebook.com/legal/terms/information_about_page_insights_data. You can also assert your rights against us, and we will promptly forward your request to Facebook.
We operate a so-called on Instagram. Instagram fan page for our company. When visiting the Instagram fan page, Meta can evaluate your usage behavior and provide us with information obtained from this ('Insights'). The use of page insights is for the purposes of economic optimization and needs-based design of our online presence/our services. Processed data categories may include. Master data, if applicable. Contact data, content data, usage data, connection data. The recipient of the data is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, as a joint controller according to Art. 26 GDPR. The legal basis for processing the data according to the provisions mentioned here results from our legitimate interest and thus from Art. 6 para. 1 lit. f GDPR.
Meta is responsible for the implementation of your rights as a data subject. Meta informs you about your rights as a data subject at: https://privacycenter.instagram.com/policy. You can also assert your rights against us, and we will promptly forward your request to Meta.
TikTok
We operate a so-called on TikTok. TikTok fan page for our company. When visiting the TikTok fan page, TikTok can evaluate your usage behavior and provide us with information obtained from this. The use of the information is for the purposes of economic optimization and needs-based design of our online presence/our services. Processed data categories may include. Master data, if applicable. Contact data, content data, usage data, connection data. The recipient of the data is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin D02 T380, Ireland, as a joint controller according to Art. 26 GDPR. The legal basis for processing the data according to the provisions mentioned here results from our legitimate interest and thus from Art. 6 para. 1 lit. f GDPR.
TikTok is responsible for the implementation of your rights as a data subject. TikTok informs you about your rights as a data subject at: https://www.tiktok.com/legal/privacy-policy?lang=en. You can also assert your rights against us, and we will promptly forward your request to TikTok.
We operate a LinkedIn fan page for our company on LinkedIn. When visiting and using the LinkedIn fan page, LinkedIn may analyze your usage behavior and provide us with information obtained from this. The use of this information is for the purposes of economic optimization and needs-based design of our website/our services. Processed data categories include master data, contact data, content data, usage data, connection data. The recipient of the data is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, as a joint controller according to Art. 26 GDPR. The legal basis for processing the data according to the provisions mentioned here results from our legitimate interest and thus from Art. 6 para. 1 lit. f GDPR.
LinkedIn is responsible for the implementation of your rights as a data subject. LinkedIn informs you about your rights as a data subject at: https://www.linkedin.com/legal/privacy-policy. You can also assert your rights against us, and we will promptly forward your request to LinkedIn.
YouTube
We operate a channel for our company on YouTube. When visiting and using our YouTube channel, Google may analyze your usage behavior and provide us with information obtained from this. The use of this information is for the purposes of economic optimization and needs-based design of our website. Processed data categories include master data, contact data, content data, usage data, connection data. The recipient of the data is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, as a joint controller according to Art. 26 GDPR. The legal basis for processing the data according to the provisions mentioned here results from our legitimate interest and thus from Art. 6 para. 1 lit. f GDPR.
YouTube is responsible for the implementation of your rights as a data subject. YouTube informs you about your rights at: https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/#privacy-guidelines. You can also assert your rights against us, and we will promptly forward your request to YouTube.
In addition to the online shop, there are other business processes where personal data is processed.
When you request an offer or a cost estimate, we process the data you provide (name, contact details, product requirements, area of interest) and possibly additional information about your project. The processing serves the creation and transmission of the offer, subsequent consultation, and tracking your interest. Legal bases are Art. 6 para. 1 lit. b GDPR (pre-contractual measure) and our legitimate interest in customer support (Art. 6 para. 1 lit. f GDPR). The data will be deleted if no contract is concluded and no legal retention obligations exist.
In connection with the conclusion of purchase contracts outside the online shop (e.g. B. through sales representatives, by phone, or on-site) we process your name, contact and address details, product information, billing and delivery data, as well as payment information. In electronic payment processes, the transmission of payment data occurs to the respective payment service provider or the house bank. Legal bases are Art. 6 para. 1 lit. b GDPR (contract fulfillment) and Art. 6 para. 1 lit. c GDPR (tax and commercial law obligations). If necessary, a credit check may be conducted by external credit agencies. We retain contract and payment documents within the framework of statutory retention periods (usually ten years).
As part of debt collection management, we process data on outstanding claims, particularly contact details, invoice numbers, due amounts, and payment information. If necessary, we transmit this data to collection agencies, courts, or insolvency administrators. To assess creditworthiness, a query may be made with business credit agencies. Legal bases are Art. 6 para. 1 lit. b GDPR (contract fulfillment), Art. 6 para. 1 lit. c GDPR (legal obligations) and Art. 6 para. 1 lit. f GDPR (legitimate interest in enforcing our claims). Data is retained within the framework of statutory limitation periods (usually ten years).
