Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor is it necessary for entering into a contract. You are not obligated to provide the data. Failure to provide it will have no consequences. This applies only insofar as no other information is provided in the following processing operations.
"Personal data" means any information relating to an identified or identifiable natural person.

Server Log Files You can visit our website without providing any personal information. Each time you access our website, your internet browser transmits usage data to us or our web host/IT service provider, which is then stored in log files (server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider. This processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in ensuring the smooth operation of our website and improving our services.

contact

Responsible
Please contact us if you wish. The data controller is: Max Hoch, Flugplatzstr. 12b, 97437 Haßfurt, Germany, +49 9521 6229132, info@hair2heart.de

Customer initiates contact via email
If you contact us proactively via email, we collect your personal data (name, email address, message text) only to the extent that you provide it. This data processing serves the purpose of processing and responding to your inquiry.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice on purchase interest, preparing an offer) or relates to a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR.
If you contact us for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.

Data collection and processing when using the contact form
When you use the contact form, we collect your personal data (name, email address, message text) only to the extent that you provide it. The data is processed for the purpose of contacting you.
If the contact is for the purpose of carrying out pre-contractual measures (e.g., providing advice on purchase interest, preparing an offer) or relates to a contract already concluded between you and us, this data processing is based on Art. 6 para. 1 lit. b GDPR.
If you contact us for other reasons, this data processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will then be deleted in accordance with statutory retention periods, unless you have consented to further processing and use.

Customer account Orders

Customer account
When you open a customer account, we collect your personal data to the extent specified there. This data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is based on Article 6(1)(a) GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the lawfulness of the processing carried out based on the consent before its withdrawal. Your customer account will then be deleted.

Collection, Processing, and Transfer of Personal Data for Orders: When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to handle your inquiries. Providing this data is necessary for entering into a contract. Failure to provide this data will result in the contract not being concluded. Processing is based on Article 6(1)(b) GDPR and is necessary for the performance of a contract with you. Your data will be transferred, for example, to your chosen shipping companies and dropshipping providers, payment service providers, order processing service providers, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transfer is limited to the minimum necessary.

Reviews Advertising

Data collection when writing a comment or review
When you comment on or rate an article or post, we collect your personal data (name, email address, comment text) only to the extent that you provide it. This data is processed for the purpose of enabling and displaying comments and ratings.
By submitting your comment/review, you consent to the processing of the data you provide. This processing is based on Article 6(1)(a) of the GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the lawfulness of processing based on consent before its withdrawal. Your personal data will then be deleted.

Trustami customer review
To display collected reviews and social media feedback, the Trustami trust seal is integrated on this website. This serves our legitimate interests in the optimal marketing of our services on our own website in accordance with Art. 6 Para. 1 Sentence 1 lit. f GDPR. When the Trustami trust seal is accessed, the web server automatically stores data (access data) in the form of a server log file. This log file contains the name of the accessed website, the file, the date and time of access, your IP address in abbreviated form, the amount of data transferred, notification of successful access, browser type, the user's operating system, the referrer URL (of the previously visited page), and the requesting provider. This access data is not analyzed and is automatically overwritten no later than seven days after your visit to the website. The Trustami trust seal and the services advertised with it are offered by Trustami GmbH, Schröderstraße 5, 10115 Berlin, Germany. The processing of data collected by Trustami is subject to Trustami's privacy policy, which can be found at www.trustami.com/datenschutz .

Use of the email address for sending newsletters
We use your email address, independently of contract processing, exclusively for our own advertising purposes to send you newsletters, provided you have expressly consented to this. This processing is based on Article 6 Paragraph 1 Letter a of the GDPR with your consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out based on the consent before its revocation. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the mailing list.

Your data will be shared with an email marketing service provider as part of order processing. It will not be shared with any other third parties.

Use of the email address for sending direct marketing.
We use your email address, which we obtained in connection with the sale of goods or services, to send you electronic advertising for our own goods or services that are similar to those you have already purchased from us, unless you have objected to this use. Providing your email address is necessary for the conclusion of the contract. Failure to provide it will result in the contract not being concluded. This processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in direct marketing. You can object to this use of your email address at any time by notifying us. Our contact details for exercising your right to object can be found in the legal notice. You can also use the unsubscribe link provided in the advertising email. No costs other than standard transmission fees will be incurred.

Shipping service provider, inventory management

Sharing of the email address with shipping companies to inform about the shipping status
We will share your email address with the shipping company as part of the order processing, provided you have expressly consented to this during the ordering process. This sharing is for the purpose of informing you about the shipping status via email. This processing is based on Article 6(1)(a) of the GDPR with your consent. You can withdraw your consent at any time by notifying us or the shipping company, without affecting the lawfulness of processing based on consent before its withdrawal.

