• Privacy Policy

Privacy policyPrivacy policy

We take data protection seriously

The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers store the IP of your Internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of your visit as standard. This information is essential for the technical transmission of the web pages and secure server operation. There is no personalised analysis of this data.

If you send us data via the contact form, this data will be stored on our servers as part of the data backup process. Your data will only be used by us to process your enquiry. Your data will be treated as strictly confidential. It will not be passed on to third parties.

1. Who is responsible for data processing and who can you contact?

Responsible person:
Hörluchs Hearing GmbH & Co KG
Bergseestraße 10
91217 Hersbruck

E-mail address: info@hoerluchs.com
Phone: +49 (0)9151 90886-0
Fax: +49 (0)9151 90886-27

The company data protection officer is
Mr Christian Volkmer
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg

E-mail: anfragen@projekt29.de
Phone: 0941-2986930

2. Personal data

Personal data is data about your person. This includes your name, your address and your e-mail address. You do not have to disclose any personal data in order to visit our website. In some cases, we need your name and address as well as other information in order to be able to offer you the desired service

The same applies if we supply you with information material on request or if we answer your enquiries. In these cases, we will always point this out to you. In addition, we only store the data that you have transmitted to us automatically or voluntarily.

When you use one of our services, we generally only collect the data that is necessary to provide you with our service. We may ask you for further information, but this is voluntary. Whenever we process personal data , we do so in order to be able to offer you our service or to pursue our commercial objectives.

3. Visit the website

3.1. General use

When you visit our website, our web servers store the IP of your internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of your visit by default. The processing of this information is absolutely necessary for the technical transmission of the web pages, the convenient use of our services and secure server operation. Our legitimate interest arises from Art. 6 para. 1 lit. f) GDPR.

It is not possible to draw any direct conclusions about your identity from the information and we will not do so. The information is stored and automatically deleted once the aforementioned purposes have been achieved. The standard periods for deletion are based on the criterion of necessity.

3.2.   Automatically saved data

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Complete IP address of the requesting computer
  • Amount of data transferred

This data is not merged with other data sources. Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short time. It is not possible for us to identify individual persons from this data. After seven days at the latest, the data is anonymised by shortening the IP address at domain level so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymised form for statistical purposes; it is not compared with other databases or passed on to third parties, even in excerpts.

3.3.   Contact us

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the data of the enquiring persons will be processed insofar as this is necessary to answer the contact enquiries and any requested measures.

The response to contact enquiries within the framework of contractual or pre-contractual relationships is carried out to fulfil our contractual obligations or to respond to (pre)contractual enquiries and otherwise on the basis of the legitimate interests in responding to the enquiries.

  • Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. entries in online forms).
  • Affected persons: Communication partner.
  • Purposes of processing: contact enquiries and communication.
  • Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 lit. b. GDPR), Legitimate interests (Art. 6 para. 1 lit. f. GDPR).

3.4.   Cookies

Our Internet pages use so-called cookies. Cookies are small data packets that do not cause any damage to your computer. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or your web browser automatically deletes them.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies can be used to analyse user behaviour or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been obtained, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDSG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. You can find out which cookies and services are used on this website in this privacy policy.

You can change your settings for the use of cookies here at any time

4. Consent Manager Platform (CMP)

Cookiebot

Our website uses Cookiebot’s consent technology to obtain your consent to the storage of your data.

of certain cookies on your end device or for the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as “Cookiebot”).

When you enter our website, a connection is established to the Cookiebot servers in order to obtain your consent and other declarations regarding the use of cookies. Cookiebot then stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Cookiebot cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

We have concluded an order processing contract (AV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

5.     Service optimisation

5.1.   Platform

jsDelivr CDN

This website uses a so-called “Content Delivery Network” (CDN) from jsDelivr.

A CDN is a service used to deliver the content of our online offering, in particular large media files such as graphics or scripts, more quickly with the help of regionally distributed servers connected via the Internet. User data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of the CDN.

For this purpose, the browser you are using must establish a connection to the CDN servers. The CDN then becomes aware that our website has been accessed via your IP address.

The use is based on our legitimate interests, namely the interest in a secure and efficient provision, analysis and optimisation of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.

Further information can be found in the privacy policy of jsDelivr: https://www.jsdelivr.com/privacy-policy-jsdelivr-net/

Cloudflare 

We use the “Cloudflare” service. The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as “Cloudflare”).