For the receipt and processing of complaints or damage reports, as well as for repair orders, we collect your contact details, information about the affected product, a description of the error or damage, if applicable. Photos and the serial/article number. This data is used to check the deficiency, initiate repair or replacement measures, and communicate with you. For repair orders, we may share your data with external repair service providers. Legal bases are Art. 6 para. 1 lit. b GDPR (contract fulfillment) and Art. 6 para. 1 lit. f GDPR (legitimate interest in warranty processing). In the context of the 5-year warranty, the notes in section 14 "Voluntary 5-Year Warranty" also apply. Data is retained according to legal deadlines (usually ten years).
When we provide you with devices or systems for testing, rental, or loan purposes, we process your contact details, information about the loaned item, and the rental period. Loan period. To check creditworthiness, we may obtain information from credit agencies (e.g., Creditreform). The data is used to create the rental/loan agreement, process the contract, and possibly for invoicing. The legal basis is Art. 1 lit. b GDPR. 6 para. After the return of the item, we store the data as long as legal retention periods (usually up to ten years) require or a legitimate interest exists (e.g., to defend against claims for damages).
Our inventory management systems record orders, stock levels, deliveries, and returns.
Data such as customer name, customer number, item numbers, quantities, and delivery information are processed to manage logistical processes.
In financial accounting, we process booking documents, invoice data, payment information, and tax keys to comply with legal accounting obligations. The creation of sales statistics is based on aggregated data and serves to analyze market and sales trends. As far as possible, data is anonymized or pseudonymized. Legal bases are Art. 6 para. 1 lit. b GDPR (contract fulfillment), Art. 6 para. 1 lit. c GDPR (legal obligation) and Art. 6 para. 1 lit. f GDPR (legitimate interest in business evaluation). Data is stored according to legal retention periods.
We process personal data of suppliers, sales representatives, and external service providers for the initiation and execution of contractual relationships as well as for communication. This particularly includes contact data (name, address, phone number, email address), contract and payment data, as well as information about contacts. Legal bases are Art. 6 para. 1 lit. b GDPR (contract fulfillment) and Art. 6 para. 1 lit. c GDPR (legal obligations). Data may be shared within the Leister Group and with external service providers, provided this is necessary for contract execution. We retain the data until the end of the business relationship and beyond in accordance with legal retention obligations (usually ten years).
When using our telephone system, we process connection and metadata such as the dialed number, the name of the caller (if provided), date, time, and duration of the call. This data is used for providing the telephone service, documenting contacts, ensuring quality, and troubleshooting. Legal bases are Art. 6 para. 1 lit. b GDPR (contract fulfillment) and Art. 6 para. 1 lit. f GDPR (legitimate interest). Data is deleted as soon as the purpose ceases, unless legal retention periods exist.
We offer a voluntary five-year warranty on certain products. To efficiently process the warranty, we operate a central warranty system that also allows authorized repair and service centers worldwide to access.
When you register a device, we process, in addition to the data mentioned in Section 5 "Data Processing Related to the Use of Our Services", particularly the following information:
The processing is carried out to verify and fulfill your warranty claims, to initiate repairs, to contact you, and to meet our obligations under the purchase or warranty agreement. 1 lit. b GDPR (Contract Fulfillment) as well as our legitimate interest in efficient service processing (Art. 1 lit. b GDPR. 6 para. 1 lit. f GDPR). 6 para. If special categories of personal data are to be processed, we will obtain your explicit consent (Art. 1 lit. a GDPR). 6 para.
The data will be transmitted to authorized repair and service centers to carry out services and repairs.
These centers act as so-called processors and are contractually obliged to process the data only for the stated purposes and on our behalf. Depending on the location of the center, it may involve recipients in countries outside the European Economic Area. In such cases, we ensure an adequate level of data protection by providing appropriate safeguards in accordance with Art. Implement GDPR (e.g. B. Conclusion of EU standard contractual clauses) and limit access to the necessary minimum.
The data collected for warranty and repairs will be stored for the duration of the warranty (five years from registration) and beyond as long as necessary to assert or defend legal claims or to fulfill statutory retention obligations. After that, the data will be deleted or anonymized.
If you request materials (advertising or marketing materials) or offers from us, we will process your data for the purpose of sending the requested materials as well as for the preparation and sending of the requested offers. Processed data categories include master data, contact data, connection data, if applicable. Contract data. If applicable, we will forward your request to our group companies. No transfer to a third country will take place. The legal basis for the processing measures results from:
Should this privacy policy indicate that we transmit your personal data to a third country, i.e., a country outside the EU or outside the EEA, the following applies.
