Privacy policy
Status: 25.10.2023
In this privacy policy we inform you in accordance with Art. 13, 14 EU General Data Protection Regulation (GDPR) about the collection and processing of your personal data and in accordance with ePrivacy law about access to your end device.
Responsible for data processing is
Zwingenberg Studio GmbH
Speditionstraße 15a
40221 Düsseldorf
E-mail: mail@zwingenberg.studio
Phone: +4915225892098
I. Visit our website
II. contact with us
III Rights of data subjects
I. Visiting our website and our online store
When you visit this website and use the various offers, including our online store, we process your personal data as described in detail below.
To operate the website and its various services (including the online store for our customers and the processing of orders), we work with various external service providers that we have carefully selected and engaged in accordance with data protection law.
1 Server and error log files
Each time you visit our website, your browser transmits access data, so-called server log files or access logs, which we process to ensure system security. The following information is recorded in the log files
- previously visited website (search engine used when using search engines, including keywords used),
- requested website including number of pages accessed and last page opened before leaving the website,
- Browser type and browser version,
- operating system used and device type,
- Date and time of access,
- length of visit and
- IP address.
The temporary storage of this data is necessary for the course of a website visit in order to enable delivery of the website. Further storage in log files (logs) takes place to ensure the functionality of the website and the security of the systems.
In addition, error log files are written if the page view and page navigation are faulty. The date and time of the visit, error description and IP address are recorded. This information is required in order to analyze and rectify the error.
Our legitimate interests in data processing also lie in the aforementioned purposes (legal basis: Art. 6 I 1 f GDPR); the collection of the information is absolutely necessary for the provision of our website for the aforementioned reasons (Section 25 II No. 2 TDDDG). The data will be deleted as soon as it is no longer required to achieve these purposes. In the case of the provision of the website, this is the case when the respective session has ended. The log files are only stored for as long as is absolutely necessary to ensure system security and to analyze and rectify errors.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.
The log files are processed by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland as a hosting service provider, which we have integrated in compliance with data protection regulations.
2. Cookies, pixels & Co. in general
Every time you visit our website, we use so-called cookies, i.e. small text files that are stored in your browser. In addition, we use so-called pixels, graphic files that are embedded on the website and perform corresponding functions. Cookies and pixels are used, for example, to store information about a user during or after visiting an online offering. There are different types of cookies and pixels.
We give you a comprehensive overview of which providers use which cookies and pixels on our pages and for which purposes on our Consent Management Tool.
We only use many of these cookies and pixels with your consent, which we request in the consent management tool linked above. The legal basis for this data processing is Section 25 I TDDDG in conjunction with Article 6 I 1 a GDPR.
We do not require consent for individual cookies and comparable technologies, as these are absolutely necessary in accordance with Section 25 II No. 2 TDDDG in order to offer you our services. In addition, for individual processing purposes that are independent of device access, we have comprehensively considered and checked whether consent is required and/or further data processing is in our legitimate corporate interest. If we can answer this in the affirmative, the legal basis is Art. 6 I 1 f GDPR, insofar as they relate to a person.
You can revoke your consent to cookies, pixels, etc. at any time and declare your objection to processing operations based on legitimate interests.
You can also object to processing based on legitimate interest by deactivating the storage of cookies in your browser settings or setting it so that it informs you about the intended storage.
However, for technical reasons, it is necessary to fully allow the necessary cookies and processing operations in order for our website to function fully; We do not set any cookies that are not necessary to provide our offers without your consent.
For more information about blocking cookies, see your internet browser's help pages. Something like that for
- Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
- Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
- Firefox™https://support.mozilla.org/de/kb/cookies-allow-and-reject
- Opera™: https://help.opera.com/de/latest/web-preferences/
In some cases, after such a revocation or objection, a new cookie (opt-out cookie) will be stored on your browser. This instructs third parties not to collect any data from the browser and not to store any cookies there. An objection or revocation does not affect the admissibility of past data processing.
3. Consent Banner (Consent Management Tool)
We use the services of Pandectes OÜ from Estonia to be able to show you a consent banner when you visit our website, through which you can receive information about the cookies and pixels used, consent to their use or object to them.
When you visit our website, we can use this to show you which tools we use, which data we process and for what purposes. We will ask you for your consent to the use of these tools, unless they are absolutely necessary for the operation of our website, and we can record your selection and any ongoing changes, save it and, if necessary, pass it on to our cooperation partners.
We record and store your selection on the banner, i.e. whether and if so to what extent you agree to the use of additional tools or whether you do not agree to this, using a consent cookie, which we store on your device.
