Data protection declaration

Welcome to our website. Below you will find our data protection declaration:

Contents:

I. General information

1. Contact details of the person responsible
2. Contact data of our data protection officer

II. Specific information regarding the processing of personal data

1. Visiting our website
2. Cookies
3. Execution of contracts
4. Contact form, e-mail, fax or telephone contact
5. Customer account
6. Live-Help/Chat
7. Aircall
8. Direct Marketing
9. Newsletter
10. YouTube
11. Blog
12. Google Ads
13. Microsoft Bing Ads
14. Twitter Ads
15. TikTok Pixel
16. Adobe Fonts
17. Google Analytics
18. SurveyMonkey
19. Visual Website Optimizer (VWO)
20. Facebook-, Instagram-, YouTube-, Twitter-, Google+ Buttons
21. Facebook-Tracking
22. Cloudflare
23. Single Sign-On and Payment-Services
24. Mixpanel
25. Customer support tools
26. Pinterest
27. Outbrain
28. Taboola
29. truephone
30. WhatsApp Communication
31. Using the order and reservation functions of resmio
32. e-bot7
33. statuspage.io
34. Collection of further data in individual cases

III. Rights of the data subject

1. Right to information according to Art. 15 GDPR
2. Right to correction in accordance with Art. 16 GDPR
3. The right to cancellation in accordance with Art. 17 GDPR
4. Right to limitation of processing in accordance with Art. 18 GDPR
5. Right to information in accordance with Art. 19 GDPR
6. Right to Data Transferability Art. 20 GDPR
7. Right of objection according to Art. 21 GDPR
8. Automated decisions in individual cases incl. profiling according to Art. 22 GDPR
9. Right of appeal to a supervisory authority pursuant to Art. 77 GDPR
10. Right to an effective judicial remedy under Article 79 of the GDPR

General information

I. Contact details of the person responsible

Name: orderbird GmbH
Str.: Ritterstraße 12, Aufg. 3
Postcode, City: 10969 Berlin
Phone: 030 208 983 099
Fax.: 0321 214 681 89
Email: [email protected]

II. Contact data of our data protection officer

Protectra GmbH
Lerchenweg 3
DE-40789 Monheim am Rhein
Germany
Tel.: +49 2173 9930310‬
Email: [email protected]
Website: www.protectra.de

II. Specific information regarding the processing of personal data

1. Visiting our website

a) Purpose of data processing

Every time a user accesses a page of our website and every time a file stored on the website is accessed, access data about this process is stored in a log file. Each data record consists of:

(1) the page from which the file was requested,
(2) the name of the file,
(3) the date and time of the request,
(4) the amount of data transferred,
(5) the access status (file transferred, file not found, etc.),
(6) a description of the type of operating system and web browser used,
(7) referrer URL,
(8) Host name of the accessing computer,
(9) the client IP address.

We use this data to operate our website, in particular to determine the utilization of the website as well as malfunctions of the website and to make adjustments or improvements. The client IP address is used for the purpose of transmitting the requested data; it will be made anonymous by deleting the last digit block (Ipv4) or the last octet (Ipv6) once the technical requirement no longer applies.

b) Duration of storage

The data is stored each time a user accesses a page of our website and each time our website is accessed and is deleted as soon as it is no longer required for the purpose of collection, which is the case at the latest three months after the website visit.

c) Legal basis

The temporary storage of the aforementioned data is carried out on the legal basis of Art. 6 para. 1 letter f of the General Data Protection Regulation (hereinafter "GDPR"). The legitimate interest lies in the provision of our website and the examination of misuse.

d) Possibility of objection and elimination

By refraining from using our website, the data subject may object to the processing and, subject to the conditions described in more detail in the "Rights" section below, request the deletion of data collected with regard to him by means of an informal request.

2. Cookies

a) Purpose of data processing

In order to make a visit to our website and the order process technically possible, we transfer so-called cookies to the end device of the person concerned. Cookies are small text files that can be used to identify the end device of the person concerned, usually by collecting the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier. By storing the cookie on the device used - without interfering with the operating system - it is recognized again and enables us to make any settings available immediately. We use this information to adapt our website and services offered to your needs and to accelerate the access to our website.

b) Duration of storage

The storage period of the various cookies varies, but does not exceed two years. They are stored on your local device, not on our server, so the actual deletion time depends on how your browser software is configured. Please refer to the operating instructions of your browser software to find out how you can delete cookies set by us on specific occasions or automatically.

c) Legal basis

The storage of the aforementioned data is based on Art. 6 para. 1 lit. f GDPR. The legitimate interest for the setting of cookies is on the one hand to be able to optimize the quality of our website through an analysis of user behaviour and on the other hand to enable the visit of our website; in particular, some functions on our website cannot be used without cookies, because otherwise the user and his settings already made would not be recognized when changing pages, language settings would be lost and searches could not be executed. Furthermore, the data is stored on the legal basis of Art. 6 para. 1 lit. b GDPR for the execution of possible contracts with the visitor.

d) Possibility of objection and elimination

The person concerned can block the use of cookies in the terminal device used or delete them after use. Under certain circumstances, however, individual functions of our website may not be usable. How cookies can be blocked and cookies that have already been saved can be deleted is detailed in the instructions of your browser software.

3. Execution of contracts

a) Purpose of data processing

Name, address, bank details, e-mail address, telephone number and the client IP address at the time of placing a customer order are collected, stored and processed for the purpose of establishing or executing a contract with the visitor, which includes in particular the billing and processing of the contract. The personal data will only be passed on to third parties if this is necessary for the execution of the contract, for example when commissioning a mail order company or using a payment service provider.

b) Duration of storage

The data will be deleted as soon as they are no longer necessary for the purposes for which they were collected or otherwise processed. This period is six years for personal data subject to § 147 AO (Abgabenordnung, German Fiscal Code) and ten years for personal data subject to § 257 HGB (Handelsgesetzbuch, German Commercial Code). The periods begin at the end of the calendar year in which the data was collected.

c) Legal basis

The aforementioned data is stored on the legal basis of Art. 6 para. 1 lit. b and lit. c GDPR in order to fulfil the obligations arising from contracts and to provide the services required for the execution of the contract.

d) Possibility of objection and elimination

Since we are bound by statutory retention periods and the data must be stored and processed for contract execution, an objection or deletion is not possible.

4. Contact form, e-mail, fax or telephone contact

a) Purpose of data processing

A contact form is available on the website. The person concerned can contact us electronically and we can process the request. The following data is collected and stored: name, address, e-mail address, telephone number, date and time of the request and the description of the request. A user can contact us by e-mail, fax or telephone. We store the data transmitted to us and provided by the person concerned for processing the request. These data are name, address, e-mail address, telephone and/or fax number, date and time of the inquiry and the description of the request, if necessary contract data, if the inquiry takes place in the context of a contract admission or - completion. The data will not be passed on to third parties. They are used to process the contact request of the person concerned.

b) Duration of storage

As soon as the data is no longer necessary to achieve its purpose, it is deleted, which is the case when the conversation has been completed and the facts have been clarified and there are no contractual or tax retention periods to the contrary. This period is six years for personal data subject to § 147 AO and ten years for personal data subject to § 257 HGB. The periods begin at the end of the calendar year in which the data was collected.

c) Legal basis

The aforementioned data is stored on the legal basis of Art. 6 para. 1 lit. b GDPR as part of a contract initiation or fulfilment or in accordance with Art. 6 para. 1 lit. f GDPR. The legitimate interest of the responsible person is to be able to process the contact request and to prevent misuse of the contact request.

d) Possibility of objection and elimination

The person concerned has the right to object to the storage at any time. The data stored for the operation is then deleted. If a contract has been concluded, the above explanations regarding the "execution of contracts" shall apply.

