Data Protection – Lang-Co! Friendsprache

Responsible body within the meaning of data protection law

Dr. phil. Daniela Christina Werthwein
Lang-Co! Friendsprache
Max-Beckmann-Straße 54
51375 Leverkusen, Germany

Telephone: +49 (0)214 31125032
Mobile: +49 (0)174 8935007
Email: info@langco-friendsprache.com

Privacy Policy

We are pleased about your visit to our website and your interest in our services. The protection of your personal data is important to us. We want you to know when we collect which data, how we use it, and which rights you have with regard to your data. In doing so, we naturally comply with all applicable data protection laws, in particular the General Data Protection Regulation (GDPR).

This privacy information informs you about which data we process in the context of the use of our website, for which purposes this takes place, and which options you have to object to the data processing or to withdraw your consent.

The following information applies to the visit and use of our website. For data processing activities that go beyond this (e.g. in the context of a contractual relationship), you may receive separate information where applicable.

Controller and Contact for Data Protection

If you have any questions about the processing of your personal data or if you wish to exercise your rights as a data subject, you can contact us at any time.

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Dr. phil. Daniela Christina Werthwein
Lang-Co! Friendsprache
Max-Beckmann-Straße 54
51375 Leverkusen

Contact
Telephone: +49 (0) 21 4 / 311 25 03 2
Mobile: +49 (0) 17 4 / 893 50 07
E-mail: werthwein@go-lang-co.com

Purpose and Legal Bases of Data Processing

We process your personal data in order to enable you to use our website safely, conveniently and with full functionality, and to offer our services in line with your needs. Depending on how you use our online services, processing may be necessary in order to:

provide the website technically (including IT security),
respond to contact requests,
fulfil contractual or pre-contractual measures,
analyse user behaviour for statistical purposes,
optimise our content or our services.

Processing is carried out only if an appropriate legal basis exists – in particular:

Art. 6(1)(a) GDPR (consent),
Art. 6(1)(b) GDPR (contract or pre-contractual measures),
Art. 6(1)(f) GDPR (legitimate interests, e.g. security, functionality or optimisation).

Where consent is required, we obtain this transparently via a cookie or consent management tool. You have the right to withdraw your consent at any time with effect for the future.

Note on the Legal Basis of Consent

Where we obtain your consent to process personal data, this is based on Art. 6(1) sentence 1 lit. a GDPR. You can withdraw any consent given at any time with effect for the future. The withdrawal can be made informally, e.g. by e-mail or post. You can find our contact details above under “Controller”.

For the documentation of your consent, we also process the following information:

first and last name
e-mail address
IP address of the device calling the website
date and time of consent
status and scope of the consent given

The legal basis for this processing is Art. 6(1) sentence 1 lit. c GDPR in conjunction with Art. 7(1) GDPR.

The documentation data is stored for a period of three years. The period begins on the day your consent is given.

Protection of Minors

Persons under 16 years of age may not transmit personal data to us without the prior consent of their parents or legal guardians. We do not request personal data from children or adolescents, do not knowingly store such data and do not pass it on to third parties. If we become aware that personal data of minors has been collected without the consent of the legal guardians, this data will be deleted without delay.

Categories of Recipients of Personal Data

Your personal data may, within the framework of the statutory provisions, be transmitted to the following categories of recipients:

Transfer to external service providers

We use external service providers in certain cases who process personal data on our behalf. This is done on the basis of the following legal grounds:

to fulfil legal notification obligations under Art. 6(1)(c) GDPR, in particular towards authorities such as social security agencies, tax authorities or law enforcement authorities
to carry out pre-contractual measures or to fulfil a contract under Art. 6(1)(b) GDPR, for example in the context of payment processing
to safeguard legitimate interests under Art. 6(1)(f) GDPR, e.g. by commissioned service providers such as hosting providers, data centres, banks, printing service providers or courier services
on the basis of your express consent pursuant to Art. 6(1)(a) GDPR

If you participate in promotions, competitions or other services that we offer together with partner companies, data may be passed on to these partners. In such cases, we will inform you in advance and directly in connection with the respective service.

All external service providers are carefully selected, obliged to comply with the applicable data protection provisions and regularly monitored.

Where we commission third parties with processing within the meaning of commissioned processing, this is done exclusively on the basis of a contract pursuant to Art. 28 GDPR.

