Privacy Policy

 

Protecting your privacy when you use our website is particularly important to us. Therefore, you will find information below outlining how we collect anonymous and personal data. 

1.   Provider / Controller in accordance with Data Protection

This website is a Gusti Leder Stores GmbH service

Pettenkoferstraße 4b,

10247 Berlin, Germany

Telephone: +49 (0) 381 / 799 90031*

Email: info@gusti-leder.de

Represented by Managing Director Felicity Pietsch

Registered under HRB 181370 B in the Commercial Register of Berlin Charlottenburg, Germany

*Please note that this is not the phone number for our customer support team.

 

2.   Data Protection Officer

WS Datenschutz GmbH

Anna Tiede, LL.B.
Dircksenstraße 51
D-10178 Berlin
Telephone: 030 / 88 72 07 88
Email: kontakt@ws-datenschutz.de

https://webersohnundscholtz.de

Registered under HRB 185725 B in the Commercial Register of Berlin-Charlottenburg, Germany

Contact data for all internal and external data protection concerns:
Telephone: 030 88 72 07 88-4
Email: gusti-leder@ws-datenschutz.de 

 

3.   Competent Supervisory Authority

The State Data Protection and Freedom-of-Information Commissioner

Alt-Moabit 59-61,

10555 Berlin, Germany

Tel.: +49 30 13889-0

Fax: +49 30 2155050

Email: mailbox@datenschutz-berlin.de

 

4.   Basics

Your personal data (e.g. title, name, address, email address, telephone number, bank details, credit card number) are stored and processed by us in accordance with the relevant legal data protection regulations, specifically the General Data Protection Regulation (GDPR), the German Data Protection Act (BDSG) and other data-related laws, e.g. the German Data Protection and Privacy of Telecommunication and Telemedia Services Act (TTDSG).

In accordance with the GDPR and other regulations, the processing and use of data is only permitted if it is expressly permitted by the GDPR or another legal provision, or if the data subject consents (prohibition with reservation of permission). In accordance with these legal principles, the processing and use of data is only permitted if the data subject has given their permission for their personal data to be processed for one or more specific purposes;

a)   processing is necessary to perform a contract that the data subject is party to or to carry out pre-contractual measures, which are conducted at the data subject’s request;

b)     processing is necessary to fulfil a legal obligation that the controller is subject to;

c)    processing is necessary to protect the data subject’s, or another natural person’s, vital interests;

d)   processing is necessary to perform a task of public interest or when carrying out the exercise of official authority entrusted to the controller;

e)   processing is necessary to safeguard the controller’s, or a third party’s, legitimate interests, unless the data subject’s interests or fundamental rights and freedoms which require the protection of personal data outweigh this, in particular, if the data subject is a child.

 

Accordingly, we only use and process your personal data within the permissible scope of executing a contract or if you have given us informed consent.

We do not share your personal data, including your address and email address, with third parties.  Our service partners who require the transmission of data for the processing of the contractual relationship, where we have expressly highlighted this, are excluded from this. In such cases, however, the amount of data transmitted is always limited to the minimum required.

 

5.   Anonymous Data Collection

You can always visit our website without telling us who you are. We only know:

-       The name of your internet service provider

-       The website you’re visiting us from (the referring URL)

-       The pages that you visit on our website

-       The time and date of your visit and the amount of data transferred

-       Report of successful data retrieval

-       The browser type and version of the requesting computer/terminal

-       The operating system of the requesting computer/terminal

-       The IP addresses of the requesting computer/terminal

 

This information is assessed for statistical purposes only. As an individual user, you will mainly remain anonymous; your personal data will not be merged unless you have expressly consented to this, or one of the following cases applies.

 

6.   Collection of Personal Data when Visiting our Website and when Using our Services in General

In principle, we only collect personal data that you provide voluntarily. This can be done, for example, when placing an order or registering for services that require your personal data (e.g. orders, special promotions, competitions, newsletter, etc.). In these cases, we only collect data we are legally authorised to collect and that is absolutely necessary to fulfil the services you have requested (e.g. to place an order, we require your name, address, telephone number, and email address, but to sign up to our newsletter we only require your email address). If we collect personal data from you (e.g. via a contact form or order form), then you only ever need to provide the required data. Mandatory data fields are marked with an asterisk (*). Any additional information you provide is done on a purely voluntary basis and is not a requirement. If you provide this information anyway, you give us your consent that you are aware we may also store and process this data for the specified purpose; in some cases, we may also request your express consent for data protection purposes, which require your express consent that you may grant voluntarily and is not bound by any other condition and may be revoked at any time in the future.

To ensure your data is secure, it is encrypted and transferred using TLS encryption. This is intended to prevent third parties from misusing your data. Your data will only be stored and processed on servers within the European Union. Your data shall not, in principle, be transferred to a third country unless we are legally entitled and/or obliged to do so, or you have given your express consent prior to the transfer. These cases shall be clearly indicated.

 

7.   Processing Data to Fulfil a Contract

7.1 Purpose of Processing

You provide us with your personal data in the context of placing an order with us. The mandatory information that is required to enter into a contract with us is personal data and marked with an asterisk (*). You are not obliged to provide your personal data. However, we cannot provide you with the desired service (e.g. fulfilment of the contract) if you do not provide the required data (e.g. your address in the case of placing an order). We may be required to pass data onto our selected payment service provider when proceeding through the payment procedure. The data you enter when placing an order is always used for the purpose of fulfilling the contract.

 

7.2 Legal Basis

The legal basis for this processing is Article 6.1(b) of the GDPR.

 

7.3 Categories of Recipients

Payment service providers, shipping service providers, merchandise management systems, and suppliers (dropshipping).

Your personal data will not be transferred to third parties for purposes other than those listed below. In particular, it will not be disclosed to third parties, e.g. for advertising purposes, without your express consent.

We will only share your personal data with third parties if:

  • you have given us your express consent to do so, in accordance with Article 6.1 (a) of the GDPR;

  • it is necessary to perform the contract, e.g. transferring data to credit institutions to process contractually agreed payments, or to lawyers and legal service companies in the event of the non-fulfilment of contractually agreed payments for the purpose of legal enforcement, in accordance with Article 6.1(b) of the GDPR;

  • in the event transfer is necessary for compliance with a legal obligation, in accordance with Article 6.1(c) of the GDPR; or

  • in the event transfer is necessary for the purpose of establishing, exercising or defending legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data, in accordance with Article 6.1(f) of the GDPR.

 

7.4 Storage Time

We store data required to process a contract until the expiry of the statutory warranty and contractual warranty periods, where applicable.

We retain the data required by German commercial and tax law for the periods stipulated by law, consistently ten years (§257 German Commercial Code, §147 German Tax Law).

Email addresses that we receive for the sole purpose of sending newsletters will be deleted immediately when you unsubscribe from the newsletter.

 

8.   Use of Cookies

We use cookies to enhance your visit to our website and enable you to use certain features. Cookies are small text files that are stored on your device. Most of the cookies we use are deleted from your hard drive when you end the browser session or when you log out (session cookies). Other cookies remain on your device and allow us to recognise your device during your next visit (persistent cookies). These persistent cookies are stored for different periods of time. When you visit our website for the first time, you will see a pop-up (the cookie manager) with a short statement explaining which cookies we use. When you click “accept”, you are giving us permission to use all cookies, plugins, and services described in the cookie manager and the related privacy policy. You can deactivate the use of cookies in your browser at any time. Please note, if you do this, our website may not function properly. If you wish to adjust your previously saved cookie selection and revoke any consent granted in the past, you can manage and delete cookie use settings manually in your browser. If you delete all of the cookies, you will be asked to adjust your cookie settings the next time you visit our website.