5. Customer account

a) Purpose of data processing

The person concerned can register a customer account with us by providing personal data that is transmitted to us. The data entered in the input mask or otherwise collected is stored. These are name, e-mail address, IP address, date and time of registration. Registration is necessary to provide certain content and services and also serves to establish and fulfil our contract with the person concerned.

b) Duration of storage

As soon as the data are no longer necessary to achieve the purpose, they are deleted. If you register without concluding another contract, this is the case if the registration is deleted or the data is changed. In the case of a registration, which leads to a further contract conclusion, the data are deleted as soon as the legal and tax-legal defaults permit a deletion of contract data. This period is six years for personal data subject to § 147 AO and ten years for personal data subject to § 257 HGB. The periods begin at the end of the calendar year in which the data was collected.

c) Legal basis

The aforementioned data is stored pursuant to Art. 6 para. 1 lit. b GDPR in the context of contract fulfilment or initiation or pursuant to Art. 6 para. 1 lit. f GDPR. The legitimate interest is to be able to provide certain content and services for the benefit of the user.

d) Possibility of objection and elimination

The person concerned has the option of deleting the registration or adapting the data at any time. The account will be deleted or changed by notifying the contact named under S. I. There is no possibility of objection or removal of the registration and the data if the registration was used to establish or execute a contractual relationship; only the account can be deleted here. The account will be deleted using the above steps.

6. Live-Help/Chat

a) Purpose of data processing

A user can also contact us via chat. We store the data transmitted to us and provided by the person concerned for processing the request. These data are name, e-mail address, date and time of the inquiry and the description of the request, if necessary contract data, if the inquiry takes place in the context of a contract admission or - completion. The data will not be passed on to third parties. They are used to process the contact request of the person concerned.

b) Duration of storage

As soon as the data is no longer necessary to achieve the purpose, it is deleted, which is the case when the conversation has been completed and the facts have been clarified and there are no contractual or tax retention periods to the contrary. This period is six years for personal data subject to § 147 AO and ten years for personal data subject to § 257 HGB. The periods begin at the end of the calendar year in which the data was collected.

c) Legal basis

The aforementioned data is stored on the legal basis of Art. 6 para. 1 lit. b GDPR as part of a contract initiation or fulfilment or in accordance with Art. 6 para. 1 lit. f GDPR. The legitimate interest of the responsible person is to be able to process the contact request and to prevent misuse of the contact request.

d) Possibility of objection and elimination

The person concerned has the right to object to the storage at any time. The data stored for the operation is then deleted. If a contract has been concluded, the above explanations regarding the keyword "execution of contracts" shall apply.

7. Customer Support by Telephone

For telephone support services, we use a cloud phone system provided by Aircall. Aircall is offered by Aircall SAS, 11-15 rue Saint-Georges, 75009 Paris, France. The use of Aircall allows us to provide our customers with an easier way to contact them and to enable them to deal with their respective concerns in a targeted manner. For this purpose, the following personal data of the calling customers is processed:

- IP address (for IP telephony)
- data provided by customers during the phone call
- telephone number

We link this data with the contract data stored by us as a contractual partner. The purpose of the data processing is the fulfilment of the request of the caller as our customer within the framework of the performance of the contract (Art. 6 para. 1 lit. b) GDPR). To learn more about the data processed through the use of Aircall, please see the Privacy Policy on https://aircall.io/privacy/.

We use the opportunity to create call transcriptions of some phone calls in order to be able to process your request optimally even after the phone call. As a rule, the call transcription and the data of your call are stored in connection with your customer account. In all other respects, the data will be deleted by us as soon as the purpose of the data processing has been fulfilled.

Aircall is an international company headquartered in the United States. Although we use storage locations in the EU for Aircall, call transcriptions are processed in the US. The European Union has issued an adequacy decision (EU-U.S. Data Privacy Framework) that governs the transfer of personal data to the United States. Aircall is committed to complying with and is certified to comply with the privacy provisions of the U.S. Data Privacy Framework.

8. Direct Marketing

a) Purpose of data processing

We will use the data received from the data subject in connection with the sale of a product or service for direct advertising for our services and products. In the case of email addresses, this only applies to similar goods or services of our own and if the person concerned has not objected to their use, which is pointed out during data collection (among other things herewith); in addition, the possibility of objection is pointed out for each use.

b) Duration of storage

As soon as the data are no longer necessary to achieve the purpose, they will be deleted, which is the case if the person concerned has objected to direct advertising or if the time lapse after the last advertising measure requires this with reference to the right of objection, which is the case after twelve months after the last advertising measure.

c) Legal basis

The legal basis for advertising after a purchase of goods or use of services is Art. 6 para. 1 lit. f GDPR. Direct advertising for sales promotion is of legitimate interest.

d) Possibility of objection and elimination

The person concerned can object to the use at any time for the future without incurring any costs other than the transmission costs according to the basic tariffs.

9. Newsletter

a) Purpose of data processing

It is possible to subscribe to a newsletter. If the person concerned registers for our newsletter, the data stored regarding the person concerned during registration will be transmitted to us from the input mask. This is your e-mail address, name, IP address, time and date of registration. The data collected is required in order to be able to send the newsletter.

b) Duration of storage

The data will be deleted as soon as the data is no longer necessary to achieve the purpose and the person concerned has unsubscribed from the newsletter. According to this, they are stored for ten years from the last newsletter dispatch for the purpose of proof in the event of queries regarding existing consents, taking into account the statute of limitations.

c) Legal basis

The aforementioned data will only be stored on the legal basis of Art. 6 para. 1 lit. a GDPR with prior consent within the framework of the notification. A possible revocation of the consent at any time does not affect the legality of the processing of personal data based on the consent until revocation.

d) Possibility of objection and elimination

The use of the data to subscribe to the newsletter can be revoked at any time with effect for the future by unsubscribing from the newsletter without incurring any costs other than the transmission costs according to the basic rates. This can be done by informal request to us. If the person concerned wishes to unsubscribe from the newsletter, he or she will find a correspondingly marked link in each newsletter, for example, which he or she only has to click on.

10. YouTube

a) Purpose of data processing

We use the YouTube embedding function to display and play videos of the provider "YouTube", YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, which is represented by Google LLC. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). When a YouTube video page is accessed, a connection is established to YouTube's servers, which is assigned to the user's personal profile and informs them of the pages visited on the website when they are logged in with their YouTube account. You can prevent this by logging out of your YouTube account beforehand.

