Privacy policy
Last updated: 10.2024
The German version of the privacy policy is the only legally binding version. The English version is provided solely for the user’s reference and has no legal effect.
Thank you for your interest in our company. As a website operator, we take the protection of your personal data very seriously. Your personal data will be treated confidentially and in accordance with legal regulations.
Our website can be operated with or without the provision of your personal data. If personal data such as name, e-mail or address is requested at any time, this is done on a voluntary basis. Data will not be passed on to third parties without your specific consent.
Internet data transmission, for example by e-mail, can always have security gaps. Complete protection of your data on the Internet is not possible.
General data protection provisions
The use of contact data published in the context of the imprint obligation by third parties for sending unsolicited advertising and information materials is hereby expressly prohibited. This does not apply to existing business relationships or if you have received our consent to do so.
The providers and all third parties named on this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information. The same applies to the commercial use and forwarding of data.
Responsible within the meaning of the GDPR
The following body is responsible for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR:
Liu Global Solutions GmbH
RYIA Fine Jewelry
Corneliusstraße 38
80469 Munich, Germany
Tel.: 089 24210300
service@ryia.de
Further information can be found in the imprint (https://ryia.de/de/pages/imprint).
Data Protection Officer
The data protection officer of the controller is
Liu Global Solutions GmbH
Corneliusstraße 38
80469 Munich, Germany
Tel.: 089 24210300
datenschutz@ryia.de
General information on data processing
1. scope of data
Personal data is only processed to the extent required to provide our services or to provide a functional website. The prior consent of the user is always obtained for this purpose. Exceptionally, the prior express consent of the user is not required if the data processing is permitted by law and the consent of the user cannot be obtained for factual reasons.
2. legal basis
The processing of personal data is based on Art. 6 (1) of the EU General Data Protection Regulation (GDPR).
In detail, it is carried out on the basis of:
– Art. 6 para. 1 lit. a GDPR, insofar as the consent of the data subject has been obtained;
– Art. 6 para. 1 lit. b GDPR, insofar as the data is necessary for the performance of a contract or for the implementation of pre-contractual measures to which the data subject is a party;
– Art. 6 para. 1 lit. c GDPR, insofar as the processing is necessary to fulfill a legal obligation;
– Art. 6 para. 1 lit. d GDPR, insofar as the processing is necessary for the vital interests of the data subject or another natural person;
– Art. 6 para. 1 lit. f GDPR, insofar as the processing is necessary to safeguard a legitimate interest of our company or a third party and these interests outweigh the fundamental rights and freedoms of the data subject.
3. deletion and duration
Personal data is stored for as long as the underlying purpose continues to exist or as long as storage is permitted by European or national legislation. If the purpose of processing ceases to apply or a legally prescribed storage period expires, the personal data will be deleted or blocked unless storage is still required for the conclusion or fulfillment of a contract.
Website and log files
1. description and scope of data processing
Every visit to our website leads to an automatic collection of data and information from the system of the accessing computer.
The following data is collected in detail:
- Browser type and version used
- Operating system of the user
- Internet service provider of the user
- IP address
- Date and time of access
- Websites via which the user accesses our website
- Websites that the user accesses via our website
This data is stored in the log files of our system. However, it is not stored together with other personal data of the user.
2. legal basis
The temporary storage of data and log files takes place on the basis of Art. 6 para. 1 lit. f GDPR.
3. purpose of processing
The user's IP address is temporarily stored for the duration of the session so that the website can be delivered to the user's computer.
The purpose of storing IP addresses in log files is to ensure the functionality and optimization of the website and to guarantee the security of the information technology systems. The data is not used for marketing purposes.
These processing purposes constitute a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
4. deletion and duration
The data is stored for as long as the purpose for which it was collected continues to exist. The data collected for the provision of the website is deleted as soon as the respective session has ended.
If the data is stored in log files, it is deleted after seven days at the latest. However, if the IP addresses are alienated or deleted so that the calling client cannot be identified, it is not necessary to delete the data.
5. possibility of objection
The user has no option to object, as the data collection and data storage in the log files are necessary for the provision and operation of the website.