The use of this consent banner, including the associated consent management tools, is necessary so that we can fulfill our legal obligations to inform you about the use of the tools and to ask you for your consent for all those tools that are not absolutely necessary to record, prove, retain and, if necessary, pass on these. This is absolutely necessary in view of the legal requirements from data protection and ePrivacy law that we must comply with (Section 25 II No. 2 TDDDG). We keep your decisions for as long as they are valid and for three years thereafter in order to be able to prove whether you have consented and/or withdrawn your consent. This is in our legitimate interest (legal basis: Art. 6 I 1 f GDPR).
You can change your choices about which tools are used on our website at any time. Click on the link in the footer to access the Consent Management Platform again and change your settings, such as granting further consent or revoking consent that has been given. These changes are stored again in the local storage on your device and recorded by us for verification purposes.
4. Google Analytics (with consent)
With your consent, this website uses the reach analysis of the web analysis service Google Analytics. The provider of Google Analytics is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called cookies for this reach analysis if you give your consent. These are text files that are stored on your device and enable your use of the website to be analyzed. Google states that it stores all data and information in the EU; However, support access from the USA cannot be ruled out.
The storage of Google Analytics cookies and the use of this analysis tool only takes place if you have agreed to this via our cookie banner (legal basis: § 25 I TDDDG, Art. 6 I 1 a GDPR). If the data is transferred to the USA, this is protected by the EU-US Data Privacy Framework, the current adequacy decision of the European Commission for the USA, under which Google is certified.
IP anonymization
Google only uses the IP address to derive location data and then deletes it immediately. According to the company, this always takes place within member states of the EU or the EEA. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data.
Withdrawal of your consent
You can prevent Google Analytics from collecting your data and revoke any consent you have given us to use Google Analytics.
Storage period
The cookies set by Google remain on your device even after you leave our website (for up to 2 years). By using long-term cookies, it is possible to recognize you when you visit our website again. Recognition is achieved using these cookies to optimize the content of our website. User and event-level data stored by Google that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized after 14 months or deleted. Details can be found at the following link: https://support.google.com/analytics/answer/7667196?hl=de
You can find more information about how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
5. Shopify Analytics (with consent)
With your consent, this website uses the analysis tool Shopify Analytics from Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. Through Shopify Analytics, various user data is collected, stored and processed and summarized in anonymous form in statistical reports for optimization and marketing purposes. These are login data, time zone setting, operating system and platform, information about visits including URL, session duration, number of pages viewed per session, search terms, information about what you searched for or viewed on our site, website response time and conversion rates. Shopify Analytics uses cookies for this purpose. The information and data collected by these cookies about the use of our website is transferred to Shopify and evaluated there in aggregated form.
All processing described above, in particular the setting of Shopify Analytics cookies to read information on the device used, will only be carried out if you give us your express consent in accordance with Section 25 I TDDDG, Art. 6 I 1 a GDPR have. Without this consent, Shopify Analytics will not be used during your site visit.
You can prevent Shopify Analytics from collecting your data and revoke any consent you gave us to use Shopify Analytics at. This link will take you to the Consent Management Platform, where you can change your settings for the future.
Further information about Shopify Analytics can be found at https://help.shopify.com/de/manual/reports-and-analytics/shopify-reports. Shopify's privacy policy can be found at: https://www.shopify.de/legal/datenschutz.
6. Personalized Ads
Google Ads Remarketing
In order to be able to show you advertisements about our offers on other sites if you are interested in our website, we use Google Ads for so-called remarketing with your consent. The tool is provided by Google Ireland Ltd. Gordon House, Barrow Street, Dublin 4, Ireland. This allows us to present advertisements about our offers to visitors to our online offering in the Google advertising network than on other websites and social media platforms. To do this, cookies are stored on your device, which enable your device to be recognized on other online offerings in the Google advertising network. There we can then present advertisements from our offering. According to Google, it does not collect any personal data during this process. As far as we know, Google stores a small file with a sequence of numbers in the browsers of website visitors. This number is used to record visits to the website and data about the use of the website.
We are permitted to set remarketing cookies with your consent (Section 25 Paragraph 1 TDDDG). You can revoke your consent to the described advertising tracking at any time in the future by clicking on the link in the footer. Google Ads will remain active until you revoke your consent.
Further information on data processing by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland can be found in particular at: http://www.google.com/privacy/ads/.
