Data Protection

Introduction and Overview

We have prepared this privacy policy (version 11.10.2021-311850586) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679and applicable national laws, which personal data (hereinafter referred to as "data") we, as data controllers – and the data processors we have engaged (eg, providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.

In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important aspects as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible if one provides the briefest, unclear, and overly technical legal explanations that are often standard practice on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps you will find some information here that you were not yet aware of.

If you still have questions, please contact the responsible party named below or in the legal notice, follow the links provided, and consult further information on third-party websites. Our contact details can, of course, also be found in the legal notice.

Scope

This privacy policy applies to all personal data processed by us within our company and to all personal data processed by companies commissioned by us (data processors). Personal data, as defined in Article 4 No. 1 GDPR, refers to information such as a person's name, email address, and postal address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

all online presences (websites, online shops) that we operate
Social media presence and email communication
mobile apps for smartphones and other devices

In short:This privacy policy applies to all areas where personal data is processed in a structured manner within the company via the aforementioned channels. Should we enter into a legal relationship with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following privacy statement, we provide you with transparent information on the legal principles and regulations, ie, the legal bases of the General Data Protection Regulation (GDPR), which allows us to process personal data. With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online at EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

Consent (Article 6 paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.
Contract (Article 6 paragraph 1 lit. b GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we need personal information beforehand.
Legal obligation (Article 6 paragraph 1 lit. c GDPR): We process your data when we are subject to a legal obligation. For example, we are legally required to retain invoices for accounting purposes. These typically contain personal data.
Legitimate interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not infringe your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically. This processing therefore constitutes a legitimate interest.

Other conditions, such as the recording of images in the public interest, the exercise of public authority, or the protection of vital interests, do not generally apply in our case. If such a legal basis should apply, it will be indicated at the relevant point.

In addition to the EU regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), abbreviated DSG.
In Germany, the Federal Data Protection Act (BDSG) applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the responsible party

Should you have any questions regarding data protection, you will find the contact details of the responsible person or entity below:

Name/Company: A&M Fashion GmbH & Co. KG
Street Address: Am Hansastadion 3
Postal Code, City, Country: 28277, Bremen, Germany
Commercial Register/No.: HRA 28931
Managing Director: Michael Kramer, Enis Alcan, Michael Dittman
Telephone Number: +49 421 322 738 0
Email address: info@kramer-bremen.com
Telephone: +49 421 322 738 15
Legal Notice: here

Contact details of the data protection officer

Below you will find the contact details of the data protection officer:

Name: Enis Alcan
Street address: Am Hansastadion 3
Postal code, city, country: 28277, Bremen, Germany
Email: e.alcan@herzens.com
Telephone: 0421 322 738 15

Storage duration

We generally adhere to the principle that we only store personal data for as long as is absolutely necessary for providing our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally obligated to retain certain data even after the original purpose has ceased to exist, for example, for accounting purposes.

Should you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and provided there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the General Data Protection Regulation

According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent data processing:

According to Article 15 of the GDPR, you have the right to information about whether we process your data. If this is the case, you have the right to receive a copy of the data and the following information:
According to Article 16 of the GDPR, you have a right to rectification of your data, which means that we must correct any data you find.
According to Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you can request the deletion of your data.
According to Article 18 GDPR, you have the right to restrict processing, which means that we may only store the data but not use it further.
According to Article 19 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
According to Article 21 of the GDPR, you have the right to object, which, if exercised, will result in a change to the processing of your data.
According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).

In short: You have rights – do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Bremen Data Protection Authority

State Commissioner for Data Protection:Imke Sommer
Address:Arndtstraße 1, 27570 Bremerhaven
Telephone number:04 21/361-2010
Email address: office@datenschutz.bremen.de
Website: https://www.datenschutz.bremen.de/

Data transfer to third countries

We only transfer or process data in countries outside the EU (third countries) if you consent to this processing, if it is required by law or contractually necessary, and in any case only to the extent generally permitted. Your consent is, in most cases, the primary reason we allow data to be processed in third countries. Processing personal data in third countries, such as the USA, where many software companies offer services and have their servers, can mean that personal data may be processed and stored in unexpected ways.

We expressly point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. Data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data points. Additionally, it is possible that collected data may be linked to data from other services of the same provider, provided you have a corresponding user account. Where possible, we try to use server locations within the EU, if this option is available.

We will inform you in more detail about data transfers to third countries at the relevant points in this privacy policy, if applicable.

Data processing security

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our means, for third parties to infer personal information from our data.

Article 25 of the GDPR refers to "data protection by design and by default," meaning that security must always be considered and appropriate measures implemented for both software (eg, forms) and hardware (eg, access to the server room). We will discuss specific measures below, if necessary.

TLS encryption with HTTPS

TLS, encryption, and HTTPS sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet.
This means that the entire transmission of all data from your browser to our web server is secured – no one can eavesdrop.

We have thus introduced an additional layer of security and comply with data protection by design ( Article 25 Paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.