Cookies
Cookies are used when you visit our website. Cookies facilitate the exchange of data between your device and our website. By means of small text files that are stored on the device you are using, the login status or language settings of a website, for example, can be transmitted.
We use the following types of cookies:
– Temporary cookies: These store a session ID that assigns the requests from your browser to a particular session. As soon as you log out or close the browser, these temporary cookies are deleted.
– Permanent cookies: These document your surfing behavior. This makes it possible for our website to recognize your computer - including language and log-in information - the next time you visit. Permanent cookies remain stored even after the browser is closed.
Cookies can also be differentiated according to their underlying storage purpose:
– Necessary cookies: These are absolutely essential for security reasons or for the proper functioning of our website for the duration of your session.
– Statistics, marketing and personalization cookies: These evaluate the user's surfing behaviour and are used to display content of interest to the user, as well as for analysis and reach measurement by the website operator. In particular, these "tracking cookies" document the search terms entered or the frequency of page views. You will be informed in more detail about the statistics, marketing and personalization cookies used in the following sections of this privacy policy.
Affected: Users of our website
Data concerned:
– Usage data (e.g. websites clicked on)
– Communication data (e.g. information on the IP address).
Purpose of processing: Ensuring the operation of our websites, displaying our websites; optimization and marketing purposes
Legal basis:
– Consent, Art. 6 para. 1 lit. a GDPR: When you visit our website, you will be asked to give your consent to the use of cookies. If you refuse consent, only the technically necessary cookies will be used. Once consent has been given, it can be revoked at any time.
– Legitimate interest, Art. 6 para. 1 lit. f GDPR: If you have not given your consent to the use of cookies, your data will be processed to the extent that there is a legitimate interest in the quality and user-friendliness of our website. In this respect, you also have the option to object to the use of cookies within the scope of our legitimate interest or to restrict the use of permanent cookies via the browser settings. However, if cookies are completely deactivated, we can no longer guarantee the smooth use of the website.
Rights of data subjects and right of appeal
With regard to the protection of your personal data, you have various rights under the GDPR. You can assert these rights with the data protection officer. In detail, you have the following rights:
– Right to information and transfer: You can request information about whether and which data has been collected and processed. At your express request, your data must be transferred in a structured, commonly used and machine-readable format.
– Right to rectification: You can request the rectification of incorrect data or the completion of incomplete data.
– Right to erasure: You can request the erasure of your data at any time.
– Right to restriction: Under certain conditions, you can request that we only process your data to a limited extent.
– Right to lodge a complaint: You also have the right to lodge a complaint with the supervisory authority responsible for you. The competent authority depends on our company headquarters, your usual place of residence or your place of work.
– Right of revocation: You can revoke your consent to data processing in part or in full at any time. If the revocation concerns data processing on the basis of Art. 6 para. 1 lit. f GDPR, the revocation must be justified in writing. If we are unable to provide evidence that compelling reasons worthy of protection outweigh your interests and rights in relation to data processing, the processing of your personal data will be stopped immediately.
Irrespective of this, you can object to the processing of your personal data for advertising and data analysis purposes at any time - even without giving reasons.
Deletion of your data
Unless otherwise stated in this privacy policy, your data will be deleted when:
– you make use of your right to erasure, restriction or objection and the permissibility of further processing does not result from Art. 6 para. 1 lit. b-f GDPR;
– the underlying purpose for data collection has been achieved or has ceased to exist, in particular if the contractual relationship pursuant to Art. 6 para. 1 lit. a GDPR has ended or the legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in further processing has ceased to exist.
In detail, the deletion can only take place at a later point in time if the (partial) storage of your data is necessary to fulfill other purposes. This applies in particular to compliance with retention periods under tax law (6 or 10 years) or the assertion and defense of claims arising from contractual relationships (4 years), as well as the protection of third-party rights. Until these periods expire, the data will only be stored to the extent required to fulfill the retention obligations.
Adjustment clause
Our privacy policy may be amended at any time to ensure that it complies with current legal requirements or to implement changes to our services. The latest version applies to every visit.
