Data protection declaration
1. Introduction
The protection of your personal data is a top priority. This privacy policy explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") in connection with the online offer. This includes the associated website, functions and content as well as the external online presences, such as the social media profiles (hereinafter collectively referred to as "Online Offer"). Your personal data will be treated confidentially and strictly complied with the legal data protection regulations and the provisions of this data protection declaration.
General instructions
This privacy policy gives you a comprehensive overview of what happens to your personal data when you visit this website. Personal data is any information that can be used to identify you personally. For detailed information on data protection, please refer to this complete data protection declaration.
Entity responsible
The data processing on this website is carried out by the website operator. The contact details of the controller can be found in the section "Responsible" in this data protection declaration.
Collection of your data
Personal data is collected on the one hand by actively communicating them, e.g. by filling out a contact form. Other data is collected automatically or after your consent when visiting the website by the IT systems of the Controller. This is mainly technical data (e.g. Internet browser, operating system or time of page call). This data collection occurs automatically as soon as you enter the website.
Use of your data
Part of the data is collected to ensure the error-free provision of the website. Other data can be used to analyze your user behavior to optimize the offer and adapt it to your needs.
Transmission of data to external bodies
As part of the Controller’s business activities, it may be necessary to transfer personal data to external bodies. This transfer takes place exclusively under certain conditions: if the transfer is necessary for the performance of a contract, if there is a legal obligation, for example to tax authorities, if a legitimate interest in accordance with art. 6 para 1 lit. f GDPR, or if another legal basis allows the data transmission. When using external service providers for data processing, the transfer of personal data takes place exclusively on the basis of a valid contract for order processing in accordance with Art. 28 GDPR. If a joint processing of the data with other entities takes place, a contract for joint processing in accordance with art. 26 GDPR completed.
Withdrawal of consent for data processing
Certain data processing can only take place with your express consent. This consent can be revoked at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.
Right to object to specific data processing and advertising measures (Art. 21 GDPR)
Processing of your personal data takes place on the basis of art. 6 para 1 lit. E or F DSGVO, you have the right to object to this processing at any time, provided you have reasons arising from your particular situation. This also applies to profiling, which is based on these provisions. The concrete legal basis of data processing can be found in this data protection declaration. In the event of an objection, the controller will no longer process your personal data, unless compelling legitimate reasons can be proven that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (opposition according to Art. 21 para 1 GDPR).
If your personal data is used for direct marketing purposes, you have the right to object to this processing at any time. This also applies to profiling, if it is in connection with direct marketing. After your objection, the controller will no longer use your personal data for these advertising purposes (objection according to Art. 21 para 2 GDPR).
Rights under the General Data Protection Regulation
You have the right to file a complaint with a competent supervisory authority in the event of breaches of the GDPR. That right may be exercised, in particular, in the Member State where the habitual residence, workplace or place of alleged infringement is located. Other administrative or judicial remedies shall remain unaffected.
Personal data that is processed automatically on the basis of consent or to fulfil a contract can be requested in a structured, common and machine-readable format. If desired, this data can also be transmitted directly to another controller, if this is technically possible.
Each data subject has the right to obtain free of charge information about his stored personal data, their origin, recipients and the purpose of the data processing. In addition, there is a right to rectification or deletion of this data, if legal provisions allow this. For further questions or concerns about personal data, contact can be made with the controller at any time.
There is a right to request the restriction of the processing of personal data if the accuracy of the data is disputed and pending verification. Even in the case of unlawful processing, the restriction of data processing may be requested instead of deletion. Furthermore, the restriction may be required if the data are no longer needed, but are necessary to assert, exercise or defend legal claims. In case of objection to the processing in accordance with art. 21, par. 1 GDPR, until the clarification of whose interests predominate, there is also the right to restriction.
If personal data are restricted in the processing, they may, apart from storage, only be processed with the consent of the data subject or in order to assert, exercise or defend legal claims, protect the rights of other natural or legal persons or for reasons of an important public interest of the EU or a Member State.