Data Transfers to Third Countries

If we use functions or services of providers based outside the European Union (EU) or the European Economic Area (EEA), a transfer of your personal data to so-called third countries may take place.

Such a transfer only takes place if the special requirements of Art. 44 ff. GDPR are fulfilled, in particular if:

an adequacy decision of the European Commission pursuant to Art. 45 GDPR exists,
appropriate safeguards within the meaning of Art. 46 GDPR (e.g. EU Standard Contractual Clauses) have been agreed,
binding corporate rules exist, or
you have expressly consented to the transfer.

Note on data transfers to the USA

For certain US providers, an adequacy decision of the EU Commission according to Art. 45 GDPR (EU-U.S. Data Privacy Framework) has existed since July 2023.

US companies certified under the Data Privacy Framework thereby ensure an adequate level of data protection.

For transfers to other US service providers that are not certified, data is transferred on the basis of appropriate safeguards, in particular the EU Standard Contractual Clauses of the European Commission, or on the basis of your express consent.

Where possible, we preferentially select providers with server locations within the EU or the EEA.

A concrete transfer to a third country takes place only where this is explicitly indicated as part of individual processing operations.

Data Deletion and Storage Period

We process and store personal data only for as long as this is necessary to fulfil the respective purposes. As soon as the purpose of storage ceases to apply, the data is deleted or blocked.

Extended storage may take place where this is required by law – for example due to commercial, tax or anti-money laundering retention obligations (e.g. under the German Commercial Code (HGB), Fiscal Code (AO) or Money Laundering Act (GwG)).

In these cases, deletion takes place after expiry of the statutory retention periods, provided there is no further legal basis for processing.

Personal data may also be stored for the duration of statutory limitation periods where this is necessary for the assertion, exercise or defence of legal claims.

The regular limitation period is generally three years, but may be up to 30 years in individual cases.

Longer storage takes place only insofar as it is necessary to fulfil contractual or legal obligations.

Rights of Data Subjects

As a data subject within the meaning of the GDPR, you have various rights which you can assert against us at any time:

Right of access (Art. 15 GDPR)
You have the right to request information about the personal data we process, including the purposes of processing, categories of recipients, planned storage period and your further rights in connection with this data processing.
Right to rectification (Art. 16 GDPR)
You may request the immediate rectification of inaccurate or completion of incomplete personal data.
Right to erasure (Art. 17 GDPR)
You have the right to request the erasure of your personal data stored by us, insofar as no statutory retention obligations or other legal reasons conflict with the erasure.
Right to restriction of processing (Art. 18 GDPR)
Under certain conditions, you may request restriction of the processing of your personal data.
Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit this data to another controller.
Right to object to processing (Art. 21 GDPR)
You may object to the processing of your personal data at any time on grounds relating to your particular situation. This applies in particular to data processing based on Art. 6(1)(f) GDPR.
Right to withdraw consent (Art. 7(3) GDPR)
Where we process your data on the basis of your consent, you have the right to withdraw this consent at any time with effect for the future.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
If you consider that the processing of your personal data infringes the GDPR, you may lodge a complaint with a data protection supervisory authority. The supervisory authority at your place of residence or at our registered office is usually competent.

Provision of the Website and Creation of Logfiles

Each time our website is accessed, our system automatically records data and information from the computer system of the accessing device. The following data is collected:

IP address of the user
date and time of access
page/file accessed
website from which access is made (referrer URL)
browser type and version used
operating system of the user
internet service provider of the user

The data is also stored in the logfiles of our system. These data are not stored together with other personal data of the user.

Legal basis for data processing

The legal basis for the temporary storage of data and logfiles is Art. 6(1)(f) GDPR. Our legitimate interest lies in:

ensuring the functionality of the website
technical optimisation of content and presentation
ensuring the security of our information technology systems (e.g. defence against attacks)

Purpose of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. Additionally, storage in logfiles serves to ensure the functionality of the website.

No analysis of the data for marketing purposes takes place in this context.

Storage period

The data is deleted as soon as it is no longer required to achieve the purpose of its collection. In the case of data collected to provide the website, this is the case when the respective session has ended. Logfiles are usually deleted after no more than 7 days. Longer storage is possible if the IP addresses of the users have been anonymised.

Possibility of objection and removal

The collection of data for the provision of the website and storage of data in logfiles is absolutely necessary for the operation of the website. There is therefore no possibility for the user to object.

Use of Cookies

Our website uses cookies. These are small text files that are stored on your device when you visit a website. They enable certain functions and serve to improve the user experience.