Youtube eventually processes your data in the USA, among other places. We would like to point out that according to prevailing case law, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

We therefore use so-called Standard Contractual Clauses (SCC) as the basis for data processing by providers based in third countries (outside the European Union) or for data transfer there. These are templates provided by the EU Commission which ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. You can view these sample templates here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en. Through these clauses, our contractual partner undertakes to comply with the high European data protection level when processing your personal data, even if the data is stored, processed and managed in the USA.

b) Duration of storage

Information on data protection and the storage of personal data at "YouTube" can be found in the provider's data protection declaration at https://www.google.de/intl/de/policies/privacy.

c) Legal basis

The use of YouTube serves to protect our legitimate interest in an appealing presentation of our website in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.

d) Possibility of objection and elimination

At https://myadcenter.google.com/... you will find an opt-out function.

11. Blog

a) Purpose of data processing

In our blog, in which we publish various articles on topics related to our business, a user can make public comments. These are published under the name specified. User name and e-mail address are required, all other information is voluntary. Furthermore, the IP address is stored. The storage is necessary in order to be able to defend us against liability claims in cases of possible publication of illegal content. We need your e-mail address in order to contact you if a third party should object to your comment as unlawful.

b) Duration of storage

The data is stored with each user comment and deleted as soon as it is no longer required for said purposes, which is the case at the latest three months after the publication of the comment.

c) Legal basis

The aforementioned data is stored in accordance with Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the provision of our blog and in order to prevent misuse of the comment function.

d) Possibility of objection and elimination

The person concerned has the right to object to the storage at any time. The data stored for the operation is then deleted.

12. Google Ads

a) Purpose of data processing

We use Google Ads to draw attention to our products and services on external websites. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads stores a cookie on your device. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values. These cookies enable Google to recognize your internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their terminal has not yet expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Ads customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and the further use of the data which are raised by the use of this tool by Google and inform you therefore according to our knowledge: By the integration of Ads conversion Google receives the information that you visited the appropriate part of our Internet appearance or clicked an advertisement of ours. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

Google eventually processes your data in the USA, among other places. We would like to point out that according to prevailing case law, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

We therefore use so-called Standard Contractual Clauses (SCC) as the basis for data processing by providers based in third countries (outside the European Union) or for data transfer there. These are templates provided by the EU Commission which ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. You can view these sample templates here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en. Through these clauses, our contractual partner undertakes to comply with the high European data protection level when processing your personal data, even if the data is stored, processed and managed in the USA.

We also use the extended conversions offer from Google Ads. The existing conversion tags are supplemented with this function and can therefore be recorded even more precisely. The conversion data from our website is sent to Google as hash values, encrypted using the one-way hash algorithm SHA256.

For more information about Google Ads' privacy policy, please visit the following web address https://policies.google.com/technologies/ads?hl=en

b) Duration of storage

The cookie is valid for 30 days and will be deleted after expiration if you do not delete it yourself - for example by suitable settings of your browser or manually.

c) Legal basis

The storage of the aforementioned data is based on Art. 6 Para. 1 lit. f GDPR.

d) Possibility of objection and elimination

You can block the use of cookies; the corresponding steps can be found in the instructions for your browser software.

13. Microsoft Bing Ads

a) Purpose of data processing

We use the conversion tracking technology "Bing Ads" from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA) to draw attention to our products and services on external websites. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Bing ad, Bing Ads stores a cookie on your end device. These cookies usually expire after 180 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values. These cookies enable Microsoft to recognize your internet browser. If a user visits certain pages of a Bing Ads customer's website and the cookie stored on their end device has not expired, Microsoft and the customer may recognize that the user has clicked on the ad and has been redirected to this page. Each Bing Ads customer is assigned a different cookie. Cookies can therefore not be traced via the websites of Bing Ads customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Microsoft. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection to the Microsoft server. We have no influence on the extent and further use of the data collected by Microsoft through the use of this tool and therefore inform you according to our level of knowledge: By integrating Bing Ads Conversion, Microsoft receives the information that you have called the corresponding part of our Internet presence or clicked on an advertisement from us. If you are registered with a Microsoft service, Microsoft may associate your visit with your account. Even if you are not registered with Microsoft or have not logged in, it is possible that the provider may obtain and store your IP address.

Microsoft eventually processes your data in the USA, among other places. We would like to point out that according to prevailing case law, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

We therefore use so-called Standard Contractual Clauses (SCC) as the basis for data processing by providers based in third countries (outside the European Union) or for data transfer there. These are templates provided by the EU Commission which ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. You can view these sample templates here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en. Through these clauses, our contractual partner undertakes to comply with the high European data protection level when processing your personal data, even if the data is stored, processed and managed in the USA.

For more information about Microsoft Bing Ads' privacy policy, please visit: https://privacy.microsoft.com/de-de/privacystatement

For more information about Microsoft Advertising's analytics services, please visit: https://help.microsoft.com/#apex/3/de/53056/2. You can opt out of interest-based advertising from Microsoft Advertising by clicking on the following link: https://choice.microsoft.com/de-DE/opt-out. Alternatively, you can prevent the tracking procedure by deactivating the storage of cookies in your browser settings.

b) Duration of storage

The cookie is valid for 180 days and will be deleted after expiration if you do not delete it yourself - for example by suitable settings of your browser or manually.

c) Legal basis

The storage of the aforementioned data is based on Art. 6 Para. 1 lit. f GDPR.

d) Possibility of objection and elimination

You can block the use of cookies; the corresponding steps can be found in the instructions for your browser software.

14. Twitter Ads

a) Purpose of data processing

We use Twitter's conversion tracking technology "Twitter Ads" (Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) to draw attention to our products and services on external websites. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Twitter Ad, Twitter Ads stores a cookie on your device. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values. These cookies enable Twitter to recognize your internet browser. If a user visits certain pages of a Twitter Ads customer's website and the cookie stored on their device has not yet expired, Twitter and the customer can recognize that the user has clicked on the ad and has been redirected to this page. Each Twitter Ads customer is assigned a different cookie. Cookies can therefore not be traced via the websites of Twitter Ads customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Twitter. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection to the Twitter server. We have no influence on the extent and the further use of the data that is collected through the use of this tool by Twitter and therefore inform you according to our level of knowledge: By integrating Twitter Ads, Twitter receives the information that you have called the corresponding part of our Internet presence or clicked on an advertisement from us. If you are registered with a Twitter service, Twitter can assign your visit to your account. Even if you are not registered on Twitter or have not logged in, there is a possibility that the provider may obtain and store your IP address.

Twitter eventually processes your data in the USA, among other places. We would like to point out that according to prevailing case law, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

We therefore use so-called Standard Contractual Clauses (SCC) as the basis for data processing by providers based in third countries (outside the European Union) or for data transfer there. These are templates provided by the EU Commission which ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. You can view these sample templates here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en. Through these clauses, our contractual partner undertakes to comply with the high European data protection level when processing your personal data, even if the data is stored, processed and managed in the USA.

b) Duration of storage

The cookie is valid for 30 days and will be deleted after expiration if you do not delete it yourself - for example by suitable settings of your browser or manually.

c) Legal basis

The storage of the aforementioned data is based on Art. 6 Para. 1 lit. f GDPR.

d) Possibility of objection and elimination

You can block the use of cookies; the corresponding steps can be found in the instructions for your browser software.