2. Accountable person
The person responsible for the data processing on this website in the sense of the General Data Protection Regulation (GDPR) is:
Company:
TO THE BONE GmbH
Torstraße 96, 10119 Berlin
info@tothebone.berlin
+49 30 40753440
3. Processors
The cooperation takes place with various processors who process data on behalf. These service providers are contractually obliged to treat the data confidentially and to use it exclusively within the framework of the respective service. In addition, there are cases where the responsibility for data processing is shared with other bodies. In such cases, responsibilities are transparently regulated and documented to ensure compliance with data protection requirements.
4. Definitions
In order to ensure the transparency of this data protection declaration and to make it understandable to everyone, this declaration primarily uses terms that are also defined in the General Data Protection Regulation (GDPR). The full legal definitions can be found in Art. 4 GDPR. The most important terms in connection with this data protection declaration are explained below:
Personal data: this shall include any information relating to an identified or identifiable natural person (‘data subject’). A person is considered identifiable if he or she can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more specific characteristics that are an expression of that person’s physical, physiological, genetic, psychological, economic, cultural or social identity.
Processing: This term covers any act or series of acts performed in connection with personal data, whether performed with or without the assistance of automated procedures. This may include collecting, collecting, organizing, ordering, storing, adapting or modifying, reading, querying, using, disclosing by transmission, dissemination or any other form of providing, matching or linking, restricting, erasing or destroying data.
Responsible: This is the natural or legal person, authority, body or other body which alone or together with others decides on the purposes and means of processing personal data.
Processor: A natural or legal person, authority, entity or other entity that processes personal data on behalf of the Controller.
Consent: Any voluntary, for the specific case, informed and unambiguous expression of intent, in the form of a declaration or other clear confirmatory act, by which the data subject indicates that he or she agrees to the processing of personal data concerning him or her.
Website: The Website means the entire Internet offer provided by the Controller under a specific URL. This includes all content, information, functions and services published by the Controller, which are made accessible to the user via this URL. The Website serves as a digital platform for providing information, services and interaction between the Controller and the Users.
Terminal equipment: A terminal is an electronic device that is able to access the Internet and load web pages. These include computers, laptops, tablets and smartphones.
These definitions help to better understand the privacy policy and to understand the meaning of the terms used.
5. Hosting
This website is hosted on the servers of an external service provider to ensure you a reliable and secure use of this online offer.
The data processing by the hosting provider takes place in accordance with art. 6 para 1 lit. f GDPR, as the controller has a legitimate interest in providing a stable and secure website. If it is necessary to obtain the consent of the user (for example for the use of certain cookies or tracking technologies), the data processing is based on the consent of the user in accordance with art. 6 para 1 lit. a GDPR and § 25 para. 1 TTDSG. You can revoke your consent at any time with effect for the future.
The hosting provider is:
CLOUDWAYS
101 6th Ave, New York, NY 10013, United States
Details about data processing and data protection can be found in the data protection declaration of the hosting provider.
These can be found here: https://www.cloudways.com/en/terms.php#privacy
In order to ensure that your data is processed in accordance with the applicable data protection regulations, a contract for order processing (AVV) has been concluded with the hosting provider. This contract obliges the hosting provider to process the personal data of website visitors exclusively according to the instructions of the controller and in accordance with the GDPR. The hosting provider guarantees comprehensive protection of your data through technical and organizational measures.
6. Legal basis of data processing
The processing of your personal data takes place on the basis of the General Data Protection Regulation (GDPR) and other relevant legal provisions. Depending on the purpose of the data processing, different legal bases are used.
If you have consented to the processing of your personal data, this is done on the basis of your consent in accordance with art. 6 para 1 lit. a GDPR. This applies in particular to the processing of special categories of personal data in accordance with Art. 9 para 2 lit. a GDPR as well as for the transfer of personal data to third countries according to art. 49 para 1 lit. a GDPR. Your consent can be revoked at any time.
The processing of your data may be necessary for the performance of a contract or for the implementation of pre-contractual measures and in this case takes place on the basis of art. 6 para 1 lit. b GDPR. In addition, processing may be necessary to comply with legal obligations, which then, according to art. 6 para 1 lit. c GDPR.