Use of an external merchandise management system
We use an enterprise resource planning (ERP) system for order processing. For this purpose, your personal data collected during the ordering process will be transferred to...
plentysystems AG, Bürgermeister-Brunner-Straße 15, 34117 Kassel
transmitted.

Payment service provider credit report

Using PayPal
We use the PayPal payment service on our website, provided by PayPal (Europe) S.à.rl et Cie, SCA (22-24 Boulevard Royal L-2449, Luxembourg; "PayPal"). The data processing serves the purpose of offering you the option of payment via this service. By selecting and using PayPal as your payment method, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the chosen payment method. This processing is based on Article 6(1)(b) GDPR.

All PayPal transactions are subject to the PayPal Privacy Statement. You can find it at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Using Amazon Payments
We use the Amazon Payments payment service from Amazon Payments Europe sca (38 avenue John F. Kennedy, L-1855 Luxembourg; “Amazon Payments”) on our website.
The data processing serves the purpose of enabling you to offer payment via the Amazon Payments service.
To integrate this payment service, Amazon Payments needs to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, location of your device) when you access the website. Cookies may also be used for this purpose. These cookies enable the recognition of your browser.
Your personal data is processed on the basis of Article 6(1)(f) GDPR, based on our overriding legitimate interest in offering a customer-oriented range of payment methods. You have the right to object to this processing of your personal data at any time, on grounds relating to your particular situation.
By selecting and using “Amazon Payments”, the data required for payment processing will be transmitted to Amazon Payments in order to fulfill the contract with you using the chosen payment method. This processing is based on Article 6 Paragraph 1 Letter b GDPR.
Further information on data processing when using the Amazon Payments service can be found in the corresponding privacy policy at: https://pay.amazon.com/de/help/201212490

Use of Klarna payment options: We use the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; "Klarna") on our website. By selecting and using payment via Klarna, the data required for payment processing is transmitted to Klarna in order to fulfill the contract with you using the chosen payment method. This processing is based on Article 6 Paragraph 1 Letter b GDPR. For certain payment methods such as "Pay Later" (invoice), "Pay Now" (direct debit), and "Financing" (installment purchase), Klarna reserves the right to obtain a credit report, if necessary, based on mathematical-statistical procedures using credit agencies. For this purpose, Klarna transmits the personal data required for a credit check, such as first and last name, address, gender, email address, IP address, and data related to the order, to a credit agency for identity and creditworthiness verification and uses the information received about the statistical probability of payment default to make a balanced decision regarding the establishment, execution, or termination of the contractual relationship. The credit report may include probability values ​​(score values) based on scientifically The credit rating is calculated using recognized mathematical-statistical methods, and address data is among the information used in these calculations. Your legitimate interests are protected in accordance with legal regulations. The data processing serves the purpose of credit assessment for initiating a contract. This processing is based on Article 6(1)(f) GDPR, due to our overriding legitimate interest in protecting against payment defaults when Klarna provides services in advance. You have the right to object, on grounds relating to your particular situation, at any time to this processing of your personal data based on Article 6(1)(f) GDPR by notifying Klarna. Providing this data is necessary for concluding the contract with your chosen payment method. Failure to provide this data will result in the contract not being able to be concluded with your chosen payment method. Further information, in particular regarding which credit agencies Klarna transfers your personal data to, can be found at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies General information about Klarna can be found at: https://www.klarna.com/de/ . Your personal data will be processed by Klarna in accordance with applicable data protection regulations and as described in Klarna's privacy policy at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy . Use of SOFORT: We use the payment service provider SOFORT GmbH (Theresienhöhe 12, 80339 Munich, Germany; "SOFORT") for payment processing on our website. SOFORT GmbH is a company of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The data processing serves the purpose of offering you various payment methods through payment processing via the payment service provider SOFORT. If you have chosen a payment option, the data required for payment processing will be transmitted to SOFORT. This data processing is based on Art. 6 para. 1 lit. b GDPR. Further information Information on data processing when using the payment service provider SOFORT can be found at https://www.sofort.com/1.0/shared/content/legal/terms/de-DE/SOFORT/ and https://www.klarna.com/sofort/ . Use of the payment service provider Mollie: We use the payment service provider Mollie BV (Keizersgracht 313, 1016 EE Amsterdam, Netherlands; "Mollie") for payment processing on our website. The data processing serves the purpose of offering you various payment methods through payment processing via the payment service provider Mollie. If you have chosen one of the payment options offered by the payment service provider Mollie, the data required for payment processing will be transmitted to Mollie. This includes your payment details (for example, bank account number or credit card number), your IP address, your internet browser and device type, and in some cases, your first and last name, your address details, and information about the product or service you have purchased from us. This data processing is based on Article 6 Paragraph 1 Letter b. GDPR. Further information on data processing when using the payment service provider Mollie can be found in their privacy policy: https://www.mollie.com/de/privacy. Cookies: Our website uses cookies. Cookies are small text files that are stored in or by the internet browser on a user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is visited again. Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, please note that you may then not be able to fully use all the functions of this website. The links below provide information on how to manage (including disable) cookies in the most common browsers. You can manage cookies in: Chrome: https://support.google.com/accounts/answer/61416?hl=de Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09 Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac Technically necessary cookies: Unless otherwise stated in the privacy policy below, we only use these technically necessary cookies to make our website more user-friendly, effective, and secure. Furthermore, cookies enable our systems to recognize your browser even after you have changed pages and to offer you services. Some functions of our website may require cookies. This service cannot be offered without the use of cookies. For this to work, it is necessary that the browser is recognized even after a page change. The use of cookies or similar technologies is based on Section 25 Paragraph 2 of the German Telemedia Act (TTDSG). The processing of your personal data is based on Article 6 Paragraph 1 Letter f of the GDPR, due to our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our services. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.

