1) Introduction and Contact Information of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data includes all data with which you can be personally identified.

1.2 Controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is MOKAPS represented by Mykhaylo Novokhatko, Albrecht-Dürer-Straße 15, 81543 Munich, Phone: +498941325058, Email: contact@mokaps.com. The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website for purely informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website:

• Our visited website
• Date and time of access
• Amount of data sent in bytes
• Source/reference from which you accessed the page
• Used browser
• Used operating system
• Used IP address (if applicable, in anonymized form)

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. There is no further disclosure or other use of the data. However, we reserve the right to retrospectively check the server log files should concrete evidence point to unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

3) Cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use cookies, small text files that are stored on your end device. Some of these cookies are automatically deleted after closing your browser (so-called “session cookies”), while others remain on your end device and enable the storage of page settings (so-called “persistent cookies”). In the latter case, you can find the storage duration in the cookie settings of your web browser.

If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of a contract, according to Art. 6 para. 1 lit. a GDPR in case of given consent, or according to Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a user-friendly and effective design of the page visit.

You can set your browser to inform you about the setting of cookies and decide on their acceptance individually or exclude the acceptance of cookies for specific cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be restricted.

4) Contact

When contacting us (e.g., via contact form or email), personal data will be processed exclusively for the purpose of processing and responding to your request, and only to the extent necessary for that purpose.

The legal basis for processing this data is our legitimate interest in responding to your request, pursuant to Art. 6(1)(f) GDPR. If your contact is related to a contract, additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted when it can be inferred from the circumstances that the relevant matter has been conclusively clarified, and provided that there are no legal retention obligations.

5) Use of Customer Data for Direct Marketing

Subscription to our email newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and is used to personally address you. For newsletter delivery, we use the double opt-in procedure to ensure that you receive the newsletter only after confirming your consent through a verification link sent to the provided email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. We store your IP address, as well as the date and time of registration, as provided by the internet service provider (ISP), to trace any potential misuse of your email address at a later date. The data collected during newsletter registration is strictly used for the intended purpose and not shared with third parties.

You can unsubscribe from the newsletter at any time through the link provided in the newsletter or by sending a corresponding message to the responsible party mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data, or we reserve the right to use your data beyond what is legally permitted, as explained in this statement.

6) Order Processing

6.1 For the purpose of order processing for delivery and payment, the personal data collected by us according to Art. 6(1)(b) GDPR will be forwarded to the contracted shipping company and the commissioned bank.

If, based on a corresponding contract, we owe updates for goods with digital elements or for digital products, we process the contact data (name, address, email address) provided by you during the order to inform you personally, in compliance with our legal obligations according to Art. 6(1)(c) GDPR, using a suitable communication method (e.g., postal mail or email) within the legally prescribed period. Your contact data will be strictly used for notifications about updates owed by us and processed by us only to the extent necessary for the respective information purpose.

In addition, for order processing, we cooperate with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the information provided below.

6.2 Use of Payment Service Providers (Payment Services)

– Apple Pay

When choosing the payment method “Apple Pay” from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment process is carried out through the “Apple Pay” function on your iOS, watchOS, or macOS device by debiting a payment card stored in “Apple Pay.” Apple Pay uses security features integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you need to enter a code previously set by you and verify it using the “Face ID” or “Touch ID” function of your device.

For the purpose of payment processing, your information provided during the ordering process, along with information about your order, is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting it to the payment service provider of the payment card stored in Apple Pay for payment execution. The encryption ensures that only the website on which the purchase was made can access the payment data. After the payment is made, Apple sends the website a confirmation of payment success, including your device account number and a transaction-specific, dynamic security code.

If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing according to Art. 6(1)(b) GDPR.

Apple retains anonymized transaction data, including the approximate purchase amount, date and time, whether the transaction was successful, and information about the purchased goods or services. Anonymization completely excludes any personal reference. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services.

If you use Apple Pay on the iPhone or Apple Watch to complete a purchase made through Safari on the Mac, the Mac and the authorization device communicate via an encrypted channel to Apple’s servers. Apple does not process or store any of this information in a format that can identify you. You can disable the option to use Apple Pay on your Mac in the settings of your iPhone. Go to “Wallet & Apple Pay” and disable “Allow payments on Mac.”