You will find detailed instructions about customising your cookie settings for the most common browsers below:

Mozilla Firefox:

https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox

Microsoft Edge:

https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09#:~:text=Select%20Settings%20%3E%20Privacy%2C%20search%2C,and%20then%20select%20Clear%20now.

Google Chrome: 

https://support.google.com/chrome/answer/95647?hl=en-GB&co=GENIE.Platform%3DDesktop

Apple Safari:

https://support.apple.com/en-gb/guide/safari/sfri11471/mac

Opera:

https://help.opera.com/en/latest/web-preferences/

 

9.   Google Services

a)   Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”). Google Analytics uses cookies that are stored on your computer and allow your use of our website to be analysed. The information the cookie generates about your use of this website is usually transmitted to a Google server in the USA and stored there. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the Google Analytics service. The corresponding legal basis for this processing is found in Article 6.1(a) of the GDPR. Once you agree to the use of Google Analytics on our website, a connection to Google’s servers will be established. The following information is shared with the Google server:

-       App updates

-       Click path

-       Time and date of the visit

-       Device information

-       Downloads

-       Flash version

-       Location information

-       IP address

-       JavaScript support

-       Pages visited

-       Purchase activity

-       Referring URL

-       Usage data

-       Widget interactions

-       Browser information

 

If you are logged into your Google account, you allow Google to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Google account. In addition to this, when you use Google Analytics, this data is transferred to the following recipients:

-       Google Ireland Limited

-       Alphabet Inc.

-       Google LLC

 

Google may also forward data collected to another country. Please note that Google may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Google, your data may be transferred to the countries listed below. This may be for various purposes, e.g. processing or storing data:

-       United States of America

-       Singapore

-       Chile

-       Taiwan

 

Google also stores various cookies on your device. These cookies help Google obtain information about visitors to our website. This information is used for marketing and analysis purposes. The cookies may remain on your device for up to 2 years. You will find an overview of the cookies that may be associated with using Google Analytics below:

 

Name: _ga

This is used to distinguish one user from another

Type: Cookie

Storage time: 2 years

 

Name: _gid

This is used to distinguish one user from another

Type: Cookie

Storage time: 1 day

 

Name: _gat

This is used to throttle request rate

Type: Cookie

Storage time: 1 minute

 

Name: _dc_gtm_xxx

This is used to distinguish one user from another

Type: Cookie

Storage time: 1 minute

 

Name: _gat_gtag_xxx

This is used to distinguish one user from another

Type: Cookie

Storage time: 1 minute

 

Name: _gac_xx

This contains information about which ad was clicked

Type: Cookie

Storage time: 2 months, 29 days

 

Name: IDE

This ID cookie helps Google recognise the same user across different websites and domains and display personalised ads

Type: Cookie

Storage time: 1 year

 

The use of Google Analytics may trigger further data processing operations if necessary, which we have no influence over. If you wish to prevent your data from being shared, you can do so by rejecting Google Analytics’ functions. Regardless of this, we recommend that you regularly log out of your user account after using social media, especially before activating integrated content as this helps you avoid having data assigned to your profile by the respective service provider.

According to Google, any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. You can find more information about Google’s data protection and use of data on the following website: https://policies.google.com/privacy?hl=en-US

 

b)   Google Tag Manager

We use Google Tag Manager on our website, a service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”). Google Tag Manager is a tag management system. It allows the user to update measurement codes and their associated code fragments, collectively referred to as “tags”, on the user website or mobile app. Google Tag Manager, which implements the tags, is a cookie-free domain and does not collect any personal data. Google Tag Manager triggers other tags that may collect data. Google Tag Manager does not access this data. If Google Tag Manager has been deactivated at a domain or cookie level, this will remain in effect for all tracking tags implemented by Google Tag Manager. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the Google Tag Manager service. The corresponding legal basis for this processing is found in Article 6.1(a) of the GDPR.  The following data is processed when using Tag Manager:

-       Aggregated tag triggering data

 

If you are logged into your Google account, you allow Google to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Google account. When using Google Tag Manager, this data is transferred to the following recipients:

-       Google Ireland Limited

-       Alphabet Inc.

-       Google LLC

 

Google may also forward the data collected to another country. Please note that Google may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Google, your data may be transferred to the countries listed below. This may be for various purposes, e.g. processing or storing data:

-       United States of America

-       Singapore

-       Chile

-       Taiwan

 

If you wish to prevent your data from being shared, you can do so by rejecting Google Tag Manager’s functions. Regardless of this, we recommend that you regularly log out of your user account after using social media, especially before activating integrated content as this helps you avoid having data assigned to your profile by the respective service provider.

According to Google, any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. You can find more information about Google’s data protection and use of data on the following website: https://policies.google.com/privacy?hl=en-US

 

c)   Google DoubleClick

We use DoubleClick on our website, an online marketing tool provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”). DoubleClick uses cookies, small text files stored locally in your web browser’s cache on your device. Google uses a cookie ID to record which ads are displayed in which web browser. This can help prevent ads from being displayed multiple times. DoubleClick can also use cookie IDs to record conversions that are related to ad requests. This is the case if, for example, you see a DoubleClick ad and then later use the same web browser to visit the advertiser’s website and buy something there. According to Google, these cookies do not contain any personal data. Your browser automatically connects to the Google server when you use DoubleClick. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the DoubleClick service. The corresponding legal basis for this processing is found in Article 6.1(a) of the GDPR. Once you agree to the use of Google Analytics on our website, a connection to Google’s servers will be established. The following (personal) data is collected when DoubleClick is in use:

-       Browser information

-       Click path

-       Cookie information

-       Time and date of the visit

-       Demographics

-       Device identification

-       Location information

-       Hardware/software

-       Internet service provider

-       IP address

-       Frequency ads are viewed at

-       Providing domains

-       Interaction data

-       Page views

-       Search history

 

If you are logged into your Google account, you allow Google to assign your surfing behaviour directly to your personal profile. Even if you do not have a Google account or are not logged into it, Google may find and store your IP address. When using DoubleClick, this data is transferred to the following recipients:

 -       Google Ireland Limited

-       Alphabet Inc.

-       Google LLC

 

Google may also forward the data collected to another country. Please note that Google may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Google, your data may be transferred to the countries listed below. This may be for various purposes, e.g. processing or storing data:

-       United States of America

Google also stores various cookies on your device. Google uses these cookies to help gather information about visitors to our website. This information is used for marketing and analysis purposes. The cookies remain on your device for up to one year.  The use of Google Analytics may trigger further data processing operations if necessary, which we have no influence over. DoubleClick uses various methods to store information on a user’s device, listed below:

 

Name: Test_cookie

Description: Test the user’s browser setting permissions

Type: Cookie

Storage time: 1 day

Domain: doubleclick.net

 

Name: IDE

Description: Contains a randomly generated user ID. This ID helps Google identify the same user across different domains and websites to display personalised ads.