15. TikTok Pixel

a) Purpose of data processing

We use the offer of TikTok Pixel to draw attention to our attractive offers with the help of advertising media on external websites (so-called conversion tracking). This offer (Advertiser Tool) is provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both are hereinafter jointly referred to as "TikTok"). When consent is given to the use of personalisation cookies, the "TikTok pixel" provided by and for which TikTok is responsible is used or activated on our websites and cookies are stored on the user's terminal device. With the help of the TikTok pixel, it is possible for TikTok to determine the visitors to the website as a target group for the display of advertisements. Accordingly, we use the TikTok pixel to display TikTok ads placed by us only to those TikTok users who have also shown an interest in our online offering or who have certain characteristics that we transmit to TikTok. The TikTok pixel also enables us to statistically analyse the TikTok ads placed. In principle, the data of the data subject are processed within the EU or the EEA. For this purpose, a corresponding data protection agreement has been concluded with TikTok. If personal data is transferred to countries outside the EU or EEA, this is done within the framework of the Commission's model contracts for the transfer of personal data to third countries (so-called "standard contractual clauses"). TikTok's privacy policy can be found here: https://www.tiktok.com/legal/p....

b) Duration of storage

Data will be retained for as long as necessary to provide the service and for the other purposes. Data will also be retained to the extent necessary to fulfil contractual and legal obligations.

c) Legal basis

The storage of the data is based on the consent of the data subject pursuant to Art. 6 para. 1 lit. a DSGVO.

d) Possibility of objection and elimination

You can object to the collection by the TikTok pixel and use of your data for the display of TikTok ads. An opt-out option can be found in our cookie declaration (https://www.orderbird.com/en/cookies-policy). You can also block the use of cookies; please refer to the instructions for your browser software for the relevant steps.

16. Adobe Fonts

This website uses web fonts from Adobe for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you access this website, your browser loads the required fonts directly from Adobe so that they can be displayed correctly on your terminal device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This enables Adobe to know that your IP address has been used to access this website. According to Adobe, no cookies are stored when providing the fonts.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.

For more information on Adobe Fonts, please visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

The Adobe privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html.

17. Google Analytics

a) Purpose of data processing

The client IP address is collected for use of the Google Analytics service. This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files which are stored on the end device of the person concerned and which enable an analysis of the use of the website. The information generated by the cookie about the use of this website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on this website, Google will reduce the IP address of the person concerned within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports on the website activities and to provide the website operator with further services associated with the use of the website and the Internet. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

Google processes your data in the USA, among other places. We would like to point out that according to prevailing case law, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

We therefore use so-called Standard Contractual Clauses (SCC) as the basis for data processing by providers based in third countries (outside the European Union) or for data transfer there. These are templates provided by the EU Commission which ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. You can view these sample templates here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en. Through these clauses, our contractual partner undertakes to comply with the high European data protection level when processing your personal data, even if the data is stored, processed and managed in the USA.

b) Duration of storage

As soon as the data are no longer necessary to achieve the purpose, they will be deleted, which is the case when the anonymisation within the European Union has been completed. This takes less than a second. The data sent by us and linked with cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. For more information, please visit https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=en.

c) Legal basis

The storage of the aforementioned data is based on Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the fact that we are able to analyse the use of the website by all users in its entirety without drawing conclusions about the behaviour of identifiable persons; this enables us to optimise our website and our offers.

d) Possibility of objection and elimination

The person concerned can prevent the storage of cookies by a corresponding setting of the browser software; however, we point out to the person concerned that in this case not all functions of this website may be used in full. Furthermore, the person concerned can prevent the collection of data generated by the cookie and related to the use of the website (including the IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link.

18. SurveyMonkey

a) Purpose of data processing

We use SurveyMonkey software from SurveyMonkey Europe UC, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland, to create surveys, analyze the survey results for internal purposes, analyze satisfaction scores for our company and products, and further improve our offerings based on data processed through the survey interface. So-called "cookies", i.e. text files which are stored on the end device of the person concerned and serve the purpose of enabling the survey, are used for this purpose. The information collected by the cookie is typically transferred to a SurveyMonkey server and stored there for analysis. SurveyMonkey Europe UC is a subsidiary of SurveyMonkey Inc. headquartered in the United States. It is possible that your information collected by SurveyMonkey may also be transferred to the USA.

SurveyMonkey may eventually processes your data in the USA, among other places. We would like to point out that according to prevailing case law, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

We therefore use so-called Standard Contractual Clauses (SCC) as the basis for data processing by providers based in third countries (outside the European Union) or for data transfer there. These are templates provided by the EU Commission which ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. You can view these sample templates here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en. Through these clauses, our contractual partner undertakes to comply with the high European data protection level when processing your personal data, even if the data is stored, processed and managed in the USA.

For more information on the cookies SurveyMonkey uses, their privacy practices, and their retention period, please visit www.surveymonkey.de/mp/legal/privacy-policy.

b) Duration of Storage

When a user participates in a survey, in some cases personal data is stored. Data is deleted as soon as it is no longer required for the purpose of the survey, which is no later than three months after the survey is completed.

c) Legal basis

The above-mentioned data is stored on the basis of Art. 6 para. 1 lit. f DSGVO. The required legitimate interest lies in the optimisation of our website and our offers, which is made possible by an analysis of the survey results.

d) Possibility of objection and removal

The person concerned can prevent the storage of cookies by means of a corresponding setting in the browser software; however, we would like to point out to the person concerned that in this case not all functions of our website can be used to their full extent.

19. Visual Website Optimizer (VWO)

a) Purpose of data processing

We use the web analysis service of Visual Website Optimizer, which is operated by Wingfy Software Pvt Ltd, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, New Delhi 110034, India. The service sends information to our server in order to understand how the user moves on the website (e.g. which links he clicks and how he moves the mouse) and how changes to the website, such as the design, the navigation elements, individual input forms, affect the usage behaviour (such as the length of stay and use of elements) of those affected. Cookies, i.e. small text files that are stored by the Internet browser on the user's terminal device, are used to recognize the user. For this purpose, Visual Website Optimizer collects the IP addresses, but pseudonymizes them immediately after collection in order to exclude a reference to those affected. Further information can be found at https://vwo.com/privacy-policy/.

b) Duration of storage

As soon as the data are no longer necessary to achieve the purpose, they are deleted, which is the case when the pseudonymisation has taken place. For technical reasons, this process takes less than one second

c) Legal basis

The storage of the aforementioned data is based on Art. 6 Para. 1 lit. f GDPR. The legitimate interest is that we are able to analyse the surfing behaviour of non-identifiable users; this enables us to optimise our website and our offers.

d) Possibility of objection and elimination

You can block the use of cookies; the corresponding steps can be found in the instructions for your browser software.