Cloudflare offers a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed via Cloudflare’s network. This enables Cloudflare to analyse the data traffic between your browser and our website and to act as a filter between our servers and potentially malicious data traffic from the Internet. Cloudflare may also use cookies or other technologies to recognise Internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://www.cloudflare.com/privacypolicy/.

Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

We have concluded an order processing contract (AV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

 

Web fonts via Fast Fonts

We use so-called web fonts on our website, which are loaded via the Fast Fonts service, for the uniform and appealing display of fonts. Fast Fonts is a service provided by an external provider (third-party provider) that transfers the integrated fonts directly from its servers to your browser when you access the page.

When loading these fonts, your IP address is transmitted to the Fast Fonts servers, as it is technically necessary to deliver the content to your end device. Depending on the configuration, information about the browser used, the operating system and the previously visited page may also be processed.

The use of Fast Fonts is for the visual optimisation and consistent presentation of our website and is therefore in our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

Please note that Fast Fonts may use servers outside the European Union. In this case, we ensure that suitable guarantees for adequate data protection are in place (e.g. standard contractual clauses in accordance with Art. 46 GDPR).

Our website uses services from StackPath, LLC, 2021 McKinney Ave, Suite 1100, Dallas, TX 75201, USA, to improve the security and loading speed of the website. StackPath provides a global content delivery infrastructure (CDN) that distributes requests across regional servers, enabling faster delivery of content and protection against attacks (e.g. DDoS).

When our website is accessed, technical connection data (e.g. IP address, time stamp, user agent) is transmitted to StackPath. This data is used exclusively for the secure and stable provision of the website and is automatically deleted after a short time.

The use is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the reliable, high-performance and secure provision of our website.

Please note that by using StackPath, data may be transferred to the USA. StackPath is certified in accordance with the EU-U.S. Data Privacy Framework. In addition, standard contractual clauses have been concluded to ensure an adequate level of data protection.

Further information can be found in StackPath’s privacy policy:
https://www.stackpath.com/legal/privacy-statement/

ARD media centre

Content from the ARD Mediathek may be embedded or linked on our website. The ARD Mediathek is the joint video-on-demand service of the ARD’s state broadcasting organisations and joint institutions. The provider in terms of data protection is Südwestrundfunk (SWR), Neckarstraße 230, 70190 Stuttgart, as an institution under public law.

When a page with embedded ARD media library content is accessed (e.g. via a video player), technical data such as the IP address, browser information and timestamp may be transmitted to servers of SWR or the participating broadcasters. This data is processed exclusively for the purpose of providing and optimising the streaming service. Data processing for commercial purposes or tracking via web analysis tools does not take place in this context.

The use is based on Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in an informative and media-supported presentation of our content.

Further information on data protection at the ARD Mediathek can be found at
https://www.ardmediathek.de/datenschutz

5.2.   Newsletter

If you subscribe to our newsletter, we will use the data required for this or separately provided by you to regularly send you our email newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can unsubscribe from the newsletter at any time, either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address from the recipient list, unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

We would like to point out that we evaluate your user behaviour when sending the newsletter. For this purpose, we also analyse your interaction with our newsletter by measuring, storing and evaluating opening rates and click rates for the purpose of designing future newsletter campaigns (“newsletter tracking”).

For this analysis, the emails sent contain single-pixel technologies (e.g. so-called web beacons, tracking pixels) that are stored on our website. In particular, we link the following “newsletter data” for the analyses;

  • the page from which the page was requested (so-called referrer URL),
  • the date and time of the call,
  • the description of the type of web browser used,
  • the IP address of the requesting computer,
  • the e-mail address,
  • the date and time of registration and confirmation

and single-pixel technologies with your e-mail address or IP address and, if applicable, an individual ID. Links contained in the newsletter may also contain this ID.

If you do not wish to participate in newsletter tracking, you can unsubscribe from the newsletter at any time as described above.

The information is stored for as long as you have subscribed to the newsletter.

The newsletter may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

The newsletter and the newsletter tracking described above may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

6.     Tools and services for analysis, statistics and marketing

6.1.   Analysis and statistics

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool with the help of which we can use tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR.

Google Analytics (4)

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the recorded data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there. The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can revoke your consent at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google is also certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified in accordance with the DPF undertakes to comply with these data protection standards.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google Analytics e-commerce measurement

This website uses the “e-commerce measurement” function of Google Analytics. With the help of e-commerce measurement, the website operator can analyse the purchasing behaviour of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device.

