Your cart
There are no more items in your cart
Privacy Policy
Unless otherwise stated below, the provision of your personal data is neither legally or contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the data. Non-provision has no consequences, unless otherwise stated in the following processing operations. "Personal data" means any information relating to an identified or identifiable natural person.
---Controller for Data Processing
Filippo Guidotti
Parkallee 14
14974 Ludwigsfelde
Deutschland
Phone: +493060273777
Email: vini@vinigrandi.de
General Data Processing when visiting our Website
Server Logfiles
Each time our website is accessed, usage data is transmitted to us or our web host / IT service provider by your internet browser and stored in log data (server logfiles). This data includes, for example, the name of the accessed page, date and time of access, the IP address, the amount of data transferred and the requesting provider. The processing is carried out on the basis of Art. 6 (1) lit. f GDPR from our overriding legitimate interest in ensuring the trouble-free operation of our website and to improve our services.
Cookie Consent Tool / Cookie Consent Management (CMP)
To ensure the lawful collection of consents for the use of cookies and similar technologies, we use a Cookie Consent Management Tool. This tool allows you to grant or refuse your consent for various categories of services (e.g., marketing cookies, analysis cookies) and to adjust your preferences at any time.
Purpose of data processing: The processing serves to obtain, manage, and document the legally required consents for the use of cookies and similar technologies. This ensures compliance with the General Data Protection Regulation (GDPR) and the German Telecommunications-Telemedia Data Protection Act (TTDSG).
Data collected: The Cookie Consent Tool stores information about your consent (date and time of consent, IP address at the time of consent, browser type, the consents given or rejected). No other personal data is collected unless you have expressly consented to it.
Legal basis: The processing is carried out on the basis of Art. 6 (1) lit. c GDPR (fulfillment of a legal obligation) and Art. 6 (1) lit. a GDPR (your consent) in conjunction with § 25 (1) TTDSG.
Withdrawal of consent: You can change your cookie settings at any time via the corresponding function on our website and withdraw your consent. This does not affect the lawfulness of the processing carried out before the withdrawal of your consent.
---Communication and Contact
Customer's proactive contact by email
If you proactively contact us by email for business purposes, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves to process and respond to your contact request.
If the contact serves to carry out pre-contractual measures or concerns an already concluded contract, this data processing is carried out on the basis of Art. 6 (1) lit. b GDPR. If the contact is for other reasons, this data processing is carried out on the basis of Art. 6 (1) lit. f GDPR from our overriding legitimate interest in processing and responding to your request. In this case, you have the right to object to this processing at any time for reasons arising from your particular situation. We only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
Collection and processing when sending images by email
You have the option to send us images by email in connection with the order of a personalized product. By sending your images, we may collect your personal data (image of an identifiable person) only to the extent provided by you.
The data processing serves the purpose of creating personalized products. The transmitted image serves as a template for the product and is used for this purpose. The processing is carried out on the basis of Art. 6 (1) lit. b GDPR and is necessary for the fulfillment of a contract with you. Your data will not be passed on. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
WhatsApp Business
If you contact us via **WhatsApp** for business purposes, we use the WhatsApp Business version of WhatsApp Ireland Limited (for users outside the EEA: WhatsApp Inc., USA) for this purpose.
Purpose of data processing: The data processing serves to process and respond to your contact request. For this purpose, we collect and process your mobile phone number stored on WhatsApp, if provided, your name, and other data (e.g., message text) to the extent provided by you. We use a mobile device for the service in whose address book only data of users who have contacted us via WhatsApp are stored. Personal data is therefore not passed on to WhatsApp without your prior consent to WhatsApp.
Data transfer: Your data will be transferred by WhatsApp to servers of Meta Platforms Inc. in the USA. There is no adequacy decision from the EU Commission for the USA. Data transfer takes place, among other things, on the basis of standard contractual clauses.
Legal basis: If the contact serves to carry out pre-contractual measures or concerns an already concluded contract, this data processing is carried out on the basis of Art. 6 (1) lit. b GDPR. If the contact is for other reasons, this data processing is carried out on the basis of Art. 6 (1) lit. f GDPR from our overriding legitimate interest in providing quick and easy contact and in responding to your request. In this case, you have the right to object to this processing at any time for reasons arising from your particular situation. We only use your personal data to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.
Further information: on terms of use and data protection when using WhatsApp can be found at https://www.whatsapp.com/legal/#terms-of-service and https://www.whatsapp.com/legal/#privacy-policy.