For more information on data protection with Apple Pay, please visit the following website: https://support.apple.com/de-de/HT203027
– bancontact

This website offers one or more online payment methods from the following provider: Bancontact Payconiq Company, Rue d’Arlon 82, 1040 Brussels, Belgium

When selecting a payment method from a provider where you pay in advance (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number) will be transmitted to them according to Art. 6(1)(b) GDPR. The disclosure of your data is solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
– EPS transfer

This website offers one or more online payment methods from the following provider: PSA Payment Services Austria GmbH, Handelskai 92, Gate 2,1200 Vienna, Austria

When selecting a payment method from a provider where you pay in advance (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number) will be transmitted to them according to Art. 6(1)(b) GDPR. The disclosure of your data is solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
– giropay

This website offers one or more online payment methods from the following provider: paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany

When selecting a payment method from a provider where you pay in advance (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number) will be transmitted to them according to Art. 6(1)(b) GDPR. The disclosure of your data is solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

– Google Pay

When choosing the payment method “Google Pay” from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment process is carried out through the “Google Pay” application on your mobile device running at least Android 4.4 (“KitKat”) and equipped with an NFC function by debiting a payment card stored in Google Pay or a verified payment system (e.g., PayPal). To authorize a payment via Google Pay in excess of €25, unlocking your mobile device with the verification method configured (e.g., facial recognition, password, fingerprint, or pattern) is required.

For the purpose of payment processing, your information provided during the order process, along with information about your order, is transmitted to Google. Google then transmits your payment information stored in Google Pay in the form of a uniquely assigned transaction number to the originating website, verifying a completed payment. This transaction number contains no information about the real payment data of your payment methods stored in Google Pay but is created and transmitted as a uniquely valid numerical token. In all transactions via Google Pay, Google only acts as an intermediary for payment processing. The transaction is carried out exclusively between the user and the originating website by debiting the payment method stored in Google Pay.

If personal data is processed in the described transmissions, the processing is carried out exclusively for the purpose of payment processing according to Art. 6(1)(b) GDPR.

Google reserves the right to collect, store, and analyze certain transaction-specific information for every transaction made via Google Pay. This includes the date, time, and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos attached to the transaction by you, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description for the reason of the transaction, and possibly the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Art. 6(1)(f) GDPR based on the legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the Google Pay service.

Google also reserves the right to merge the processed transaction data with additional information collected and stored by Google when using other Google services.

The terms of use for Google Pay can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
For further information on data protection with Google Pay, please visit the following website:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

– iDeal

This website offers one or more online payment methods from the following provider: Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands

When selecting a payment method from a provider where you pay in advance (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number) will be transmitted to them according to Art. 6(1)(b) GDPR. The disclosure of your data is solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
– Klarna

This website offers one or more online payment methods from the following provider: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

When selecting a payment method from a provider where you pay in advance (e.g., credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number) will be transmitted to them according to Art. 6(1)(b) GDPR. The disclosure of your data is solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

When selecting a payment method where the provider pays in advance (e.g., invoice or installment purchase or direct debit), you will also be prompted during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and possibly data for an alternative payment method).

In order to protect our legitimate interest in determining the creditworthiness of our customers, this data is transmitted by us according to Art. 6(1)(f) GDPR for the purpose of a credit check to the provider. The provider checks whether the selected payment method can be granted in view of payment and/or default risks based on the personal data provided by you and other data (such as shopping cart, invoice amount, order history, payment experience).

In making the decision as part of the application process, identity and creditworthiness information from the following credit agencies may be included, in addition to provider-internal criteria according to Art. 6(1)(f) GDPR:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). If score values are involved in the result of the credit report, they are based on a scientifically recognized mathematical-statistical method. The calculation of score values includes, among other things, but not exclusively, address data.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.
– Masterpayment

This website offers one or more online payment methods from the following provider: Masterpayment LTD, 483 Green Lanes, London, N13 4BS, United Kingdom

When selecting a payment method from the provider where you pay in advance (such as credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number) will be transmitted to them according to Art. 6(1)(b) GDPR. The disclosure of your data is solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

When selecting a payment method where the provider pays in advance (such as invoice or installment purchase or direct debit), you will also be prompted during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and possibly data for an alternative payment method).