Type: Cookie

Storage time: 1 year

Domain: doubleclick.net

 

If you wish to prevent your data from being shared, you can do so by rejecting Google Analytics’ functions. Regardless of this, we recommend that you regularly log out of your user account after using social media, especially before activating integrated content as this helps you avoid having data assigned to your profile by the respective service provider. According to Google, any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. You can find more information about Google’s data protection and use of data on the following website: https://policies.google.com/privacy?hl=en-US

 

d)   Google reCAPTCHA

We use Google reCAPTCHA on our website, a service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”). We use Google reCAPTCHA to verify whether information entered into our forms is done so by a human being or has been automatically inserted by a machine. This is our legitimate interest in using Google reCAPTCHA. The legal basis for this can be found in Article 6.1(f) of the GDPR. Google reCAPTCHA is a free captcha service that protects websites from spam software and misuse by non-human visitors. This service is most commonly used when filling out forms online. A captcha service is a type of automatic test designed to ensure that an action carried out online is done by a person, not a bot. Classic captchas work using small tests that are easy for humans to solve but cause considerable difficulties for machines. You no longer have to actively solve puzzles with reCAPTCHA. The tool uses modern risk techniques to distinguish between humans and bots. You just have to check the field “I am not a robot”, however, this field is no longer necessary with Invisible reCAPTCHA. A JavaScript element is integrated into the source code with reCAPTCHA, the tool then runs in the background and analyses your behaviour as a user. The software uses these user actions to calculate a captcha score. Google uses this score to calculate how likely it is that you are a human before entering the captcha. reCAPTCHA or captchas in general are always used when bots could manipulate or misuse certain actions (e.g. registrations, surveys, etc.).

reCAPTCHA collects users’ personal data in order to determine whether the actions on our website actually come from people. This means that your IP address and other data required by Google for reCAPTCHA services may be sent to Google. IP addresses within the EU or other states that are part of the European Economic Area Agreement are almost always truncated in advance of data being transferred to a server in the USA. According to Google, IP addresses will not be merged with other Google data unless you are logged into your Google account while using reCAPTCHA. You can find an overview of the personal data that may be processed by Google when using reCAPTCHA below:

 -       Referring URL (the address of the page the visitor accessed our website from)

-       IP address (e.g. 256.123.123.1)

-       Operating system information (e.g. Windows, Mac OS X, or Linux)

-       Cookies

-       Keyboard and mouse behaviour (any action you perform using your mouse or keyboard is saved)

-       Date and language settings (the date and language you have set up on your PC are saved)

-       All JavaScript objects

-       Screen resolution (shows the pixel size of the image being displayed)

 

Google may also forward the data collected to another country. Please note that Google may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Google, your data may be transferred to the countries below. This may be for various purposes, e.g. processing or storing data:

-       United States of America

Furthermore, reCAPTCHA stores various cookies on your device. Google uses these cookies to help gather information about visitors to our website. You can find an overview of the cookies that may be associated with the use of Google reCAPTCHA below:

Name: IDE

Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-331669209164-8

Purpose: This cookie is set by DoubleClick (also owned by Google) in order to record and report user actions on a website in terms of advertisements. It helps measure the effectiveness of advertisements and ensures appropriate measures are taken to optimise this. The IDE cookie is stored in browsers under the domain: doubleclick.net.

Expiration date: After one year

 

Name: 1P_JAR

Value: 14/05/2019-12

Purpose: This cookie collects statistics about website usage and measures conversions. A conversion is when a user becomes a buyer. This cookie is also used to display relevant ads to users. The cookie can be used to prevent a user from seeing the same ad more than once.

Expiration date: After one month

 

Name: ANID

Value: U7j1v3dZa3316692091640xgZFmiqWppRWKOr

Purpose: We were unable to find much information about this cookie. Google’s privacy policy states that this cookie is connected to the advertising cookies, like DSID, FLC, AID, TAID. ANID is stored under the domain: google.com.

Expiration date: After 9 months

 

Name: CONSENT

Value: Yes+AT.de+20150628-20-0

Purpose: This cookie stores the status of a user’s consent to the use of various Google services. CONSENT is also used for security purposes to verify users, prevent fraud with login credentials, and protect user data from unauthorised attacks.

Expiration date: After 19 years

 

Name: NID

Value: 0WmuWqy331669209164zILzqV_nmt3sDXwPeM5Q

Purpose: Google uses NID cookies to customise ads to match your Google search. This cookie helps Google remember your most frequently entered search queries or your previous interaction with ads. So that you always get tailored ads. This cookie contains a unique ID to collect the user’s personal settings for advertising purposes.

Expiration date: After 6 months

 

Name: DV

Value: GEAABBCjJMXcI0dSAAAANbqc331669209164-4

Purpose: Once you have clicked the “I am not a robot” box, this cookie will be set. Google Analytics uses this cookie for personalised advertising. The DV cookie collects anonymous information and is used to help distinguish between users.

Expiration date: After 10 minutes

 

The use of Google reCAPTCHA may trigger further data processing operations if necessary, which we have no influence over. Regardless of this, we recommend that you regularly log out of your user account after using social media, especially before activating integrated content as this helps you avoid having data assigned to your profile by the respective service provider. According to Google, any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. You can find more information about Google’s data protection and use of data on the following website: https://policies.google.com/privacy?hl=en-US

 

e) Google Fonts

We use fonts provided by Google on our website to ensure consistency across our website. Google Fonts is a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google"). When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of Google Fonts. The corresponding legal basis for this processing is found in Article 6.1(a) of the GDPR.

If you agree to the use of Google Fonts, a connection to Google’s servers will be established and the appropriate font will be loaded in your browser cache. The following data will be processed:

-IP address

-Accumulated user data

-Referring URL

-CSS request

-Font requirements

 

If you are logged into your Google account, you allow Google to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Google account. In addition to this, when you use Google Fonts, this data is transferred to the following recipients:

-Alphabet Inc.

-Google LLC

-Google Ireland Limited

 

Google may also forward the data collected to another country. Please note that Google may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection.

If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Google, your data may be transferred around the world. This may be for various purposes, e.g. processing or storing data. According to Google, any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. If your browser does not support web fonts, or you reject their use, your computer will use a default font.

You can find further information about Google Web Fonts and Google’s Privacy Policy, respectively, here: https://developers.google.com/fonts/faq, https://policies.google.com/privacy?hl=en-US

 

f) Google Ads

We use Google Ads (formerly Google AdWords) on our website. This service is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”).

Google Ads helps us attract customers using advertising materials on external websites. This helps us determine how successful our individual promotions were. Google delivers these advertising materials via AdServer. We use AdServer cookies, which contain certain parameters that can be used to measure success, such as displaying ads or user clicks. The information the cookie generates about your use of this website is usually transmitted to a Google server in the USA and stored there. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the Google Ads service. The corresponding legal basis for this processing can be found in Article 6.1(a) of the GDPR. Once you agree to the use of Google Ads on our website, a connection to Google’s servers will be established. The following information is shared with the Google server:

-Viewed ads

-Cookie ID

-Time and date of the visit

-Device information

-Geographic location

-IP address

-Search terms

-Displayed ads

-Customer ID

-Impressions

-Online identifiers

-Browser information

 

If you are logged into your Google account, you allow Google to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Google account. In addition to this, when you use Google Ads, this data is transferred to the following recipients:

 -Alphabet Inc.

-Google LLC

-Google Ireland Limited

 

Google may also forward the data collected to another country. Please note that Google may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Google, your data may be transferred to the countries listed below. This may be for various purposes, e.g. processing or saving data:

-Chile

-Singapore

-United States of America

-Taiwan

 

Google also stores various cookies on your device. These cookies help Google obtain information about visitors to our website. This information is used for marketing and analysis purposes. The cookies may remain on your device for up to 1 year. You will find an overview of the cookies below:

 

Name: Test_cookie

Description: This is a test that checks whether the browser allows cookies to be set. It does not contain any information that you can be identified from.

Type: Cookie

Storage time: 15 minutes Domain: doubleclick.net

 

Name: IDE

Description: Contains a randomly generated user ID. This ID helps Google identify the same user across different domains and websites to display personalised ads.

Type: Cookie

Storage time: 1 year Domain: doubleclick.net

 

The use of Google Ads may trigger further data processing operations if necessary, which we have no influence over. If you wish to prevent your data from being shared, you can do so by rejecting Google Ads’ functions. Regardless of this, we recommend that you regularly log out of your user account after using social media, especially before activating integrated content as this helps you avoid having data assigned to your profile by the respective service provider.