You can recognize this secure data transmission by the small padlock icon in the top left corner of your browser, to the left of the web address (eg, examplepage.com), and the use of the https scheme (instead of http) as part of our web address.
If you would like to learn more about encryption, we recommend searching Google for "Hypertext Transfer Protocol Secure wiki" to find helpful links to further information.

Communication Summary
Data Subjects: Anyone who communicates with us by phone, email, or online form
Data Processed: eg, phone number, name, email address, form data entered. Further details can be found under the respective contact method used.

Purpose: Handling communication with customers, business partners, etc.
Storage Period: Duration of the business transaction and legal requirements
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. f GDPR (legitimate interests)

When you contact us and communicate via telephone, email or online form, personal data may be processed.

The data will be processed for the purpose of handling and processing your inquiry and the associated business transaction. The data will be stored for as long as required by law.

Affected persons

The aforementioned processes affect everyone who contacts us via the communication channels we provide.

Telephone

When you call us, the call data is stored pseudonymously on your device and with your telecommunications provider. Additionally, data such as your name and phone number may be sent via email and stored for the purpose of responding to your inquiry. This data will be deleted as soon as the matter is resolved and legal requirements permit.

Email

When you communicate with us via email, data may be stored on your device (computer, laptop, smartphone, etc.) and on our email server. This data will be deleted once the business transaction is complete and legal requirements permit.

Online Forms

When you communicate with us via online form, data is stored on our web server and may be forwarded to an email address provided by us. The data is deleted as soon as the business transaction has been completed and legal requirements permit.

Legal basis

The processing of the data is based on the following legal grounds:

Article 6 paragraph 1 letter a GDPR (consent): You give us your consent to store your data and to use it further for purposes relating to the business transaction;
Article 6 paragraph 1 letter b GDPR (contract): The processing is necessary for the performance of a contract with you or a data processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
Article 6 paragraph 1 letter f GDPR (Legitimate Interests): We want to handle customer inquiries and business communication in a professional manner. This requires certain technical equipment such as email programs, Exchange servers, and mobile network operators to ensure efficient communication.

Cookies

Cookie Summary
Data Subjects: Website visitors
Purpose: Depends on the specific cookie. More details can be found below or on the website of the software provider that sets the cookie.

Data Processed: Depends on the specific cookie used. More details can be found below or on the website of the software provider that sets the cookie.

Storage Duration: Depends on the specific cookie; can vary from hours to years.
Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are truly useful tools. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other types of cookies for different applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, essentially the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data, such as your language preferences or personal website settings. When you visit our site, your browser sends this user-related information back to us. Thanks to cookies, our website recognizes you and provides your preferred settings. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

The following graphic illustrates a possible interaction between a web browser, such as Chrome, and a web server. The web browser requests a website and receives a cookie from the server, which the browser then reuses whenever another page is requested.

There are both first-party and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (eg, Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other malware. Cookies cannot access information on your computer.

This is what cookie data might look like, for example:

Name: _ga
Value: GA1.2.1326744211.152311850586-9
Purpose: Differentiating website visitors
Expiry date: after 2 years

These are the minimum sizes a browser should be able to support:

At least 4096 bytes per cookie
At least 50 cookies per domain
At least 3000 cookies in total

What types of cookies are there?

The specific cookies we use depend on the services used and are explained in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are four types of cookies:

Essential Cookies:
These cookies are necessary to ensure the basic functionality of the website. For example, these cookies are needed when a user adds a product to their shopping cart, then continues browsing other pages, and only later proceeds to checkout. These cookies prevent the shopping cart from being emptied, even if the user closes their browser window.

Functional cookies:
These cookies collect information about user behavior and whether the user receives any error messages. They also measure loading times and the website's performance across different browsers.

Targeted cookies:
These cookies improve user-friendliness. For example, they save entered locations, font sizes, or form data.

Advertising cookies:
These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very convenient, but also very annoying.

Typically, when you first visit a website, you will be asked which types of cookies you wish to allow. And of course, this decision is also stored in a cookie.

If you would like to learn more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Internet Engineering Task Force (IETF) Request for Comments entitled “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the specific cookie. More details can be found below or on the website of the software provider that sets the cookie.

What data is processed?

Cookies are small tools that help with many different tasks. Unfortunately, it's impossible to generalize about what data is stored in cookies, but we will inform you about the data processed and stored in the following privacy policy.

Storage duration of cookies

The storage duration depends on the specific cookie and is further specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have control over the storage duration. You can manually delete all cookies at any time via your browser (see also “Right to object” below). Furthermore, cookies based on consent will be deleted at the latest after you withdraw your consent, whereby the lawfulness of the storage remains unaffected until then.

Right to object – how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of the service or website the cookies originate from, you always have the option to delete, disable, or partially allow cookies. For example, you can block third-party cookies but allow all others.

If you want to see which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this information in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you generally don't want to allow cookies, you can configure your browser to always notify you when a cookie is about to be set. This allows you to decide whether to allow each individual cookie. The procedure varies depending on the browser. The best way to find instructions is to search on Google using the keywords "delete cookies Chrome" or "disable cookies Chrome" if you are using the Chrome browser.