20. Facebook-, Instagram-, YouTube-, Twitter-, Google+ Buttons

a) Purpose of data processing

We do not collect any personal data through buttons on social networks. Nevertheless, we explain the technical background for the sake of completeness. We only use disabled buttons from Facebook, Instagram, Twitter, Google+ and YouTube social networks. This means that no data is transmitted to these networks. By clicking on the buttons, the person concerned decides to activate them and thus establish a connection to the servers of the operators of the social networks and thus to transmit data to the servers of the social networks in accordance with the agreement concluded by the person concerned with the social network. Activation leads to access to social network content. The type, purpose and scope of data collection and use can be found in the corresponding data protection declarations of the social networks. After a second click on the button the user can send his recommendation to the social networks. If the person concerned wishes to recommend several pages, the consent is required on each page. If the person concerned wants the social network to have permanent access to his data, the person concerned can permanently activate the buttons. For this purpose, the appropriate check mark can be placed under a gear icon with the result that the selected button is always directly active.

b) Duration of storage

Duration of storage is based on the specifications of the operators of the social networks.

c) Legal basis

The operators of the social networks inform those affected about the legal basis.

d) Possibility of objection and elimination

Via the gear icon, via which the person concerned has activated the social media buttons, he can later also change his consent again and deactivate the buttons.

21. Facebook Tracking

a) Purpose of the processing

We use tracking technology of the social network "Facebook" of "Meta Platforms Inc." based in the USA on our website. In the process, your IP address at the time of the call, the browser used, the operating system used and the page you called up are transmitted to the external provider. In addition to us, Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland is also responsible for data processing.

In the process, a cookie is set that makes it possible to track how you arrived at our website - possibly via advertisements placed by us on Facebook, but also via other means. At the same time, it is recorded whether our advertising measure has led to the conclusion of a contract (so-called conversion).

In addition, we use so-called offline conversions, where measurement and analysis reports are created. This allows us to track how often the advertising has led to offline events, such as a purchase in a store or a telephone order.

The collection of this data is necessary, on the one hand, to track the effectiveness of our advertising measures and, on the other hand, to enable Facebook to invoice us for our advertising measures. In addition, the data is used to link the information that the website here was visited with your Facebook profile, provided that you are a Facebook customer and log in there during or after your visit to our website. This procedure is used by Facebook to determine your interests and preferences in order to present you with tailored advertising. The data collected in this context is only provided to us by Facebook in anonymized form; we do not store any personal data ourselves in this context.

The data of the data subject is generally processed within the EU or the EEA. For this purpose, a corresponding data protection agreement has been concluded with Facebook. If personal data is transferred to countries outside the EU or EEA, this is done within the framework of the Commission's model contracts for the transfer of personal data to third countries (so-called "standard contractual clauses").

The data of the data subject is generally processed within the EU or the EEA. For this purpose, a corresponding data protection agreement has been concluded with Facebook. If personal data is transferred to countries outside the EU or EEA, this is done within the framework of the Commission's model contracts for the transfer of personal data to third countries (so-called "standard contractual clauses"). These are templates provided by the EU Commission which ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. You can view these sample templates here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en. Through these clauses, our contractual partner undertakes to comply with the high European data protection level when processing your personal data, even if the data is stored, processed and managed outside the EU or EEA.

For the rest, we refer to the data protection information of Facebook at https://www.facebook.com/priva....

b) Duration of storage

According to Facebook, the data collected in this way is stored for a period of 90 days. After 90 days, the data is anonymized so that it can no longer be associated with you.

c) Possibility of objection and deletion

You can object to the collection of data by deactivating the use of cookies in your browser settings. However, we would like to point out that this may impair the functionality of our website.

You can revoke your consent to the Facebook Conversion Pixel at www.facebook.com/settings) Purpose of the processing

We use tracking technology of the social network "Facebook" of "Meta Platforms Inc." based in the USA on our website. In the process, your IP address at the time of the call, the browser used, the operating system used and the page you called up are transmitted to the external provider. In addition to us, Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland is also responsible for data processing.

22. Cloudflare

a) Purpose of data processing

To protect the website against denial-of-service attacks, we use the services of the US provider cloudflare Inc. We entered a data processing agreement with this service provider, so that it is ensured that the data processed there for us is in safe hands. The transmitted data are IP address, browser type, operating system used and the file called up in each case.

Cloudflare Inc. may processes your data in the USA, among other places. We would like to point out that according to prevailing case law, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

We therefore use so-called Standard Contractual Clauses (SCC) as the basis for data processing by providers based in third countries (outside the European Union) or for data transfer there. These are templates provided by the EU Commission which ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. You can view these sample templates here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en. Through these clauses, our contractual partner undertakes to comply with the high European data protection level when processing your personal data, even if the data is stored, processed and managed in the USA.

b) Duration of storage

The data will be deleted immediately after the page is accessed; the data will only be logged by us as described in the section "Visiting our website".

c) Legal basis

The storage of the aforementioned data is based on Article 6 para. 1 lit f GDPR ("legitimate interest"). The legitimate interest lies in maintaining the deliverability of our website and secure operation.

d) Possibility of objection and elimination

The person concerned can stop the data processing by stopping the use of our website.

23. Single Sign-On and Payment-Services

a) Purpose of data processing

We use the following third-party tools to simplify ordering and payment processing:

- PayPal, an offer by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg;
- Sofort, an offer by Sofort GmbH, München, Theresienhöhe 12, 80339 München.

When calling up the shopping cart, these providers use scripts integrated in our website to check whether the user is a customer of the respective provider and logged in there. This is done by matching any cookies stored by the provider in the user's browser. For this purpose, the IP address, browser used, operating system and the page requested in each case are transmitted to the third party provider. We only collect data when a customer of a provider uses the service of the third party and arranges for the personal data stored there - namely the order and billing address - to be transmitted to us and, if necessary, for the payment process to be processed in accordance with the user conditions of the service with which the customer has a contractual relationship.

b) Duration of storage

For our part, only the data that is transferred to us by the third party provider on behalf of the customer for the purpose of executing the contract will be processed. In this respect, the information on the duration of storage as stated above for the keyword "performance of the contract" applies. Insofar as the third party providers process data on behalf of the customer, the storage period results from the data protection regulations of the respective provider to which reference is made here.

c) Legal basis

The legal basis for processing is Art. 6 para. 1 lit b GDPR, insofar as the data is used to process contracts via our website. As far as payment services are concerned, the storage is also based on Art. 6 para. 1 lit c GDPR, as the data collected in this way is of tax relevance and thus necessary to fulfil our tax obligation. Processing is also based on Article 6 (1) (e) GDPR because it serves our legitimate interest in enabling customers of the relevant service providers to use the services of their contractual partners and to ensure fast and pleasant contract execution.

d) Possibility of objection and elimination

Since we are bound by statutory retention periods and the data must be stored and processed for contract execution, an objection or deletion is not possible.

24. Mixpanel

a) Purpose of data processing

We evaluate the behaviour of visitors to our website in order to be able to make predictive product recommendations during the course of the visit. If you register for our newsletter, the selection of the contents presented in it is also based on the evaluation of previous visits and purchases. At the same time, we use the information - for example about cancelled orders - to improve our interaction with our users. We use the services of the business-analytics service provider Mixpanel Inc., One FrontStreet, Floor 28, San Francisco, CA 94111, USA, with whom we have concluded a data processing agreement.

