Privacy policy

Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither required by law nor contractually, nor is it necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide it has no consequences. This only applies if no other information is provided during subsequent processing operations.
“Personal data” means any information relating to an identified or identifiable natural person.

Contact

Responsible person/Data protection officer
Contact us if you wish. The person responsible for data processing is:KOKADI GmbH & Co. KG, Fischerfleck 8, 85737 Ismaning Germany, +49 (0)89 248 810 444, email@kokadi.de

You can reach our data protection officer directly at: data protection@kokadi.de

Initiative contact from the customer via email
If you initiate business contact with us via email, we will only collect your personal data (name, email address, message text) to the extent provided by you. The data processing serves to process and answer your contact request.
If the contact serves to carry out pre-contractual measures (e.g. advice if you are interested in buying, preparing an offer) or concerns a contract that has already been concluded between you and us, this data processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Article 6 Paragraph 1 Letter f of the GDPR due to our overriding legitimate interest in processing and answering your request. In this case, you have the right, for reasons arising from your particular situation, to object at any time to this processing of your personal data based on Article 6 Paragraph 1 Letter f of the GDPR.
We only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing when using the contact form
When you use the contact form, we only collect your personal data (name, email address, message text) to the extent provided by you. The data processing serves the purpose of establishing contact.
If the contact serves to carry out pre-contractual measures (e.g. advice if you are interested in buying, preparing an offer) or concerns a contract that has already been concluded between you and us, this data processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR.
If contact is made for other reasons, this data processing is carried out on the basis of Article 6 Paragraph 1 Letter f of the GDPR due to our overriding legitimate interest in processing and answering your request. In this case, you have the right, for reasons arising from your particular situation, to object at any time to this processing of your personal data based on Article 6 Paragraph 1 Letter f of the GDPR.
We only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Customer account      Orders      

Customer account
When you open a customer account, we collect your personal data to the extent specified there. The data processing serves the purpose of improving your shopping experience and simplifying order processing. Processing is carried out on the basis of Article 6 Paragraph 1 Letter a GDPR with your consent. You can revoke your consent at any time by notifying us, without this affecting the lawfulness of the processing carried out based on your consent before its revocation. Your customer account will then be deleted.

Reviews       Advertising      


Data collection when writing a comment or rating
When you comment on/rate an article or post, we only collect your personal data (name, email address, comment text) to the extent provided by you. The processing serves the purpose of enabling comments/ratings and displaying comments/ratings. 

For the purpose of verifying your rating/comment, we also collect the following data:order number, , , .

By submitting the comment/review, you consent to the processing of the transmitted data. Processing is carried out on the basis of Article 6 Paragraph 1 Letter a GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the lawfulness of the processing carried out based on your consent before its revocation. Your personal data will then be deleted.

When your comment/rating is published only the name you provided published.

In addition, when you submit a comment/rating, your IP address will be stored for the purpose of preventing misuse of the comment or rating function and ensuring the security of our information technology systems. By submitting the comment/review, you consent to the processing of the transmitted data. Processing is carried out on the basis of Article 6 Paragraph 1 Letter a GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the lawfulness of the processing carried out based on your consent before its revocation. Your IP address will then be deleted.

Use of the email address to send newsletters
Regardless of the contract processing, we use your email address exclusively for our own advertising purposes to send newsletters, provided you have expressly agreed to this. Processing is carried out on the basis of Article 6 Paragraph 1 Letter a GDPR with your consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation. You can unsubscribe from the newsletter at any time using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list. 

Your data will be passed on to a service provider for email marketing as part of order processing. It will not be passed on to other third parties.

Use of the mobile phone number to send SMS advertising
Regardless of the contract processing, we use your mobile phone number exclusively for our own advertising purposes to send SMS advertising, provided you have expressly agreed to this.
Processing is carried out on the basis of Article 6 Paragraph 1 Letter a GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the lawfulness of the processing carried out based on your consent before its revocation. Your mobile phone number will then be removed from the distribution list.

Your mobile phone number will be passed on to a service provider for sending SMS messages as part of order processing.

Payment service provider       Credit report      

Use of PayPal
We use the PayPal payment service on our website (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”). The data processing serves the purpose of being able to offer you payment via the payment service. By selecting and using payment via PayPal, the data required for payment processing will be transmitted to PayPal in order to be able to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR.