Legal basis

Since 2009, the so-called "Cookie Directive" has been in effect. This directive stipulates that storing cookies requires your consent (Article 6(1)(a) GDPR). However, reactions to this directive vary considerably across EU countries. In Austria, the directive was implemented in Section 96(3) of the Telecommunications Act (TKG). In Germany, the Cookie Directive was not transposed into national law. Instead, it was largely implemented in Section 15(3) of the Telemedia Act (TMG).

For strictly necessary cookies, even where no consent has been given, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often essential for this.

Unless strictly necessary, cookies are only used with your consent. The legal basis for this is Article 6(1)(a) GDPR.

The following sections will provide you with more detailed information about the use of cookies, if the software uses cookies.

Facebook Pixel Privacy Policy

We use the Facebook pixels on our website. We have implemented a code snippet on our website for this purpose. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions allowing Facebook to track your user actions if you arrived at our website via Facebook ads. For example, if you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies allow Facebook to match your user data (customer data such as IP address, user ID) with the data in your Facebook account. Facebook then deletes this data. The collected data is anonymous to us and cannot be viewed; it is only used for advertising purposes. If you are a Facebook user and are logged in, your visit to our website will be automatically associated with your Facebook user account.

We want to show our services and products only to people who are genuinely interested. Using the Facebook pixel, our advertising can be better tailored to your needs and interests. This allows Facebook users (provided they have allowed personalized advertising) to see relevant ads. Facebook also uses the collected data for analysis and its own advertising purposes.

Below, we show you the cookies that were set by integrating the Facebook pixel on a test page. Please note that these are just example cookies. Different cookies will be set depending on your interactions on our website.

Name: _fbp
Value: fb.1.1568287647279.257405483-6311850586-7
Purpose: This cookie is used by Facebook to display advertising products.
Expiry date: after 3 months

Name: fr
Value: 0aPf312HOS5Pboo2r..Bdeiuf…1.0.Bdeiuf.
Purpose: This cookie is used to ensure the Facebook pixel functions correctly.
Expiry date: after 3 months

Name: comment_author_50ae8267e2bdf1253ec1a5769f48e062311850586-3
Value: Author's name
Purpose: This cookie stores the text and name of a user who leaves a comment, for example.
Expiry date: after 12 months

Name: comment_author_url_50ae8267e2bdf1253ec1a5769f48e062
Value: https%3A%2F%2Fwww.testseite…%2F (Author's URL)
Purpose: This cookie stores the URL of the website that the user enters in a text field on our website.
Expiry date: after 12 months

Name: comment_author_email_50ae8267e2bdf1253ec1a5769f48e062
Value: Author's email address
Purpose: This cookie stores the user's email address if they have provided it on the website.
Expiry date: after 12 months

Note: The cookies mentioned above relate to individual user behavior. Changes to Facebook's use of cookies are always possible.

If you are logged into Facebook, you can change your ad preferences yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Facebook user, you can generally manage your online behavioral advertising at http://www.youronlinechoices.com/de/praferenzmanagement/. There you have the option to deactivate or activate providers.

Please note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. Data processing is primarily carried out via Facebook pixels. This may result in data being processed and stored in a non-anonymized manner. Furthermore, US government authorities may potentially access individual data points. It is also possible that this data may be linked to data from other Facebook services where you have a user account.

If you would like to learn more about Facebook's data protection practices, we recommend that you consult the company's own data policy at https://www.facebook.com/policy.php.

Facebook Automatic Advanced Matching Privacy Policy

We also have activated Automatic Advanced Matching as part of the Facebook Pixel function. This pixel function allows us to send hashed email addresses, names, genders, cities, states, postal codes, dates of birth, and phone numbers to Facebook as additional information, provided you have given us this data. This activation allows us to tailor advertising campaigns on Facebook even more precisely to people who are interested in our services or products.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary
Data Subjects: Website visitors
Purpose: Analysis of visitor information to optimize the website.
Data Processed: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found below in this privacy policy.
Storage Period: Dependent on the properties used.
Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Google Analytics?

We use the Google Analytics (GA) tracking tool from the American company Google Inc. on our website. For the European Economic Area, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us to better tailor our website and services to your needs. Below, we explain the tracking tool in more detail, focusing on what data is stored and how you can prevent this.

Google Analytics is a tracking tool used to analyze website traffic. For Google Analytics to function, a tracking code is embedded in our website's code. When you visit our website, this code records various actions you perform. Once you leave our website, this data is sent to and stored on Google Analytics servers.

Google processes the data and we receive reports about your user behavior. These may include, among other things, the following reports:

Target group reports: Through target group reports, we get to know our users better and know more precisely who is interested in our service.
Ad reports: Ad reports help us to analyze and improve our online advertising more easily.
Acquisition reports: Acquisition reports give us helpful information about how we can attract more people to our service.
Behavior reports: Here we learn how you interact with our website. We can track your path on our site and which links you click.
Conversion reports: A conversion is a process where you perform a desired action as a result of a marketing message. For example, when you go from being a website visitor to a customer or newsletter subscriber. These reports help us understand how our marketing efforts are performing for you, which is how we aim to increase our conversion rate.
Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are currently reading this text.