According to Google, any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. You can find more information about Google’s data protection and use of data on the following website: https://policies.google.com/privacy?hl=en-US

 

g) Google Maps

We use Google Maps on our website, an online mapping service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”). This service allows us to display interactive maps on our website and allows you to use these maps. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the Google Maps service. The corresponding legal basis for this processing can be found in Article 6.1(a) of the GDPR. Please note that if you reject the use of Google Maps, you will not be able to see the map content. If you accept the use of Google Maps, Google will be notified that you have accessed the corresponding subpage on our website. Your IP address will be transferred to Google. This is a requirement so that we can provide you with the map and is done regardless of whether Google provides a user account, which you may be logged into, or not. The following information is shared with the Google server when using Google Maps:

- Device information

- IP address

- Referring URL

 

If you are logged into your Google account, you allow Google to assign your data directly to your personal profile. You can prevent this by logging out of your Google account. Google stores your data as usage profiles and uses it for advertising, market research, or other purposes. Google may also forward the data collected to another country. Please note that Google may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Google, your data may be transferred around the world. This may be for various purposes, e.g. processing or storing data. Any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. 

If you wish to prevent your data from being shared, you can do so by rejecting Google Maps’ functions. Regardless of this, we recommend that you regularly log out of your user account after using social media, especially before activating integrated content as this helps you avoid having data assigned to your profile by the respective service provider. You can find more information about Google’s use of data, settings and rejection options, as well as data protection in Google’s Privacy Policy: https://policies.google.com/privacy?hl=en-US

 

h) YouTube

We integrate YouTube videos onto our website. YouTube is a social media platform provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland (hereinafter referred to as “YouTube”). YouTube connects to Google DoubleClick’s network when you watch a video. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of YouTube’s service. The corresponding legal basis for this processing can be found in Article 6.1(a) of the GDPR. Your browser connects to the Google server when you watch a YouTube video on our website. The following information is transmitted to the YouTube server:

-Device information

-IP address

-Referring URL

-Videos viewed

 

If you are logged into your YouTube account, you allow YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. When using YouTube, this data is transferred to the following recipients:

-Alphabet Inc.

-Google LLC

-Google Ireland Limited

 

YouTube may also forward the data collected to another country. Please note that YouTube may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to YouTube, your data may be transferred around the world. This may be for various purposes, e.g. processing or storing data.

YouTube also stores various cookies on your device. YouTube uses these cookies to obtain information about our website visitors. According to YouTube, this information is used to collect video statistics, improve user experience, and prevent fraud, among other things.

The cookies may remain on your device for up to 10 years. Starting to watch a YouTube video may trigger further data processing operations if necessary, which we have no influence over.

If you wish to prevent your data from being shared, you will not be able to use the YouTube feature on our website. Regardless of this, we recommend that you regularly log out of your user account after using social media, especially before activating integrated content as this helps you avoid having data assigned to your profile by the respective service provider. According to Google, any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. You can find more information about Google’s and YouTube’s data protection and use of data on the following website: https://policies.google.com/privacy?hl=en-US




1. Functional and Web Design Services

a) jQuery

JavaScript code from jquery.com is integrated into our website to help make the website more appealing to customers. This service is provided by the JSFoundation Inc., Attn: Privacy Office, 1 Letterman Drive, San Francisco, CA 94129, USA (hereinafter referred to as “jQuery”). jQuery is a feature-rich JavaScript library that allows us to make our website more interesting for visitors. When you visit our website, animations and other files are retrieved from the jQuery server and stored in your browser’s cache on our website. When you visit our website, your browser establishes a direct connection with the jQuery.com servers. jQuery receives information that your IP address is visiting our website. In addition to this, cookies are stored on your computer that enable us to recognise you when you visit our website again. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the jQuery service. The corresponding legal basis for this processing can be found in Article 6.1(a) of the GDPR.

jQuery collects and stores usage data in pseudonymous profiles according to its own information which is stored on jQuery’s servers and protected from interference and changes by unauthorised third parties. We have no influence on the scope and further use of data collected when using jQuery. You can prevent your personal data from being processed by deleting existing cookies or generally restricting cookie storage. You can restrict the storage of cookies using your browser settings or our cookie manager when you open our website. Please note that if you turn off cookie storage, you may not be able to use the entire website.

You can find more information about jQuery’s privacy policy at: http://jquery.com/ and https://privacy-policy.openjsf.org/

 

b) MyFonts

We use the web font service from MyFonts on our website. This service is provided by the US company Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA.

When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the MyFonts service. The corresponding legal basis for this processing can be found in Article 6.1(a) of the GDPR. Once you agree to the use of MyFonts, a connection to MyFonts’ servers will be established and the corresponding font will be loaded into your browser’s cache.

MyFonts processes data in the USA, among other places. We would like to highlight that, according to the European Court of Justice, there is no adequate data protection for data transferred to the USA. This transfer may pose risks to the legality and security of data being processed there.

MyFonts uses the European Commission’s Standard Contractual Clauses (Article 46.2 and 46.3 of the GDPR) as the basis for processing data for recipients in third party countries (outside of the European Union, Iceland, Liechtenstein, Norway and the USA) or the transfer of data to these countries. These clauses mean that MyFonts is obliged to comply with a certain level of EU data protection regulations when processing relevant data outside of the EU. These clauses are based on the European Commission’s decision to implement them. You will find the clauses, among other things, here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

You can find more information about data processed by MyFonts in their privacy policy: https://www.monotype.com/legal/privacy-policy

 

c) Cloudflare CDN

We use the Content Delivery Network, provided by Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331, Munich, Germany (hereinafter “Cloudflare”), to increase the security and delivery speed of content on our website. Cloudflare uses cookies and processes user data. Cloudflare offers a Content Delivery Network, along with various security services. A Content Delivery Network (also known as a “CDN”) is a network of interconnected servers that are distributed globally. This helps web pages load faster.

When you visit our website, a load balancer ensures that most of our website is delivered to you by the server that can display this content the fastest. A CDN shortens the length of data transmission to your browser significantly, thus speeding up the website’s loading time.

Cloudflare also provides various security services, such as DDoS protection or a web application firewall. This includes a reverse proxy and the content delivery network.

Cloudflare blocks threats, bots, and crawlers that misuse and waste our bandwidth and server resources. Cloudflare helps us reduce our bandwidth usage by approximately 60% by storing our website in local data centres and blocking spam. In addition to this, it reduces the average page loading time by approximately 50%. Cloudflare states that the “I’m under attack” setting can be used to mitigate further attacks by displaying a JavaScript calculation task that the visitor has to solve before they can access the website.

Using Cloudflare ensures our website is more powerful and less susceptible to spam or attacks. The legal basis for this type of processing is our legitimate interest to optimise and increase the security of our website, in accordance with Article 6.1(f) of the GDPR.

Please note that Cloudflare may transfer data outside of the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. According to Cloudflare, your data may be transferred to the countries listed below. This may be for various purposes, e.g. processing or saving data:

- USA

Generally speaking, Cloudflare stores processed user data for less than 24 hours, with a maximum storage time of seven days. However, if an IP address triggers a security warning to Cloudflare, the aforementioned storage time may vary. According to Cloudflare, data is stored anonymously and no personal data is stored. You can prevent Cloudflare from collecting and processing your data by disabling the script code in your browser or by using a script blocker in your browser. According to Cloudflare, any data transferred to the USA is done in compliance with the provisions of the EU Commission’s Standard Data Protection clauses. You can find more information about Cloudflare’s data protection and use of data on the following website: https://www.cloudflare.com/de-de/privacypolicy/?tid=331669194442

 

d) Usercentrics Consent Management Platform

We use the Usercentrics Consent Management Platform (hereinafter “Usercentrics”) provided by Usercentrics GmbH, Rosental 4, 80331, Munich, Germany. Usercentrics collects log file data and consent data using JavaScript. JavaScript allows us to inform the user about their consent to certain cookies and other technologies on our website. It allows us to collect, manage, and document them.