Pinterest & Meta Pixels
With your consent, we use the meta pixel from the social media platforms Facebook and Instagram. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We also use the Pinterest tag with your consent (provider: Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland).
If you visit our website and are a user of Facebook, Instagram and/or Pinterest and have given your consent, the pixels transmit the information to Facebook/Instagram/Pinterest that you have visited our website and what actions you have carried out there (e.g., which category you visited), along with your Facebook/Instagram/Pinterest ID. This allows us to also show visitors to our website personalized advertising on Facebook/Instagram/Pinterest.
We find out whether advertisements on these platforms are successful via so-called conversion information: We receive statistical information from Meta or Pinterest about how many visitors to the platforms have visited our website via the advertisements placed there, so that we can optimize our advertising measures on the platforms can be positioned even more specifically. We do not know who specifically saw our advertisements or came to our site.
Processing will only take place with your consent (§ 25 I TDDDG, Art. 6 I 1 a, Art. 49 I 1 a EU-GDPR). You can revoke this at any time in the future. To do this, click on the link in the footer of this website. You will then be taken to our consent banner, where you can adjust your settings accordingly.
To prevent further data processing by Meta and Pinterest, use the following links and change your settings there:
Meta: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fpreferences%2F%3Fentry_product%3Dad_settings_screen → Advertising preferences
Pinterest: In your Pinterest account under account settings (https://www.pinterest.de/settings/privacy) check the box next to “Use information from our partners to better tailor the recommendations and ads on Pinterest to you”.
Alternatively, you can also delete your browser history or choose not to allow advertisements based on partner data under “Advertising preferences” or “Personalized Ads on Pinterest” or “Personalization and data” in your Facebook, Instagram and/or Pinterest account become. The settings are made there regardless of the device you used when making the settings. They are therefore applied to all devices (computers, smartphones, etc.) you use with the corresponding login.
Further information about data processing by Meta/Facebook via the so-called custom audiences maintained by the Facebook and Instagram pixels can be found directly from the responsible third-party provider:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; in particular about the Facebook pixel at https://www.facebook.com/business/learn/facebook-ads-pixel as well as data protection at https://de-de.facebook.com/privacy/explanation and at https:// help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=368390626577968&bc[1]=285881641526716
Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, especially at: https://help.pinterest.com/de/business/article/track-conversions-with-pinterest-tag. Further information about the objection options on Pinterest can also be found from the third-party provider at: https://help.pinterest.com/de/article/personalized-ads-on-pinterest.
In particular, since the parent companies are US companies, information can also be transferred to the USA. If data is possible to be transferred to US servers, this is secured by the EU-US Data Privacy Framework, the current EU adequacy decision for the USA, provided that providers are certified according to the designated framework. Information about the certification of individual providers can be found at: https://www.dataprivacyframework.gov/s/participant-search
If providers are not yet certified or in the case of data transfer to other third countries without an adequacy decision, the level of data protection is ensured through the use of standard contractual clauses recognized by the EU Commission. If, according to the respective national law, your data is subject to access by authorities for control and monitoring purposes against which neither effective legal remedies nor the rights of those affected can be enforced, for example in the USA, these contractual clauses may not be sufficient. Please only consent if you still agree to the transfer of your data to third countries (Art. 49 I 1 a EU GDPR).
7. Social media presences
We use third-party offers in several places on our website. These offer our visitors various options for social interaction.
Facebook, Instagram, Pinterest and TikTok We use the social media offers of Facebook, Instagram, Pinterest and TikTok: on the one hand, we maintain company presences there, and on the other hand, we link these offers on our website using the corresponding icons.
Through our presentation on the social media platforms Facebook, Instagram, Pinterest, and TikTok as well as the links on our website to our offers there, we enable you to share our offers with others or to get in touch with us and to talk to us about our services exchange offer. If you click on the respective icon on our website or visit our offers on the social media platforms directly, you can log in to your account with the respective provider and then interact according to the respective social media offer.
When we provide information about social media offerings on our website, such as icons, we always work with the 2-click solution. This means: Information from you, usually your IP address, is only transmitted to these third parties when you click on the icon or link. These icons and links are designed to be “deactive”.
If you click on an icon, you will be redirected from our website to our presence on the respective social media provider and your data will be transmitted to this third party, usually your IP address and the page from which you came. This also applies if you do not have your own account with the respective provider or are not logged in. If you have your own account, the provider will regularly link the information to your account. This is possible even if you are not currently logged in.