---Customer Account and Orders
Customer Account
When opening a customer account, we collect your personal data to the extent indicated there. The data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the lawfulness of the processing carried out on the basis of the consent until withdrawal. Your customer account will then be deleted.
Collection, processing and transfer of personal data for orders
When you place an order, we collect and process your personal data only to the extent necessary for the fulfillment and processing of your order and for handling your inquiries. The provision of the data is required for the conclusion of the contract. Non-provision will result in no contract being concluded.
The processing is carried out on the basis of Art. 6 (1) lit. b GDPR and is necessary for the fulfillment of a contract with you. Your data may be passed on, for example, to the shipping companies and dropshipping providers, payment service providers, service providers for order processing and IT service providers chosen by you. In all cases, we strictly adhere to legal requirements. The scope of data transfer is limited to a minimum.
Payment Service Providers
PayPal
We offer you the option to pay via PayPal. PayPal is an online payment service provider of PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg).
Purpose of data processing: The use of PayPal serves the secure and convenient processing of payments for your orders.
Data collected: If you select PayPal as a payment method, your order data (e.g., name, address, email address, items, invoice amount) will be transmitted to PayPal. PayPal may collect further information on the transaction, such as IP address and technical device data. The exact type of data collected by PayPal and its processing are subject to PayPal's data protection provisions.
Legal basis: The processing is carried out on the basis of Art. 6 (1) lit. b GDPR, as it is necessary for the fulfillment of the contract with you (i.e., for processing the payment for your order).
Data transfer: PayPal may also pass on your data to affiliated companies and service providers (subcontractors) or transfer it to third countries outside the European Union. There is currently no adequacy decision by the EU Commission for the USA. The data transfer takes place on the basis of standard contractual clauses as suitable guarantees for the protection of personal data. We have no direct influence on the data processing by PayPal. For further information on data processing by PayPal, please read PayPal's privacy policies: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Klarna
We offer you the option to pay via Klarna. Klarna is an online payment service provider of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden.
Purpose of data processing: The use of Klarna serves the secure and convenient processing of payments (e.g., invoice purchase, installment purchase, instant transfer) for your orders.
Data collected: If you select Klarna as a payment method, your order data (e.g., name, address, email address, date of birth, phone number, items, invoice amount) will be transmitted to Klarna. Klarna may obtain further information (e.g., information about your creditworthiness) from credit agencies for risk assessment and payment processing. The exact type of data collected by Klarna and its processing are subject to Klarna's data protection provisions.
Legal basis: The processing is carried out on the basis of Art. 6 (1) lit. b GDPR, as it is necessary for the fulfillment of the contract with you (i.e., for processing the payment for your order). The credit check and related data processing are carried out on the basis of Art. 6 (1) lit. f GDPR from Klarna's legitimate interest in checking your creditworthiness and reducing payment defaults.
Further information: on terms of use and data protection at Klarna can be found at: https://www.klarna.com/de/datenschutz/.
Mollie
We use the payment service provider Mollie for processing various payment methods. The service provider is Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands.
Purpose of data processing: Mollie enables us to integrate various payment options (e.g., credit card, iDEAL, SOFORT transfer) into our online shop to ensure smooth payment processing.
Data collected: If you process a payment via Mollie, your order data (e.g., name, address, email address, items, invoice amount) and the payment information required for the respective payment method (e.g., credit card details, bank details) are transmitted to Mollie. Mollie processes this data for the purpose of carrying out the payment and preventing fraud.
Legal basis: The processing is carried out on the basis of Art. 6 (1) lit. b GDPR, as it is necessary for the fulfillment of the contract with you (i.e., for processing the payment for your order).
Further information: on terms of use and data protection at Mollie can be found at: https://www.mollie.com/de/privacy.
Stripe
We offer you the option to pay via Stripe. Stripe is an online payment service provider of Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
Purpose of data processing: The use of Stripe serves the secure and convenient processing of payments, especially by credit and debit card, for your orders.
Data collected: If you select Stripe as a payment method, your order data (e.g., name, address, email address, items, invoice amount) and the credit card or debit card data required for the payment (card number, expiration date, CVC) will be transmitted to Stripe. Stripe may collect further information on the transaction, such as IP address and technical device data. The exact type of data collected by Stripe and its processing are subject to Stripe's data protection provisions.