All PayPal transactions are subject to the PayPal Privacy Policy. You can find these at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Using PayPal Check-Out
We use the PayPal Check-Out payment service from PayPal on our website (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal L-2449, Luxembourg; “PayPal”). The data processing serves the purpose of being able to offer you payment via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal or “Pay later” via PayPal, the data required for payment processing will be transmitted to PayPal in order to be able to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR.

Cookies can be stored here, which enable your browser to be recognized. The resulting data processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in a customer-oriented offer of different payment methods. You have the right to object to this processing of personal data concerning you at any time for reasons relating to your particular situation.

Credit card via PayPal, direct debit via PayPal & “Pay later” via PayPal 
For individual payment methods such as credit card via PayPal, direct debit via PayPal or “Pay later” via PayPal, PayPal reserves the right, if necessary, to obtain credit information based on mathematical and statistical methods using credit agencies. For this purpose, PayPal sends the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of non-payment to make a balanced decision about the establishment, implementation or termination of the contractual relationship. The credit report can contain probability values ​​(score values) that are calculated on the basis of scientifically recognized mathematical-statistical methods and whose calculation includes, among other things, address data. Your interests worthy of protection will be gemaccording to the legal provisions. The data processing serves the purpose of checking your creditworthiness to initiate a contract. The processing is carried out on the basis of Article 6 Paragraph 1 Letter f of the GDPR due to our overriding legitimate interest in protecting against non-payment if PayPal makes advance payments. 
For reasons arising from your particular situation, you have the right to object at any time to this processing of your personal data based on Article 6 Paragraph 1 Letter f of the GDPR by notifying PayPal. The provision of the data is necessary for the conclusion of the contract with the payment method you require. Failure to provide this means that the contract cannot be concluded using the payment method you have chosen.

Third Party
If you pay using a third-party payment method, the data required to process the payment will be transmitted to PayPal. This processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR. To carry out this payment method, PayPal may then pass on the data to the respective provider. This processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR. Local third parties can be, for example:

• Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
• giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main)

Purchase on account via PayPal 
When paying via the purchase invoice payment method, the data required for payment processing is first transmitted to PayPal. To carry out this payment method, PayPal will then transmit the data to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin; "Ratepay") in order to be able to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR. Ratepay may carry out a credit report based on mathematical-statistical procedures (probability or score values) using credit agencies according to the process described above. The data processing serves the purpose of checking your creditworthiness to initiate a contract. The processing is carried out on the basis of Art. 6 Para. 1 lit. f GDPR due to our overriding legitimate interest in protecting against payment default when Ratepay  is paid in advance. Further information on data protection and which credit agencies use Ratpay can be found at https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/. 

Further information on data processing when using PayPal can be found in the associated data protection declaration at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Use of Amazon Payments
We use the Amazon Payments payment service from Amazon Payments on our website Europe s.c.a. (38 avenue John F. Kennedy, L-1855 Luxembourg; “Amazon Payments”).
The data processing serves the purpose of being able to offer you payment via the Amazon Payments payment service.
In order to integrate this payment service, it is necessary for Amazon Payments to collect, store and analyze data (e.g. IP address, device type, operating system, browser type, location of your device) when you access the website. Cookies can also be used for this purpose. The cookies enable your browser to be recognized.
The processing of your personal data is based on Article 6 Paragraph 1 Letter f GDPR from our overriding legitimate interest in a customer-oriented offer of different payment methods. You have the right to object to this processing of personal data concerning you at any time for reasons relating to your particular situation.
By selecting and using “Amazon Payments”, the data required for payment processing will be transmitted to Amazon Payments in order to be able to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Article 6 Paragraph 1 Letter b GDPR.
Further information on data processing when using the Amazon Payments payment service can be found in the associated data protection declaration at: https://pay.amazon.com/de/help/201212490

Use of GDPR Legal Cookies
We use the consent management tool GDPR Legal Cookie from beeclever GmbH (Universitätsstraße 3, 56070 Koblenz a. Rh.; “beeclever”) on our website. The tool enables you to grant consent to data processing via the website, in particular the setting of cookies, and to make use of your right to revoke consent that has already been given.
The data processing serves the purpose of obtaining and documenting the necessary consent for data processing and thus complying with legal obligations. Cookies can be used for this. Among other things, collected and provided the following information beeclever transmitted: anonymized IP address, date and time of consent, URL from which the consent was sent, anonymous, random, encrypted key, consent status. This data will not be passed on to other third parties.
Data processing is carried out to fulfill a legal obligation based on Article 6 Paragraph 1 Letter c GDPR.
You can find further information about terms of use and data protection at beeclever at: https://gdpr-legal-cookie.com/pages/terms-conditions as well as under https://gdpr-legal-cookie.com/pages/datenschutzerklarung.