Hosting of the website
We use a provider to host our website. Our websites are stored on the provider's server and are available for retrieval on the internet (hosting). The provider can process all data transmitted via your browser that is required when using our website, your entries or IP address, all entries made by you via our website.
The provider may collect the following:
– Your entries
– Your IP address and your access status (HTTP status)
– the amount of data
– the Internet service provider of the accessing system
– Your browser type and version and your operating system
– Date and time of access to the website and the GMT time zone difference
– the website from which you came to our website and the websites that you visit on our website.
This data is stored as log files on the provider's servers in order to ensure the operation of our website.
Affected: Users of our website
Data concerned:
– Content data (e.g. photos, videos)
– Usage data (e.g. websites clicked on)
– Communication data (e.g. information on the IP address).
Purpose of processing: Ensuring the operation of our websites, displaying our websites
Legal basis: Legitimate interest, Art. 6 para. 1 lit. f GDPR
Hosting of the website
Provider: Shopify
Website: https://www.shopify.com/de
Privacy Policy: https://www.shopify.com/de/legal/datenschutz
Social Media
We have profiles with the following social media providers. When you visit them, the provider collects and processes the data listed below. This data is regularly collected for advertising and market research purposes. Data is regularly stored in the profiles regardless of your device. You will regularly receive customized advertising. To cancel a user profile, you have a right of revocation with the respective provider. When you visit our website, the provider may collect data about your usage behavior on our website if you are logged in with the provider. You can log out of the provider's account before visiting our website to prevent this. You can find out why and to what extent data is collected by the provider in the respective privacy policies of the providers.
Depending on where the provider is based, the data it collects may be transferred and processed outside the European Union. There is a risk of non-compliance with the level of data protection prescribed by the GDPR. The enforcement of your rights may also be prevented or made more difficult.
Data concerned:
– Inventory and contact data (e.g. name, address, telephone number, e-mail address)
– Content data (e.g. photos, videos)
– Usage data (e.g. websites clicked on)
– Communication data (e.g. information on the IP address).
Purpose of processing: Tracking and analysis of user behavior, communication and marketing.
Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interest Art. 6 para. 1 lit. f GDPR
Possibilities of objection: Please refer to the following links to the information provided by the providers regarding the opt-out options.
We have profiles on the following social networks:
Provider: Instagram Inc, 1601 Willow Road, Menlo Park CA 94025, USA
Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA
Registered office in the EU: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Website: https://www.instagram.com/
Privacy policy: http://instagram.com/about/legal/privacy
Provider: LinkedIn Corporation, 1000 W Maude, Sunnyvale, CA 94085, USA
Registered office in Germany: LinkedIn, Hofstatt 4th Floor, Sendlinger Str. 12, 80331 Munich, Germany
Website: https://www.linkedin.com/?trk=nav_logo
Privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
TikTok
Provider: musical.ly Inc., 10351 Santa Monica Boulevard #310, Los Angeles, 90025 California, USA
Registered office in the EU: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
Website: https://www.tiktok.com/de/
Privacy policy: https://www.tiktok.com/de/privacy-policy
Provider: WhatsApp Inc. 1601 Willow Road Menlo Park, California 94025, USA
Registered office in the EU: Whatsapp Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA
Website: https://www.whatsapp.com/
Privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
Embedding content (YouTube, Google Maps)
We use certain content services to optimize the display of our website content. These process your IP address in order to display the respective content (videos, music, images, fonts, maps) in your web browser. The service provider is also authorized to store cookies on your end device and to use the data collected about your usage behavior and interests, as well as information about your end device and the time and duration of the session for analysis and marketing purposes. If you have set up an account with the respective service provider and are also logged in there at the time of the session on our website, the service provider is also authorized to link the information from your session with other sources.
For service providers based outside Europe, compliance with the level of data protection prescribed by the GDPR cannot be guaranteed. The data collected via the service may also be transferred and processed outside the European Union. This may make it more difficult or impossible to enforce your rights.