We use technically necessary cookies to ensure the basic functionality of the website (e.g. login function, language settings, shopping cart). In addition, we use – with your consent – cookies for statistics, analysis and marketing purposes in order to analyse the use of our website and optimise our services.

Technically necessary cookies

These cookies are required for the operation of the website and enable basic functions such as page navigation and access to secure areas. Without these cookies, the website cannot function properly.

Legal basis: Art. 6(1)(f) GDPR – legitimate interest in the functionality and security of the website.

Cookies for statistics, analysis and marketing

These cookies are set only with your consent. They help us understand visitor behaviour, improve content and display personalised advertising.
Legal basis: Art. 6(1)(a) GDPR – your voluntary consent, which you can withdraw at any time via the cookie settings on the website.

Cookie settings

When you first visit our website, a cookie banner appears that allows you to control the use of individual cookie categories. Your selection is stored and can be changed or withdrawn at any time via the cookie settings.

Storage period and deletion

Cookies are stored for different periods. Session cookies are automatically deleted when you close your browser, persistent cookies remain on your device until they expire or you delete them manually.

Objection and management of cookies

You can delete cookies at any time via your browser settings or prevent them from being stored. You can find instructions on the help pages of the respective browser providers:

Google Chrome: https://support.google.com/chrome/answer/95647

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen

Apple Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Microsoft Edge: https://support.microsoft.com/de-de/help/4027947

Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Social Standard Plugins (2-Click Solution)

We integrate social media plugins from various providers on our website to give you the option of sharing content or interacting directly with our profiles on social networks.

To protect your data, we use the so-called 2-click solution. Social media elements are initially integrated in a deactivated state, so that no connection to the servers of the respective providers is established when you access our website. Only when you actively click on the corresponding icon is a connection established and data (e.g. IP address, referrer URL, usage information) transmitted to the respective provider.

This privacy-friendly solution prevents personal data from being transmitted to social media platforms solely by loading our website.

The legal basis for the use of social media plugins using the 2-click solution is your consent pursuant to Art. 6(1)(a) GDPR, which you give by actively clicking on the respective icon. Consent can be withdrawn at any time with effect for the future.

Below we inform you about the social media plugins integrated on our website.

LinkedIn

We use social plugins of the social network LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, on our website.

The plugins are integrated using a so-called “2-click solution”. This means that no direct connection to the LinkedIn servers is established when you visit our website. Only when you actively click on the plugin and thus consent to data transmission does your browser establish a direct connection to the servers of LinkedIn. The content of the plugin is transmitted directly from LinkedIn to your browser and integrated into the website.

By activating the plugin, LinkedIn receives the information that you have visited our website. If you are logged in to LinkedIn at the time of activation, LinkedIn can assign the visit to your user account. If you interact with the plugin, for example by clicking the “Share” button, this information is also transmitted directly to LinkedIn and stored there.

These data are generally transmitted to LinkedIn servers in the USA and stored there. The USA is regarded as a third country within the meaning of the GDPR. There is no adequacy decision of the EU Commission for the USA in general. There is a risk that US authorities may access your data without you having an effective legal remedy.

The legal basis for integration is your consent pursuant to Art. 6(1)(a) GDPR, which you can grant in the cookie settings. You can withdraw your consent at any time by adjusting the cookie settings on our website.

Further information on the collection and use of data by LinkedIn and your rights and settings options can be found in LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy

Social Standard Plugins with Shariff Solution

We use so-called Shariff buttons on our website. These allow you to share content on social networks without personal data being automatically transmitted to the operators of these networks when you access our website.

A connection to the respective network is established only when you actively click one of the buttons. The social networks receive information about your visit to our website only when you expressly wish this.

The Shariff solution is developed and provided in a privacy-compliant way. It prevents personal data such as IP address or user behaviour being automatically transmitted to the respective social networks when the website is loaded. The buttons establish contact between the social network and the visitor only when the visitor actively clicks the button.

The legal basis for the use of this privacy-friendly solution is Art. 6(1)(f) GDPR. Our legitimate interest is to offer our users a data protection-compliant way to interact with social networks without their data being transmitted unintentionally.

LinkedIn

We use social plugins from the professional network linkedin.com, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

The protection of your personal data is very important to us. For this reason, we do not use share buttons of the social network LinkedIn as unrestricted plugins on our website. Instead, we use the c’t project “Shariff”. “Shariff” uses only an HTML link to integrate the buttons as graphics into our website so that, when you access our website, your internet browser does not yet establish a connection to LinkedIn’s server.