Analysis      Advertising tracking       Communication      Affiliate      

Use of Google Analytics 4
We use the web analysis service Google Analytics from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The data processing serves the purpose of analyzing this website and its visitors as well as for marketing and advertising purposes. For this purpose, Google will use the information obtained on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. 
The following information can be collected, among other things: IP address, date and time of page access, click path, information about the browser you use and the device you use, pages visited, referrer URL (website through which you accessed our website), location data, purchasing activities. Your data may be linked by Google with other data, such as your search history, your personal accounts, your usage data from other devices and any other data that Google has about you.

Your IP address will first be shortened by us on our own servers. Google only receives pseudonymized data.

The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.

The information generated in this way about your use of this website is usually transmitted to a Google server in the USA and stored there. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles. Both Google and US government authorities have access to your data.

Further information on terms of use and data protection can be found at https://policies.google.com/technologies/partner-sites and under https://policies.google.com/privacy?hl=de&gl=de.

Using Hotjar
We use the analysis tool from Hotjar Ldt on our website. (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julians STJ1000, Malta; “Hotjar”).
The data processing serves the purpose of needs-based design, optimization and analysis of our website. 
The tool is used to randomly record the movements of site visitors on the website. This creates a log of mouse movements, scrolling behavior, length of stay and clicks on the website (so-called heatmap). 
For this purpose, Hotjar uses cookies, among other things. The following information may be collected, among other things: IP address (in anonymized form), information about the device you use (screen size, devices, unique device identifier), information about the browser you use, location data (exclusively about the country), preferred language for displaying the website, operating system used. Detailed information about the cookies used, their function and storage period can be found here: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies.
User profiles are created from this data under a pseudonym. The data is not used to personally identify the visitor to the website and is not combined with personal data of the bearer of the pseudonym. Hotjar is contractually prohibited from selling the data collected to other third parties.
Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Hotjar is not TADPF certified. The data transfer takes place, among other things, on the basis of appropriate protective measures. Hotjar will provide you with further information on the measures taken upon request.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.
Further information on data protection when using Hotjar can be found here: https://www.hotjar.com/legal/policies/privacy#enduserenglish.

How to use Shopify statistics
We use the statistics and analysis functions of Shopify International Ltd. on our website. (Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; “Shopify”) as part of order processing. Shopify is an affiliated company of Shopify Inc. (151 O’Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).
The data processing serves the purpose of analyzing this website and its visitors. For this purpose, data is stored for marketing and optimization purposes and made available in reports, analyzes and statistics. The following device information is collected and processed, among other things: information about the web browser, the IP address, the time zone and some of the cookies that are installed on your device. When you navigate the website, information about the websites or products you visit, the referrer URL (the website from which you accessed our website), and information about how you interact with the website are also collected. This uses technologies such as cookies, web beacons, tags and pixels (electronic files that collect information about how you navigate the website).
Your data may be transferred to third countries outside the EU, in particular Canada and the USA, and processed there. There is an adequacy decision from the EU Commission for Canada. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not TADPF certified. This data transfer takes place on the basis of contractual obligations that are comparable to those of the EU Commission's standard contractual clauses.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.
You can find more information about data protection at Shopify at https://www.shopify.com/de/legal/datenschutz, information on the order processing contract at https://www.shopify.com/de/legal/dpa as well as information about the cookies used https://www.shopify.com/de/legal/cookies.

Use of Microsoft Advertising
We use Microsoft Advertising from Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; “Microsoft”) on our website.
The data processing serves marketing and advertising purposes and the purpose of measuring the success of the advertising measures (conversion tracking). We learn the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, it is not possible to personally identify these users. Microsoft Advertising uses technologies such as cookies and web beacons to help analyze how you use the website. When you click on an ad placed by Microsoft Advertising, a cookie for conversion tracking is stored on your computer. This cookie has a limited validity and is not used for personal identification. If you visit certain pages on our website and the cookie has not yet expired, Microsoft and we can recognize that you clicked on the ad and were redirected to that page. The following information may be collected, among other things: IP address, identifiers assigned by Microsoft, information about the browser you use and the device you use, referrer URL (website through which you accessed our website), URL of our website.
Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Microsoft has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.
You can find more information about data protection and the cookies used at Microsoft here.