Why do we use Google Analytics on our website?

Our goal with this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically analyzed data gives us a clear picture of our website's strengths and weaknesses. On the one hand, we can optimize our site so that it's easier for interested people to find it on Google. On the other hand, the data helps us understand you, our visitors, better. We therefore know exactly what we need to improve on our website to offer you the best possible service. The data also helps us to make our advertising and marketing efforts more targeted and cost-effective. After all, it only makes sense to show our products and services to people who are interested in them.

What data does Google Analytics store?

Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This allows Google Analytics to recognize you as a new user. The next time you visit our site, you will be recognized as a returning user. All collected data is stored along with this user ID. This is what makes it possible to analyze pseudonymous user profiles.

To analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For every newly created property, the Google Analytics 4 property is used by default. Alternatively, you can also create the Universal Analytics property. Data is stored for varying lengths of time depending on the property used.

Your interactions on our website are measured using identifiers such as cookies and app instance IDs. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. Exceptions may occur if required by law.

The following cookies are used by Google Analytics:

Name: _ga
Value: 2.1326744211.152311850586-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It is primarily used to distinguish website visitors.
Expiration date: after 2 years

Name: _gid
Value: 2.1687193234.152311850586-1
Purpose: This cookie is also used to distinguish website visitors
Expiry date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to slow the request rate. If Google Analytics is deployed via Google Tag Manager, this cookie is named _dc_gtm_<property-id>.
Expiration date: after 1 minute

Name: AMP_TOKEN
Value: Not specified
Purpose: This cookie contains a token used to retrieve a user ID from the AMP Client ID service. Other possible values indicate a logout, a request, or an error.
Expiration date: After 30 seconds up to one year

Name: __utma
Value: 1564498958.1564498958.1564498958.1
Purpose: This cookie allows us to track your behavior on the website and measure performance. The cookie is updated every time information is sent to Google Analytics.
Expiration date: after 2 years

Name: __utmt
Value: 1
Purpose: This cookie is used like _gat_gtag_UA_<property-id> to throttle the request rate.
Expiration date: after 10 minutes

Name: __utmb
Value: 3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated every time new data or information is sent to Google Analytics.
Expiration date: after 30 minutes

Name: __utmc
Value: 167421564
Purpose: This cookie is used to establish new sessions for returning visitors. It is a session cookie and is only stored until you close your browser.
Expiry date: After closing the browser

Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: This cookie is used to identify the source of visitor traffic to our website. In other words, the cookie stores where you came from. This could have been another website or an advertisement.
Expiry date: after 6 months

Name: __utmv
Value: Not specified
Purpose: This cookie is used to store user-defined data. It is updated whenever information is sent to Google Analytics.
Expiration date: After 2 years

Note: This list is not exhaustive, as Google frequently changes its choice of cookies.

Here we show you an overview of the most important data collected with Google Analytics:

Heatmaps: Google creates so-called heatmaps. These heatmaps show exactly which areas you click on. This gives us information about where you are on our website.

Session duration: Google defines session duration as the time you spend on our site without leaving the page. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate: A bounce occurs when you view only one page on our website and then leave our website.

Account creation: When you create an account or place an order on our website, Google Analytics collects this data.

IP address: The IP address is only displayed in abbreviated form so that no unique identification is possible.

Location: Your country and approximate location can be determined via your IP address. This process is also known as IP geolocation.

Technical information: This includes, among other things, your browser type, your internet service provider, and your screen resolution.

Source of origin: Google Analytics; We are of course also interested in which website or advertisement you came to our site via.

Other data collected includes contact information, any ratings, media playback (eg, when you play a video on our site), sharing content via social media, or adding items to your favorites. This list is not exhaustive and serves only as a general guide to data storage by Google Analytics.

How long and where will the data be stored?

Google has distributed its servers all over the world. Most of these servers are located in America, and consequently, your data is mostly stored on American servers. You can find detailed information about the locations of Google's data centers here: https://www.google.com/about/datacenters/inside/locations/?hl=de

Your data is distributed across various physical storage devices. This has the advantage of faster data retrieval and better protection against manipulation. Each Google data center has corresponding emergency backup programs for your data. Even if, for example, Google's hardware fails or natural disasters disable servers, the risk of a service interruption at Google remains low.

The data retention period depends on the properties used. When using the newer Google Analytics 4 properties, the retention period for your user data is fixed at 14 months. For other event data, we have the option to choose a retention period of either 2 or 14 months.

For Universal Analytics properties, Google Analytics has a default user data retention period of 26 months. After this period, your user data is deleted. However, we have the option to choose the user data retention period ourselves. We have five options available for this:

Deletion after 14 months
Deletion after 26 months
Deletion after 38 months
Deletion after 50 months
No automatic deletion

Additionally, there is the option to have data deleted only if you do not visit our website within the period we have selected. In this case, the retention period will be reset each time you visit our website again within the specified period.

Once the specified period has expired, the data is deleted once a month. This retention period applies to your data that is linked to cookies, user recognition, and advertising IDs (eg, cookies from the DoubleClick domain). Report results are based on aggregated data and are stored separately from user data. Aggregated data is a combination of individual data points into a larger unit.