In order to protect our legitimate interest in determining the creditworthiness of our customers, this data is transmitted by us according to Art. 6(1)(f) GDPR for the purpose of a credit check to the provider. The provider checks whether the selected payment method can be granted in view of payment and/or default risks based on the personal data provided by you and other data (such as shopping cart, invoice amount, order history, payment experience).

In making the decision as part of the application process, identity and creditworthiness information from the following credit agencies may be included, in addition to provider-internal criteria according to Art. 6(1)(f) GDPR:

• CCreditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany Tel.: +49 (0)2131-109-501, Fax: -557
• CRIF GmbH, Friesenweg 4, House 12, 22763 Hamburg, Germany Tel.: +49 (0)40-89803-0, Fax: -419
• SCHUFA Holding AG, Kormoranweg 5, D-65201 Wiesbaden, Germany Tel.: +49 (0)611-9278-0, Fax: -109

The credit report may contain probability values (so-called score values). If score values are involved in the result of the credit report, they are based on a scientifically recognized mathematical-statistical method. In the calculation of score values, among other things, but not exclusively, address data is included.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.
– Paydirekt

This website offers one or more online payment methods from the following provider: paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany

When selecting a payment method from the provider where you pay in advance (such as credit card payment), your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number) will be transmitted to them according to Art. 6(1)(b) GDPR. The disclosure of your data is solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
– Paypal

This website offers one or more online payment methods from the following provider: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

When selecting a payment method from the provider where you pay in advance, your payment data provided during the order process (including name, address, bank and payment card information, currency, and transaction number) will be transmitted to them according to Art. 6(1)(b) GDPR. The disclosure of your data is solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

When selecting a payment method where we pay in advance, you will also be prompted during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and possibly data for an alternative payment method).

In order to protect our legitimate interest in determining the creditworthiness of our customers, this data is transmitted by us according to Art. 6(1)(f) GDPR for the purpose of a credit check to the provider. The provider checks whether the selected payment method can be granted in view of payment and/or default risks based on the personal data provided by you and other data (such as shopping cart, invoice amount, order history, payment experience).

The credit report may contain probability values (so-called score values). If score values are involved in the result of the credit report, they are based on a scientifically recognized mathematical-statistical method. In the calculation of score values, among other things, but not exclusively, address data is included.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.
– Paypal Checkout

This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal’s own payment methods and local payment methods from third-party providers.

For payment via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – “Pay Later” via PayPal, we will provide your payment data as part of the payment process to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer is made according to Art. 6(1)(b) GDPR and only to the extent necessary for the payment process.

For payment methods such as credit card via PayPal, direct debit via PayPal, or – if offered – “Pay Later” via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be transferred to credit agencies based on Art. 6(1)(f) GDPR. The result of the credit check regarding the statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are involved in the result of the credit report,

they are based on a scientifically recognized mathematical-statistical method. In the calculation of score values, among other things, but not exclusively, address data is included. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.

For the PayPal payment method “Invoice Purchase,” your payment data will be transmitted to PayPal for the preparation of the payment, after which PayPal will forward it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin (“Ratepay”). The legal basis is Art. 6(1)(b) GDPR. In this case, RatePay, on its own behalf, conducts an identity and creditworthiness check to determine payment capability based on the principle mentioned above and, due to the legitimate interest in determining payment capability according to Art. 6(1)(f) GDPR, provides your payment data to credit agencies. A list of the credit agencies that Ratepay can use can be found here: https://www.ratepay.com/legal-payment-creditagencies

When using the payment method of a local third-party provider, your payment data will initially be transmitted to PayPal for the preparation of the payment, in accordance with Art. 6(1)(b) GDPR. Depending on your selection of an available local payment method, PayPal will then transmit your payment data to the respective provider:

• Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 München, Germany)
• iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
• giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main)
• bancontact (Bancontact Payconiq Company, Rue d’Arlon 82, 1040 Brussels, Belgium)
• blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
• eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
• MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
• Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)

Further data protection information can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

7) Retargeting/ Remarketing and Conversion Tracking

7.1 Facebook Pixel for Creating Custom Audiences with Extended Data Matching (with Cookie Consent Tool)

Within our online offering, we use the “Facebook Pixel” service in the extended data matching mode from the following provider: Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Facebook”)

When a user clicks on a Facebook ad placed by us, the URL of our linked page is extended with a parameter using “Facebook Pixel.” This URL parameter is then entered into the user’s browser after redirection through a cookie set by our linked page. In addition, this cookie collects specific customer data such as the email address, which we collect on our website linked with the Facebook ad during processes like purchases, account logins, or registrations (extended data matching). The cookie is then read, enabling the transmission of data, including specific customer data, to Facebook.