The legal basis for this can be found in Article 6.1(c) of the GDPR. Its aim is to understand user preferences and behave accordingly.

The data will be deleted as soon as we no longer need it for our logging. The cookie lasts for 60 days. Consent data must be stored for six years, in accordance with §257 of the German Commercial Code. A withdrawal certificate of previously granted consent shall be stored for three years. This storage is based on our accountability, in accordance with Article 5.2 of the GDPR. This requires us to comply with the processing of personal data in accordance with the General Data Protection Regulation.

The storage period within the regular limitation period is three years, in accordance with §195 of the German Civil Code.

You can permanently stop JavaScript from running at any time by changing the appropriate settings in your browser. This would also prevent Usercentrics from running JavaScript.

You can find more information about Usercentrics’ data protection on the following website: https://usercentrics.com/privacy-policy/

 

2. Marketing Services

 

a) Meta Pixel

We use a Visitor Action Pixel, provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”) to identify user behaviour on our website. This conversion tool allows us to track your actions after you have seen or clicked a Facebook ad. It is used to monitor and analyse the effectiveness of our Facebook ads for statistical and market research purposes. You’ll find a list of all the (personal) data collected when using this service below:

 

-Viewed ads

-Viewed content

-Device information

-Geographic location

-HTTP header

-Interaction with ads, services, and products

-IP address

-Elements clicked

-Marketing information

-Non-confidential user-defined data

-Pages visited

-Pixel ID

-Referring URL

-Marketing campaign success

-Usage data

-User behaviour

-Facebook cookie information

-Facebook user ID

-Usage/click behaviour

-Browser information

 

 

This data is also stored and processed by Facebook, although it can only be recognised in its anonymised form. We do not know exactly what Facebook does with this data; however, we assume that Facebook can and will connect this data to your Facebook account. Facebook may use this information for advertising, market research and the needs-based design of Facebook pages. To do so, Facebook and its partners create usage, interest and relationship profiles to, for example, assess how you use our website in regard to ads displayed on Facebook, inform other Facebook users about your activity on our website, and provide other services related to using Facebook. To do so, Facebook uses various methods to store information on a user’s device, listed as follows:

 

Name: _fbp

Description: Facebook cookie used for website analytics, ad targeting, and measuring ads. 

Type: Cookie

Storage time: 1 year Domain: facebook.com

 

Name: act

Description: Facebook cookie used for website analytics, ad targeting, and measuring ads. 

Type: Cookie

Storage time: 1 year Domain: facebook.com

 

Name: c_user

Description: Facebook cookie used for website analytics, ad targeting, and measuring ads. 

Type: Cookie

Storage time: 1 year Domain: facebook.com

 

Name: datr

Description: Facebook cookie used for website analytics, ad targeting, and measuring ads. 

Type: Cookie

Storage time: 1 year Domain: facebook.com

 

Name: fr

Description: Facebook cookie used for website analytics, ad targeting, and measuring ads.

Type: Cookie

Storage time: 1 year Domain: facebook.com

 

Name: m_pixel_ration

Description: Facebook cookie used for website analytics, ad targeting, and measuring ads. 

Type: Cookie

Storage time: 1 year Domain: facebook.com

 

Name: pl

Description: Facebook cookie used for website analytics, ad targeting, and measuring ads. 

Type: Cookie

Storage time: 1 year Domain: facebook.com

 

Name: presence

Description: Facebook cookie used for website analytics, ad targeting, and measuring ads. 

Type: Cookie

Storage time: 1 year Domain: facebook.com

 

Name: sb

Description: Facebook cookie used for website analytics, ad targeting, and measuring ads. 

Type: Cookie

Storage time: 1 year Domain: facebook.com

 

Name: spin

Description: Facebook cookie used for website analytics, ad targeting, and measuring ads. 

Type: Cookie

Storage time: 1 year Domain: facebook.com

 

Name: wd

Description: Facebook cookie used for website analytics, ad targeting, and measuring ads. 

Type: Cookie

Storage time: 1 year Domain: facebook.com

 

Name: xs

Description: Facebook cookie used for website analytics, ad targeting, and measuring ads. 

Type: Cookie

Storage time: 1 year Domain: facebook.com

 

Facebook may transfer data collected to another country. Please note that Facebook may transfer data outside of the European Union ad European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. Your data may be transferred to the countries listed below. This may be for various purposes, e.g. processing or saving data:

-Singapore

-United Kingdom

-United States of America

 

The purpose and scope of data collected by Facebook and the further processing and use of this data, as well as your rights and settings options related to protecting your privacy, can be found in Facebook’s privacy policy. You can find this policy on the following website: https://www.facebook.com/privacy/policy/

You can find more information about Facebook’s cookies here: https://www.facebook.com/policies/cookies

 

b) Bing Ads Retargeting

This website uses Bing Ads with a retargeting function to optimise advertising activities and deliver ads. Bing Ads is a service provided by the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter “Microsoft”). To use this service, a cookie will be set on your device, provided that you have accessed our website via a Microsoft Bing ad. This allows us and Microsoft to see that someone clicked an ad, which directed them to our website, and they reached a designated landing page (conversion site). We only know the total number of users who clicked this Bing ad and were then redirected to our website. Microsoft uses cookies to process information which uses pseudonyms to create usage profiles. These usage profiles are used to analyse visitor behaviour and display ads. When you visit this website, you will be asked to set your privacy settings.

You can agree to or reject the use of the Bing Ads service. The corresponding legal basis for this processing can be found in Article 6.1(a) of the GDPR. You may provide your consent voluntarily and it can be revoked at any time. Once you agree to the use of Bing Ads on our website, the following (personal) data may be transferred to and processed by Microsoft:

 

-Browser language

-Cookie information

-Digital signature

-IP address

-Microsoft click ID

-Page title

-Referring URL

-Screen resolution

-URL

-UET

-Event information

-Page loading time

 

Bing Ads may also forward data collected to another country. Please note that this service may transfer data outside of the European Union and European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, your data may be at risk of being processed by US authorities for control and monitoring purposes without you being able to legally remedy this. You may not even be notified about this processing. Your data may be transferred to the countries listed below. This may be for various purposes, e.g. processing or storing data:

-Worldwide

In addition to this, Bing Ads uses various means to store information on a user’s device.

 

Name: _uetsid

Description: This is a tracking cookie that is used for targeted advertising. Type: Cookie

Storage time: 30 minutes

 

Name: MUID

Description: This is a user identifier tracking cookie to help count valid clicks for targeted advertising. Type: Cookie

Storage time: 1 year, 25 days

 

Name: MUIDB

Description: This is a user identifier tracking cookie used by Microsoft Bing Ads, which is used for targeted advertising.

Type: Cookie

Storage time: 1 year, 25 days

 

Name: _uetvid

Description: This is used to track visitors on multiple websites so that relevant ads can be displayed based on the visitor’s preferences.