Only after you actively click the LinkedIn button will a new browser window open with LinkedIn’s website. You thereby leave our website and can (if necessary after entering your login data as a member) make a direct connection with the plugins of LinkedIn in the new browser window. We have no knowledge of and no influence over whether and, if so, which personal data LinkedIn collects from you.

Information on the purpose and scope of data collection and the further processing and use of data by LinkedIn as well as your rights and settings options can be found in LinkedIn’s privacy notices: https://www.linkedin.com/legal/privacy-policy

General information on cookies and how to deactivate them can be found in this privacy policy (see above under “Cookies”).

Fan Pages on Social Media Websites

We maintain fan pages on social network websites and process personal data in this context in order to communicate with users active there or to provide information about us. We point out that your data may be processed outside the European Union when you visit our fan pages. The operators of the respective social networks are responsible for this. You can find a detailed description of the respective forms of processing and the options for objecting (e.g. opt-out) in the privacy policies of the operators of the respective social networks.

Please note that, despite joint responsibility with the platform operators, we have no full influence over data processing by the social networks. We recommend that you also inform yourself directly on the platforms.

LinkedIn

We operate a LinkedIn fan page about our company on the social network linkedin.com. When visiting and using our LinkedIn fan page, LinkedIn may analyse your usage behaviour and provide us with information derived from this (“Page Insights”). We use this information to optimise our online presence and to design our services in line with demand. The categories of data processed here are master data, contact data, content data, usage data and connection data.

The recipient of the data is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, as joint controller within the meaning of Art. 26 GDPR.

The legal basis for processing the data is our legitimate interest in effective communication and external presentation via social media, pursuant to Art. 6(1)(f) GDPR.

LinkedIn is generally responsible for fulfilling your data subject rights in connection with the processing of personal data on our LinkedIn fan page. LinkedIn informs you about this at:
https://www.linkedin.com/legal/privacy-policy

https://www.linkedin.com/legal/l/dpa

You may also exercise your rights against us. In this case, we will forward your request to LinkedIn without delay.

Contact Options

We offer various options via our website for you to contact us. Below we inform you about the respective means of communication and the data processing involved.

E-mail

If you contact us by e-mail, the personal data you transmit is used exclusively to process your request. A valid e-mail address is required in order to assign and answer your request. Further information is provided voluntarily.

Data processing is based on Art. 6(1)(b) GDPR where the request is related to the performance of a contract or serves to carry out pre-contractual measures. In all other cases, processing is based on Art. 6(1)(f) GDPR, as we have a legitimate interest in properly handling inquiries.

The data you transmit remains with us until the purpose of storage ceases to apply or you request deletion, provided there are no statutory retention obligations.

Contact form

If you send us a message via the contact form provided on our website, the data you enter is used exclusively to process your request. A valid e-mail address is generally required in order to assign and answer your request. Further information may be provided voluntarily.

The data transmitted via the form is transferred using SSL encryption. It is not passed on to third parties.

The legal basis for processing is Art. 6(1)(b) GDPR where the request is related to the performance of a contract or serves to carry out pre-contractual measures. In all other cases, processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the proper handling of inquiries submitted via the contact form.

Telephone

If you contact us by telephone, the personal data you share is used exclusively to process your request. Which data is collected depends on the content of your call and the information you provide.

Data is processed on the basis of Art. 6(1)(b) GDPR where the contact relates to the performance of a contract or pre-contractual measures. In all other cases, processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the efficient and appropriate handling of incoming inquiries.

The data you transmit in the course of the telephone call is stored only for as long as is necessary to process your request, provided there are no statutory retention obligations.

Online Appointment Scheduling

We offer the possibility to arrange online appointments via our website. Below we inform you about the data processing involved.

Calendly

We use the service Calendly, provided by Calendly LLC, 271 17th Street NW, 10th Floor, Atlanta, Georgia 30363, USA, for scheduling online appointments via our website.

Via the integrated booking function, website visitors can schedule appointments with us. The connection to Calendly is established only when you click on the corresponding button or actively access the booking mask.

The data you enter in the form is processed. This regularly includes name, e-mail address, possibly telephone number, as well as the selected appointment time. In addition, the IP address of the device making the request and the date and time of access may be recorded. This data is used exclusively to organise appointments and is deleted once the purpose no longer applies.