Use of the Cookie Consent Manager CCM19
We use the Cookie Consent Manager CCM19 from Papoo Software & Media GmbH (Auguststr. 4, 53229 Bonn; "CCM19") on our website.
The plug-in allows you to grant consent to data processing via the website, in particular the setting of cookies, and to exercise your right to withdraw previously granted consent. The data processing serves the purpose of obtaining and documenting necessary consents to data processing and thus complying with legal obligations.
Cookies are used for this purpose. The following information, among other things, may be collected, stored, and potentially transmitted to CCM19: randomly assigned ID, consent status, date and time of consent/rejection. The data is stored for one year and one month and then deleted. This data will not be shared with any other third parties.
The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR.
Further information on data protection at CCM19 can be found at: https://www.ccm19.de/datenschutzerklaerung.html .


Ad tracking

Use of Google Analytics 4
We use the web analytics service Google Analytics from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The data processing serves the purpose of analyzing this website and its visitors, as well as for marketing and advertising purposes. To this end, Google, on behalf of the operator of this website, will use the information obtained to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator.
The following information may be collected, among other things: IP address, date and time of the page visit, click path, information about the browser and device you are using, pages visited, referrer URL (website from which you accessed our website), location data, and purchase activity. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Google uses technologies such as cookies, web storage in the browser and tracking pixels, which enable an analysis of your use of the website.
The information generated about your use of this website is generally transmitted to and stored on a Google server in the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has thus committed to complying with European data protection principles. Both Google and US government authorities have access to your data. Google may combine your data with other data, such as your search history, your personal accounts, your usage data from other devices, and any other data Google holds about you.
When using Google Analytics 4, the IP address transmitted by your website is automatically collected and processed in anonymized form. Google shortens the IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before processing it.
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is also based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on terms of use and data protection can be found at https://policies.google.com/technologies/partner-sites and at https://policies.google.com/privacy?hl=de&gl=de .

In this context, we also use the Google Signals service. Google Signals enables cross-device tracking. Your data can therefore be analyzed across devices if you have activated "personalized ads" in your account settings and your devices are linked to your Google account. This makes it possible to identify which device you use to search for products and later return to complete purchases on another device, such as a tablet. The cross-device reports generated in this context contain only aggregated data. We therefore only receive statistics generated based on Google Signals. To prevent data collection and storage by Google Signals across devices, you can deactivate the "personalized ads" feature in your Google account settings. Further information can be found at https://support.google.com/ads/answer/2662922?hl=de . More detailed information on data processing and privacy regarding Google Signals can be found at https://support.google.com/analytics/answer/7532985?hl=de . Use of the Meta Pixel: We use the Meta Pixel from Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "Meta") on our website. Meta and we are jointly responsible for the collection of your data and its transfer to Meta when the service is integrated. This is based on an agreement between us and Meta regarding the joint processing of personal data, which defines the respective responsibilities. The agreement can be accessed at https://de-de.facebook.com/legal/terms/businesstools . In particular, we are responsible for fulfilling the information obligations pursuant to Articles 13 and 14 of the GDPR, for complying with the security requirements of Article 32 of the GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations under Articles 33 and 34 of the GDPR insofar as a personal data breach affects our obligations under the joint processing agreement. Meta is responsible for enabling the data subject rights in accordance with Articles 15-20 GDPR, complying with the security requirements of Article 32 GDPR with regard to the security of the service, and fulfilling the obligations under Articles 33 and 34 GDPR insofar as a personal data breach affects Meta's obligations under the joint controllership agreement. The application serves the purpose of targeting website visitors with interest-based advertising on the social networks Facebook and Instagram. For this purpose, Meta's remarketing tag has been implemented on the website. This tag establishes a direct connection to Meta's servers when you visit the website. This transmits information to Meta's servers about which of our pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram user account. When you visit the social networks Facebook or Instagram, you will then be shown personalized, interest-based ads. The application also serves the purpose of generating conversion statistics. Here, we learn the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag, as well as what actions they take after being redirected to this website. However, we do not receive any personally identifiable information. Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Meta has certified itself under the TADPF and is therefore committed to complying with European data protection principles. Your personal data is processed with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can deactivate the "Custom Audiences" remarketing function here. Further information on the collection and use of data by Meta, your related rights, and options for protecting your privacy can be found in Meta's privacy policy at https://www.facebook.com/about/privacy/ .