Type: Cookie

Storage time: 16 days

 

You can find more information about Microsoft and Bing Ads’ data protection policy and cookies on the following website: https://privacy.microsoft.com/en-gb/privacystatement



c) Klaviyo

We use Klaviyo on our website, an email marketing service. This service is provided by the company Klaviyo, 125 Summer St, Boston, MA 02110, USA. If you’d like to receive our newsletter, we need your email address and information that allows us to verify that you own the email address you provide and that you agree to receive the newsletter. We use the double-opt-in procedure to ensure that the newsletter is sent in a consensual manner. In the course of this, the potential recipient can be added to a distribution list. The user is subsequently given the opportunity to confirm their registration in a legally secure manner by means of a confirmation email. Your address is only actively included in our distribution list if confirmation is given. Please note that Klaviyo also processes your personal data in the USA.

We would like to highlight that, according to the European Court of Justice, there is no adequate data protection for data transferred to the USA. This transfer may pose risks to the legality and security of data being processed there. The corresponding legal basis for this processing is found in Article 6.1(a) of the GDPR. 

Klaviyo uses the European Commission’s Standard Contractual Clauses (Article 46.2 and 46.3 of the GDPR) as the basis for processing data for recipients in third party countries (outside of the European Union, Iceland, Liechtenstein, Norway and the USA) or the transfer of data to these countries. The Standard Contractual Clauses (SCCs) are templates provided by the European Commission to ensure that your data is processed in accordance with European data protection standards even if it is transferred to and stored in a third party country, such as the USA. These clauses mean that Klaviyo is obliged to comply with a certain level of EU data protection regulations when processing relevant data outside of the EU. You can find more information about Klaviyo’s data processing procedures in their privacy policy: https://www.klaviyo.com/legal/privacy/privacy-notice



d) Hotjar

This website uses Hotjar, a web analytics service provided by Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta (hereinafter referred to as “Hotjar”). Hotjar uses cookies, small text files that are stored locally in the browser’s cache on your device and allow your use of our website to be analysed, as well as a tracking code, among other things. Hotjar’s cookies are stored on your device for different periods of time, in some cases only for the duration of your visit, in other cases for 365 days. When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of Hotjar’s services. The corresponding legal basis for this processing can be found in Article 6.1(a) of the GDPR. Once you agree to the use of Hotjar on our website, a connection to Hotjar’s servers will be established. The following personal data will be processed:

Data collected by your end device and web browser, depending on your device:

-IP address of your end device (collected and stored anonymously)

-Email address, including your first name and surname, as you provided us with via our website

-Your device’s screen size

-Device type and browser information

-Geographical data (country only)

-Language used to display our website

-User interactions

-Mouse commands (movement, position, and clicks)

-Keystrokes

 

Log data that is automatically used by our server when using Hotjar:

-Referring domain

-Websites visited

-Geographical data (country only)

-Language used to display our website

-Access date and time

 

Hotjar uses this information to analyse the way you use our website, create reports about its use, and provide other related services with the analysis of our website. Hotjar uses various methods to store information on your device, listed below:

 

Name: _hjClosedSurveyInvites

Description: A Hotjar cookie which is set when a visitor interacts with a link survey modal. It is used to ensure the same invitation does not reappear if it has already been shown.

Type: Cookie

Storage time: 1 year

 

Name: _hjDonePolls

Description: A Hotjar cookie which is set when a visitor completes a survey using the on-site survey widget. It is used to ensure the same survey does not reappear if it has already been completed.

Type: Cookie

Storage time: 1 year

 

Name: _hjMinimizedPolls

Description: A Hotjar cookie which is set when a visitor minimises an on-site survey. It is used to ensure the survey stays minimised as the visitor navigates our website.

Type: Cookie

Storage time: 1 year

 

Name: _hjShownFeedbackMessage

Description: A Hotjar cookie which is set when a visitor minimises or completes feedback. It is used to ensure the feedback widget will load as minimised if the user navigates to another page where it is set to show.

Type: Cookie

Storage time: 1 year

 

Name: _hjid

Description: A Hotjar cookie that is set when the customer first lands on a page using Hotjar script. It is used to maintain the Hotjar user ID, which is unique to this site in the browser. This ensures behaviour is assigned to the same user ID for subsequent visits to the same site.

Type: Cookie

Storage time: 1 year

 

Name: _hjTLDTest

Description: When the Hotjar script is executed we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). In order to determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. The cookie is removed after this check.

Type: Cookie

Storage time: Session

 

Name: _hjUserAttributesHash

Description: User attributes sent via the Hotjar Identify API are cached for the duration of the session to determine when an attribute has changed and needs to be updated.

Type: Cookie

Storage time: Session

 

Name: _hjCachedUserAttributes

Description: This cookie stores user attributes that are sent via the Hotjar Identify API if the user is not in the example. These attributes are only saved when the user interacts with a Hotjar feedback tool.

Type: Cookie

Storage time: Session

 

Name: _hjLocalStorageTest

Description: This cookie checks if the Hotjar Tracking Code can use local storage. If it can, a value of 1 is set for the cookie. Data stored in _hjLocalStorageTes has no expiration time but is deleted almost immediately after it is created.

Type: Cookie

Storage time: Session

 

Name: _hjIncludedInPageviewSample

Description: This cookie informs Hotjar whether the user is included in the data sampling defined by the website’s pageview limit.

Type: Cookie

Storage time: 30 minutes

 

Name: _hjIncludedInSessionSample

Description: This cookie informs Hotjar whether the user is included in the data sampling defined by the site’s daily session limit.

Type: Cookie

Storage time: 30 minutes

 

Name: _hjAbsoluteSessionInProgress

Description: This cookie is used to detect the first pageview session of a user. This is a boolean true/false cookie.

Type: Cookie

Storage time: 30 minutes

 

Name: _hjFirstSeen

Description: This cookie identifies a new user’s first session. It stores a true/false value indicating whether Hotjar saw this user for the first time. It is used by recording filters to identify new user sessions.

Type: Cookie

Storage time: Session

 

Name: hjViewportId

Description: This cookie stores user viewpoint details such as size and dimensions.

Type: Cookie

Storage time: Session

 

Name: _hjRecordingEnabled

Description: This is set when a recording starts and is read when the recording module is initialised to see if the user is already in a recording in a particular session.

Type: Cookie

Storage time: Session

 

You can find more information about Hotjar’s privacy policy here: https://help.hotjar.com/hc/en-us/articles/115011639887-Data-Safety-Privacy-Security



3. Online Shop

 

a) Customer Account

You can create a customer account with us. Doing so means that you can use the “quick checkout” function during your next order or view your orders. You are not obliged to create a customer account with us and you can also order products without creating a customer account. The corresponding legal basis for creating a customer account can be found in Article 6.1(a) of the GDPR.  If you wish to delete a customer account you have created, please send a message to: info@gusti-leather.co.uk

We require some personal data to create your customer account. The mandatory information has been marked with an asterisk. The only mandatory information we collect is your email address and a password, chosen by you. You are not obliged to provide us with any more personal data. However, if we do not have this information (e.g. Your address), we cannot ship your order to you. We require your address so that we can pass it on to the shipping company we use to send your order to you. The legal basis for this processing can be found in Article 6.1(b) of the GDPR.

 

b) PayPal / Check Out with PayPal

We offer PayPal as a payment method on our website. This payment service is provided by PayPal (Europe), S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”). PayPal is an online payment service provider. Payments are processed via PayPal accounts, which are virtual personal or business accounts. PayPal also provides you with the possibility to process virtual payments made using a credit card if you do not have a PayPal account. PayPal accounts are maintained using your email address, rather than an account number. PayPal allows you to make online payments to third parties or receive payments. PayPal also assumes fiduciary functions and provides buyer protection services. PayPal continues to have the status of a bank in some countries and may be subject to different or extended legislation.