How can I delete my data or prevent data storage?

Under European Union data protection law, you have the right to access, update, delete, or restrict the processing of your data. You can prevent Google Analytics from using your data by using the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can download and install the browser add-on from https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only deactivates data collection by Google Analytics.

If you generally want to disable, delete or manage cookies (regardless of Google Analytics), there are separate instructions for each browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

Legal basis

The use of Google Analytics requires your consent, which we obtained via our cookie popup. According to Art. 6 para. 1 lit. a GDPR (consent),this consent constitutes the legal basis for the processing of personal data, such as that which may occur when collected by web analytics tools.

In addition to obtaining your consent, we have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. Using Google Analytics, we can identify website errors, detect attacks, and improve efficiency. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). However, we only use Google Analytics if you have given your consent.

Google also processes data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

Google uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, ie, in particular the USA) or for transferring data to such countries. These clauses oblige Google to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

We hope we have provided you with the most important information regarding data processing by Google Analytics. If you would like to learn more about the tracking service, we recommend these two links: http://www.google.com/analytics/terms/de.htmland https://support.google.com/analytics/answer/6004245?hl=de.

Google Analytics IP anonymization

We have implemented IP address anonymization for Google Analytics on this website. This feature was developed by Google to ensure that this website complies with applicable data protection regulations and the recommendations of local data protection authorities, particularly where the storage of complete IP addresses is prohibited. The anonymization or masking of the IP address takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any data is stored or processed.

More information about IP anonymization can be found at https://support.google.com/analytics/answer/2763052?hl=de.

Google Analytics reports on demographics and interests

We have enabled advertising reporting features in Google Analytics. The demographic and interest reports contain information about age, gender, and interests. This allows us to gain a better understanding of our users without being able to attribute this data to individual persons. You can learn more about the advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can opt out of the use of your Google account activity and information by unchecking the box under “Ad settings” at https://adssettings.google.com/authenticated.

Google Analytics opt-out link

Clicking the following opt-out linkwill prevent Google from tracking further visits to this website. Please note: Deleting cookies, using your browser's incognito/private mode, or using a different browser will result in data collection resuming.

Disable Google Analytics

Google Analytics Data Processing Amendment

We have entered into a direct customer agreement with Google for the use of Google Analytics by accepting the “Data Processing Amendment” in Google Analytics.

You can find more information about the data processing amendment for Google Analytics here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad

Google Analytics Google Signals Privacy Policy

We have activated Google Signals in Google Analytics. This updates the existing Google Analytics features (advertising reports, remarketing, cross-device reports, and reports on interests and demographics) to provide you with aggregated and anonymized data, provided you have allowed personalized ads in your Google account.

What's special about this is that it's cross-device tracking. This means your data can be analyzed across multiple devices. By activating Google Signals, data is collected and linked to your Google account. This allows Google, for example, to recognize if you view a product on our website using a smartphone and only later purchase it using a laptop. Thanks to the activation of Google Signals, we can launch cross-device remarketing campaigns that would otherwise be impossible. Remarketing means we can also show you our offers on other websites.

In Google Analytics, Google Signals also collect additional visitor data such as location, search history, YouTube history, and data about your actions on our website. This allows us to receive better advertising reports from Google and more useful information about your interests and demographic characteristics. These include your age, the language you speak, where you live, and your gender. Furthermore, social criteria such as your occupation, marital status, and income are also included. All these characteristics help Google Analytics define user groups or target audiences.

These reports also help us better understand your behavior, preferences, and interests. This allows us to optimize and tailor our services and products for you. This data expires after 26 months by default. Please note that this data collection only occurs if you have enabled personalized advertising in your Google account. The data is always aggregated and anonymous, never personal information. You can manage or delete this data in your Google account.

Google Site Kit Privacy Policy

Google Site Kit Privacy Policy Summary
Data Subjects: Website visitors
Purpose: Analysis of visitor information to optimize the website.
Data Processed: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found below and in the Google Analytics privacy policy.
Storage Period: Dependent on the properties used.
Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Google Site Kit?

We have integrated the WordPress plugin Google Site Kit from the American company Google Inc. into our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Site Kit allows us to quickly and easily view statistics from various Google products, such as Google Analytics, directly in our WordPress dashboard. This tool, or rather the tools integrated into Google Site Kit, also collect your personal data. In this privacy policy, we explain why we use Google Site Kit, how long and where data is stored, and what other data protection information is relevant to you in this context.

Google Site Kit is a plugin for the WordPress content management system. With this plugin, we can view important website analytics statistics directly in our dashboard. These statistics are collected by other Google products, primarily Google Analytics. In addition to Google Analytics, Google Site Kit can also be integrated with Google Search Console, PageSpeed Insights, Google AdSense, Google Optimize, and Google Tag Manager.

Why do we use Google Site Kit on our website?