The collected data includes the IP address, browser type and operating system of the user as well as the accessed file(s) and, if you have provided us with this information within the scope of an order or by registration for our newsletter, name, address, e-mail address and telephone number.

Mixpanel processes your data in the USA, among other places. We would like to point out that according to prevailing case law, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

We therefore use so-called Standard Contractual Clauses (SCC) as the basis for data processing by providers based in third countries (outside the European Union) or for data transfer there. These are templates provided by the EU Commission which ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. You can view these sample templates here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en. Through these clauses, our contractual partner undertakes to comply with the high European data protection level when processing your personal data, even if the data is stored, processed and managed in the USA.

b) Duration of storage

Mixpanel stores the data on our behalf for a maximum period of one year since the last visit to our site; we ensure that older data records are deleted or made anonymous by transmitting deletion requests via the "Engage API" provided by Mixpanel.

c) Legal basis

The legal basis is our legitimate interest in providing our customers with an offer that is effectively tailored to their needs, Art. 6 para. 1 lit. e GDPR.

d) Possibility of objection and elimination

You can object to the processing by ticking "Yes, I would like to opt out" under this link and clicking on the button marked "SAVE". This stores a cookie on your end device that prevents data from being collected. Please note that you must use the opt-out option again after you have deleted your cookies or because of the settings of your browser. Please refer to your browser's operating instructions for further information.

25. Customer support tools

a) Purpose of data processing

We use tools from Intercom, Inc., Helpjuice Inc. and Zendesk, Inc. based in the USA to communicate with our customers. During the use the name, the connection identifier of the customer (telephone number, e-mail address etc.), as well as the communication content are raised by the service provider. These process the data on the basis of an order processing agreement concluded with us. The data is also collected and stored by us for the purpose of future direct advertising; in this respect, reference is made to our explanations on the keyword "direct marketing".

Those providers may processes your data in the USA, among other places. We would like to point out that according to prevailing case law, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

We therefore use so-called Standard Contractual Clauses (SCC) as the basis for data processing by providers based in third countries (outside the European Union) or for data transfer there. These are templates provided by the EU Commission which ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. You can view these sample templates here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en. Through these clauses, our contractual partner undertakes to comply with the high European data protection level when processing your personal data, even if the data is stored, processed and managed in the USA.

b) Duration of storage

The data will be stored for the duration of the contractual relationship with our customer, in the case of non-customers until the completion of the communication process, unless it is stored for a longer period for the purpose of direct advertising. If the data is relevant to tax or commercial law, the data is stored in accordance with § 147 AO for a period of ten years, in accordance with § 257 HGB for a period of six years, beginning at the end of the year of data collection.

c) Legal basis

The data is collected and stored for the purpose of executing or initiating contracts, Art. 6 para. 1 lit. b GDPR, for compliance with our tax and commercial storage regulations, Art. 6 para. 1 lit. c GDPR and due to our legitimate interest in easy access to our customers and efficient organisation and processing of enquiries, Art. 6 para. 1 lit. e GDPR.

d) Possibility of objection and elimination

If there are no legal storage obligations, you can object to the processing in accordance with the conditions summarised below under the keyword "rights" and, if necessary, demand deletion of stored data. An informal notification is sufficient for this purpose.

26. Pinterest

a) Purpose of data processing

On our site, we use social plugins from the social network Pinterest, which is operated by Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA ("Pinterest"). When you access a page that contains such a plugin, your browser establishes a direct connection to the servers of Pinterest. The plugin transfers protocol data to the Pinterest server in the USA. This log data may include your IP address, the address of the websites you visit that also contain Pinterest functions, the type and settings of your browser, the date and time of your request, your use of Pinterest and cookies.

b) Duration of storage

The duration of the storage depends on the specifications of the operators of Pinterest. You can find further information here:: https://about.pinterest.com/de/privacy-policy

c) Legal basis

The operators of Pinterest provide information on the legal basis.

d) Possibility of objection and elimination

You can object to the collection of the data by deactivating the use of cookies in your browser settings. However, we would like to point out that the functionality of our website can be impaired by this. Further information on the purpose, scope, and further processing and use of the data by Pinterest, as well as your rights and options for protecting your privacy, can be found in Pinterest's Privacy Policy: https://about.pinterest.com/de/privacy-policy

27. Outbrain

a) Purpose of data processing

We use technology from Outbrain UK Ltd, Outbrain UK Limited, 5 New Bridge Street, London, EC4V 6JAUK. With the help of a so-called widget, users are referred to additional content within our website and to websites of third parties which may also be of interest to you. The content displayed in the Outbrain widget is automatically controlled and delivered by Outbrain in terms of content and technology. Reading recommendations, usually integrated below an article, are determined based on the content the user has read so far. Outbrain uses cookies, which are stored on the user's device or browser, to display this additional content. Outbrain collects the user's device source, browser type, and IP address, where the last octet is deleted for anonymization. Outbrain issues a Universally Unique Identifier (UUID) which can identify the user when they visit a website where the Outbrain widget is implemented. Outbrain creates user profiles that aggregate user interactions (e.g. page views and clicks) from a browser or terminal device to derive the preferences of the UUID.

b) Duration of storage

The duration of the storage depends on the specifications of the operators of outbrain. You can find further information here: http://www.outbrain.com/de/legal/privacy

c) Legal basis

The legal basis for data processing is your consent in accordance with Art. 6 Par. 1 letter a DSGVO.

d) Possibility of objection and elimination

You can opt-out of Outbrain's tracking of interest based recommendations at any time by clicking on the "Opt-Out" box under Outbrain's Privacy Policy, available at http://www.outbrain.com/de/legal/privacy. The opt-out will only apply to the device you are using and will not apply if you delete your cookies.

28. Taboola

a) Purpose of data processing

We use Taboola on our website, a content discovery platform from the American company Taboola, Inc., 16 MadisonSquare West, 7th fl., New York, NY, USA.

We use Taboola's service on our website, which enables us to provide user-specific recommendations for content and ads based on surfing behavior and customer interests, thereby improving the user-friendliness of our offering. The user profiles are created using pseudonyms, they are not merged with the data about the bearer of the pseudonym and do not allow any conclusions about personal data. Taboola uses cookies to collect the following user information:

- Operating system of the user
- Web pages called up/contents on our web pages
- Referrer/link, through which the user came to our website
- Time and number of website visits
- Calling up error pages
- Location information (city and state)
- IP addresses in abbreviated form

Taboola may processes your data in the USA, among other places. We would like to point out that according to prevailing case law, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

We therefore use so-called Standard Contractual Clauses (SCC) as the basis for data processing by providers based in third countries (outside the European Union) or for data transfer there. These are templates provided by the EU Commission which ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. You can view these sample templates here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en. Through these clauses, our contractual partner undertakes to comply with the high European data protection level when processing your personal data, even if the data is stored, processed and managed in the USA.

b) Duration of storage

The duration of the storage depends on the specifications of the operators of Taboola. You can find further information here: https://www.taboola.com/privacy-policy.

c) Legal basis

The legal basis for data processing is your consent in accordance with Art. 6 Par. 1 letter a DSGVO.

d) Possibility of objection and elimination

You can object to tracking by taboola at any time at https://www.taboola.com/privacy-policy in the section "User Choices". After you have successfully opted out, no more personalized content/advertising will be played out to you.