Use of Tracify tracking
We use the web analysis service Tracify on our website or on parts of our website to record how our website is used by visitors and to evaluate and optimize the effectiveness of our advertising/marketing measures. Tracify is a web analysis service from Tracify GmbH in Munich, Germany. Tracify GmbH acts as a processor on the basis of an order processing agreement gemworks for us in accordance with Art. 28 GDPR.
Tracify enables an analysis of the use of the website and the customer journey without storing cookies or other information on the user's device, but only based on browser and device information, such as the user's IP address, the configuration of the respective user agent (user agent string), usage data, order information, contact details, the screen resolution, the installed fonts and plugins and the processor of the respective device.
The information transmitted to Tracify is completely and irreversibly anonymized immediately after transmission, so that personal reference is excluded. Only the anonymized, aggregated information is analyzed.
Data processing when using Tracify takes place entirely in Germany; there is no data transfer to unsafe third countries without an appropriate level of data protection.
The legal basis for using Tracify is our legitimate interest gemAccording to Art. 6 Para. 1 lit. f) GDPR, we work on a needs-based design of the website and on the evaluation and optimization of our marketing measures.

How to use TikTok Pixels
On our website we use the TikTok pixel from TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland; “TikTok Ireland”) and TikTok Information Technologies UK Limited (6th Floor, One London Wall, London, EC2Y 5EB,  United Kingdom; “TikTok UK”). Both companies are jointly responsible for data processing (hereinafter “TikTok”). 
The data processing serves the purpose of identifying and analyzing our customers' website access as well as to better address customers by placing targeted advertisements and to evaluate the effectiveness of advertisements on TikTok. To do this, TikTok uses technologies such as cookies and pixels that enable your browser to be recognized. The following information, among other things, can be collected and transmitted to TikTok: date and time of the visit, information about the browser and device type you use, screen resolution, IP address. TikTok can assign this information to your personal TikTok user account. Usage profiles can be created from the data collected in this way using pseudonyms. However, it is not possible to personally identify users.
Your data may be transferred to third countries, such as the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). TikTok is not certified according to the TADPF. The transfer of data to the USA and to third countries without an adequacy decision is based, among other things, on the basis of standard contractual clauses as suitable guarantees for the protection of personal data, which can be viewed at:https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.   
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.
Further information on data protection can be found at https://www.tiktok.com/legal/new-privacy-policy?lang=de-DE and https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

Use of the ADCELL partner program
We use the partner program “ADCELL” from Firstlead GmbH (Rosenfelder Str. 15-16, 10315 Berlin; “ADCELL”).
ADCELL and we are jointly responsible for the collection of your data when you integrate the service and the transmission of this data to ADCELL. The basis for this is an agreement between us and ADCELL on the joint processing of personal data. The agreement is under https://www.adcell.de/datenverarbeitung callable. Thereafter, we and ADCELL are equally responsible for fulfilling the obligations gemin accordance with the GDPR, in particular for the fulfillment of information obligations gemßArt. 13, 14 GDPR and for the granting of the rights of those affected gemaccording to Art. 15 - 21 GDPR.
If you click on an ad containing a partner link, ADCELL will place a cookie on your computer for conversion tracking. The cookies serve the purpose of correct billing within the partner program by recording the success of an advertising medium. The cookies recognize that you have clicked on the ad and the origin of the order from the advertiser can be traced. ADCELL also uses so-called tracking pixels. This allows information such as visitor traffic on the pages to be evaluated.
The information generated by cookies and tracking pixels about the use of this website (including the IP address) and delivery of advertising formats is transmitted to an ADCELL server and stored there. Among other things, ADCELL can recognize that the partner link on this website was clicked. ADCELL can pass on this (anonymized) information to contractual partners under certain circumstances, but data such as the IP address will not be merged with other stored data.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.