In certain cases, processing takes place to safeguard the legitimate interests of the Controller or a third party, unless your interests or fundamental rights and freedoms predominate. This processing is based on art. 6 para 1 lit. f DSGVO.
For certain processing operations, national regulations may also apply, such as § 25 TTDSG for the storage of cookies or access to information on your device. The applicable legal bases are explained in detail in the specific sections of this data protection declaration.
If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, the processing of your data takes place on the basis of art. 6 para 1 lit. b GDPR. For the fulfilment of a legal obligation, the data processing is based on art. 6 para 1 lit. c GDPR. In addition, data processing on the basis of legitimate interests in accordance with art. 6 para 1 lit. f GDPR. The specific legal bases in individual cases are explained in the following sections of this data protection declaration.
7. Data transfer to unsafe third countries and non-DPF certified US companies
If tools are used on this website by companies based in third countries that are insecure under data protection law, or if US tools are used whose providers are not certified according to the EU-US Data Privacy Framework (DPF), your personal data may be transferred to and processed in these countries. It should be noted that in third countries which are insecure under data protection law, no level of data protection equivalent to that of the EU can be guaranteed. For the US as an insecure third country, no data protection level comparable to the EU is guaranteed. A data transfer to the USA is therefore only permitted if the recipient either has a certification under the "EU-US Data Privacy Framework" (DPF) or has suitable additional guarantees. Detailed information on possible transfers to third countries including data recipients can be found in this data protection declaration.
8. Storage time
If no more specific storage period has been mentioned within this data protection declaration, personal data will remain with the controller until the purpose for data processing ceases. If a legitimate erasure request is asserted or a consent to data processing is revoked, the data in question will be deleted unless there are other legally permissible reasons for storing the personal data (e.g. tax or commercial retention periods). In these cases, the deletion takes place after these reasons have been omitted.
The Controller only stores personal data for as long as it is necessary to fulfill the respective purposes for which the data were collected. This includes in particular the fulfillment of contractual obligations, compliance with statutory retention periods and the safeguarding of the legitimate interests of the controller, such as IT security and protection against abuse. If the processing of personal data is based on consent, the storage takes place until the revocation of this consent by the data subject. Such revocation is possible at any time with effect for the future. Thereafter, the data will be deleted immediately, unless there are statutory storage obligations or other overriding legal reasons that require further storage.
In summary, personal data will be deleted after the purpose has been fulfilled or the legal basis for storage has ceased to exist, unless there are still legal obligations or legitimate interests that justify further storage.
9. Security measures and data minimisation
Comprehensive technical and organisational measures are taken to effectively protect your personal data from accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access. It is ensured that only the data strictly necessary for the respective purpose are collected and processed. This data minimisation strategy helps to significantly reduce the risk of misuse and unauthorised access. The security measures are continuously adapted to the state of the art in order to ensure the protection of your data at a high level.
10. SSL/TLS encryption
In order to protect the security of your data during transmission, state-of-the-art encryption methods (e.g. SSL or TLS) are used over HTTPS. SSL (Secure Socket Layer) Transport Layer Security (TLS) are protocols for encrypting data transmissions on the Internet. This ensures that the data exchanged between your browser and the server is protected from unauthorized access. An encrypted connection can be recognized by the fact that the address line of the browser changes from "http://" to "https://" and at the lock icon in your browser line.
11. Encrypted payment transactions via the website
If, after the conclusion of a paid contract, there is an obligation to transmit payment data (e.g. account number in the case of a debit authorization) to the responsible party, the data transmission is encrypted. This encryption technology offers high protection of payment data and prevents access by third parties. The encrypted transmission path can be recognized by the fact that the address line of the browser changes from "http://" to "https://" and the lock icon is displayed in the browser line. The use of SSL or TLS ensures that payment data is treated securely and confidentially.
12. Storage of user information in log files
Every time you access the website, information of a general nature is automatically collected that your browser transmits to the server. This information is stored in so-called log files and usually includes:
a) IP address of the requesting computer
b) Date and time of access
c) Name and URL of the retrieved file
d) Website from which the access is made (referrer URL)
e) Browser and User Agent String used
f Operating system
g) Name of your access provider
h) HTTP status code
This data is stored for security reasons, to ensure a smooth connection setup of the website, for comfortable use of the website, to evaluate the system security and stability as well as for other administrative purposes.