Purpose of processing: Optimization and guarantee of the online presence, service offer
Affected: Users of our website
Data concerned:
– Usage data (e.g. websites clicked on)
– Communication data (e.g. information on the IP address, end device used)
Legal basis: Art. 6 para. 1 lit. a GDPR, Art. 6 para. 1 lit. f GDPR
We use the following content services:
iStock by Getty Images
Provider: Getty Images, Inc, 605 5th Avenue South, Suite 400, Seattle, Washington 98104, USA
EU headquarters: Getty Images Deutschland GmbH, Auenstr. 5, 80469 Munich, Germany
Website: https://www.gettyimages.de/
Privacy policy: https://www.gettyimages.de/company/privacy-policy
Google Web Fonts
With Google Web Fonts, we can integrate fonts (web fonts) into the design of our website and display them correctly in your browser when you view our web pages. These web fonts are integrated by calling up a Google server. From there, the fonts are transferred to your browser in compressed form and unpacked there. This server is usually located in the USA. If you visit one of our pages on which we integrate Google Fonts, Google will be informed which of our web pages you have visited.
Provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
EU headquarters: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://fonts.google.com/
Privacy policy: https://policies.google.com/privacy
Contact form
We process your contact data in order to respond to your contact inquiries within the scope of the existing (pre-)contractual relationship, insofar as you provide this to us via our contact form, telephone, email, post, fax or social media. The same applies to other information about your request or your person.
Affected: (potential) customers, business and contractual partners
Data concerned:
a) Inventory data (e.g. name, date of birth)
b) Contact details (e.g. address, e-mail, telephone number)
c) Content data (texts, photos, videos)
d) Contract data (e.g. subject matter of the contract, duration of the contract)
Purpose of processing: answering contact requests, office and organization
Legal basis: Fulfillment of contract and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR
User-generated content
In some places on our website you have the opportunity to comment on our posts or post content yourself. In order to be able to determine your identity, we store your IP address for a period of 7 days, as we may be liable ourselves as the operator of the website for illegal statements made by our users (e.g. insults, criminal depictions of violence, distribution of child pornography).
Purpose of processing: Communication and processing of inquiries, obtaining feedback, security measures
Data concerned:
– Inventory and contact data (e.g. name, address, telephone number, e-mail address)
– Content data (e.g. photos, videos)
– Usage data (e.g. websites clicked on)
– Communication data (e.g. information on the IP address).
Legal basis: Art. 6 para. 1 lit. f GDPR
Analysis tools
We use analysis tools on our website to evaluate the flow of visitors. For example, age, gender, location data (if consent has been given), the browser used, the duration of access and the individual interactions on our website are recorded. The analysis tools also store data about which websites you used to access our website. Data is usually collected using cookies, which also record your IP address. However, the latter is shortened so that it can no longer be assigned to your visit to the website (IP masking). Personal data (e.g. name or e-mail address) is not stored, so that your identity cannot be traced by the analysis tools. For service providers based outside Europe, however, compliance with the level of data protection prescribed by the GDPR cannot be guaranteed. The data collected via the service may also be transferred and processed outside the European Union.
Purpose of processing: Marketing and remarketing, reach measurement
Affected: Users of our website
Data concerned:
– Usage data (e.g. websites clicked on)
– Communication data (e.g. information on the IP address).
Legal basis: Art. 6 para. 1 lit. a GDPR, Art. 6 para. 1 lit. f GDPR
We use the following web analysis services:
Google Analytics
Provider: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Registered office within the EU: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://marketingplatform.google.com/intl/de/about/analytics/
Privacy policy: https://policies.google.com/privacy?hl=de
Change option: https://tools.google.com/dlpage/gaoptout?hl=de
Google Universal Analytics
Provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Registered office within the EU: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://marketingplatform.google.com/intl/de/about/analytics/
Privacy Policy: https://policies.google.com/privacy?hl=de
Cross-device tracking: Cross-device tracking can also be used to evaluate data from other devices and recognize the user on another device. However, identification of the Internet user is excluded here, as we assign a user ID for anonymization purposes. Change
option: https://tools.google.com/dlpage/gaoptout?hl=de
Online advertising
We use various service providers for the advertising displayed to you online. These record, for example, age, gender, location data (if you have given your consent), the browser used, the duration of access and the individual interactions on our website. The websites from which you accessed our website are also recorded. Data is usually collected using cookies, which also record your IP address. However, the latter is shortened so that it can no longer be assigned to your visit to the website (IP masking). Personal data (e.g. name or e-mail address) is generally not stored so that your identity cannot be traced by the service provider. Exceptionally, however, such data is stored if you are a member of a social network that offers one of the following services and merges your profile with the aforementioned data.