If you select PayPal as your payment method when placing an order in our online shop, data will be automatically transferred to PayPal. Data is required to fulfil the contract and to process the payment via PayPal. When you select this payment method, you are giving consent for your personal data, required to process the payment, to be transferred to PayPal. The corresponding legal basis for your consent can be found in Article 6.1(a) of the GDPR. The personal data that is transferred to PayPal usually includes: your first name, surname, postal address, email address, IP address, telephone number, mobile phone number, and any other data required to process the payment. Personal data related to the respective order, such as your billing address, is required in order to execute the purchase agreement. If you check out directly from the shopping cart using PayPal, PayPal will provide us with the personal data recorded in your PayPal account. We require this personal data so that we can send you your items. This usually includes the following information: surname/first name, postal address, telephone number, email address. However, the exact scope depends on how your PayPal account is configured.

The purpose of transferring this data is to process the payment and prevent fraud. Personal data transferred to PayPal may be transferred to credit agencies by PayPal. The purpose of doing so is to verify your identity and conduct a credit check. PayPal may transfer personal data to affiliated companies and service providers or subcontractors if required in order to fulfil contractual obligations or if the data is being processed on behalf of PayPal. You may revoke your consent for PayPal to use your personal data at any time. Revoking your consent does not affect the personal data that must be processed, used or transmitted to (contractually) process the payment. The legal basis for this processing can be found in Articles 6.1(a) and 6.1(b) of the GDPR. You can find more information about PayPal’s data processing policy and privacy policy via the following link: https://www.paypal.com/uk/legalhub/privacy-full?locale.x=en_US

 

c) Amazon Payments

We offer Amazon Payments as a payment method on our website. This payment service is provided by the United States company Amazon.com Inc. in Europe, Amazon Payments Europe S.C.A. (38 Avenue J.F. Kennedy, L-1855 Luxembourg, hereinafter “Amazon”).

If you select Amazon Payments as your payment method when placing an order in our online shop, data will be automatically transferred to Amazon. Data is required to fulfil the contract and to process the payment via Amazon Payments. When you select this payment method, you are giving consent for your personal data, required to process the payment, to be transferred to Amazon. The corresponding legal basis for your consent can be found in Article 6.1(a) of the GDPR. The personal data that is transferred to Amazon usually includes: your first name, surname, postal address, email address, IP address, telephone number, mobile phone number, and any other data required to process the payment. Personal data related to the respective order, such as your billing address, is required in order to execute the purchase agreement. If you check out directly from the shopping cart using Amazon Payments, Amazon Payments will provide us with the personal data recorded in your Amazon account. We require this personal data so that we can send you your items. This usually includes the following information: surname/first name, postal address, telephone number, email address. However, the exact scope depends on how your Amazon Payments account is configured.

Amazon processes your data and may do so in the United States. We would like to highlight that, according to the European Court of Justice, there is no adequate data protection for data transferred to the USA. This transfer may pose risks to the legality and security of data being processed there.

Amazon uses the European Commission’s Standard Contractual Clauses (Article 46.2 and 46.3 of the GDPR) as the basis for processing data for recipients in third party countries (outside of the European Union, Iceland, Liechtenstein, Norway and the USA) or the transfer of data to these countries.

The Standard Contractual Clauses (SCCs) are templates provided by the European Commission created to ensure that your data is processed in accordance with European data protection standards even if it is transferred to and stored in a third party country, such as the USA. These clauses mean that Amazon is obliged to comply with a certain level of EU data protection regulations when processing relevant data outside of the EU. These clauses are based on the European Commission’s decision to implement them. You will find the clauses, among other things, here: https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847

The Amazon Data Processing Addendum (AWS DATA PROCESSING ADDENDUM), which complies with the Standard Contractual Clauses, can be accessed via the following link: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

You can find more information about how Amazon Payment processes your data in their privacy policy, available at: https://pay.amazon.eu/help/201212490

 

d) Apple Pay

We offer Apple Pay as a payment method on our website. This payment service is provided by the United States company Apple Inc., Infinite Loop, Cupertino, CA 95014, USA (hereinafter “Apple”).

If you select Apple Pay as your payment method when placing an order in our online shop, data will be automatically transferred to Apple. Data is required to fulfil the contract and to process the payment via Apple Pay. When you select this payment method, you are giving consent for your personal data, required to process the payment, to be transferred to Apple Pay. The corresponding legal basis for your consent can be found in Article 6.1(a) of the GDPR. The personal data that is transferred to Apple usually includes: your first name, surname, postal address, email address, IP address, telephone number, mobile phone number, and any other data required to process the payment. Personal data related to the respective order, such as your billing address, is required in order to execute the purchase agreement. If you check out directly from the shopping cart using Apple Pay, Apple Pay will provide us with the personal data recorded in your Apple Pay account. We require this personal data so that we can send you your items. This usually includes the following information: surname/first name, postal address, telephone number, email address. However, the exact scope depends on how your Apple Pay account is configured.

Apple processes your data and may do so in the United States. We would like to highlight that, according to the European Court of Justice, there is no adequate data protection for data transferred to the USA. This transfer may pose risks to the legality and security of data being processed there. Apple uses the European Commission’s Standard Contractual Clauses (Article 46.2 and 46.3 of the GDPR) as the basis for processing data for recipients in third party countries (outside of the European Union, Iceland, Liechtenstein, Norway and the USA) or the transfer of data to these countries. These clauses mean that Apple is obliged to comply with a certain level of EU data protection regulations when processing relevant data outside of the EU. These clauses are based on the European Commission’s decision to implement them. You will find the clauses, among other things, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de

You can find more information about how Apple Pay processes your data in their privacy policy, available at: https://www.apple.com/legal/privacy/en-ww/

 

e) Other Payment Methods

In addition to PayPal, Apple Pay, and Amazon Payments, you may also use the following payments on our websites: prepayments, direct debit, credit card (Mastercard, VISA, American Express, Amazon Payments, Apple Pay), via invoice, or bank transfer. We reserve the right to carry out a credit check prior to the use of some payment methods (e.g. when paying via invoice). By selecting the respective payment method, you are giving consent for your personal data, required to process your payment, to be transferred. The corresponding legal basis for this processing can be found in Articles 6.1(a) and 6.1(b) of the GDPR. The personal data that is transferred usually includes: your first name, surname, postal address, email address, IP address, telephone number, mobile phone number, and any other data required to process the payment. Personal data related to the respective order, such as your billing address, is required in order to execute the purchase agreement.

 

f) Trusted Shops

We use Trusted Shops, a rating and review platform, on our website. This service is provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany.

We use Trusted Shops to display Trusted Shops services (e.g. Trustmark badge, reviews we have collected) and encourage customers to share their experience with others after they have placed an order, among other things. Trusted Shops widgets are integrated on our website for these purposes.

When you visit this website, you will be asked to set your privacy settings. You can agree to or reject the use of the Trusted Shop service. The corresponding legal basis for this processing can be found in Article 6.1(a) of the GDPR. As a company, we have a legitimate interest in ensuring that our shop’s authenticity and security can be clearly recognised by potential customers. This allows us to demonstrate that we are a legitimate shop. The corresponding legal basis for the use of Trusted Shops can be found in Article 6.1(f) of the GDPR.

When calling up the Trustmark badge, the web server automatically saves a server log file, which contains your IP address, data and time of access, the amount of data transferred and requesting provider (access data) and documents the access. Your IP address is anonymised as soon as it is collected so that stored data cannot be assigned to you. Anonymised data is used for statistical purposes and error analysis.