The legal basis for data processing is art. 6 para 1 lit. f DSGVO. The legitimate interest arises from the aforementioned data collection purposes. In no case will the data collected be used for the purpose of drawing conclusions about you. The stored data will be anonymized or deleted if there are no legal storage obligations.
13. Cookies
This website uses cookies. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone or the like) when you visit the page. Cookies do not cause any damage on your device, do not contain viruses, Trojans or other malware.
The cookie stores information that arises in connection with the specific device used. However, this does not mean that the responsible person will immediately become aware of your identity.
The use of cookies serves on the one hand to make the use of the offer more pleasant for you. The responsible person uses so-called session cookies to recognize that you have already visited individual pages of the website. These are automatically deleted after leaving the page.
In addition, the Controller also uses temporary cookies to optimize the user-friendliness, which are stored on your device for a specified period of time. If you visit the page again to use the services, it will automatically recognize that you have already been there and which inputs and settings you have made in order not to have to enter them again.
On the other hand, the responsible person uses cookies to statistically record the use of the website and to evaluate it for the purpose of optimizing the offer for you. These cookies allow the responsible person to automatically recognize that you have already been there when you visit the site again. These cookies are automatically deleted after a defined time.
The data processed by cookies are for the mentioned purposes for the protection of the legitimate interests of the controller and third parties according to art. 6 para 1 s. 1 lit. f GDPR is required.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may result in you not being able to use all the functions of the website.
14. Cookie Consent Banner
This website uses a Cookie Consent banner to manage your consent to use cookies. The provider of this service is:
CookieYes Limited
3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom
For more information on data processing click at: https://www.cookieyes.com/privacy-policy/
Operation and purpose
The Cookie Consent Banner sets a technically necessary cookie to store your cookie consents. This cookie does not process any personal data. It merely stores your chosen settings you made when you entered the site, including:
a Consent or refusal of certain cookies
b) Date of consent
c) Duration of storage of settings
d) Legal basis of data processing
The data processing by the Cookie Consent Banner takes place according to art. 6 para 1 lit. f DSGVO. The legitimate interest of the Controller is to ensure the legitimate consent to the use of cookies. If consent has been requested, the processing is based on art. 6 para 1 lit. a GDPR.
Storage period and deletion
The stored data remains stored until you delete the cookies in your browser yourself or revoke the consents. You can change your settings at any time in the cookie settings of this website.
15. Use of the contact form
For questions of any kind, it is possible to contact the controller via a form provided on this website. In order to know from whom the request originates and to be able to answer it, the following data is required: Paulina Olechowska, info@tothebone.berlin
The data processing for the purpose of contacting the controller takes place according to art. 6 para 1 s. 1 lit. a DSGVO on the basis of the voluntarily granted consent.
The personal data collected for the use of the contact form will be deleted regularly after the request has been completed.
16. Requests by e-mail or telephone
It is possible to send inquiries to the responsible person by e-mail or by telephone. The personal data transmitted (e.g. name, e-mail address, telephone number and the request itself) will be processed and stored by the controller exclusively for the purpose of processing the request and any follow-up questions.
The legal basis for this data processing is art. 6 para 1 lit. b GDPR, as the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures. If the processing is not related to a contract, it is done on the basis of art. 6 para 1 lit. f GDPR, as the controller has a legitimate interest in processing and answering inquiries.
17. Prohibition of sending advertising e-mails
The use of the contact data published in the imprint for sending unsolicited advertising and information materials is hereby prohibited. Any unauthorized use of the contact data for advertising purposes constitutes a violation of the rights of the operator of this website and is not tolerated. The operator of this website expressly reserves the right to take legal action in the event of breaches, in particular in the case of unsolicited sending of advertising information such as spam emails.