TikTok collects certain data from users when they visit the platform, even if they use the TikTok app without an account. According to TikTok, the data processed includes the IP address, instance IDs (which they use to determine which devices to deliver messages to), mobile phone provider, time zone settings, identifiers for advertising purposes and the version of the app used, as well as the data on the device that will be used to access the platform, such as: B. the model of the device, the device system, the network type, the device ID, screen resolution and operating system, the audio settings and the connected audio devices. When users log in from multiple devices, TikTok may use the profile data to analyze activity across devices.
YouTube video plugins
We also maintain a channel on YouTube and you can watch videos embedded on our website from there: These are integrated into our online offering so that you can watch the videos directly on our site. This integration was carried out by activating YouTube's extended data protection settings. This means that your data will only be processed when you actually play the embedded video.
You can also watch the video yourself on youtube.com (via the YouTube icon and the “Share” button); There you can view our information or exchange ideas with other users about our offering. Data is then also transferred to YouTube. You can use the “Share” button to use the social media providers’ offers. The same applies to this as described above.
If you watch the video (via our site or on YouTube), your data will be transmitted to YouTube, especially the site you came from. YouTube can combine this with other data known about you there. This also applies if you do not have your own account with the respective provider or are not logged in.
Usage evaluation by third parties
We receive usage information from Meta and TikTok. This data is only collected by Meta or TikTok and transmitted to us if you have a Meta or TikTok account and visit our site there. We are responsible for data processing together with the providers. We have concluded an agreement with Meta that transparently regulates the division of duties (Art. 26 GDPR; available at https://www.facebook.com/legal/terms/page_controller_addendum). The essence of this Agreement is that Meta has primary responsibility for visitor data processing and will comply with all relevant obligations under the GDPR in relation to the processing of visitor data (including, but not limited to, fulfilling the rights of the data subject). We have also concluded a corresponding agreement with TikTok (Article 26 EU GDPR; available at https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms) in order to determine the respective responsibilities for compliance with the To establish obligations under the GDPR in relation to joint processing. The essential content of the agreement is that we are responsible for providing you with this information and TikTok is responsible for ensuring the rights of data subjects in accordance with Articles 15-20 GDPR in relation to the data stored by TikTok after joint processing to enable personal data processed elsewhere. Below we will show you where you can get more information about data processing by Meta and TikTok.
Through social media links, we enable you to receive even more attractive offers from us on other channels and to communicate directly with these offers and their users; You can also easily share our offers with others in various ways. We make our website more attractive and interesting for you. The use of social media offers is therefore in our overriding, legitimate corporate interest (Art. 6 I 1 f EU GDPR). The evaluation of the analyzes submitted to us is also in our legitimate corporate interest (Art. 6 I 1 f EU GDPR).
Data processing by third parties
Furthermore, we have no influence on what personal data these third parties collect and how they handle it. We don't know this either.
Information about third parties:
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland,
Data protection declaration for Facebook: https://de-de.facebook.com/about/privacy/, cookie information: https://de-de.facebook.com/policies/cookies
Instagram there too, additionally: https://help.instagram.com/519522125107875?helpref=page_content
Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland,
Data protection declaration: https://policy.pinterest.com/de/privacy-policy
YouTube Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland,
Data protection declaration: https://policies.google.com/privacy?hl=de&gl=de
TikTok Technology Limited, 10 Earlsfort Terrace, D02 T380, Co. Dublin, Dublin, D02t380, Ireland, together with TikTok Information Technologies UK Limited, 1 London Wall, London, EC2Y 5EB, England,
Privacy policy at https://www.tiktok.com/legal/privacy-policy-eea?lang=de
Since the parent companies are US companies or, in the case of TikTok, from China, information can also be transferred to the USA or China. If data is possible to be transferred to the USA, this is secured by the EU-US Data Privacy Framework, the current adequacy decision of the European Commission for the USA, provided that the provider is certified under the designated framework. Information about the certification of individual providers can be found at: https://www.dataprivacyframework.gov/s/participant-search
If providers are not yet certified or in the case of data transfer to China or other third countries without an adequacy decision from the European Commission, the level of data protection is improved through the use of standard contractual clauses recognized by the European Commission. However, an adequate level of data protection may not currently be guaranteed for the transfer of personal data to China or to non-certified providers in the USA. Your data may be subject to access by authorities for control and surveillance purposes, against which neither effective legal remedies nor the rights of those affected may be enforceable. Please only consent if you still agree to the transfer of your data to third countries (Art. 49 I 1 a EU GDPR).