Data processing may also take place on servers in the USA. There is no general adequacy decision of the EU Commission for the USA. The transfer takes place on the basis of Standard Contractual Clauses pursuant to Art. 46 GDPR, in order to ensure an adequate level of data protection.

The legal basis is Art. 6(1)(a) GDPR, where we obtain your consent, or Art. 6(1)(f) GDPR. Our legitimate interest lies in providing a user-friendly and efficient way of scheduling appointments via our website.

Further information about data processing by Calendly can be found at: https://calendly.com/privacy

Newsletter

You can subscribe to our newsletter via our website to receive regular information on current topics, offers or news. Below we inform you about the data processing involved.

Newsletter dispatch via Brevo (formerly Sendinblue)

We use the service Brevo (formerly Sendinblue), provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, to send our newsletter.

Brevo is a service that organises and analyses the sending of newsletters.

If you register for our newsletter, the data you provide in the registration form (e.g. name and e-mail address) is stored on Brevo’s servers in Germany. Data is processed for the purpose of sending the newsletter and for statistical analysis. Brevo uses this data to technically enable the sending and delivery of the newsletter and to evaluate reading behaviour (e.g. open and click rates) in order to optimise future newsletters.

The legal basis for the processing of your personal data is your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by using the unsubscribe link in the newsletter or by sending us a corresponding message.

The data is deleted as soon as it is no longer required for the purpose of processing or you withdraw your consent.

Further information on data processing by Brevo can be found at: https://www.brevo.com/de/legal/privacypolicy/

Payment Service Providers

If you order goods or services via our website, the storage and processing of personal data is necessary to carry out the contract. We also collect and store the payment method you choose as part of the ordering process.

The legal basis for the processing of personal data is Art. 6(1)(f) GDPR.

If you select a payment service provider as payment method, you will be redirected directly to the website of the respective payment service provider during the payment process. The data you enter on the payment service provider’s website is not collected, processed or stored by us. The privacy policies of the respective payment service provider apply.

Apple Pay

You can use the online payment service provider Apple Pay to pay for your order. If you decide to use this payment process, your contact details will be transmitted to Apple Pay. Apple Pay is a service of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland.

Apple Pay acts as an online payment service provider which provides us with the data necessary for purchase on account and for identity and credit checks.

Payment is processed via the “Apple Pay” function of your device running iOS, watchOS or macOS by charging a payment card stored in “Apple Pay”. Apple Pay uses security functions that are built into the hardware and software of your device to protect your transactions. To authorise a payment, it is therefore necessary to enter a code you previously defined and to verify using the “Face ID” or “Touch ID” function of your device.

The following personal data is transmitted to Apple Pay for the purposes of invoice processing, risk management, credit assessment, identity and credit checks, customer analysis, statistical purposes and marketing purposes:

first and last name
address
telephone number
IP address
e-mail address
data required for order processing (e.g. number of items, item number, invoice amount and taxes in percent, invoice information, etc.)
credit and debit card data (card number, expiry date, CCV code), invoice information, bank details, etc.
information about income, any credit commitments and payment notes
information about previous purchases with Apple Pay, payment history and credit acceptance
information about the interaction between you and Apple Pay: information on how you use Apple Pay services, on page load times, download errors, entry and exit pages, as well as e-mail receipt confirmations
browser settings, time zone settings, operating system and platform, as well as screen resolution
information about geographic location

For the purpose of payment processing, the information you provide in the course of the ordering process, along with information about your order, is forwarded to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before transmitting the data for payment processing to the payment service provider of the payment card stored in Apple Pay. The encryption ensures that only the website on which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code back to the originating website to confirm successful payment.

The legal basis for processing personal data is Art. 6(1)(b) GDPR, insofar as this processing is absolutely necessary for payment processing, and serves to process your order using the payment method you have selected, in particular to confirm your identity, to manage your payment and customer relationship.

Apple stores anonymised transaction data, including approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymisation fully excludes personal reference. Apple uses the anonymised data to improve “Apple Pay” and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase made via Safari on your Mac, the Mac and the authorisation device communicate over an encrypted channel via Apple servers. Apple processes or stores none of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in the settings of your iPhone. Go to “Wallet & Apple Pay” and deactivate “Allow Payments on Mac”.