18. Newsletter
If you would like to obtain the newsletter offered on the website, the controller needs a valid e-mail address from you as well as information that allows you to verify that you are the owner of the specified e-mail address and agree to receive the newsletter (double opt-in procedure). No further data will be collected. These data are used exclusively for the sending of the requested information and are not disclosed to third parties.
The processing of the data entered in the newsletter registration form takes place exclusively on the basis of your consent in accordance with art. 6 para 1 lit. a GDPR. You can revoke the consent given to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "delivery" link in the newsletter or by a corresponding message to the responsible person. The legality of the already completed data processing remains unaffected by the revocation.
The data stored by you for the purpose of the newsletter reference will be stored from the newsletter until your publication and deleted after the newsletter has been unsubscribed. Data stored by the Controller for other purposes (e.g. e-mail addresses for the member area) remains unaffected.In addition, technical and organizational security measures are used to protect your personal data against manipulation, loss, destruction or access by unauthorized persons. These safety measures will be continuously improved in line with technological developments.
19 Use of analysis and tracking tools
Analysis and tracking tools are used to ensure a needs-based design and continuous optimization of this website. These measures help to statistically record the use of this website and thus optimize the offer for you. The storage and analysis of the data takes place on the basis of art. 6 para 1 s. 1 lit. f DSGVO, as the provider has a legitimate interest in offering an appealing and functional website.
If a corresponding consent has been obtained, the processing is additionally based on art. 6 para 1 s. 1 lit. a GDPR and § 25 para. 1 TTDSG, provided that the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting). This consent can be revoked at any time.
Google Ads Tracking
Google Ads Tracking is used, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Ads Tracking uses cookies to measure the effectiveness of advertising campaigns and analyze your use of this website. The information provided by the cookie about your use of this website is usually transmitted to Google servers in the USA and stored there.
Google is certified under the EU-US Data Privacy Framework (DPF), which ensures adequate protection for the transfer of personal data from the EU to the US. Every company certified under the DPF is committed to complying with these strict data protection standards. For more information on the EU-US DPF click at: https://www.dataprivacyframework.gov/
For more information on privacy at Google Ads Tracking, visit: https://policies.google.com/privacy.
Google AdSense
Google AdSense is used, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google AdSense uses cookies to display personalized advertisements on this website and analyze ad performance. The information provided by the cookie about your use of this website is usually transmitted to Google servers in the USA and stored there.
Google is certified under the EU-US Data Privacy Framework (DPF), which ensures adequate protection for the transfer of personal data from the EU to the US. Every company certified under the DPF is committed to complying with these strict data protection standards. For more information on the EU-US DPF click at: https://www.dataprivacyframework.gov.
For more information on privacy at Google AdSense click at: https://policies.google.com/privacy.
Google Analytics
Google Analytics is used, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies to enable an analysis of your use of the website. The information provided by the cookie about your use of this website is usually transmitted to Google servers in the USA and stored there. However, by activating IP anonymization on this website, your IP address will be previously shortened by Google within Member States of the European Union or in other Contracting States of the Agreement on the European Economic Area.
Google is certified under the EU-US Data Privacy Framework (DPF), which ensures adequate protection for the transfer of personal data from the EU to the US. Every company certified under the DPF is committed to complying with these strict data protection standards. For more information on the EU-US DPF click at: https://www.dataprivacyframework.gov.
For more information on privacy at Google Analytics click at: https://policies.google.com/privacy.
Google Conversion Tracking
Google Conversion Tracking is used, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Conversion Tracking uses cookies to measure the effectiveness of ads and analyze your use of this website. The information provided by the cookie about your use of this website is usually transmitted to Google servers in the USA and stored there.
Google is certified under the EU-US Data Privacy Framework (DPF), which ensures adequate protection for the transfer of personal data from the EU to the US. Every company certified under the DPF is committed to complying with these strict data protection standards. For more information on the EU-US DPF click at: https://www.dataprivacyframework.gov.
For more information on privacy in Google Conversion Tracking, visit: https://policies.google.com/privacy.
Google Tag Manager
Google Tag Manager is used, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The Google Tag Manager itself does not use cookies and does not collect any personal data. The tool triggers other tags that may collect data. Google Tag Manager does not access this data.