8. Online store
Hosting offer from the service provider “Shopify”
We offer you access to our online shop via our website. We use the shop system of the third-party provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (“Shopify”) for the purpose of hosting and displaying the online shop we have concluded an order processing contract for this purpose. When you make a purchase on our website, Shopify collects your name, email address, shipping and billing addresses, and payment information.
Data may also be transferred to other Shopify locations for further processing, including locations in Canada and the USA. In the event that personal data is transferred to Canada, the appropriate level of data protection is guaranteed by the European Commission's adequacy decision.
The US-based Shopify locations are currently not certified under the EU-US Data Privacy Framework, the basis of the European Commission's adequacy decision for the US, so there is currently no adequate level of protection for the transfer of personal data to these companies USA can be manufactured. According to Shopify's Data Processing Addendum and the data protection declaration, which also apply to us, Shopify guarantees that it will only transfer personal data from its Irish company to countries outside the EU in compliance with data protection law and that this will be secured by obligations comparable to the standard contractual clauses.
Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz.
Data processing when purchasing in our online shop
In order to process an order in our online shop, we need personal data from you, which we request from you. Some data is mandatory because without it we cannot carry out the order; We mark mandatory fields accordingly. In addition, the following personal data will be processed as part of the processing of the purchase:
· Order number
· Order date
· Products purchased
· Amount in Euro
· Payment method
· Payment service
We use the data you provide without your separate consent to fulfill and process your order and use your email address in individual cases to contact you if special circumstances (e.g. late payment) occur when processing the order. The legal basis for data processing is Art. 6 I 1 b EU GDPR. Your data will be deleted after fulfillment of the contract, expiry of any limitation periods and expiry of the tax and commercial law retention periods applicable to us, which are 6 or 10 years, unless, in exceptional cases, another legal permit allows further processing.
Registration of a customer account
You have the option of creating a customer account with us. This allows you extended functionality, but is not absolutely necessary to make a purchase. During the registration process you will be asked to enter various data, some of these fields are mandatory and marked accordingly. Which data is required to open a customer account and therefore processed is determined from the input mask in the registration process. You can view and change the data stored about you in your customer account at any time. We also process all of your orders there, the respective order status and maintain the order history permanently until you delete it.
Creating a customer account is voluntary. If you create a customer account, we will conclude a separate user agreement, which you can terminate at any time in the future without giving reasons (Art. 6 I 1 b EU GDPR). Your data will be stored for as long as you maintain your customer account on our site. You can ask us to delete your customer account at any time, or delete your account yourself. Please note that deleting your customer account does not necessarily lead to the deletion of all personal data. For example, if you have made a purchase in our online shop, we will process your data until the statutory retention obligations and rights expire, as described above.
Payment service provider
When you shop in our online shop, you can choose to use the payment service providers described below.
Payment service Shopify Payments
We offer you the Shopify Payments payment service, which is operated by Shopify International Limited, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the Shopify Payments payment service, payment processing will be carried out by Shopify International Limited and the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will send your pass on the information provided during the ordering process along with the information about your order (name, address, account number, bank sort code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 I 1 b EU GDPR (processing for the fulfillment of the contract). Your data will be passed on exclusively for the purpose of payment processing and only to the extent that it is necessary for this purpose. You decide for yourself whether you use this payment service and thereby trigger the transmission of your data.
Data protection information about Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy
Payment service PayPal
Alternatively, you can choose the PayPal payment service, which is provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. You need a Paypal account to use all functions. When paying via PayPal, credit card via PayPal or direct debit via PayPal, your personal data, including information about your order, will be passed on to PayPal as part of the payment processing. This includes your name, address, email address and the goods purchased along with the amount to be paid. PayPal receives some of this data from us by transmitting your order data, and otherwise from you directly by depositing the requested information with PayPal.
The transfer takes place in accordance with Art. 6 I 1 b EU GDPR (processing for the fulfillment of a contract) and only to the extent that this is necessary for payment processing in order to carry out the transactions. You decide for yourself whether you use this payment service and thereby trigger the transmission of your data. We do not receive any account or credit card-related information, only information with confirmation or negative information about the payment.
How PayPal handles your data is beyond our knowledge and is the subject of the contractual relationship between you and PayPal. PayPal's applicable data protection regulations can be accessed at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
9. Newsletters
If you would like to receive the newsletter offered on the website in order to always be informed about the latest news, we need your email address. We need this because otherwise we would not be able to send you the newsletter.