Further information can be found in the Apple Pay privacy policy at:
https://support.apple.com/de-de/HT203027

You have the right to object to the collection and processing of your personal data by Apple Pay. However, you cannot object to the processing of your personal data insofar as this is necessary for the performance of the contract.

If you do not wish Apple Pay to collect data, please select another payment method.

CopeCart

We offer the option to pay via the service CopeCart on our website, provided by CopeCart GmbH, Ufnaustraße 10, 10553 Berlin, Germany.

If you purchase a product via CopeCart, the personal data required for payment and order processing is transmitted to CopeCart. This usually includes name, address, e-mail address, IP address, payment amount, selected payment method and other transaction-related information necessary for carrying out the purchase process.

The transfer of this data takes place for the purpose of payment processing, handling the purchase and preventing fraud. Depending on the chosen payment method, CopeCart may pass personal data on to further payment service providers (e.g. credit card companies, banks or external payment providers). These providers may be independent controllers within the meaning of the GDPR.

CopeCart points out that data transfers to third countries cannot be ruled out for certain payment methods. In such cases, CopeCart relies on appropriate safeguards, in particular the EU Standard Contractual Clauses.

Data is processed on the basis of Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interest in secure payment processing).

Further information on data processing by CopeCart can be found at:
https://www.copecart.com/privacy

Google Pay

You can use the online payment service provider Google Pay to pay for your order. If you decide to use this payment process, your contact details are transmitted to Google Pay. Google Pay is a service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Pay acts as an online payment service provider that provides us with the data necessary for purchase on account and for identity and credit checks.

Payment is processed via the “Google Pay” application on your mobile device running at least Android 4.4 (“KitKat”) and equipped with an NFC function, by charging a payment card stored in Google Pay or a payment system verified there (e.g. PayPal). To authorise a payment via Google Pay of more than €25, you must first unlock your mobile device using the verification measure set up (e.g. facial recognition, password, fingerprint or pattern).

For the purpose of payment processing, the information you provide during the ordering process and the information about your order are forwarded to Google. Google transmits your payment information stored in Google Pay in the form of a transaction number assigned once to the originating website, which is used to verify the payment. This transaction number does not contain information about the actual payment data of your payment methods stored in Google Pay, but is created and transmitted as a one-time valid numeric token.

The following personal data is transmitted to Google Pay for the purposes of invoice processing, risk management, credit assessment, identity and credit checks, customer analysis, statistical purposes and marketing purposes:

first and last name
address
telephone number
IP address
e-mail address
data required for order processing (e.g. number of items, item number, invoice amount and taxes in percent, invoice information, etc.)
credit and debit card data (card number, expiry date, CCV code), invoice information, bank details, etc.
information about your income, any credit commitments and payment notes
information about your previous purchases with Google Pay, payment history and credit acceptance
information about the interaction between you and Google Pay: information on how you use Google Pay services, page load times, download errors, entry and exit pages, as well as e-mail receipt confirmations
your browser settings, time zone settings, operating system and platform, as well as screen resolution
information about your geographic location

Google stores anonymised transaction data, including approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymisation fully excludes personal reference. Google uses the anonymised data to improve “Google Pay” and other Google products and services.

Further information can be found in Google Pay’s privacy policy at:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

You have the right to object to the collection and processing of your personal data by Google Pay. However, you cannot object to the processing of your personal data insofar as this is necessary for the performance of the contract.

If you do not wish Google Pay to collect data, please select another payment method.

Credit card

For payments by credit card, please refer to the privacy policies of the respective payment service provider.

After completion of the transaction, your account will be conveniently and securely debited with the invoice amount.

SEPA direct debit

We offer payment by SEPA direct debit on our website. By selecting this payment method, you grant us a SEPA direct debit mandate, authorising us to collect the due invoice amount from your specified bank account.

Within the framework of payment processing, the personal data required to carry out the direct debit procedure is processed. This includes in particular name, first name, address, IBAN, BIC, name of the bank and the payment amount. This data is used exclusively for the purpose of payment processing and is not passed on to third parties, unless there is a legal obligation to do so.

The legal basis for the processing of data is Art. 6(1)(b) GDPR, as the processing is necessary for the performance of the contractual relationship.

The data is deleted as soon as it is no longer required for payment processing, provided there are no statutory retention obligations.

Further information on SEPA direct debit can be found at the Deutsche Bundesbank under: https://www.bundesbank.de/de/aufgaben/unbarer-zahlungsverkehr/sepa

Cloud Services

We use various cloud services for storing, managing and jointly editing data. These enable us to process data securely, flexibly and independently of location, and to exchange information efficiently with customers, business partners and employees.