Legal basis: The processing is carried out on the basis of Art. 6 (1) lit. b GDPR, as it is necessary for the fulfillment of the contract with you (i.e., for processing the payment for your order).
Data transfer: Stripe may also pass on your data to affiliated companies and service providers (subcontractors) or transfer it to third countries outside the European Union. There is currently no adequacy decision by the EU Commission for the USA. The data transfer takes place on the basis of standard contractual clauses as suitable guarantees for the protection of personal data. We have no direct influence on the data processing by Stripe. For further information on data processing by Stripe, please read Stripe's privacy policies: https://stripe.com/de/privacy.
Trustly
We offer you the option to pay via Trustly. Trustly is an online payment service provider of Trustly Group AB (publ), Rådmansgatan 40, 113 57 Stockholm, Sweden.
Purpose of data processing: The use of Trustly allows you to make direct bank transfers for your orders.
Data collected: If you select Trustly as a payment method, you will be redirected to the Trustly website, where you can enter your bank details to authorize the payment. We only receive confirmation of successful payment from Trustly, but no insight into your bank details. Trustly collects the data necessary for carrying out the payment, such as account information and transaction details.
Legal basis: The processing is carried out on the basis of Art. 6 (1) lit. b GDPR, as it is necessary for the fulfillment of the contract with you (i.e., for processing the payment for your order).
Further information: on terms of use and data protection at Trustly can be found at: https://www.trustly.com/de/datenschutz/.
Google Pay
We offer you the option to pay via Google Pay. Google Pay is a payment service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
Purpose of data processing: The use of Google Pay serves the secure and convenient processing of payments for your orders using the payment information stored in your Google account.
Data collected: If you select Google Pay as a payment method, the payment process is handled directly via Google and your stored payment instrument. As the shop operator, we do not collect or process your full payment card data directly. Google Pay only transmits a device-specific account number and a transaction-specific security code to us. The data processed by Google for payment processing may include device information, payment tokens, transaction amount and other transaction details.
Legal basis: The processing is carried out on the basis of Art. 6 (1) lit. b GDPR, as it is necessary for the fulfillment of the contract with you (i.e., for processing the payment for your order).
Data transfer to the USA: It should be noted that data may be transferred to Google servers in the USA. There is no adequacy decision by the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses. Both Google and US government authorities have access to your data. We have no direct influence on the data processing by Google Pay. For further information on data processing by Google Pay, please read Google's privacy policies.
Belfius Direct Net
We offer you the option to pay via Belfius Direct Net. Belfius Direct Net is an online banking payment method of Belfius Bank NV/SA, Place Charles Rogier 11, 1210 Brussels, Belgium.
Purpose of data processing: The use of Belfius Direct Net allows you to pay directly via your Belfius bank account for your orders.
Data collected: If you select Belfius Direct Net as a payment method, you will be redirected to the secure environment of your Belfius bank to authorize the payment. We only receive confirmation of successful payment from Belfius, but no insight into your bank details. The Belfius Bank collects the data necessary for carrying out the payment, such as account information and transaction details.
Legal basis: The processing is carried out on the basis of Art. 6 (1) lit. b GDPR, as it is necessary for the fulfillment of the contract with you (i.e., for processing the payment for your order).
Further information: on terms of use and data protection at Belfius can be found at: https://www.belfius.be/retail/de/datenschutzbestimmungen.
Credit and Debit Card (directly via the shop)
We offer you the option to pay directly via our shop by credit and debit card.
Purpose of data processing: Direct payment by credit and debit card serves the secure and convenient processing of payments for your orders.
Data collected: If you pay by credit or debit card, your payment card data (card number, expiration date, CVC) will be transmitted directly and encrypted to our payment service provider (see the section on Stripe or Mollie, depending on which service is used for processing). We ourselves do not store full credit card data on our servers. In addition, order data (e.g., name, address, email address, items, invoice amount) will be processed for order processing.
Legal basis: The processing is carried out on the basis of Art. 6 (1) lit. b GDPR, as it is necessary for the fulfillment of the contract with you (i.e., for processing the payment for your order).
iDEAL
We offer you the option to pay via iDEAL. iDEAL is a widely used online banking payment method in the Netherlands, which is processed through various banks.
Purpose of data processing: The use of iDEAL allows you to pay directly via your Dutch bank account for your orders.
Data collected: If you select iDEAL as a payment method, you will be redirected to the secure environment of your bank to authorize the payment. We only receive confirmation of successful payment from the payment service provider (e.g., Mollie, see there), but no insight into your bank details. The respective bank collects the data necessary for carrying out the payment, such as account information and transaction details.