 Clarity

This website uses Clarity. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA98052-6399 (USA), https://docs.microsoft.com/en-us/clarity/ (hereinafter referred to as “Clarity”).

Clarity is a tool for analysing user behaviour on this website. Clarity records in particular mouse movements and creates a graphical representation of which part of the website users scroll particularly frequently (heat maps). Clarity can also record sessions so that we can view page usage in the form of videos. We also receive information about general user behaviour within our website.

Clarity uses technologies that enable the recognition of the user for the purpose of analysing the user behaviour (e.g. cookies or the use of device fingerprinting). Your personal data is stored on Microsoft’s servers (Microsoft Azure Cloud Service) in the USA.

sshogun

The use of Clarity is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective user analysis. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further details on Clarity’s data protection can be found here:

https://docs.microsoft.com/en-us/clarity/faq.

We have concluded an order processing contract (AV) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

PixelYourSite

We use the PixelYourSite tool on our website, a plugin for managing and triggering tracking pixels (e.g. Meta Pixel, Google Tag Manager, Google Ads). With PixelYourSite, certain user actions – such as page views, clicks or transactions – are recorded and passed on to associated platforms, provided you have previously consented to the corresponding tracking.

Among other things, the plugin sets the cookies “pys_landing_page” and “local” to save the visited landing page or certain local settings. These cookies do not contain any directly personal information, but in combination with other services they can help to recognise or assign users.

The processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, provided that you have consented to the use of corresponding tracking technologies in the context of our consent banner.

The data processing takes place on our own servers or by the services you have activated (e.g. Meta, Google) to which data can be transmitted.
You can find more information about PixelYourSite at
https://www.pixelyoursite.com/privacy-policy

6.2.   Advertising and marketing

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to place adverts in the Google search engine or on third-party websites. when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted adverts can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). We as the website operator can evaluate this data quantitatively, for example by analysing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG. Consent can be revoked at any time.

The European Commission has also issued an adequacy decision for the USA, provided that companies are certified in accordance with the Data Privacy Framework Programme. Google is certified accordingly and thus fulfils the requirements of the EU Commission.

Google AdSense (not personalised)

This website uses Google AdSense, a service for integrating adverts. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use Google AdSense in “non-personalised” mode. In contrast to personalised mode, the advertisements are therefore not based on your previous user behaviour and no user profile is created for you. Instead, so-called “contextual information” is used to select the adverts. The selected adverts are then based, for example, on your location, the content of the website you are on or your current search terms. You can find out more about the differences between personalised and non-personalised targeting with Google AdSense here:

https://support.google.com/adsense/answer/9007336.

Please note that cookies or comparable recognition technologies (e.g. device fingerprinting) may also be used when using Google Adsense in non-personalised mode. According to Google, these are used to combat fraud and abuse.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in:

https://adssettings.google.com/authenticated.

Further information on Google’s advertising technologies can be found here:

https://policies.google.com/technologies/ads and https://www.google.de/intl/de/policies/privacy/.

Meta Pixel

This website uses Facebook’s visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

In this way, the behaviour of site visitors can be tracked after they have clicked on a Facebook ad were redirected to the provider’s website. This allows the Effectiveness of Facebook adverts evaluated for statistical and market research purposes and future advertising measures can be optimised.

The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy. This enables Facebook to place adverts on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Facebook is also certified in accordance with the Data Privacy Framework Programme.

https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381

Facebook is also certified in accordance with the Date Privacy Framework.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can find the wording of the agreement at

https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

You can find further information on protecting your privacy in Facebook’s data protection information: https://de-de.facebook.com/about/privacy/.

You can also activate the remarketing function “Custom Audiences” in the Settings for

Deactivate adverts at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. In addition you must be logged in to Facebook.

Meta Custom Audiences

We use Meta Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites and apps, take advantage of our free or paid offers, transmit data to us or interact with the Facebook content of our company, we collect your personal data. If you give us your consent to use Facebook Custom Audiences, we will transmit this data to Facebook, which Facebook can use to display suitable advertising to you. Furthermore, your data can be used to define target groups (lookalike audiences).

Facebook processes this data as our processor. Details can be found in the Facebook user agreement: https://www.facebook.com/legal/terms/customaudience.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here: https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing. Facebook is also certified in accordance with the Data Privacy Framework.