In doing so, personal data is stored on the servers of the respective providers and may – depending on the provider – also be transmitted to locations outside the European Union. Transfers are made only where appropriate safeguards pursuant to Art. 46 GDPR (e.g. Standard Contractual Clauses) exist or an adequacy decision of the European Commission has been issued.

The processing of personal data in the context of the use of cloud services is based on Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in secure and efficient data management).

The following cloud services are used by us:

Strato AG HiDrive

We use HiDrive from Strato AG as a cloud service for storing files and documents. HiDrive is a secure cloud storage solution that allows us to store and manage data in the cloud and access it from various devices. The service offers both private individuals and companies a reliable way to store and synchronise data securely.

The provider of this service is Strato AG, Otto-Ostrowski-Straße 7, 10559 Berlin, Germany. In the course of using HiDrive, personal data may be processed. This includes in particular usage data such as IP addresses, access times and the duration of HiDrive usage. Contents of documents and other files stored on HiDrive or shared between users may also be processed.

This data is processed for the following purposes: storing files and documents, synchronising data across different devices and providing secure and easy access to this data.

The processing of your personal data by HiDrive is based on the performance of contractual obligations and our legitimate interest in providing you with an efficient and secure solution for storing and managing data.

The data stored via HiDrive is kept for as long as necessary for the respective purposes. Files stored on HiDrive remain stored for as long as you actively keep them or until you delete them. Data processed in connection with the use of HiDrive is also stored for as long as this service is actively used.

As HiDrive is provided by Strato AG based in Germany, the processing of your personal data is subject to the strict requirements of the EU General Data Protection Regulation (GDPR). Your data is not transferred to countries outside the European Union.

You have the right at any time to obtain information about the processing of your personal data by HiDrive. You may also request rectification, erasure or restriction of processing. Further information on data protection at Strato AG and HiDrive can be found in Strato’s privacy policy at: www.strato.de/datenschutz/

Review and Certification Graphics

External review seals and customer opinions can be displayed on our website to give visitors a transparent impression of our customers’ satisfaction. Below we inform you about the data processing involved.

ProvenExpert Seal of Approval

We use the ProvenExpert seal on our website, a service of Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin, Germany.

The seal serves to display customer reviews and to build trust among visitors to our website. Through the integrated seal, current reviews and testimonials about our company that are published on the ProvenExpert platform can be displayed.

When the ProvenExpert seal is accessed, a connection to the ProvenExpert servers is established in order to load the current rating and seal. In doing so, technical data such as IP address, browser type, operating system, referrer URL, date and time of access is transmitted. According to the provider, this data is used exclusively for the provision and display of the seal and is not merged with other data.

No transfer of personal data to third countries takes place.

The legal basis for the integration of the ProvenExpert seal is Art. 6(1)(f) GDPR. Our legitimate interest lies in the transparent presentation of customer reviews and the optimisation of our online presence.

Further information on data processing by ProvenExpert can be found at: https://www.provenexpert.com/de-de/datenschutz/

Videos, Audio and Images

We integrate multimedia content such as videos, audio files and images on our website to make our online services more vivid and informative. For this purpose, external services or platforms may be used to provide or play this content.

When a page with embedded media is accessed, technical data such as IP address, browser information, referrer URL, operating system, device information and time stamps is transmitted, depending on the provider. This is necessary so that the respective content can be transmitted to your device and displayed.

If services of third-party providers are used, data processing may also take place on servers outside the European Union, in particular in the USA. In such cases, data is transferred on the basis of Standard Contractual Clauses pursuant to Art. 46 GDPR to ensure an adequate level of data protection.

The legal basis for embedding videos, audio and image content is your consent pursuant to Art. 6(1)(a) GDPR, where the content is loaded via external providers, or Art. 6(1)(f) GDPR in the case of our legitimate interest in an attractive and user-friendly presentation of our website.

Below we inform you about the services and platforms used on our website in the field of videos, audio and images.

Shutterstock

The provider is Shutterstock, Inc., 350 Fifth Avenue, 21st Floor, New York, NY 10118, USA.

We use images and graphics from Shutterstock on our website to make our content visually appealing. The media used originates from the Shutterstock image database and serves to visually process our content.