29. truephone

a) Purpose of data processing

We use the mobile phone services of Truephone GmbH ("truephone"), Mergenthalerallee 79-81, 65760 Eschborn, Germany, to transmit transactions. Truephone processes the following personal data: Name, e-mail address and MSISDN. This is to provide the service(s) of data usage, billing and invoicing records and customer support records.

b) Duration of storage

truephone stores the data of the customer as follows: Provision of services: 3 years; Call and SMS usage: 12 months or as required by law; Data usage: 30 days or as required by law; Invoice and billing documents: 7 years; Customer service documents: 3 years.

c) Legal basis

The legal basis for the processing is the consent of the user, Art. 6 para. 1 letter a DSGVO or Art. 6 para. 1 letter b DSGVO, as far as the data is used for the execution of contracts. The storage is also based on Art. 6 para. 1 lit. c DSGVO, as the data collected in this way is of fiscal relevance and thus necessary for the fulfilment of the provider's fiscal obligations.

d) Possibility of objection and removal

Since there are standardized retention periods and the data must remain stored and processed for the execution of the contract, an objection or a deletion is not possible. Further Information on data protection and the storage of personal data at trephine can be found in the provider's data protection declaration at https://www.truphone.com/legal/privacy-policy/.

30. WhatsApp Communication

a) Purpose of the processing

We use the instant messaging service "WhatsApp" from WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland , to communicate with our customers. The use of WhatsApp is completely voluntary. WhatsApp ensures that the communication content (i.e. the content of your message) is encrypted end-to-end. This means that the content of the messages cannot be viewed, not even by WhatsApp itself. Please note that although WhatsApp cannot see the content, it can find out that communication partners are communicating with us and when, as well as technical information about the device used by the communication partners and, depending on the settings of their device, location information (so-called metadata). With the exception of encrypted content, the data of communication partners may be transmitted within the Facebook group of companies, in particular for the purpose of optimizing the respective services and for security purposes. It can also be assumed that your data processed by WhatsApp may be used for marketing purposes or to display advertising tailored to users. We would also like to point out that we will not transmit the contact data provided to us to WhatsApp without your consent (e.g. by contacting you via WhatsApp). Further information on the purposes, types and scope of the processing of your data by WhatsApp as well as your rights in this regard and setting options to protect your privacy can be found in WhatsApp's data protection information: https://www.WhatsApp.com/legal/.

b) Duration of storage

We will store your data for as long as we have your consent to process it. If you withdraw your consent, the data will be deleted from the systems we use within 90 days. This also applies if we can assume that we have answered any inquiries, no reference to a previous conversation is to be expected and the deletion does not conflict with any statutory retention obligations.

c) Rechtsgrundlage

Rechtsgrundlage für die Verarbeitung ist die Einwilligung des Nutzers, Art. 6 Abs. 1 lit a DSGVO. Die Speicherung erfolgt zudem auf Grundlage von Art. 6 Abs. 1 lit. f DSGVO („berechtigtes Interesse“). Das erforderliche berechtigte Interesse liegt in der Optimierung unserer Kommunikation mit dem Kunden sowie der Verbesserung unseres Serviceangebots.

d) Widerspruchs- und Beseitigungsmöglichkeit


Sie können der Kommunikation mit uns via WhatsApp jederzeit widersprechen, etwa durch senden einer der Nachricht "STOPP" via WhatsApp oder einer E-Mail an [email protected]. Im Fall des Abonnements von Nachrichten (auch bekannt als „Broadcasts“) oder des Abonnements von Statusnachrichten über WhatsApp können Sie unsere entsprechende Telefonnummer aus Ihren Kontakten löschen sowie uns zur Austragung Ihres Kontaktes aus unserem Verzeichnis auffordern. Bei laufenden individuellen Anfragen oder Kommunikationen können Sie uns ebenfalls auffordern, die Kommunikation nicht über WhatsApp fortzusetzen.

31. Using the order and reservation functions of resmio

a) Purpose of the processing

On our pages are integrated functions of the service Resmio. These functions are offered by resmio GmbH, Katzwanger Straße 150, 90461 Nürnberg ("resmio"). By using resmio on our site, your data is processed by resmio. This may also involve transferring data to resmio. Within the scope of use, resmio processes the data as an order processor in the sense of Art. 28 DSGVO. The information and regulations regarding data protection can be found in the resmio data protection statement at https://www.resmio.com/datenschutzerklaerung/.

b) Duration of storage

The data is stored for the duration of the contractual relationship with our customer, in the case of non-customers until the communication process is completed. If the data is of relevance for tax or commercial law, the data will be stored in accordance with § 147 AO for a period of ten years, and in accordance with § 257 HGB for a period of five years, starting at the end of the year in which the data was collected. The duration of storage is otherwise based on the specifications of resmio. Further information can be found here: https://www.resmio.com/datenschutzerklaerung/.

c) Legal basis

The legal basis for data processing is your consent in accordance with Art. 6 Para. 1 lit. a DSGVO as well as Art. 6 Para. 1 lit. a DSGVO or Art. 6 Para. 1 lit. b DSGVO, as far as the data is used for the execution of contracts.

d) Possibility of objection and elimination

Since there are standardized retention periods and the data must remain stored and processed for the execution of the contract, an objection or a deletion is not possible. However, the person concerned can stop the data processing by stopping the use of this tool. Further information on data protection and the storage of personal data at resmio can be found in the resmio privacy policy at https://www.resmio.com/datenschutzerklaerung/.

32. e-bot7

a) Purpose of the processing

We use a chatbot on our website to provide answers to customer queries. Personal data is processed to handle your requests and to control and improve our business and service processes. The provider of this service is e-bot 7 GmbH, Perusastraße 7, 80333 Munich, Germany.

b) Duration of storage

Your chat requests and usage data such as IP address, chat duration, timestamps of messages, number of dialogs are stored for 7 days. The chat histories are deleted after the expiration of time. The usage data is stored anonymously for statistical purposes. Thus, no personal data is evaluated.

c) Legal basis

The storage of the aforementioned data is based on Art. 6 (1) lit. f GDPR ("legitimate interest"). The necessary legitimate interest lies in the optimization of our website and the improvement of our service offering in terms of customer communication.

d) Possibility of objection and elimination

The data subject has the option to object to the storage at any time. The chat history is stored in your browser, this data can be deleted at any time by clearing the browser cache in your browser settings.