As a service provider, our goal is to offer you the best possible experience on our website. We want you to feel comfortable and quickly and easily find exactly what you're looking for. Statistical analyzes help us understand you better and tailor our offerings to your needs and interests. We use various Google tools for these analyses. Site Kit greatly simplifies our work in this regard because we can view and analyze the statistics from Google products directly in the dashboard. This eliminates the need to register separately for each tool. Site Kit thus always provides a clear overview of the most important analytical data.

What data does Google Site Kit store?

If you have actively consented to tracking tools in the cookie notice (also called script or banner), Google products such as Google Analytics will set cookies and send data about you, such as your user behavior, to Google, where it is stored and processed. This includes personal data such as your IP address.

For more detailed information about each service, we have dedicated sections within this privacy policy. For example, please see our privacy policy for Google Analytics. Here, we discuss the data collected in detail. You will learn how long Google Analytics stores, manages, and processes data, which cookies may be used, and how you can prevent data storage. We also have separate privacy policies with comprehensive information for other Google services, such as Google Tag Manager and Google AdSense.

Below, we show you examples of Google Analytics cookies that may be set in your browser, provided you have generally consented to data processing by Google. Please note that this is only a selection of cookies:

Name: _ga
Value: 2.1326744211.152311850586-2
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It is primarily used to distinguish website visitors.
Expiration date: after 2 years

Name: _gid
Value: 2.1687193234.152311850586-7
Purpose: This cookie also serves to distinguish website visitors.
Expiry date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: This cookie is used to reduce the request rate.
Expiration date: after 1 minute

How long and where will the data be stored?

Google stores collected data on its own Google servers, which are distributed worldwide. Most of these servers are located in the United States, so it's quite possible that your data is also stored there. You can see exactly where the company provides servers at https://www.google.com/about/datacenters/inside/locations/?hl=de.

Data collected through Google Analytics is stored for a standard period of 26 months. After this time, your user data is deleted. This retention period applies to all data associated with cookies, user recognition, and advertising IDs.

How can I delete my data or prevent data storage?

You always have the right to access, delete, correct, or restrict your data. You can also disable, delete, or manage cookies in your browser at any time. Here are the instructions for the most common browsers:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

Please note that when using this tool, your data may be stored and processed outside the EU. Most third countries (including the USA) are currently considered unsafe under European data protection law. Therefore, data may not simply be transferred to, stored, and processed in unsafe third countries unless there are appropriate safeguards (such as EU Standard Contractual Clauses) between us and the non-European service provider.

Legal basis

The use of Google Site Kit requires your consent, which we obtained via our cookie popup. According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur when collected by web analytics tools.

In addition to obtaining your consent, we have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. Using Google Site Kit, we can identify website errors, detect attacks, and improve efficiency. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). However, we only use Google Site Kit if you have given your consent.

To learn more about data processing by Google, we recommend that you read Google's comprehensive privacy policy at https://policies.google.com/privacy?hl=de.

Google Tag Manager Privacy Policy

Google Tag Manager Privacy Policy Summary Data
Subjects: Website visitors
Purpose: Organization of individual tracking tools
Data Processed: Google Tag Manager itself does not store any data. The data is collected by the tags of the web analytics tools used.
Storage Period: Depends on the web analytics tool used
Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is the Google Tag Manager?

We use Google Tag Manager from Google Inc. on our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. This Tag Manager is one of many helpful marketing products from Google. Through Google Tag Manager, we can centrally integrate and manage code snippets from various tracking tools that we use on our website.

In this privacy policy, we want to explain in more detail what the Google Tag Manager does, why we use it, and in what form data is processed.

The Google Tag Manager is an organizational tool that allows us to centrally integrate and manage website tags via a single user interface. Tags are small snippets of code that, for example, record (track) your activity on our website. This is achieved by inserting JavaScript code snippets into our website's source code. These tags often originate from Google products like Google Ads or Google Analytics, but tags from other companies can also be integrated and managed through the manager. Search tags perform various functions. They can collect browser data, feed data into marketing tools, integrate buttons, set cookies, and even track users across multiple websites.

Why do we use Google Tag Manager for our website?

As they say, organization is half the battle! And that certainly applies to maintaining our website. To make our website as user-friendly as possible for you and everyone interested in our products and services, we need various tracking tools, such as Google Analytics. The data collected by these tools shows us what interests you most, where we can improve our services, and which people we should show our offers to. For this tracking to work, we need to integrate the corresponding JavaScript code into our website. We could, in principle, insert each code snippet for the individual tracking tools separately into our source code. However, this is quite time-consuming, and it's easy to lose track. That's why we use Google Tag Manager. We can easily integrate the necessary scripts and manage them from one central location. Furthermore, Google Tag Manager offers an easy-to-use interface, and no programming knowledge is required. This allows us to keep our tag jungle organized.

What data is stored by Google Tag Manager?

The Tag Manager itself is a domain that does not set cookies or store any data. It merely acts as a "manager" of the implemented tags. The data is collected by the individual tags of the various web analytics tools. The data is essentially routed through the Google Tag Manager to the individual tracking tools and is not stored there.

However, the situation is quite different with the embedded tags of various web analytics tools, such as Google Analytics. Depending on the analytics tool, various data about your web behavior are usually collected, stored, and processed using cookies. Please read our privacy policies for the individual analytics and tracking tools we use on our website.