The files are generally stored locally on our server, so that no connection to Shutterstock’s servers is established when the website is accessed. Should direct integration be used in individual cases, it may be technically necessary for the provider to obtain the user’s IP address in order to transmit the content to the browser.

The legal basis for the processing of personal data is Art. 6(1)(f) GDPR. Our legitimate interest lies in the attractive and technically flawless presentation of our website.

Further information on data protection at Shutterstock can be found at: https://www.shutterstock.com/de/privacy

Cookie Consent Management Tools

We use so-called cookie consent management tools on our website to record, manage and document our visitors’ consent to the use of cookies and similar technologies in a manner that complies with data protection law.

These tools ensure that cookies are set only in accordance with the consent given and allow users to change or withdraw their consent at any time. Technically necessary cookies are used to store the chosen consent status and to automatically take it into account during future visits.

The data processed in this context is based on Art. 6(1)(c) GDPR for the fulfilment of legal obligations and on Art. 6(1)(f) GDPR on the basis of our legitimate interest in transparent and legally compliant management of consents.

Below we inform you about the cookie consent management tools used on our website.

Borlabs Cookie Consent Banner

We use the cookie consent tool Borlabs Cookie on our website, provided by Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany.

The tool is used to manage consents for setting cookies and similar technologies on our website. When you access the website, a technically necessary cookie is stored in the visitor’s browser in order to document the consents given or withdrawn. This ensures that cookies are set only in accordance with the selected settings.

No personal data is transmitted to Borlabs GmbH. Only information on the consent status (e.g. selection of cookie categories, time stamp, random user ID) is stored locally in our website database.

The legal basis for the use of the Borlabs cookie consent banner is Art. 6(1)(c) GDPR for the fulfilment of legal obligations in the field of data protection and Art. 6(1)(f) GDPR due to our legitimate interest in lawful and user-friendly management of cookie consents.

Further information on data processing by Borlabs can be found at: https://borlabs.io/datenschutz/

Referral Marketing

We use the following services for referral marketing on our website:

ProvenExpert

We use the review service ProvenExpert of Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin, Germany.

ProvenExpert is an online service that allows self-employed persons and companies to obtain feedback from their customers and business partners by means of online surveys. Survey templates for all industries enable qualified customer feedback that shows in detail what inspires customers, how satisfied they are and where there is still potential. At the same time, ratings are generated that can be presented effectively for advertising on the profile and review seal. Ratings that have already been collected on other portals can also be bundled and presented on the ProvenExpert profile and review seal (number of ratings and overall score).

When you visit our websites, a connection to the servers of Expert Systems AG is established. In doing so, the ProvenExpert server is informed which of our pages you have visited. The embedded features do not use cookies and do not store any data about your visits to the website.

The legal basis for the processing of personal data is Art. 6(1)(f) GDPR. We have a legitimate interest in making our website attractive and user-friendly.

Further information on data use for advertising purposes by ProvenExpert and settings and objection options can be found on the ProvenExpert websites: www.provenexpert.com/de-de/datenschutzbestimmungen/

External Hosting

Our website is hosted by an external service provider (hosting provider). The personal data collected on our website is stored on the servers of the hosting provider. This may include in particular IP addresses, contact requests, metadata and communication data, contract data, contact data, names, website access and other data generated via the website.

The use of the hosting provider is for the purpose of secure, fast and efficient provision of our online services by a professional provider.

The legal basis for processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the reliable and secure provision of our website. Where processing is carried out for the performance of a contract or for pre-contractual measures, it is additionally based on Art. 6(1)(b) GDPR.

Our hosting provider processes your data only to the extent necessary to fulfil its performance obligations and follows our instructions with regard to this data.

We use the following host:

STRATO AG
Pascalstraße 10
10587 Berlin
Germany

Security

We want to make your visit to our website secure.

SSL and TLS Encryption

We use SSL (Secure Socket Layer) or TLS (Transport Layer Security) encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Order Processing Agreement (Data Processing Agreement)

We have concluded data processing agreements pursuant to Art. 28 GDPR with our service providers who process personal data on our behalf. These agreements ensure that the service providers process the personal data of our website visitors only in accordance with our instructions and in compliance with data protection regulations.

Links to Other Providers

Our website may contain links to other providers to which this privacy information does not apply. For the processing of personal data by these providers, only their respective privacy policies apply.

– End of Privacy Information –

This privacy information was created by Kanzlei Fischer-Battermann.

(This translation is provided for better understanding only. The German version is authoritative.)