33. statuspage.io

a) Purpose of processing

We use the service Statuspage.io to enable clients (such as merchants) to subscribe to general notifications with important technical information via email, SMS, RSS feed or Atom feed. In particular, this is information about maintenance work or malfunctions.
The provider of the service is: Dogwood Labs, Inc, 1098 Harrison Street, San Francisco, CA 94103, USA ("Dogwood Labs"), a subsidiary of Atlassian, Inc, 341 George Street, Sydney, NSW 2000, Australia / 350 Bush Street, San Francisco, CA 94104, USA ("Atlassian"). Statuspage.io also processes personal data in states outside the EU or the EEA. Dogwood Labs, Inc. as well as its parent company Atlassian, Inc. have submitted to the EU-US Privacy Shield, which establishes an adequate level of data protection within the meaning of the GDPR.

b) Duration of storage

Upon termination of our Statuspage account and at the request of the customer, customer data is removed from the live production database. Customer Data will remain in encrypted Statuspage database backups until such backups fall outside the 30-day backup retention window and are destroyed in accordance with Atlassian's data retention policy. If database recovery is required within 30 days of a requested data wipe, the Statuspage operations team will wipe the data again as soon as possible after the live Production System is fully restored.

c) Legal basis

The legal basis for processing your personal data for the purpose of sending notifications with technical information is your consent (Article 6(1) sentence 1 lit. a DSGVO), which you give when you subscribe to notifications. You can revoke your consent at any time with effect for the future by terminating your subscription to the relevant notifications.
The legal basis for orderbird to engage a processor for this data processing is Article 28 DSGVO. orderbird has concluded the legally required contract for commissioned processing pursuant to Article 28 DSGVO with Dogwood Labs, Inc. for this purpose, which also includes the EU standard contractual clauses.

d) Possibility of objection and elimination

The data subject has the option to unsubscribe from the notifications at any time. For this purpose, the unsubscribe link in the information mails and SMS can be used. Sending the word "STOP" by SMS is also sufficient to unsubscribe from the service.

34. Collection of further data in individual cases

As far as we collect further personal data of our users and customers within the scope of individual customer and user inquiries, especially in connection with customer support, we will inform the person concerned separately about the purpose, duration and legal basis of the data processing as well as the possibility to object.

III. Rights of the data subject

If personal data are processed by the user on our website, the person concerned has the following rights against the person responsible in accordance with the GDPR.

1. Right to information according to Art. 15 GDPR

The person concerned has the right to the following information:

(a) processing purposes;
(b) the categories of personal data being processed;
(c) the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organisations;
(d) if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
(e) the existence of a right of rectification or deletion of personal data concerning him or of a restriction on processing by the controller or of a right of opposition to such processing;
(f) the existence of a right of appeal to a supervisory authority;
(g) where the personal data are not collected from the data subject, all available information on the origin of the data;
(h) the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR, and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
(i) where personal data are transferred to a third country or international organisation, the data subject shall have the right to be informed of the appropriate guarantees in accordance with Article 46 GDPR in relation to the transfer.

We provide the data subject with a copy of the personal data that is the subject of the processing. For all other copies requested by the data subject, the data processor may charge an appropriate fee on the basis of the administrative costs.

2. Right to correction in accordance with Art. 16 GDPR

The data subject shall have the right to request the controller to rectify any inaccurate personal data concerning him/her without delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

3. The right to cancellation in accordance with Art. 17 GDPR

The data subject has the right to require the data controller to delete personal data concerning him/her without delay and the data controller is obliged to delete personal data without delay if one of the following reasons applies:

(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws his/her consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing;
(c) the data subject opposes processing in accordance with Article 21(1) GDPR and there are no overriding legitimate grounds for processing or the data subject opposes processing in accordance with Article 21(2) GDPR;
(d) the personal data have been processed unlawfully;
(e) the deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject;
(f) the personal data was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

4. Right to limitation of processing in accordance with Art. 18 GDPR

The data subject has the right to require the controller to restrict processing if one of the following conditions is met:

(a) the accuracy of the personal data is disputed by the data subject for a period which enables the data controller to verify the accuracy of the personal data,
(b) the processing is unlawful and the data subject refuses to delete the personal data and instead requests that the use of the personal data be restricted;
(c) the data controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the purpose of asserting, exercising or defending claims; or
(d) the data subject has lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR, as long as it is not yet clear whether the legitimate reasons of the data subject outweigh those of the data processor.

5. Right to information in accordance with Art. 19 GDPR

If the data subject has claimed from the data processor a correction with regard to his personal data in accordance with Art. 16 GDPR, a deletion Art. 17 para. 1 GDPR or a restriction on processing in accordance with Art. 18 GDPR, and if the data processor has informed all recipients to whom the data subject's personal data have been disclosed of the data subject's request (unless this was impossible or disproportionate), the data subject has the right to be informed by the data processor about the recipients.

6. Right to Data Transferability Art. 20 GDPR

The data subject has the right to receive the personal data concerning him/her that he/she has provided to a controller in a structured, current and machine-readable format and he/she has the right to transmit this data to another controller without our interference, provided that

(a) processing is based on consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
(b) processing is carried out by means of automated methods.

The rights and freedoms of other persons must not be affected by this. When exercising the right to data transferability pursuant to paragraph 1, the data subject has the right to request that the personal data be transferred directly by us to another data controller, insofar as this is technically feasible. The exercise of the right to data transferability does not affect the right to cancellation pursuant to Art. 17 GDPR. The right to transferability shall not apply to processing necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

7. Right of objection according to Art. 21 GDPR

The data subject has the right to object at any time to the processing of personal data concerning him/her on the basis of Article 6(1)(e) or (f) of the GDPR for reasons arising from his particular situation; this also applies to profiling based on these provisions. We no longer process personal data unless we can prove compelling grounds for processing that outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims. Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him/her for the purposes of such advertising, including profiling in so far as it is related to such direct marketing. If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes. The data subject may revoke his/her consent at any time. However, the collection and processing that has taken place up to this point remains legal.

8. Automated decisions in individual cases incl. profiling according to Art. 22 GDPR

The data subject shall not be subject to a decision based exclusively on automated processing - including profiling - which has legal effect against him or significantly impairs it in a similar manner. This does not apply if the decision

(a) is necessary for the conclusion or performance of a contract between the party concerned and us,
(b) is admissible under Union or Member State law to which we are subject and that law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the person concerned; or
(c) with the express consent of the data subject.

These decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights, freedoms and legitimate interests of the data subject. In the cases referred to in points a) and c), we shall take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person on our part, to state his own position and to challenge the decision.

9. Right of appeal to a supervisory authority pursuant to Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, any data subject shall have the right of appeal to a supervisory authority, in particular in the Member State of his place of residence, his place of employment or the place of suspected infringement, if the data subject considers that the processing of personal data concerning him or her is contrary to this Regulation. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

10. Right to an effective judicial remedy under Article 79 of the GDPR

Without prejudice to any available administrative or extrajudicial remedy, including the right of appeal to a supervisory authority under Article 77 GDPR, any data subject shall have the right to an effective judicial remedy if he considers that his rights under this Regulation have been infringed as a result of processing of his personal data in breach of the GDPR. Any action against us or against a processor shall be brought in the courts of the Member State in which we or the processor have a place of business. Alternatively, such actions may also be brought before the courts of the Member State in which the person concerned is resident, unless we or the processor is an authority of a Member State which has acted in the exercise of its sovereign powers.