Google is certified under the EU-US Data Privacy Framework (DPF), which ensures adequate protection for the transfer of personal data from the EU to the US. For more information on the EU-US DPF click at: https://www.dataprivacyframework.gov.
For more information on privacy at Google Tag Manager, visit: https://policies.google.com/privacy.
Hotjar
Hotjar is used, a web analysis service provided by Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta ("Hotjar"). Hotjar uses cookies to analyze and visually represent user behavior on this website. The information provided by the cookie about your use of this website is stored on servers within the European Union.
For more information on data protection at Hotjar click at: https://www.hotjar.com/en/datenschutz/.
20. Social Media Plugins
This section informs you about the integration and use of social media on this website. This includes details about data processing and your rights in connection with the use of social media plugins and their functions.
21. Appointment booking or calendar tool
This website uses an appointment booking or calendar tool to help you plan and book appointments. This tool makes it possible to manage appointments and process your booking requests efficiently.
The use of this appointment booking or calendar tool is based on your consent in accordance with art. 6 para 1 lit. a GDPR and § 25 para. 1 TTDSG, as consent to the use of cookies and other tracking technologies is required. Your consent serves the efficient management and confirmation of your appointment bookings. Consents are revocable at any time with effect for the future.
Below you will find detailed information about the appointment booking or calendar tool:
This website uses the following appointment booking or calendar tool: The Fork
La Fourchette
Company headquarters: 70, rue Saint-Lazare, 75009 Paris, France
Further information on data processing can be found at: https://www.thefork.de/legal#datenschutzerklarung-und-cookiepolitik
22. CDN service
To optimize loading times and to ensure reliable provision of the content of this website, a Content Delivery Network (CDN) is used. This network distributes the content on different servers worldwide to ensure fast and secure data transmission. Personal data such as IP addresses are also processed.
The use of the CDN service is based on the consent according to art. 6 par. 1 lit. a GDPR and § 25 para. 1 TTDSG. The controller has a legitimate interest in optimizing website performance and ensuring IT security. Consents are revocable at any time with effect for the future.
Below you will find detailed information about the CDN service:
Cloudflares
Cloudflare is used to improve the performance and security of this website. Cloudflare is a service of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare provides content delivery network (CDN) and DDoS protection solutions. When this website is visited, certain data (e.g. IP address, browser type, access time) is transmitted to Cloudflare and stored there.
Cloudflare uses this data to optimize content delivery and ensure website security. Your data can be transferred to the USA and stored there. Cloudflare may also share this information with third parties if required by law or if third parties process this data on behalf of Cloudflare.
For more information about Cloudflare’s data processing, see Cloudflare’s privacy policy at: https://www.cloudflare.com/privacypolicy/.
23. Conclusion of contracts for services or digital content
When concluding contracts for services or digital content, the Controller collects and processes your personal data in order to fulfil the contractual obligations. This data includes in particular your contact information such as name, address, e-mail address and relevant information about the use of the services or digital content.
The processing of your data takes place on various legal bases: According to Art. 6 para 1 lit. b DSGVO, the Controller processes your data for the performance of the contract and for the implementation of pre-contractual measures, such as the provision and use of the services. In addition, the processing takes place according to type. 6 par. 1 lit. c GDPR for the fulfilment of legal obligations, including compliance with legal storage obligations. In addition, the processing takes place in accordance with art. 6 para 1 lit. f GDPR to safeguard legitimate interests, for example to improve services and to ensure IT security.
The data collected will be used exclusively for the execution and fulfillment of the contracts and deleted after conclusion of the contractual relationship as well as expiry of any statutory retention periods. Your data may be passed on to third parties involved in the provision of services as part of the performance of the contract, such as IT service providers. These third parties are contractually obliged to treat your data confidentially and to use it exclusively in the context of the provision of services.
The controller ensures that the transfer of your data takes place only insofar as this is necessary for the performance of the contract. A further transmission of the data does not take place, unless you have expressly consented to the transmission. Your data will not be passed on to third parties without express consent, for example for advertising purposes.