We use “Facebook Pixel” with extended data matching to make our Facebook ads (so-called Facebook Ads) more effective and ensure that they match the interests of users or have certain features (e.g., interests in specific topics or products determined based on visited websites), which we transmit to Facebook (so-called “Custom Audiences”).

In addition, we analyze the effectiveness of our ads by tracking whether users were redirected to our website after clicking on an ad (Conversion). Compared to the standard version of “Facebook Pixel,” the extended data matching function helps us better measure the effectiveness of our advertising campaigns by capturing more attributed conversions.

All transmitted data is stored and processed by Facebook, allowing for assignment to the respective user profile. Facebook can use the data for its own advertising purposes in accordance with Facebook’s data usage policies (https://www.facebook.com/wbr>/about/wbr>/privacy/wbr>/). The data may enable Facebook and its partners to display ads on and off Facebook.

All the described processes, especially the setting of cookies to read information on the used device, are only carried out if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.

We have entered into a data processing agreement with the provider, ensuring the protection of data from our site visitors and prohibiting unauthorized disclosure to third parties.

The information generated by Facebook is usually transmitted to and stored on a Facebook server; in this context, there may also be a transfer to servers of Meta Platforms Inc. in the USA.

For data transfers to the USA, the provider has joined the EU-US Privacy Shield, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

7.2 Google Ads Remarketing

This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

For this purpose, Google sets a cookie in your device’s browser, which automatically enables interest-based advertising based on a pseudonymous cookie ID and the pages you have visited. Further data processing only occurs if you have given Google consent to link your internet and app browser history with your Google account and use information from your Google account to personalize ads you view on the web. If you are logged into your Google account during your visit to our website, Google uses your data along with Google Analytics data to create and define cross-device retargeting audience lists. Your personal data is temporarily linked with Google Analytics data to create audiences. In the context of using Google Ads Remarketing, personal data may also be transferred to the servers of Google LLC. in the USA.

All the described processes, especially the setting of cookies to read information on the used device, are only carried out if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. Without this consent, the use of retargeting technology will be omitted during your website visit.

You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website.

For data transfers to the USA, the provider has joined the EU-US Privacy Shield, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

7.3 Google Ads Conversion Tracking

This website uses the online advertising program “Google Ads” and, within Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

We use Google Ads to draw attention to our attractive offers with the help of advertising materials (so-called Google Adwords) on external websites. We can determine how successful individual advertising measures are in relation to the data of the advertising campaigns. This helps us display ads that are of interest to you, make our website more interesting for you, and achieve a fair calculation of the advertising costs incurred.

The conversion tracking cookie is set when a user clicks on a Google Ads ad. Cookies are small text files that are stored on your device. These cookies usually lose their validity after 30 days and do not serve personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot be tracked across the websites of Google Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users.

In the context of using Google Ads, personal data may also be transferred to the servers of Google LLC. in the USA.

Details on the processing initiated by Google Ads Conversion Tracking and Google’s handling of data from websites can be found here: https://policies.google.com/wbr>/technologies/wbr>/partner-sites

All the described processes, especially the setting of cookies to read information on the used device, are only carried out if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.

In addition to disabling Google Ads Conversion Tracking by setting cookies, you can permanently object by downloading and installing the browser plugin available at the following link:
https://www.google.com/wbr>/settings/wbr>/ads/wbr>/plugin/wbr>?hl=en

To address users with whom we have received data in the context of business or business-like relationships in a more targeted manner, we use the customer matching function within Google Ads. For this purpose, we transmit one or more files with aggregated customer data (mainly email addresses and phone numbers) electronically to Google. Google does not have access to clear data, but encrypts the information in the customer files automatically using a special algorithm during the transmission process. Google can then only use the encrypted information to associate it with existing Google accounts that the individuals have set up. This allows personalized advertising to be displayed across all Google services linked to the respective Google account.