6.3.   Social media and communication

Google Maps 

This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of this service, we can integrate map material on our website.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of standardising the display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Podcast integration via Libsyn

We use the Libsyn service (Liberated Syndication, Inc., Pittsburgh, PA, USA) to provide and play out our podcasts. Libsyn is a web-based platform for managing, publishing and distributing podcasts. When you play a podcast on our website, a connection is established to Libsyn’s servers in the USA. For technical reasons, information such as your IP address and possibly other browser and device data is transmitted.

The integration takes place on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the user-friendly and technically reliable provision of audio content. If you have actively consented to the receipt of external media when visiting our website (e.g. via a cookie consent banner), the integration is alternatively based on your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG.

Please note that processing in the USA does not provide a level of data protection equivalent to that in the EU. We have concluded the current standard contractual clauses of the European Commission with Libsyn to secure the transfer.

Further information can be found in Libsyn’s privacy policy:
https://www.libsyn.com/privacy-policy

Podcast hosting via Podigee

Our podcasts are provided via the Podigee service. The provider is Podigee GmbH, Schlesische Straße 20, 10997 Berlin. Podigee is a podcast hosting and analytics service that enables us to publish and provide audio content efficiently.

When an embedded podcast is played, a connection to Podigee’s servers is established. For technical reasons, the IP address, browser information, time stamp and the page accessed may be processed. The data is processed exclusively for the purpose of audio delivery, performance optimisation and anonymised reach measurement.

Podigee is used as part of order processing in accordance with Art. 28 GDPR. A corresponding contract has been concluded. The processing takes place exclusively on servers in Germany or within the EU.

The legal basis for the integration is our legitimate interest in a stable and user-friendly provision of podcasts (Art. 6 para. 1 lit. f GDPR). If consent is obtained for the use of external media via our consent banner, the processing is also carried out on the basis of Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 para. 1 TDDDG.

Further information on data processing by Podigee can be found at https://www.podigee.com/de/about/privacy

7.     Customer account

Contractual partners can create or request an account within our online offering (e.g. customer or user account, “customer account” for short). If the registration of a customer account is required, contractual partners will be informed of this as well as of the information required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration process and subsequent logins and use of the customer account, we store the IP addresses of customers together with the access times in order to be able to prove registration and prevent any misuse of the customer account.

If customers have cancelled their customer account, the data relating to the customer account will be deleted, unless their retention is required for legal reasons. It is the customer’s responsibility to back up their data when the customer account is cancelled. The legal basis for data processing is therefore Art. 6 para. 1 lit. b GDPR.

7.1.   Shop and e-commerce

We process our customers’ data to enable them to select, purchase or order the selected products, goods and associated services, as well as their payment and delivery or fulfilment. If necessary for the fulfilment of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or fulfilment for our customers. We use the services of banks and payment service providers to process payment transactions. The required information is labelled as such in the order or comparable purchase process and includes the information required for delivery or provision and billing as well as contact information in order to be able to hold any consultations.

  • Processed data types: Inventory data (e.g. names, addresses), Payment data (e.g. bank details, invoices, payment history), Contact data (e.g. e-mail, telephone numbers), Contract data (e.g. contract object, duration, customer category), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
  • Persons affected: Interested parties, business and contractual partners, customers.
  • Purposes of Processing: Provision of contractual services and customer support, Contact requests and communication, Office and organisational procedures, Managing and responding to enquiries, Security measures, Conversion tracking (Measurement of the effectiveness of marketing activities), Interest-based and behavioral marketing, Profiling (Creating user profiles).
  • Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

7.2.   Economic analyses and market research

For business reasons and in order to identify market trends and the wishes of contractual partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc., whereby the group of data subjects may include contractual partners, interested parties, customers, visitors and users of our online offering.

The analyses are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). If available, we may take into account the profiles of registered users, including their details, e.g. on services used. The analyses are used solely by us and are not disclosed externally, unless they are anonymous analyses with summarised, i.e. anonymised values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, where feasible, anonymously (e.g. as summarised data).

7.3.   Payment service provider

As part of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use other payment service providers in addition to banks and credit institutions (collectively referred to as “payment service providers”).

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the general terms and conditions and the data protection information of the payment service providers.

Payment transactions are subject to the terms and conditions and data protection notices of the respective payment service providers, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of cancellation, information and other data subject rights.

7.4.   Transport service provider

For the purpose of delivering ordered goods, we work together with logistics service providers/transport companies and/or shipping partners to whom the following data is transmitted for the purpose of delivering the ordered goods or for the purpose of shipment notification: First name, surname, postal address and, if applicable, the e-mail address and, if applicable, the telephone number. The legal basis for processing is Art. 6(1)(b) GDPR.