Legal basis: The processing is carried out on the basis of Art. 6 (1) lit. b GDPR, as it is necessary for the fulfillment of the contract with you (i.e., for processing the payment for your order).
Further information: on terms of use and data protection can be found in the policies of your respective bank and the payment service provider offering iDEAL (e.g., Mollie).
Bank Transfer
We offer you the option to pay by bank transfer (prepayment).
Purpose of data processing: Payment by bank transfer serves to process your order after receipt of payment.
Data collected: When selecting this payment method, you will receive our bank details. To allocate your payment to your order, it is necessary that you specify the reference number or your order name provided by us when making the transfer. We only receive the transaction data from your bank that is necessary to allocate the payment to your order (e.g., account holder's name, amount, purpose of payment). Your full bank details are not transmitted to us directly but are processed via the participating banks.
Legal basis: The processing is carried out on the basis of Art. 6 (1) lit. b GDPR, as it is necessary for the fulfillment of the contract with you (i.e., for processing the payment for your order).
Apple Pay
We offer you the option to pay via Apple Pay. Apple Pay is a payment service of Apple Inc. (USA).
Purpose of data processing: The use of Apple Pay serves the secure and convenient processing of payments for your orders.
Data collected: If you select Apple Pay as a payment method, the payment process is handled directly via Apple and your bank/credit card issuer. As the shop operator, we do not collect or process your full payment card data directly. Apple Pay only transmits a device-specific account number and a transaction-specific security code to us. The data processed by Apple for payment processing may include device information, payment tokens, transaction amount and other transaction details.
Legal basis: The processing is carried out on the basis of Art. 6 (1) lit. b GDPR, as it is necessary for the fulfillment of the contract with you (i.e., for processing the payment for your order).
Data transfer to the USA: It should be noted that data may be transferred to Apple servers in the USA. There is no adequacy decision by the EU Commission for the USA. Apple relies on standard contractual clauses or other suitable safeguards for international data transfers, as described in the Apple Pay privacy policy: https://www.apple.com/legal/privacy/data/en/apple-pay/. We have no direct influence on the data processing by Apple Pay. For further information on data processing by Apple Pay, please read Apple's privacy policies.
---Advertising and Marketing
Use of the email address for sending newsletters
We use your email address exclusively for our own advertising purposes for sending newsletters, regardless of contract processing, provided that you have expressly consented to this. The processing is carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time, without affecting the lawfulness of the processing carried out on the basis of the consent until withdrawal. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list.
Use of Brevo (Email Marketing)
We use the services of Brevo (formerly Sendinblue) for sending our email communication, especially newsletters and transactional emails. The service provider is Brevo GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Purpose of data processing: The use of Brevo serves the professional and efficient processing of our email marketing and customer communication.
Data collected: If you subscribe to our newsletter or provide us with your email address for other communication purposes, your email address and possibly other data provided by you (e.g., name) will be transmitted to Brevo and stored there. Brevo also stores information about the sending and delivery of emails, as well as statistical data (e.g., whether emails were opened or links clicked).
Legal basis: The processing is carried out on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR, which you have given us by subscribing to the newsletter or by providing your email address for specific communication purposes.
Data security: Brevo has committed to complying with data protection regulations and offers appropriate guarantees for the security of data processing.
Withdrawal of consent: You can withdraw your consent at any time by using the unsubscribe link in our emails or by contacting us directly. The lawfulness of the processing carried out until the withdrawal remains unaffected.
Further information: on terms of use and data protection at Brevo can be found at: https://www.brevo.com/de/legal/privacypolicy/.
Brevo Tracker (Web Tracking)
We use the Brevo Tracker on our website to better understand user behavior and optimize our marketing measures. This service is also provided by Brevo GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Purpose of data processing: The Brevo Tracker enables us to analyze how visitors interact with our website. This helps us to measure the effectiveness of our marketing campaigns and to tailor our website and our services to your needs.
Data collected: The Brevo Tracker can collect data about your Browse behavior on our website, such as visited pages, dwell time, clicks, and the origin of the visitor. For this purpose, cookies and similar technologies are used that enable your browser to be recognized. Your IP address may also be processed, but usually in pseudonymized form.
Legal basis: The processing of your data is carried out on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR, which you provide via our cookie consent management system.