A transfer to a third country occurs only in accordance with legal requirements. We assure you that we have a contractual or legal authorization for the transfer and processing of your data in the relevant third country. Furthermore, we only allow your data to be processed by service providers in third countries that, in our view, have an acknowledged level of data protection. This means that there is, for example, an adequacy decision between the EU and the country to which we transmit your personal data. An "adequacy decision" is a decision adopted by the European Commission pursuant to Art. 45 GDPR and establishes that a third country (i.e., a country not bound by the GDPR) or an international organization provides an adequate level of protection for personal data. Alternatively, for example, if there is no adequacy decision, a transfer to a third country occurs only if contractual obligations between us and the service provider in the third country exist through so-called standard contractual clauses of the EU Commission and further technical security measures have been taken that ensure an adequate level of protection equivalent to that in the EU, or the service provider in the third country can demonstrate data protection certifications and your data is processed only in accordance with internal data protection regulations (Art. 44 to 49 GDPR. EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
As part of the so-called "Data Privacy Framework" ("DPF"), the EU Commission has recognized the level of data protection for certain companies from the USA as safe under the adequacy decision of July 10, 2023. A list of certified companies as well as further information about the DPF can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We inform you in this privacy policy which services we use are certified under the Data Privacy Framework.
The data we process will be deleted in accordance with legal requirements as soon as the consents allowed for processing are revoked or other permissions expire (e.g., when the purpose of processing this data has ceased or they are no longer necessary for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be limited to those purposes. That is, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person.
In this privacy policy, we will inform you about the deletion and retention of data that specifically applies to the respective processing processes.
Unless we obtain your consent, the storage of or access to information on your device is carried out in accordance with § 25 para. 2 no. 2 of the Telecommunications and Digital Services Data Protection Act (TDDDG), as the storage of and access to this information is absolutely necessary to provide the desired functions of our services. If we obtain consent, the legal basis is § 25 para. 1 TDDDG. Our services use cookies, tokens, beacons, or other technologies that may be stored on your devices and would not be possible without providing our services.
Cookies, tokens, beacons, or other technologies are usually text files that are stored on your device and can be read by us and third parties when you access our services. Many of the aforementioned technologies contain their own ID. Such an ID is a unique identifier for the technology used. It consists of a string through which websites and servers can be assigned to the specific internet browser or the specific service or device in which cookies, tokens, beacons, or other technologies have been stored. This allows website operators and analytics services to identify you as a user and distinguish you from others.
If we use external service providers to process your data, they are carefully selected and commissioned by us. If the services provided by these service providers involve data processing in the sense of Art. 28 GDPR, the service providers are bound by our instructions and are regularly monitored. Our data processing agreements meet the strict requirements of Art. 28 GDPR as well as the guidelines of the German data protection authorities.
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent according to Art. 6 para. 1 lit. a GDPR or Art. 2 lit. a GDPR, and there is no other legal basis for the processing. 2 lit. a GDPR or based on a contract according to Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated means.
In exercising this right, you also have the right to obtain that the personal data concerning you be transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons shall not be adversely affected thereby.
The right to data portability does not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless he demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.
If you object to the processing for the purposes of direct marketing, the personal data concerning you shall no longer be processed for these purposes.
You have the option to exercise your right to object in connection with the use of information society services – notwithstanding Directive 2002/58/EC – by automated means using technical specifications.
You have the right to withdraw your consent to data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Processing shall be lawful until your withdrawal – the withdrawal shall thus only take effect for processing after receipt of your withdrawal. You can revoke your consent informally by post or email. The processing of your personal data will no longer take place, subject to the permission of another legal basis. If this is not the case, your data must be deleted immediately after the revocation in accordance with Art. 17 para. 2 GDPR. Your right to revoke your consent, subject to the conditions mentioned above, is guaranteed.
Your revocation should be addressed to:
Leister AG
Galileo Street 10
CH-6056 Kägiswil
Switzerland
E-Mail: compliance@leister.com
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your residence, your workplace, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant about the status and results of the complaint, including the possibility of judicial remedy under Art. 78 GDPR.
Automated decisions in individual cases including profiling do not take place unless specifically addressed in this privacy policy.
If your personal data has been disclosed to other recipients (third parties) on a legal basis, we will inform them of any rectification, deletion, or restriction of the processing of your personal data (Art. 16, Art 17 para. 1 and Art. 18 GDPR). The notification obligation does not apply if it involves a disproportionate effort or is impossible. We will also inform you upon request about the recipients.