Plug-ins and others

Using Facebook's single sign-on feature
We use the single sign-on function (formerly Facebook Connect) on our website Meta Platforms Ireland Limited  (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “Facebook”).
Meta Platforms Ireland and we are jointly responsible for the collection of your data when you integrate the service and the transmission of this data to Facebook. The basis for this is an agreement between us and Meta Platforms Ireland on the joint processing of personal data, which sets out the respective responsibilities. The agreement is under https://www.facebook.com/legal/controller_addendum callable. We are then particularly responsible for fulfilling the information obligations gem13, 14 GDPR, for compliance with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service as well as compliance with the obligations under Articles 33, 34 GDPR, insofar as a violation of the protection of personal data is our obligations gempursuant to the joint processing agreement. Meta Platforms Ireland is responsible for protecting the rights of those affected gem15 - 20 GDPR to enable compliance with the security requirements of Article 32 GDPR with regard to the security of the service and the obligations under Articles 33, 34 GDPR, insofar as a violation of the protection of personal data violates the obligations of Meta Platforms Ireland gempursuant to the joint processing agreement.
This feature allows website visitors to log in to the website using their existing Facebook account. The data processing serves the purpose of verification during registration, personalization and interest-based advertising.
In order to offer the function on the website, a connection to the Facebook server is established. Cookies are used for this. Among other things, The following information is collected and transmitted to Facebook: IP address, browser information, referrer URL (website through which you accessed our website), location data. This applies regardless of whether you are registered or logged in to the social network. A transmission also takes place if users are not registered or logged in. If you are connected to one or more of your social network accounts at the same time, the information collected can also be assigned to your corresponding profiles. You can prevent this association by logging out of your social media accounts before visiting our website and before activating the buttons. Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles.
When using the single sign-on function, the website visitor's Facebook profile is linked to a customer account for this website. We receive the user's personal data from Facebook, as stated in the login process. This may include, among other things, the following information: name, address, public profile information (e.g. name, profile picture, age, gender), email address, friend lists, “like” information.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.
Further information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy can be found in Facebook's data protection information at https://www.facebook.com/about/privacy/.

Use of Google invisible reCAPTCHA
We use the invisible reCAPTCHA service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. 
This serves the purpose of distinguishing between input by a human or by automated, machine processing. In the background, Google collects and analyzes usage data, which Invisible reCaptcha uses to distinguish regular users from bots. For this purpose, your input will be transmitted to Google and used there. In addition, the IP address and any other data required by Google for the Invisible reCAPTCHA service are transmitted to Google.
This data is processed by Google within the European Union and may also be transmitted to Google LLC servers in the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.
Further information about Google reCAPTCHA and the associated data protection declaration can be found at:https://www.google.com/recaptcha/intro/android.html as well as https://www.google.com/privacy

Using Cloudflare
We use the content delivery network Cloudflare CDN from Cloudflare Inc. (101 Townsend St, San Francisco, CA 94107, USA; “Cloudflare”) on our website. This is a supra-regional network of servers in various data centers to which our web server connects and through which certain content on our website is delivered.
The data processing serves the purpose of optimizing the loading times of our website and thus making our offering more user-friendly.
The following information, among others, may be collected: IP address, system configuration information, information about traffic to and from customer websites (so-called server log files).
Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Cloudflare has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles.
The processing of your personal data is based on Art. 6 Para. 1 lit. f GDPR for our overriding legitimate interest on the needs-based and targeted design of the website. For reasons arising from your particular situation, you have the right to object at any time to this processing of your personal data based on Article 6 Paragraph 1 Letter f of the GDPR.
For more information about data protection when using Cloudflare, see https://www.cloudflare.com/de-de/privacypolicy/.

Use of Google Maps
We use the function for embedding GoogleMaps maps from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, "Google") on our website.
The function enables the visual representation of geographical information and interactive maps. Google also collects, processes and uses data from visitors to the websites when they access the pages in which Google Maps maps are integrated.
Your data may also be transmitted to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.
Further information on how Google collects and uses data can be found in Google's data protection information at https://www.google.com/privacypolicy.html. There you also have the opportunity to change your settings in the data protection center so that you can manage and protect your data processed by Google.

Use of YouTube
We use the function for embedding YouTube videos from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”) on our website. YouTube is a company affiliated with Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”).
The function displays videos stored on YouTube in an iFrame on the website. The “Extended data protection mode” option is activated. This means that YouTube does not store any information about website visitors. Only when you watch a video is information about it transmitted to YouTube and stored there. Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified itself according to the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.
Further information on the collection and use of data by YouTube and Google, your rights in this regard and options for protecting your privacy can be found in YouTube's data protection information at https://www.youtube.com/t/privacy.