24. Credit check before conclusion of the contract
In order to ensure the solvency of customers, credit checks can be carried out under certain circumstances before a contract is concluded. These checks serve to minimize the risk of defaults and to ensure a secure business relationship.
As part of the credit check, personal data such as name, address, date of birth and contact data can be transmitted to specialised credit bureaus. These credit bureaus use the data to determine the creditworthiness and provide the relevant information. The credit assessment shall be carried out solely for the purpose of assessing credit risk and deciding on the establishment, implementation or termination of a contractual relationship.
The processing of personal data for the credit check is carried out on the basis of art. 6 para 1 lit. b GDPR, as it is necessary for the implementation of pre-contractual measures, which take place on your request. In addition, the processing takes place on the basis of art. 6 para 1 lit. f GDPR for the protection of legitimate interests, namely the protection against payment defaults and the securing of the performance of the contract.
If the credit check is negative, the person responsible reserves the right to refuse to conclude the contract or to offer alternative payment methods. Of course, all data collected and processed in the context of the credit check will be treated confidentially in accordance with the applicable data protection regulations and stored only for as long as this is necessary for the purpose of the credit check. A further transmission of the data to third parties does not take place, unless the transmission has been expressly agreed.
25. Third party payment services
This website uses third-party payment services to ensure you a safe and convenient payment option. If you make a purchase via the Website, your payment data (e.g. name, payment amount, account details, credit card number) will be processed directly by the respective payment service provider for the purpose of payment processing. For this purpose, the contractual and data protection provisions of the corresponding provider apply.
The processing of your data takes place on the basis of art. 6 para 1 lit. b GDPR for the performance of the contract and in the interest of a smooth, comfortable and secure payment process in accordance with art. 6 para 1 lit. f DSGVO. As far as your consent is necessary for certain actions, the data processing takes place on the basis of art. 6 para 1 lit. a GDPR. Consents are revocable at any time with effect for the future.
PayPal
You have the option to pay for your purchases via PayPal. PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. When you use PayPal, your payment information is collected and processed directly by PayPal.
PayPal is certified under the EU-US Data Privacy Framework (DPF), which provides adequate protection for the transfer of personal data from the EU to the US. Any company certified under the DPF is committed to complying with these strict data protection standards. Further information on the EU-US DPF can be found at: www.dataprivacyframework.gov.
Additional information about the processing of your personal data by PayPal can be found in the PayPal Privacy Policy at: https://www.paypal.com/en/webapps/mpp/ua/privacy-full.
Stripe
You have the option to pay for your purchases through Stripe. Stripe is a payment service provided by Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. When you use Stripe, your payment information is collected and processed directly by Stripe.
Additional information about the processing of your personal data by Stripe can be found in the Stripe Privacy Policy at: https://stripe.com/en/privacy.
26. Application data collection
This website uses an application form to enable applications for vacancies. The form is used to collect relevant information from applicants and to make the application process efficient.
In the context of the application form, the following personal data are collected and processed: Personal contact data such as name, address, e-mail address and telephone number, application documents such as CV and cover letter, proof and qualifications such as certificates and certificates and other voluntary information.
The data collected will be used exclusively for the purpose of processing the application and for establishing contact in the context of the application process. The data will only be passed on to third parties if this is necessary to carry out the application procedure or if the applicant has expressly consented.
Application documents will be stored until the completion of the application process and beyond for a period of a maximum of six months, unless explicitly agreed to a longer storage period. The data will then be deleted, unless statutory retention periods oppose this.
Applicants have the right to obtain at any time information about the personal data processed by the Controller, as well as the right to rectification, deletion or restriction of the processing of the data. Likewise, there is the right to data portability and the right to complain to a data protection supervisory authority.
The processing of the data takes place on the basis of art. 6 para 1 lit. b GDPR for the implementation of pre-contractual measures, in particular for the processing of the application and for the implementation of the application procedure, as well as in the legitimate interest in a smooth and efficient application process according to art. 6 para 1 lit. f DSGVO. As far as the consent of the applicant is necessary for certain actions, the data processing takes place on the basis of art. 6 para 1 lit. a GDPR. Consents are revocable at any time with effect for the future.