7.5.   Credit checks

In the case of a purchase on account or another payment method where we make advance payments, we may carry out a credit check (scoring). For this purpose, we transmit the data you enter (e.g. name, address, age or bank details) to a credit agency. The probability of a payment default is determined on the basis of this data. If the risk of non-payment is too high, we may refuse the payment method in question.

The credit check is carried out on the basis of contract fulfilment (Art. 6 para. 1 lit. b GDPR) and for the purpose of

Avoidance of payment defaults (legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR). If consent has been obtained, the credit check is carried out on the basis of this consent (Art. 6 para. 1 lit. GDPR); consent can be revoked at any time.

8.     Online presence on social media

If you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on our social media channels, from which user profiles are created using pseudonyms. These can be used, for example, to place adverts within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of the data by the respective social media operator as well as a contact option and your rights and setting options for protecting your privacy, please refer to the respective linked data protection notices of the providers on their websites. If you still need help in this regard, you can contact us.

9.     Security

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our data protection declarations are constantly being revised. Please ensure that you have the latest version.

10.  Information obligations for customers and business partners

We process the data that we have received from you in the context of contract initiation or processing, on the basis of consent or in the context of your application to us or in the context of your employment with us.

Personal data includes the following

Your master/contact data, for customers this includes e.g. first name and surname, address, contact details (e-mail address, telephone number, fax), bank details.

For business partners, this includes, for example, the name of their legal representative, company, commercial register number, VAT number, company number, address, contact details (e-mail address, telephone number, fax), bank details.

In addition, we also process the following other personal data:

–  Information on the type and content of contract data, order data, sales and document data, customer and supplier history and consulting documents,

–  Advertising and sales data,

–  Information from your electronic communication with us (e.g. IP address, log-in data),

–  other data that we have received from you in the course of our business relationship (e.g. in discussions with customers),

–  Data that we generate ourselves from master / contact data and other data, e.g. by means of customer demand and customer potential analyses,

–  the documentation of your declaration of consent for the receipt of e.g. newsletters.

–  Photographs taken as part of events.

For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 as amended:

–           for the fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):

Your data is processed online or in our shop for the purpose of contract fulfilment. The data is processed in particular when initiating business and when executing contracts with you.

–           for the fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR):

The processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code or the German Fiscal Code.

–           to safeguard legitimate interests (Art. 6 para. 1 lit. f GDPR):

Based on a balancing of interests, data may be processed beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Data processing to protect legitimate interests takes place in the following cases, for example:

– Advertising or marketing

– Measures for business management and further development of services and products;

– in the context of legal prosecution

– Sending of non-sales-promoting information and press releases.

–   within the scope of your consent (Art. 6 para. 1 lit. a GDPR):

If you have given us your consent to process your data, e.g. to send you our newsletter, to store your data beyond the eigl. purposes

11.  Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either as a whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.

Subject to the legal requirements of Section 7 (3) UWG, we are authorised to use the email address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this. Of course, each e-mail always contains an unsubscribe link.

12.  Data receiver

12.1. Who receives my data?

As a rule, personal data is processed by us as the controller. However, processing by transferring or disclosing personal data to third parties may be necessary in the course of carrying out our activities, in particular if one of the following reasons exists based on the stated legal basis:

  • It is necessary for the fulfilment of a contract with the data subject or the implementation of pre-contractual measures at their request (Art. 6 para. 1 lit. b GDPR).
  • The disclosure is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that the data subject has an overriding legitimate interest in the non-disclosure of their data (Art. 6 para. 1 lit. f GDPR).
  • There is a legal obligation to pass on the data (Art. 6 para. 1 lit. c GDPR).
  • We have a valid consent (Art. 6 para. 1 lit. a GDPR).

Categories of recipients in the context of our activities and operations may include in particular

  • Postal, telecommunications and transport service providers
  • Payment and financial service providers
  • Sales and business partners and other persons and companies involved in the provision of services
  • Authorities, courts, opposing parties, other parties involved

In addition, we point out in the individual processing operations if other recipients come into consideration.

12.2. Information on third country transfer (data transfer to third countries)

We use technologies from service providers on our website whose registered office and/or server locations may be located in third countries outside the EU or the EEA. If there is no adequacy decision by the EU Commission for this country, an adequate level of data protection must be ensured by means of other suitable guarantees.