Use of Google Ads Conversion Tracking: We use the online advertising program "Google Ads" on our website and, within this framework, conversion tracking (visit action evaluation). Google Conversion Tracking is an analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; Google). When you click on an ad placed by Google, a conversion tracking cookie is stored on your computer. These cookies have a limited lifespan, do not contain any personally identifiable information, and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page. Each Google Ads customer receives a different cookie. This means that cookies cannot be tracked across the websites of different Ads customers. The information obtained using the conversion cookie is used to create conversion statistics. Here, we learn the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any personally identifiable information. Your data may be transferred to Google LLC servers in the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has thus committed to complying with European data protection principles. The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Further information and Google's privacy policy can be found at: https://www.google.de/policies/privacy/ Use of the remarketing or "similar audiences" function of Google Inc. We use the remarketing or "similar audiences" function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. This function serves the purpose of analyzing visitor behavior and interests. To analyze website usage, which forms the basis for creating interest-based advertising, Google uses cookies. These cookies record website visits and anonymized data about website usage. No personal data of website visitors is stored. If you subsequently visit another website in the Google Display Network, you will be shown advertisements that are highly likely to reflect product and information areas you have previously viewed. Your data may be transferred to servers of Google LLC in the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has thus committed to complying with European data protection principles. The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Further information on Google Remarketing and the associated privacy policy can be found at: https://www.google.com/privacy/ads/

Using the Pinterest tag
We use the Pinterest tag of Pinterest Europe Limited (Palmerston House, 2nd, Fenian Street, Floor, Dublin 2, Ireland "Pinterest") on our website.
This application is designed to target website visitors with interest-based advertising on the social network Pinterest. To achieve this, the Pinterest conversion tag has been implemented on the website. This tag establishes a direct connection to Pinterest's servers when you visit the website. This transmits information to Pinterest's servers about which of our pages you have visited. Pinterest associates this information with your personal Pinterest user account if you are logged into the social network. When you visit Pinterest, you will then be shown personalized, interest-based Pinterest ads.
When you access our website via a pin on the social network Pinterest, a conversion tracking cookie is placed on your computer. These cookies have a limited lifespan, do not contain any personal data, and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Pinterest and we can recognize that you clicked on the pin and were redirected to this page. The information collected using the conversion cookie is used to generate conversion statistics and thus optimize our website. This may include, among other things, the following information: the total number of users who clicked on one of our pins and were redirected to our website, the subpages visited on our website (e.g., category or product pages), search queries on our website, your shopping cart contents, and completed transactions.
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Pinterest is not TADPF certified. Data transfers are based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de .
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is also based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
For more information about how Pinterest collects and uses data, your related rights and options for protecting your privacy, please see Pinterest's privacy policy at https://policy.pinterest.com/de/privacy-policy .

Plug-ins and other

Use of Google Tag Manager: We use Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. This application manages JavaScript and HTML tags, which are used to implement tracking and analytics tools. The data processing serves the purpose of tailoring and optimizing our website to user needs. Google Tag Manager itself does not store cookies, nor does it process personal data. However, it enables the triggering of other tags that may collect and process personal data. You can find more information about the terms of use and data protection here . Use of Google reCAPTCHA: We use the reCAPTCHA service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website. This query serves the purpose of distinguishing between input by a human and input by automated, machine processing. For this purpose, your input is transmitted to Google and further processed there. In addition, the IP address and, if applicable, other data required by Google for the reCAPTCHA service are transmitted to Google. This data is processed by Google within the European Union and may also be transferred to servers of Google LLC in the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has thus committed to complying with European data protection principles. The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Further information on Google reCAPTCHA and the associated privacy policy can be found at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy .

Using Google invisible reCAPTCHA
We use the invisible reCAPTCHA service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google") on our website.
This serves the purpose of distinguishing between input from a human and input from automated, machine processing. In the background, Google collects and analyzes usage data, which Invisible reCAPTCHA uses to differentiate regular users from bots. For this purpose, your input is transmitted to Google and further processed there. Additionally, your IP address and, if applicable, other data required by Google for the Invisible reCAPTCHA service are transmitted to Google.
This data is processed by Google within the European Union and may also be transferred to servers of Google LLC in the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has thus committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is also based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information about Google reCAPTCHA and its privacy policy can be found at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy

Using Cloudflare
We use the Cloudflare CDN content delivery network from Cloudflare Inc. (101 Townsend St, San Francisco, CA 94107, USA; “Cloudflare”) on our website. This is a geographically dispersed network of servers in various data centers to which our web server connects and through which certain content from our website is delivered.
The data processing serves the purpose of optimizing the loading times of our website and thus making our offer more user-friendly.
The following information may be collected, among other things: IP address, system configuration information, information about traffic to and from customer websites (so-called server log files).
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Cloudflare is certified under the TADPF and has therefore committed to complying with European data protection principles.
Your personal data is processed on the basis of Article 6(1)(f) GDPR, based on our overriding legitimate interest in designing the website to meet user needs and be targeted effectively. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(f) GDPR.
Further information on data protection when using Cloudflare can be found at https://www.cloudflare.com/de-de/privacypolicy/ .

Using Google Maps
We use the Google Maps embedding function on our website, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, "Google").
This function enables the visual display of geographical information and interactive maps. When pages containing embedded Google Maps are accessed, Google also collects, processes, and uses data from website visitors.
Your data may also be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has therefore committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is also based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on the collection and use of data by Google can be found in Google's privacy policy at https://www.google.com/privacypolicy.html . There, in the Privacy Center, you also have the option to change your settings so that you can manage and protect your data processed by Google.

Using YouTube
We use the YouTube video embedding function on our website, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”). YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
This feature displays videos hosted on YouTube within an iFrame on the website. The "Enhanced Privacy Mode" option is enabled. This means that YouTube does not store any information about website visitors. Information is only transmitted to and stored by YouTube when you actually watch a video. Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). YouTube has certified itself under the TADPF and has therefore committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is also based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on the collection and use of data by YouTube and Google, your related rights and options for protecting your privacy can be found in YouTube's privacy policy at https://www.youtube.com/t/privacy .

Use of Google Fonts
We use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The data processing serves the purpose of ensuring consistent font display on our website. To load the fonts, a connection to Google's servers is established when the page is accessed. Cookies may be used in this process. Among other things, your IP address and information about the browser you are using are processed and transmitted to Google. This data is not linked to your Google account.
Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has therefore committed to complying with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to Section 25 Paragraph 1 Sentence 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in conjunction with Article 6 Paragraph 1 Letter a of the GDPR. The processing of your personal data is also based on your consent pursuant to Article 6 Paragraph 1 Letter a of the GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Further information on data processing and data protection can be found at https://www.google.de/intl/de/policies/ and at https://developers.google.com/fonts/faq .

Data subject rights and storage period

Storage duration
After complete contract fulfillment, the data will initially be stored for the duration of the warranty period, then taking into account legal, in particular tax and commercial law retention periods, and then deleted after the expiry of the period, unless you have consented to further processing and use.

Rights of the data subject
Provided the legal requirements are met, you have the following rights under Articles 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.
Furthermore, pursuant to Article 21 Paragraph 1 GDPR, you have the right to object to processing based on Article 6 Paragraph 1 f GDPR, as well as to processing for direct marketing purposes.

Right to lodge a complaint with the supervisory authority
According to Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is unlawful.

You can lodge a complaint with the supervisory authority responsible for us, which you can reach using the following contact details:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Tel.: +49 981 1800930
Fax: +49 981 180093800
Email: poststelle@lda.bayern.de

Right to object
If the processing of personal data listed here is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you have the right to object to this processing at any time with effect for the future on grounds relating to your particular situation.
After an objection has been lodged, the processing of the data in question will cease, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

If your personal data is processed for direct marketing purposes, you can object to this processing at any time by notifying us. Upon receipt of your objection, we will cease processing the data in question for direct marketing purposes.

Last updated: July 13, 2023