Withdrawal of consent/Opt-Out: You can withdraw your consent at any time or adjust your preferences regarding the use of cookies by accessing our cookie settings. A general deactivation of cookies in your browser may limit the functionality of our website.
Further details: on the Brevo Tracker and its data protection practices can be found in Brevo's privacy policy at: https://www.brevo.com/de/legal/privacypolicy/.
Google AdSense
We use Google AdSense on our website, an online advertising service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
Purpose of data processing: Google AdSense enables the display of advertisements on our website. This serves to monetize our online offering. Google uses cookies, web beacons (invisible graphics), and similar technologies to collect information about your use of our website and other websites to display relevant advertisements to you.
Data collected: Google AdSense may collect information such as your IP address, visited pages, dwell time, clicks on ads, and other interactions with the website. This information is used to create a user profile and to tailor the displayed ads to your interests. No directly identifiable personal data such as your name or email address is collected.
Legal basis: The processing of your data for Google AdSense is carried out on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR, which you provide via our cookie consent management system.
Data transfer to the USA: It should be noted that data may be transferred to Google servers in the USA. There is currently no adequacy decision by the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses. Both Google and US government authorities have access to your data.
Withdrawal of consent/Opt-Out: You can prevent data collection by Google AdSense by refusing the use of cookies via our cookie consent management system. You can also deactivate personalized advertising from Google in your Google settings at https://adssettings.google.com/authenticated. A deactivation add-on for browsers from Google can be found at: https://tools.google.com/dlpage/gaoptout?hl=de.
Further information: on terms of use and data protection for Google AdSense can be found at: https://policies.google.com/technologies/ads?hl=de and https://policies.google.com/privacy?hl=de&gl=de.
Google Ads Remarketing
Our website uses the functions of Google Ads Remarketing, a service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
Purpose of data processing: Google Ads Remarketing allows us to show targeted advertising to users who have already visited our website on other websites within the Google Display Network or in Google Search. This enables us to make our marketing more relevant and remind users of products or services they have been interested in.
Data collected: For remarketing purposes, cookies are used, which are stored on your device. These cookies collect information about your interaction with our website (e.g., which pages you visited, which products you viewed). Your IP address may also be processed. The collected data is pseudonymized by Google and not directly merged with other data that Google may have about you.
Legal basis: The processing of your data for remarketing purposes is carried out on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR, which you provide via our cookie consent management system.
Data transfer to the USA: It should be noted that data may be transferred to Google servers in the USA. There is currently no adequacy decision by the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses. Both Google and US government authorities have access to your data.
Withdrawal of consent/Opt-Out: You can prevent data collection by Google Ads Remarketing by adjusting the corresponding settings in your Google account at https://adssettings.google.com/authenticated or by refusing the use of cookies via our cookie consent management system. You can also install the deactivation add-on for browsers from Google: https://tools.google.com/dlpage/gaoptout?hl=de.
Further information: on terms of use and data protection for Google Ads Remarketing can be found at: https://policies.google.com/technologies/ads?hl=de and https://policies.google.com/privacy?hl=de&gl=de.
---Merchandise Management and Analysis
Use of an external merchandise management system
We use a merchandise management system for contract processing within the framework of order processing. For this purpose, your personal data collected during the order process will be transferred to:
JTL-Software-GmbH, Rheinstr. 7, 41836 Hückelhoven
Germany.
Use of Google Analytics 4
We use the web analysis service Google Analytics 4 from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
Purpose of data processing: The data processing serves the purpose of analyzing this website and its visitors, as well as for marketing and advertising purposes. For this purpose, Google will use the information obtained on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet use to the website operator.
Data collected: The following information, among others, may be collected: IP address, date and time of page view, click path, information about the browser and device you are using, visited pages, referrer URL (website from which you accessed our website), location data, purchase activities. When using Google Analytics 4, the IP address transmitted by your website is automatically collected and processed in anonymized form. The IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Google uses technologies such as cookies, web storage in the browser, and tracking pixels, which enable an analysis of your use of the website. The information generated thereby about your use of this website is usually transferred to a Google server in the USA and stored there.
Legal basis: The processing of your personal data is carried out on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR, which you provide via our cookie consent management system.
Data transfer to the USA: There is no adequacy decision by the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses. Both Google and US government authorities have access to your data. Your data may be linked by Google with other data, such as your search history, your personal accounts, your usage data from other devices, and all other data Google has about you.