Suitable guarantees in the form of contractually agreed standard contractual clauses of the EU Commission or binding internal data protection regulations (Binding Corporate Rules) are generally possible, but require a prior review by the contracting parties to determine whether an adequate level of protection can be guaranteed. According to the case law of the ECJ, it may be necessary to take additional protective measures.

We have generally agreed the standard data protection clauses issued by the EU Commission with the technology providers we use who process personal data in a third country. Where possible, we also agree additional guarantees to ensure that adequate data protection is guaranteed in third countries without an adequacy decision.

Notwithstanding this, it is possible that, despite all contractual and technical measures, the level of data protection in the third country does not correspond to that of the EU. In such cases, we will ask you, if necessary, for your consent to transfer your personal data to a third country as part of the cookie consent process in accordance with Art. 49 (1) (a) GDPR.

In particular, there is a risk that local authorities in the third country may not have sufficiently restricted access rights to your personal data from a European data protection perspective, that we as the data exporter or you as the data subject may not be aware of this and/or that you may not have sufficient legal remedies available to you to prevent this and/or to take action against such access.

The following countries in particular are currently categorised as third countries without an adequacy decision by the EU Commission (sample list):

  • China
  • Russia
  • Taiwan

You can find out to which third countries data is transferred by us in the data protection information for the respective tool and/or service used by us for consent management / Consent Manager Platform (CMP).

12.3. Order processing by service providers

In order to carry out our activities, we also use service providers bound by instructions as processors in accordance with Art. 28 GDPR, who are also considered recipients of the data within the meaning of data protection. A contract for order processing ensures in particular that the processing is carried out on the basis of our instructions, that sufficient guarantees exist for compliance with suitable technical and organisational measures and that the rights of data subjects are guaranteed.

We generally use service providers for the following processing purposes:

  • Hosting of our online offers/websites with providers (infrastructure and platform services, computing capacity, storage space and database services).
  • Care, maintenance and servicing of online offers/websites.
  • Implementation, care, maintenance and servicing of IT systems.
  • Document and information management.
  • Communication, contact and conference systems (e-mail, contacts, appointments, messenger, video conferencing, etc.).
  • File and data carrier destruction

13.  How long will my data be stored? 

We generally store personal data as long as it is necessary for the purposes of the corresponding processing, statutory or regulatory retention periods exist or we have a legitimate interest in storing the data or have received the corresponding consent from the data subject.

We store certain data in accordance with the following rules for the duration specified in each case and delete or destroy it after the specified storage period has expired:

  • If the processing is based on your consent, we will delete the data concerned after your cancellation
  • If none of the following retention periods apply, we delete the data after the purpose of processing has expired
  • 3 years: Data and content relating to legal transactions (including their preparation) to the extent necessary for information and defence as well as for the assertion or defence of claims. This also includes data for marketing and customer support, unless they also fall under a category for a longer storage period.
  • 6 years: commercial letters received and sent (§ 257 para. 1 no. 2 and 3, para. 4 HGB)
  • 10 years: Documents relevant for taxation, accounting records, trading books (§§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB).
  • 30 years: Data that is stored due to special circumstances in our own or a third party’s interest, as there are corresponding limitation periods or special retention periods (e.g. enforcement order, special limitation periods).

14.  What data protection rights do I have?

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to information: You can request information from us as to whether and to what extent we process your data.

Right to rectification: If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to cancellation:

You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.

Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there is no legal or statutory retention obligation to the contrary.

Right to restriction of processing:

You can request that we restrict the processing of your data if

–           you contest the accuracy of the data for a period of time that enables us to verify the accuracy of the data.

–           the processing of the data is unlawful, but you refuse to have it erased and instead request that the use of the data be restricted,

–           we no longer need the data for the intended purpose, but you still need this data for the assertion or defence of legal claims, or

–           you have objected to the processing of the data.

Right to data portability:

You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transmit this data to another controller without hindrance from us, provided that

–           we process this data on the basis of a consent given and revocable by you or for the fulfilment of a contract between us, and

–           this processing is carried out using automated procedures.

If technically feasible, you can request that we transfer your data directly to another controller.

Right of objection:

If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right of appeal:

If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

Am I obliged to provide data?

The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to fulfil an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant or legally required for the fulfilment of the contract.

Changes to this privacy policy

We reserve the right to change our privacy policy if this should be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce these on our website.