Once you have completed your order, your email address, which has been encrypted using a one-way cryptological function, is transmitted to Trusted Shops GmbH. This checks whether you have already registered with Trusted Shops GmbH and is required for the fulfilment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional evaluation services pursuant to Article 6.1.1(f) of the GDPR. If this is the case, further processing will take place in accordance with the agreement contract established between you and Trusted Shops. If you are not yet registered for these services, you will be given the opportunity to register. Further processing that takes place once you have registered is governed by your agreement contract with Trusted Shops GmbH. If you do not register, all data transferred will be automatically deleted by Trusted Shops GmbH and a personal reference is no longer possible.

You can find more information about the data processed when you use Trusted Shops in their privacy policy: https://www.trustedshops.co.uk/imprint/

 

4. Withdrawal of Consent

If you have previously given us consent under data protection law to use your data for certain purposes or services, you may withdraw this consent at any time with effect for the future. To do so, please send a message to the following address:

Gusti Leder GmbH

Erich-Schlesinger-Straße 62,

18059 Rostock, Germany

Telephone No.: +49 (0) 381 / 799 90031

Email: info@gusti-leather.co.uk

 

5. Your Rights as a Data Subject

As a data subject, you have various rights in regard to your personal data. We, the data controller, have taken the appropriate measures to ensure that you, the data subject, have access to all information, in accordance with Articles 13 and 14 of the GDPR, and all communication, in accordance with Articles 15 to 22 and Article 34 of the GDPR, which relate to the processing in a precise, clear, transparent manner that uses simple language, in particular for the information specifically aimed at children. The information shall be transferred in writing or any other form, including electronically, where appropriate. We may also provide you with this information orally, if requested, provided that we are able to verify your identity as the data subject in another way.

You have the right to, at any time, provide written or electronic information about the data stored about you and its origin, the recipient(s) the data is transferred to, and request information about the purpose of its storage. In addition to this, you have the right to request that incorrect data is corrected and, if the legal requirements are met, your data is deleted or erased. Please send a letter to the address below in order to exercise this right:

Gusti Leder GmbH

Erich-Schlesinger-Straße 62,

18059 Rostock, Germany

Telephone No.: +49 (0) 381 / 799 90031

Email: info@gusti-leather.co.uk

 

You have the following explicit rights:

 

5.1 Right to Confirmation and Information

You may request confirmation from us about whether we are processing your personal data.

If we process your data, you may request the following information from us: 

a)The purpose for which your personal data is being processed;
b)The types of personal data that are being processed;
c)The recipients or types of recipients your personal data has been, or is still being, disclosed to;
d)The time period in which we intend to store your personal data or the criteria for determining this storage period if specific information is not available;
e)The existence of your right to correct or delete your personal data, your right to restrict our processing of your data, or your right to object to such processing;
f)The existence of your right to appeal to a supervisory authority;
g)All information that is available about the origin of the data, if this personal data has not been collected from the data subject;
h)The existence of an automated decision-making process including profiling in accordance with Articles 22.1 and 22.4 of the GDPR and—at least in these cases—meaningful information about the logic involved and scope and intended effects of such processing for the data subject.

You also have the right to request information about whether your personal data has been transferred to a third country or an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

 

5.2 Right to Rectification

You have the right to rectify and/or amend your personal data if it is incorrect or incomplete. We are obliged to correct this immediately.

 

5.3 Right to Restriction of Processing

You may request that the processing of your personal data is restricted where one of the following conditions applies:

a) If you contest the accuracy of the personal data for a period of time that enables us to verify the accuracy of the personal data;

b) If the processing is unlawful and you oppose the erasure of your personal data and request the restriction of its use instead;

c) If we no longer need the personal data for the purposes of processing, but require it to establish, exercise or defend legal claims;

d) If you object to processing pursuant to Article 21.1 of the GDPR pending the verification of whether our legitimate reasons override your own.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If data processing has been restricted in accordance with the provisions above, we shall inform you before the restriction of processing is lifted.

 

5.4 Right to Erasure

a.) Obligation to erase

You may request that we erase your personal data and we are obliged to do so immediately if one of the following reasons applies:

I. Your personal data is no longer required for the purposes for which it was collected or otherwise processed.

II. You withdraw your consent on which the processing is based according to Article 6.1(a) or Article 9.2(a) of the GDPR, and where there is no other legal basis for the processing.

III. You object to the processing pursuant to Article 21.1 of the GDPR and there are no overriding legitimate reasons for the processing if you object to the processing pursuant to Article 21.2 of the GDPR.

IV. Your personal data has been unlawfully processed.

V. Your personal data has to be erased in order to comply with a legal obligation in Union or Member State law to which we are subject.

VI. Your personal data has been collected in relation to the offer of information society services referred to in Article 8.1 of the GDPR.

 

b.) Information provided to third parties

If we have made your personal data public, we are obliged to erase the personal data, pursuant to Article 17.1 of the GDPR. Taking account of available technology and the cost of implementation, we shall take reasonable steps, including technical measures, to inform controllers processing your personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.

 

c.) Exceptions

The right to erasure shall not apply to the extent that the processing is necessary to exercise the right of freedom of expression and information;

I.to comply with a legal obligation which requires processing by Union or Member State law to which we are subject or to perform a task undertaken in the public interest or in the exercise of official authority vested in us;

II.for reasons of public interest in the area of public health in accordance with Article 9.2(h) and 9.2(i) as well as Article 9.3 of the GDPR;

III.for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to this section is likely to render impossible or seriously impair the achievement of the objectives of processing, or

IV.for the establishment, exercise or defence of legal claims.

 

5.5 Right to be Informed

If you exercise your right to rectify, erase or restrict the processing of your data, we must notify all recipients of your personal data of this rectification or erasure of your data or the restriction of its processing, unless this proves impossible or involves a disproportional effort.

You have the right to be informed about these recipients.

 

5.6 Right to Data Portability

You have the right to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us provided, where:

a.) The processing is based on consent pursuant to Article 6.1(a) or Article 9.2(a) of the GDPR or on a contract pursuant to Article 6.1(b) of the GDPR and

b.) The processing is carried out by automated means.

In exercising this right, you also have the right to have your personal data transmitted directly from us to another controller, where technically feasible. This must not affect the freedoms and rights of other individuals.

The right to data portability does not apply to the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

 

5.7 Right to Object

You have the right to object, on grounds related to your particular situation, at any time to the processing of your personal data, based on Article 6.1(e) of the GDPR, including profiling based on those provisions.

We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as the data subject or for the establishment, exercise or defence of legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

 

5.8 Right to Withdraw Consent under Data Protection Law

You have the right to withdraw your consent at any time under data protection law. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

5.9 Automated Individual Decision-Making, including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern you or significantly affect you. This shall not apply if the decision:

a.) Is necessary for entering into, or the performance of, a contract between you and us;

b.) Is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

c.) Is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in Article 9.1 of the GDPR, unless Article 9.2(a) or 9.2(g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in points (a) and (c), we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests.

 

5.10 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State you reside in, place of your or place of the alleged infringement if you consider the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

 

6. Email Advertising

If you have subscribed separately to our newsletter, your email address will be used for the sole purpose of sending you advertising until you unsubscribe from the newsletter. You can unsubscribe at any time without incurring any costs other than the transmission costs based on your access provider’s basic tariffs. You can unsubscribe at any time via the newsletter or via email: info@gusti-leather.co.uk

 

7. Further Information

If you have any further questions about or suggestions for our protection of data, or if you would like information about your data, or would like to delete or correct your data, please send an email or letter to:

Gusti Leder GmbH

Erich-Schlesinger-Straße 62,

18059 Rostock, Germany

Telephone No.: +49 (0) 381 / 799 90031

Email: info@gusti-leather.co.uk

Rostock, Germany

December 2022

Viewed
gusti-leather.co.uk Reviews with ekomi.co.uk