In the Tag Manager account settings, we have allowed Google to receive anonymized data from us. This only pertains to the use of our Tag Manager and not to your data stored via the code snippets. We are allowing Google and others to receive selected data in anonymized form. We therefore consent to the anonymous sharing of our website data. Despite extensive research, we have not been able to determine exactly which aggregated and anonymous data is shared. In any case, Google deletes all information that could identify our website. Google aggregates this data with hundreds of other anonymous website data points and creates user trends as part of benchmarking. Benchmarking involves comparing your own results with those of your competitors. Processes can be optimized based on the collected information.

How long and where will the data be stored?

When Google stores data, this data is stored on Google's own servers. These servers are distributed around the world, with most located in the United States. You can find detailed information about the locations of Google's servers at https://www.google.com/about/datacenters/inside/locations/?hl=de.

For information on how long the individual tracking tools store your data, please refer to our individual privacy policies for each tool.

How can I delete my data or prevent data storage?

The Google Tag Manager itself does not set cookies, but manages tags from various tracking websites. In our privacy policies for the individual tracking tools, you will find detailed information on how to delete or manage your data.

Legal basis

The use of Google Tag Manager requires your consent, which we obtained via our cookie popup. According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur when collected by web analytics tools.

In addition to your consent, we have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. Google Tag Manager helps us improve efficiency. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). However, we only use Google Tag Manager if you have given your consent.

If you would like to learn more about Google Tag Manager, we recommend the FAQs at https://www.google.com/intl/de/tagmanager/faq.html.

MailChimp Privacy Policy

MailChimp Privacy Policy Summary
Data Subjects: Newsletter subscribers
Purpose: Direct marketing via email, notification of system-relevant events
Data Processed: Data entered during registration, but at least the email address.
Storage Period: Duration of the subscription
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is MailChimp?

Like many other websites, we also use the services of the newsletter company MailChimp on our website. MailChimp is operated by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. Thanks to MailChimp, we can easily send you interesting news via newsletter. With MailChimp, we don't need to install anything and can still draw on a pool of truly useful features. Below, we will discuss this email marketing service in more detail and inform you about the most important data protection aspects.

MailChimp is a cloud-based newsletter management service. "Cloud-based" means that we don't need to install MailChimp on our own computer or server. Instead, we use the service via an IT infrastructure—accessible via the internet—on an external server. This way of using software is also called SaaS (Software as a Service). The following graphic schematically illustrates how MailChimp distributes emails to newsletter recipients.

With MailChimp, we can choose from a wide range of different email types. Depending on what we want to achieve with our newsletter, we can run one-off campaigns, regular campaigns, autoresponders (automated emails), A/B tests, RSS campaigns (sending at a predefined time and frequency), and follow-up campaigns.

Why do we use MailChimp on our website?

We primarily use a newsletter service to stay in touch with you. We want to keep you updated on our latest news and current special offers. We always look for the simplest and best solutions for our marketing efforts, which is why we chose MailChimp's newsletter management service. Although the software is very easy to use, it offers a wide range of helpful features. This allows us to create engaging and attractive newsletters in a short amount of time. The available design templates allow us to customize each newsletter, and thanks to the responsive design, our content is displayed clearly and attractively on your smartphone (or other mobile devices).

Tools such as A/B testing and comprehensive analytics allow us to quickly see how our newsletters are received. This enables us to react and improve our offerings or services.

Another advantage is MailChimp's cloud system. The data is not stored and processed directly on our server. We can retrieve the data from external servers, thus conserving our storage space. Furthermore, the maintenance effort is significantly reduced.

What data does MailChimp store?

The Rocket Science Group LLC (MailChimp) maintains online platforms that allow us to contact you (if you have subscribed to our newsletter). When you subscribe to our newsletter via our website, you confirm your membership in a MailChimp email list via email. To enable MailChimp to verify that you have registered with the "list provider," the registration date and your IP address are stored. MailChimp also stores your email address, name, physical address, and demographic information such as language and location.

This information is used to send you emails and to enable certain other MailChimp features (such as newsletter analysis).

MailChimp also shares information with third-party providers to offer better services. MailChimp also shares some data with third-party advertising partners to better understand its customers' interests and concerns, enabling the delivery of more relevant content and targeted advertising.

MailChimp uses so-called "web beacons" (small graphics embedded in HTML emails) to determine whether the email has been delivered, opened, and whether any links have been clicked. All this information is stored on MailChimp's servers. This allows us to generate statistical analyzes and see precisely how well our newsletter performed for you. In this way, we can tailor our offerings much more effectively to your needs and improve our service.

MailChimp may also use this data to improve its own service. This allows, for example, the technical optimization of email delivery or the determination of the recipient's location (country).