Using Vimeo
We use plug-ins from Vimeo Inc. (555 West 18th Street New York, New York 10011, USA; “Vimeo”) on our website to integrate videos from the “Vimeo” portal.
If you access pages on our website with such a plug-in, a connection will be established to Vimeo's servers and the plug-in will be displayed on the page by notifying your browser. This means that both your IP address and the information about which of our pages you have visited are transmitted to Vimeo's servers.
If you are logged in to Vimeo, Vimeo assigns this information to your personal user account. When you use the plug-in functions (e.g. by starting a video by pressing the corresponding button), this information is also assigned to your Vimeo account.
Your data may be transferred to the USA. The EU Commission has an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Vimeo is not certified according to the TADPF. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at:https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.
The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 Paragraph 1 Sentence 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on your consent before its revocation.
Further information on the purpose and scope of the collection as well as the further use and processing of the data by Vimeo as well as your related rights and options for protecting your privacy can be found in Vimeo's data protection information: https://vimeo.com/privacy

Integration of the dealer association member logo
The dealer association member logo (Dealer Association e.V., Kohlgartenstraße 11 - 13, 04315 Leipzig) is integrated into our website. When you access our website, the browser used on your device automatically sends information to the dealer association e.V. server. This information is temporarily stored in a so-called server log file for 7 days. The following information is recorded without your intervention and stored until it is automatically deleted:

• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the retrieved file,
• Website from which access is made (referrer URL),
• browser used and, if applicable, the operating system of your computer as well as the name of your access provider. 

The temporary storage of the IP address by the system is necessary to enable delivery of the website. To do this, the IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of the information technology systems. This data is not stored together with other personal data. The legal basis for data processing is Article 6 Paragraph 1 Sentence 1 Letter f GDPR.

Integration of the logo of the “FairCommerce” initiative
The logo of the “FairCommerce” initiative (Dealer Association e.V., Kohlgartenstraße 11 - 13, 04315 Leipzig) is included on our website. When you access our website, the browser used on your device automatically sends information to the dealer association e.V. server. This information is temporarily stored in a so-called server log file for 7 days. The following information is recorded without your intervention and stored until it is automatically deleted:

• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the retrieved file,
• Website from which access is made (referrer URL),
• browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The temporary storage of the IP address by the system is necessary to enable delivery of the website. To do this, the IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of the information technology systems. This data is not stored together with other personal data. The legal basis for data processing is Article 6 Paragraph 1 Sentence 1 Letter f GDPR.

• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the retrieved file,
• Website from which access is made (referrer URL),
• browser used, protocol and, if applicable, the operating system of your computer as well as the name of your access provider.

Using Pushly
We use the Pushly plug-in from WebLab GmbH (Großbeerenstraße 169-171, 12277 Berlin; "Pushly") on our website.
The data processing serves the purpose of converting our online shop into an Android or iOS app. For this purpose, the following of your data, which we receive in particular through your entry in the ordering process, will be transmitted to Pushly and temporarily stored on Pushly servers within the EU: name, email, customer ID, order number, payment method, billing and delivery address. Your data will not be passed on to other third parties.
Your personal data is processed on the basis of Article 6 Paragraph 1 Letter f of the GDPR due to our overriding legitimate interest in the customer-oriented and user-friendly provision of our offering. You have the right to object to this processing of your personal data at any time for reasons relating to your particular situation.
You can find further information about data protection at Pushly at: https://www.pushly.de/datenschutz

Rights of those affected and storage period

Duration of storage
After the contract has been fully processed, the data will initially be stored for the duration of the warranty period, then taking into account statutory retention periods, in particular tax and commercial law, and then deleted after the deadline has expired, unless you have agreed to further processing and use.

Rights of the data subject
If the legal requirements are met, you are entitled to the following rights in accordance with Articles 15 to 20 of the GDPR: right to information, to correction, to deletion, to restriction of processing, to data portability.
In addition, according to Art. 21 Para. 1 GDPR, you have the right to object to processing based on Art. 6 Para. 1 f GDPR, as well as to processing for the purpose of direct advertising.

Right to lodge a complaint with the supervisory authority
You have gem77 GDPR you have the right to complain to the supervisory authority if you are of the opinion that the processing of your personal data is not taking place lawfully.

Right to object
If the personal data processing listed here is based on our legitimate interest in accordance with Article 6 Paragraph 1 Letter f of the GDPR, you have the right to object to this processing at any time with future effect for reasons arising from your particular situation.
After an objection has been made, the processing of the data concerned will be terminated unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

last updated: November 29, 2023