The service provider evaluates the data collected and compiles a report on the number of website visitors generated by advertisements and the success of the advertisements. The report does not contain any information that enables users to be identified. It only contains information on the user's end devices and browsers, the time or (if consent has been given) the location of the visit. For service providers based outside Europe, however, compliance with the level of data protection prescribed by the GDPR cannot be guaranteed. The data collected via the service may also be transferred and processed outside the European Union.
Purpose of processing: Marketing and remarketing, reach measurement
Affected: Users of our website
Data concerned:
– Usage data (e.g. websites clicked on)
– Communication data (e.g. information on the IP address).
Legal basis: Art. 6 para. 1 lit. a GDPR, Art. 6 para. 1 lit. f GDPR
We use the following service providers for online advertising:
Google AdSense
Provider: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Registered office in Europe: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://www.google.com/intl/de_de/adsense/start/
Privacy policy: http://www.google.de/intl/de/policies/privacy
Google Ads
Provider: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Registered office in Europe: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://ads.google.com/home/
Privacy policy: http://www.google.de/intl/de/policies/privacy
Advertising by e-mail, post or telephone
We use your personal data for advertising purposes by e-mail, post or telephone. You can object to this use at any time or revoke your previously given consent. For an immediate deletion of your data after a revocation, it is necessary that you confirm that you originally gave us your consent to data processing for advertising purposes. Otherwise, your data may be stored for a further 4 years as proof of your consent, despite revocation. However, the data will not be used for any other purpose during this period.
Purpose of processing: Marketing and advertising by e-mail, post or telephone
Affected: Communication partner
Data concerned:
– Inventory and contact data (e.g. name, address, telephone number, e-mail address)
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR, legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR
Newsletter subscription
To stay informed about current offers and other news, you have the option of subscribing to our newsletter on our website. By entering your e-mail address, you consent to receiving the newsletter. The e-mail address, as well as other voluntary information, will be stored by us. To ensure that your e-mail address has not been misused by a third party, we store the date and time of registration, the IP address of your device and send you a confirmation e-mail to the e-mail address you have provided. You must confirm receipt of the newsletter by clicking on it. The above data will not be passed on to third parties.
Using tracking pixels and tracking links, we can evaluate your user behavior via the newsletter sent if you have consented to an evaluation of your user behavior. The evaluation includes in particular whether and when you open the newsletter and which links you click on.
You can withdraw your consent to receive the newsletter at any time. The revocation can be declared in the following way:
– Click on the link provided in the newsletter
– Form on our website
– by e-mail to: service@ryia.de
– via the contact details in the imprint of our website
The e-mail address will be deleted if consent is withdrawn or the confirmation link has not been clicked within one month of the confirmation e-mail being sent.
Purpose of processing: Marketing and advertising via newsletter, statistical evaluation of the newsletter
Affected: Users of the website
Data concerned:
– Content data (e.g. photos, videos)
– Usage data (e.g. websites clicked on)
– Communication data (e.g. information on the IP address).
Legal basis: Consent pursuant to Art. 6 para. 1 lit. a GDPR, legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR
Registration
To set up a user account on our website, it is necessary to provide personal data. This includes in particular your name, your e-mail address, a user name and a password. You can change or delete this data in your user account at any time. We store and process the data to set up the user account. Your data will not be passed on to third parties unless this is essential for the technical and organizational process of fulfilling our contractual relationship. To ensure that your e-mail address has not been misused by a third party, we also store the date and time of registration and the IP address of your terminal device.