Withdrawal of consent/Opt-Out: You can prevent the collection of data generated by Google Analytics and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. To prevent data collection and storage by Google Analytics across devices, you can set an opt-out cookie. Opt-out cookies prevent the future collection of your data when visiting this website. You must carry out the opt-out on all systems and devices used for this to be fully effective. If you delete the opt-out cookie, requests will be transmitted to Google again. Further information: on terms of use and data protection can be found at https://policies.google.com/technologies/partner-sites and at https://policies.google.com/privacy?hl=de&gl=de.
---Plugins and Other
Use of Google Web Fonts
To ensure an appealing and uniform presentation of our content across various end devices, we use Google Web Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website. These fonts are integrated by calling up a server, usually a Google server in the USA. Google thereby collects the IP address of your internet browser. This is technically necessary to be able to send the fonts to your browser.
Legal basis: The processing is carried out on the basis of our overriding legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the optimized and professional design of our website.
Data transfer to the USA: It should be noted that data may be transferred to Google servers in the USA. There is currently no adequacy decision by the EU Commission for the USA. The data transfer takes place on the basis of standard contractual clauses. Both Google and US government authorities have access to your data.
Right to object: You have the right to object at any time to the processing of your personal data based on Art. 6 (1) lit. f GDPR, for reasons arising from your particular situation. However, deactivating Google Web Fonts may impair the display of our website.
Further information: on terms of use and data protection can be found at: https://policies.google.com/terms/regional?hl=de and https://policies.google.com/privacy?hl=de&gl=de.
Use of Cloudflare
We use the services of Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) as a Content Delivery Network (CDN) and security service.
Purpose of data processing: Cloudflare helps us to optimize the loading times of our website, protect our website from malicious attacks (e.g., DDoS attacks), and ensure the general security and stability of our online presence. Cloudflare acts as an intermediate layer that filters requests to our servers and delivers cached content faster.
Data collected: As part of providing these services, Cloudflare processes technical connection data, such as IP addresses, system configuration information, and data about traffic to and from our website. We have no direct influence on the exact data Cloudflare collects.
Legal basis: The processing is carried out on the basis of our overriding legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our legitimate interest lies in securing and optimizing the operation of our website.
Data transfer to the USA: Data may be transferred to Cloudflare servers in the USA. There is no adequacy decision by the EU Commission for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses. Both Cloudflare and US government authorities have access to your data.
Right to object: You have the right to object at any time to the processing of your personal data based on Art. 6 (1) lit. f GDPR, for reasons arising from your particular situation. However, a complete deactivation of Cloudflare's services is not possible without significantly impairing the security and performance of our website.
Further information: on terms of use and data protection at Cloudflare can be found at: https://www.cloudflare.com/privacypolicy/.
Use of Google Tag Manager
We use the Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website. This application manages JavaScript tags and HTML tags that are used to implement tracking and analysis tools in particular. The data processing serves the purpose of tailoring and optimizing our website.
Google Tag Manager itself does not store cookies or process personal data. However, it enables the triggering of other tags that can collect and process personal data.
Further information: on terms of use and data protection can be found here: https://www.google.com/intl/de/tagmanager/use-policy.html.
---Data Subject Rights and Storage Period
Duration of Storage
After complete contract processing, the data will initially be stored for the duration of the warranty period, then, taking into account statutory retention periods, in particular tax and commercial law retention periods, deleted after the expiry of the period, unless you have consented to further processing and use.
Rights of the Data Subject
Subject to legal requirements, you have the following rights under Art. 15 to 20 GDPR:
- Right of access: You can request information about whether and which personal data we store about you.
- Right to rectification: You have the right to have inaccurate data corrected or incomplete data completed.
- Right to erasure ("right to be forgotten"): You can request the erasure of your personal data if, for example, the data is no longer necessary for the purposes for which it was collected.
- Right to restriction of processing: You can request the restriction of the processing of your data if, for example, the accuracy of the data is contested.
- Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller.
Right to lodge a complaint with the supervisory authority
You have the right, pursuant to Art. 77 GDPR, to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is not lawful. The competent supervisory authority in Germany is:
The State Commissioner for Data Protection and the Right to Inspect Files Brandenburg
Stahnsdorfer Damm 77
14532 Kleinmachnow
Deutschland
Right to Object
If the personal data processing listed here is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, you have the right to object to this processing at any time with effect for the future for reasons arising from your particular situation.
After a successful objection, the processing of the data concerned will be terminated, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defense of legal claims.