We would also like to point out that registering for the newsletter also involves an analysis of your user behavior and that you also consent to this by ordering our newsletter. This includes the collection of statistical values for our newsletter distribution, i.e. whether the newsletter was successfully delivered, whether it was opened and whether (which) articles from it were clicked on. In order to collect this information, a so-called web beacon is integrated into the respective newsletter. This will send us information via your IP and email address as to whether the delivery was successful, the newsletter was opened and whether (which) individual articles were clicked on.
The legal basis for sending the newsletter and the associated analysis is your consent (§ 25 I TDDDG, Art. 6 I 1 a EU-GDPR). You can revoke this at any time in the future by unsubscribing from the newsletter. We store your data, which is processed in connection with registering for the newsletter, for as long as you receive our newsletter and for a further three years after you revoke your consent in order to be able to prove your consent until the statute of limitations for any claims for compensation.
Newsletter registration on our website
If you register for our newsletter on our website, we will ask you for your email address and have it confirmed via a double opt-in.
After your initial registration, we will send you a confirmation email to the email address you provided. You will only receive our newsletter if you click on the link in this confirmation email. This ensures that it is actually you who has registered for the newsletter. For documentation and verification purposes, we also save your IP address and the time stamp when you register for the newsletter for the first time and when you confirm your subscription to the newsletter via double opt-in so that we can understand and prove your consent. This data processing is in our legitimate interest to verify and prove consent, Art. 6 I 1 f EU GDPR.
service provider
The newsletter and the analysis described are carried out by the service provider Klaviyo, 225 Franklin St, Floor 10, Boston MA 02110, USA (Klaviyo), which we have commissioned, with whom we have concluded an order processing agreement. Klaviyo is a service that can be used to organize and analyze the sending of newsletters.
The data you enter for the purpose of subscribing to the newsletter will be stored on Klaviyo’s servers in the USA. This data transfer to the USA is secured by the EU-US Data Privacy Framework, the current adequacy decision of the European Commission for the USA, under which Klaviyo is certified. Klaviyo's data protection regulations can be found at: https://www.klaviyo.com/legal/privacy.
II. Contact us
You can contact us in various ways, such as by telephone or email. We will only process the information that you transmit to us to process your contact requests. Your data will not be passed on to third parties unless this is absolutely necessary to process your request. We will delete the personal data processed in the context of our correspondence after your request has been processed, unless statutory retention obligations or rights require longer retention.
This processing of the information you provide to us is overall in our legitimate interest (Art. 6 I 1 f EU GDPR); Depending on the matter, the processing also takes place to initiate a contract (Art. 6 I 1 b EU-GDPR) or to fulfill legal obligations (Art. 6 I 1 c EU-GDPR).
III. Rights of those affected
If personal data is processed that relates to you as a natural person, you are entitled to various data protection claims against us. We will fulfill your rights immediately and free of charge. To do this, please contact us; You can find our contact details at the beginning of this data protection declaration.
In accordance with Section 34 of the Federal Data Protection Act (“BDSG”), Article 15 of the EU GDPR, you have the right to information about the data stored about you and its origin, the recipients or categories of recipients to whom the data is passed on, and the Purpose of storage.
In addition, under the conditions stated there, you are entitled to correction, deletion or restriction of the processing of your personal data in accordance with Section 35 BDSG, Articles 16-18 EU-GDPR. In addition, in accordance with Art. 20 GDPR, you can request the transfer of your personal data to another responsible body under the conditions stated there.
You can object to the further processing of your data in the future if we process your data based on a legitimate interest (Art. 6 I 1 f EU GDPR); If we do not process your data for advertising purposes, a special reason is required for this. In the event of an objection, we will no longer process your personal data from the time we receive it during the subsequent examination and, once the examination has been completed - if the objection is justified - we will delete it from our active databases and only store it within the scope of statutory retention rights and obligations and note it in an advertising blocking file, that you do not wish to be contacted by us (§ 36 BDSG, Art. 21 EU-GDPR).
You can revoke your consent to data processing (Art. 6 I 1 a EU GDPR) given to us at any time in the future; We will then no longer process your personal data and will delete it unless there is legal permission for further processing.
If you believe that data processing violates data protection law, you have the right to complain to a data protection supervisory authority of your choice (Section 19 BDSG, Art. 77 EU-GDPR). This also includes the data protection supervisory authority responsible for us, which you can reach using the following contact details:
State Commissioner for Data Protection and Freedom of Information for North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf
Telephone: +49 (0)211 / 38424 – 0
Website: https://www.ldi.nrw.de/
IV. Changes to the data protection declaration
We reserve the right to change this data protection declaration within the framework of the applicable data protection regulations.