Purpose of processing: (pre-)contractual service fulfillment, communication and processing of inquiries, security measures
Data concerned:
– Inventory and contact data (e.g. name, address, telephone number, e-mail address)
– Content data (e.g. photos, videos)
– Usage data (e.g. websites clicked on)
– Contract data (e.g. subject matter of the contract, contract term)
– Payment data (e.g. bank details)
– Communication data (e.g. information on the IP address)
Legal basis: Art. 6 para. 1 lit. b GDPR, Art. 6 para. 1 lit. c GDPR, Art. 6 para. 1 lit. f GDPR
Online store
You can place orders via our online store. In order to fulfill the underlying contractual relationship, you must provide personal information, e.g. name, address, electronic contact details, information for processing the payment process and for your specific order. The data may also be used for advertising purposes after an order has been placed in order to inform you about similar products or services.
We use the store system of a third-party provider to process orders and payments. Once the order has been received, the aforementioned personal details are transmitted to this provider. The data will only be passed on to third parties, e.g. the contracted delivery service, the payment service provider, our tax consultant, if this is necessary for the fulfillment of the contract, to protect your vital interests or other legal provisions. If third parties are engaged to fulfill our contractual obligations towards you, the data protection provisions of the third parties engaged shall apply.
You are free to set up a permanent user account when ordering. Your data will be deleted when you cancel your user account. Temporary cookies are used to store the contents of your shopping cart and permanent cookies are used to store your login status. To ensure that your e-mail address has not been misused by a third party, we also store the date and time of registration, login and order as well as the IP address of your end device.
Purpose of processing: (pre-)contractual service fulfillment, communication and processing of inquiries, security measures, office and organizational processes
Affected: (potential) customers, business and contractual partners
Data concerned:
– Inventory and contact data (e.g. name, address, telephone number, e-mail address)
– Content data (e.g. photos, videos)
– Usage data (e.g. websites clicked on)
– Contract data (e.g. subject matter of the contract, contract term)
– Payment data (e.g. bank details)
– Communication data (e.g. information on the IP address)
Legal basis: Art. 6 para. 1 lit. b GDPR, Art. 6 para. 1 lit. c GDPR, Art. 6 para. 1 lit. f GDPR
We use the following store systems:
shopify
Provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
Parent company: Shopify Inc, 150 Elgin Street, 8th Floor, Ottawa, ON K2P 1L4, Canada
Website: https://www.shopify.de/
Privacy policy: https://www.shopify.de/legal/datenschutz
Payment services
For the processing of our contractual or other legal relationships, we use certain payment service providers for payment transactions. In addition to the usual payment channels via banks and credit institutions, customers can use the service providers we offer. If you use these, your personal data (name, address, bank details, passwords, TANs, verification numbers) and details of the contract concluded will be transmitted to the payment service provider. This is the only way to ensure secure and functional payment processing. The payment service provider does not transmit the collected and processed personal data to us. It merely informs us whether our customers' payment was successful in the individual case. However, the payment service providers are authorized to transmit our customers' data to credit agencies. In all other respects, the terms and conditions and data protection provisions of the respective payment service provider apply, which you can find on the website of the service provider concerned.
Consent to the use of personal data may be withdrawn from the payment service provider at any time. The payment service provider may nevertheless be entitled to process, use and transmit the data with reference to its data protection provisions if this is absolutely necessary for contractual payment processing.