The transmission of customer data to Google only occurs if you have given us explicit consent in accordance with Art. 6(1)(a) GDPR. You can revoke this consent at any time. Further information on Google’s data protection measures regarding the customer matching function can be found here: https://support.google.com/wbr>/google-ads/wbr>/answer/wbr>/6334160?hl=en&ref_topic=10550182
Google’s privacy policy is available here: https://www.google.de/wbr>/policies/wbr>/privacy/wbr>/

For data transfers to the USA, the provider has joined the EU-US Privacy Shield, which ensures compliance with the European data protection level based on an adequacy decision by the European Commission.

8) Tools and Miscellaneous

8.1 Cookie Consent Tool

This website uses a “Cookie Consent Tool” to obtain effective user consents for cookies that require consent and cookie-based applications. The “Cookie Consent Tool” is displayed to users as an interactive user interface when visiting the page, allowing users to give consent for specific cookies and/or cookie-based applications by checking the corresponding boxes. By using the tool, all cookies/services requiring consent are only loaded if the user has given the respective consents by checking the boxes. This ensures that such cookies are only set on the user’s device in case of explicit consent.

The tool uses technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.

In individual cases, the processing of personal data (such as IP address) may occur for the purpose of storing, assigning, or logging cookie settings. This is done according to Art. 6(1)(f) GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies, and thus in a legally compliant design of our online presence.

Another legal basis for processing is Art. 6(1)(c) GDPR. As controllers, we are legally obligated to make the use of technically unnecessary cookies dependent on the respective user’s consent.

If necessary, we have concluded a data processing agreement with the provider, ensuring the protection of data from our site visitors and prohibiting unauthorized disclosure to third parties.

Additional information about the operator and the settings of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.

8.2 All-In-One Security (AIOS)

For security purposes, this website uses the firewall service “All-In-One Security (AIOS)” from Updraft WP Software Ltd., 11 Barringer Way, St. Neots, Cambs. PE19 1LW, United Kingdom (“AIOS”).
AIOS protects the website and its associated IT infrastructure from unauthorized third-party access, cyber attacks, viruses, and malware. AIOS collects users’ IP addresses and, if necessary, additional data about your behavior on our website (especially accessed URLs and header information) to detect and defend against illegitimate page access and threats. The captured IP address is compared with a list of known attackers. If the captured IP address is identified as a security risk, AIOS may automatically block it from accessing the site.
The described data processing is carried out according to Art. 6(1)(f) GDPR based on our legitimate interests in protecting the website from harmful cyber attacks and maintaining the structural and data integrity and security.
We have concluded a data processing agreement with the provider, ensuring the protection of data from our site visitors and prohibiting unauthorized disclosure to third parties.
In the case of data transmission to the provider’s location, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

9) Rights of the Data Subject

9.1 The applicable data protection law grants you the following rights vis-à-vis the controller regarding the processing of your personal data (rights to information and intervention), with reference to the specified legal basis for each exercise condition:

• Right to information according to Art. 15 GDPR;
• Right to rectification according to Art. 16 GDPR;
• Right to erasure according to Art. 17 GDPR;
• Right to restriction of processing according to Art. 18 GDPR;
• Right to notification according to Art. 19 GDPR;
• Right to data portability according to Art. 20 GDPR;
• Right to withdraw consent granted according to Art. 7(3) GDPR;
• Right to lodge a complaint according to Art. 77 GDPR.

9.2 Right to Object

If we process your personal data within the framework of a balancing of interests based on our overriding legitimate interest, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future.

If you make use of your right to object, we will stop processing the relevant data. However, further processing is reserved if we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. You can exercise the objection as described above.

If you make use of your right to object, we will stop processing the relevant data for direct marketing purposes.

10) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and, if applicable, the respective statutory retention period (e.g., commercial and tax retention periods).

When processing personal data based on explicit consent according to Art. 6(1)(a) GDPR, the data concerned will be stored until you revoke your consent.

If there are legal retention periods for data processed in the context of contractual or quasi-contractual obligations based on Art. 6(1)(b) GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer necessary for the fulfillment or initiation of the contract, and/or there is no longer a legitimate interest on our part in continuing the storage.

When processing personal data based on Art. 6(1)(f) GDPR, this data will be stored until you exercise your right to object according to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

When processing personal data for the purpose of direct marketing based on Art. 6(1)(f) GDPR, this data will be stored until you exercise your right to object according to Art. 21(2) GDPR.

Unless otherwise indicated in the other information in this statement about specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.