Purpose of processing: (pre-)contractual service fulfillment, effective and secure payment offers
Affected: (potential) customers, business and contractual partners
Data concerned:
– Inventory and contact data (e.g. name, address, telephone number, e-mail address)
– Usage data (e.g. websites clicked on)
– Contract data (e.g. subject matter of the contract, contract term)
– Payment data (e.g. bank details)
– Communication data (e.g. information on the IP address, end device used)
Legal basis: Art. 6 para. 1 lit. b GDPR, Art. 6 para. 1 lit. f GDPR
We use the following payment service providers:
American Express
Provider: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany
Website: https://www.americanexpress.com/de/?inav=NavLogo
Privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html
Apple Pay
Provider: Apple Inc, Infinite Loop, Cupertino, CA 95014, USA
Website: https://www.apple.com/de/apple-pay/
Privacy policy: https://www.apple.com/legal/privacy/de-ww/
Giropay
Provider: giropay GmbH, An der Welle 4, 60322 Frankfurt am Main
Website: https://www.giropay.de/
Privacy policy: https://www.giropay.de/rechtliches/datenschutzerklaerung/
Google Pay
Provider: Google Irelan Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Website: https://pay.google.com/intl/de_de/about/
Privacy policy: https://policies.google.com/privacy
Klarna
Provider: Klarna GmbH, Theresienhöhe 12, 80339 Munich
Website: https://www.klarna.com/sofort/
Privacy Policy: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy
Mastercard
Provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium
Website: https://www.mastercard.de/de-de.html
Privacy Policy: https://www.mastercard.de/de-de/datenschutz.html
PayPal
Provider: PayPal (Europe) S.à.r.l. et Cie., S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg
Website: https://www.paypal.com/de/webapps/mpp/home
Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full#
Shopify Pay
Provider: Shopify Payments, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin
Website: https://www.shopify.com
Privacy Policy: https://www.shopify.com/legal/privacy
Instant bank transfer
Provider: SOFORT GmbH, Theresienhöhe 12, 80339 Munich
Website: https://www.sofort.de/index.html
Privacy policy: https://www.sofort.de/datenschutz.html
Visa
Provider: Visa Europe Management Services Ltd, German Branch, Neue Mainzer Strasse 66-68, 60311 Frankfurt am Main, Germany
Website: https://www.visa.de/
Privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html
Messenger services
We use messenger services for communication purposes. Messenger services transmit text, image, video or contact files in real time. The services can also be used to transmit screens or to play online games. In order to use messenger services, the communication partners need the respective computer program and an Internet connection. This is used to exchange communication data in real time. If the communication partner is not online at the time the data is entered, the data is temporarily stored by the server of the messenger service and only transmitted to the recipient when they are online.
In some cases, messenger services use end-to-end encryption. This means that the transmitted files and content are only displayed to the respective communication partner and cannot be accessed by third parties. The provider itself only has access to the metadata of the communication (time, location, end device), but not to the content. Regular software updates should be installed to ensure that the data is encrypted.
If you have not consented to the transmission of your contact details to the messenger service, they will not be transmitted for the first time. You have the option at any time to revoke your consent to be contacted via the Messenger service or to object to its use.
Depending on where the provider is based, the data it collects may be transferred and processed outside the European Union. There is a risk of non-compliance with the level of data protection prescribed by the GDPR. The enforcement of your rights may also be prevented or made more difficult.
Purpose of processing: Marketing purposes and communication
Affected: (potential) customers, users of the website
Data concerned:
– Usage data (e.g. websites clicked on)
– Inventory and contact data (e.g. name, address, telephone number, e-mail address)
– Content data (e.g. photos, videos)
– Communication data (e.g. information on the IP address, end device used)
Legal basis: Art. 6 para. 1 lit. a GDPR, Art. 6 para. 1 lit. b GDPR, Art. 6 para. 1 lit. f GDPR
We use the following messenger services:
Microsoft Teams Messenger
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Website: https://www.microsoft.com/de-de/microsoft-teams/group-chat-software
Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement
Provider: WhatsApp Inc. 1601 Willow Road Menlo Park, California 94025, USA
EU headquarters: Whatsapp Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA
Website: https://www.whatsapp.com/
Privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy
Video conferencing tools
We use video conferencing tools to conduct online meetings and conference calls between employees and/or (potential) customers. When communicating via our video conferencing tools, we store the content of your shared screen content as well as the chat, video and audio communication and your login and contact details. The provider of the video conferencing tool used is also authorized to process your metadata and communication data (e.g. IP address, time, location, end device, communication partner). The processing by the service provider is primarily carried out for security reasons or for optimization or marketing purposes. However, the privacy policy of the respective provider is decisive for the more detailed configuration of access rights.
Depending on where the provider is based, the data it collects may be transferred and processed outside the European Union. There is a risk of non-compliance with the level of data protection prescribed by the GDPR. The enforcement of your rights may also be prevented or made more difficult.
Purpose of processing: (pre-)contractual service fulfillment, communication and processing of inquiries, service offer
Affected: (potential) customers, users of the website, communication partners
Data concerned:
– Usage data (e.g. websites clicked on)
– Inventory and contact data (e.g. name, address, telephone number, e-mail address)
– Content data (e.g. photos, videos)
– Communication data (e.g. information on the IP address, end device used)
Legal basis: Art. 6 para. 1 lit. a GDPR, Art. 6 para. 1 lit. b GDPR, Art. 6 para. 1 lit. f GDPR
Video conferencing tools we use:
Google Meet (formerly Google Hangout)
Services: Video conferencing, chats, instant messaging
Provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website: https://gsuite.google.com/intl/de/
Privacy policy: https://policies.google.com/privacy?hl=de
Microsoft Teams
Services: Video conferences, chats, voice conferences
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Website: https://www.microsoft.com/de-de/microsoft-365/microsoft-teams/group-chat-software
Privacy policy: https://privacy.microsoft.com/de-de/privacystatement
Cloud services
We use cloud services to handle various internal and external organizational processes (e.g. presentations, calculations, appointment management, exchange and publication of files, processing and storage of documents, communication via chat, audio and video conferences). The cloud services are used by accessing their servers. When using our cloud service, your registration, contact and contract data is stored and processed on the provider's servers. The provider is authorized to store cookies on your computer system when you access files published by us. It is also authorized to process your meta and communication data (e.g. IP address, time, location, end device, communication partner). The processing by the service provider is primarily carried out for security reasons or for optimization or marketing purposes. In particular, it can use the data collected to analyze your usage behavior and your browser settings.
Depending on where the provider is based, the data it collects may be transferred and processed outside the European Union. There is a risk of non-compliance with the level of data protection prescribed by the GDPR. The enforcement of your rights may also be prevented or made more difficult. We intend to process your data - insofar as our service provider offers this - exclusively within the EU.
Purpose of processing: Communication and administrative tasks
Affected: (potential) customers, users of the website, communication partners, (former, current, potential and future) employees
Data concerned:
– Usage data (e.g. websites clicked on)
– Inventory and contact data (e.g. name, address, telephone number, e-mail address)
– Content data (e.g. photos, videos)
– Communication data (e.g. information on the IP address, end device used)
Legal basis: Art. 6 para. 1 lit. a GDPR, Art. 6 para. 1 lit. b GDPR, Art. 6 para. 1 lit. f GDPR
We use the following cloud service providers:
Google cloud services
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website: https://cloud.google.com/
Privacy policy: https://www.google.com/policies/privacy
Microsoft cloud services
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA
Website: https://www.microsoft.com/de-de/microsoft-365/onedrive/online-cloud-storage
Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement
Applicant data
The applicant data you send us (e.g. personal details, photo, contact details, background) will be processed by us in the application process. Data sent by e-mail is always transmitted unencrypted. Submissions via our contact form are encrypted according to the state of the art. Applicant data transmitted online is processed exclusively electronically. If the application process leads to an employment relationship with us, your data will be stored for the further processing of the employment relationship. The data protection regulations will be observed. In the event that the application process ends with a rejection, your data will be deleted no later than 2 months after the rejection is sent. In exceptional cases, the data will be stored beyond this if this is required by law or if storage is necessary for evidence purposes in the context of compliance with the General Equal Treatment Act.
Purpose of processing: Communication and implementation of the application procedure
Affected: potential future employees
Data concerned:
– Usage data (e.g. websites clicked on)
– Inventory and contact data (e.g. name, address, telephone number, e-mail address)
– Contract data (e.g. subject matter of the contract, contract term)
– Payment data (e.g. bank details)
Legal basis: Art. 6 para. 1 lit. b GDPR, Art. 6 para. 1 lit. c GDPR