The following cookies may be set by MailChimp. This is not a complete list of cookies, but rather an exemplary selection:

Name: AVESTA_ENVIRONMENT
Value:Prod
Purpose:This cookie is necessary to provide Mailchimp services. It is always set when a user registers for a newsletter mailing list.
Expiry date:at the end of the session

Name: ak_bmsc
Value: F1766FA98C9BB9DE4A39F70A9E5EEAB55F6517348A7000001311850586-3
Purpose: This cookie is used to distinguish a human from a bot. This allows for the creation of reliable reports on website usage.
Expiry date: after 2 hours

Name: bm_sv
Value: A5A322305B4401C2451FC22FFF547486~FEsKGvX8eovCwTeFTzb8//I3ak2Au…
Purpose: This cookie is from MasterPass Digital Wallet (a MasterCard service) and is used to offer visitors a secure and easy virtual payment process. For this purpose, the user is anonymously identified on the website.
Expiry date: after 2 hours

Name: _abck
Value: 8D545C8CCA4C3A50579014C449B045311850586-9
Purpose: We could not find any further information about the purpose of this cookie.
Expiry date: after one year

Sometimes, for better display, you may need to open our newsletter via a provided link. This happens, for example, if your email program isn't working or the newsletter isn't displaying correctly. In such cases, the newsletter is displayed via a MailChimp website. MailChimp also uses cookies (small text files that store data in your browser) on its own websites. Personal data may be processed by MailChimp and its partners (eg, Google Analytics). This data collection is the responsibility of MailChimp, and we have no control over it. MailChimp's "Cookie Statement" (available at: https://mailchimp.com/legal/cookies/) explains exactly how and why the company uses cookies.

How long and where will the data be stored?

Since MailChimp is an American company, all collected data is stored on American servers.

Generally, the data remains permanently stored on MailChimp's servers and is only deleted upon your request. You can have your contact deleted from our system. This permanently removes all your personal data and anonymizes you in MailChimp reports. Alternatively, you can request the deletion of your data directly from MailChimp. In this case, all your data will be removed there, and we will receive a notification from MailChimp. After receiving this notification, we have 30 days to delete your contact from all connected integrations.

How can I delete my data or prevent data storage?

You can withdraw your consent to receive our newsletter at any time by clicking the link at the bottom of the email you receive. If you unsubscribe by clicking the unsubscribe link, your data will be deleted from MailChimp.

If you access a MailChimp website via a link in our newsletter and cookies are set in your browser, you can delete or disable these cookies at any time.

Depending on the browser, disabling or deleting cookies works slightly differently. The following instructions show you how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

Legal basis

Our newsletter is sent via MailChimp based on your consent (Article 6(1)(a) GDPR). This means we can only send you a newsletter if you have actively subscribed beforehand. If consent is not required, the newsletter is sent based on our legitimate interest in direct marketing (Article 6(1)(f)), provided this is legally permissible. We record your registration process so that we can always demonstrate compliance with applicable laws.

MailChimp also processes data in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

MailChimp uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, ie, in particular the USA) or for transferring data to such countries. These clauses oblige MailChimp to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

You can learn more about MailChimp's use of cookies at https://mailchimp.com/legal/cookies/, and information about MailChimp's privacy policy can be found at https://mailchimp.com/legal/privacy/.

MailChimp order data processing agreement

We have entered into a data processing agreement (Data Processing Addendum) with MailChimp. This agreement serves to protect your personal data and ensures that MailChimp complies with applicable data protection regulations and does not share your personal data with third parties.

More information about this agreement can be found at https://mailchimp.com/legal/data-processing-addendum/.

Google Ads (Google AdWords) Conversion Tracking Privacy Policy

Google Ads (Google AdWords) Conversion Tracking Privacy Policy Summary Data
subjects: Website visitors
Purpose: Economic success and optimization of our service.
Data processed: Access statistics containing data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed.
Storage period: Conversion cookies generally expire after 30 days and do not transmit any personal data.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Ads conversion tracking?

We use Google Ads (formerly Google AdWords) as an online marketing tool to promote our products and services. Our goal is to raise awareness of the high quality of our offerings among more people online. As part of our Google Ads advertising efforts, we use conversion tracking from Google Inc. on our website. However, in Europe, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. This free tracking tool allows us to better tailor our advertising to your interests and needs. The following article explains in more detail why we use conversion tracking, what data is stored, and how you can prevent this data storage.

Google Ads (formerly Google AdWords) is Google Inc.'s own online advertising system. We are confident in the quality of our offering and want as many people as possible to discover our website. Google Ads provides the best platform for this online. Naturally, we also want to gain a precise overview of the cost-benefit ratio of our advertising campaigns. Therefore, we use the Google Ads conversion tracking tool.

But what exactly is a conversion? A conversion occurs when you go from being a purely interested website visitor to taking action. This happens whenever you click on our ad and then perform another action, such as visiting our website. With Google's conversion tracking tool, we record what happens after a user clicks on our Google Ads ad. For example, we can see whether products are purchased, services are used, or whether users have subscribed to our newsletter.

Why do we use Google Ads conversion tracking on our website?

We use Google Ads to promote our offerings on other websites. Our goal is to ensure that our advertising campaigns reach only those people who are genuinely interested in our products or services. With the conversion tracking tool, we can see which keywords, ads, ad groups, and campaigns lead to the desired customer actions. We can see how many customers interact with our ads on a single device and then complete a conversion. This data allows us to calculate our cost-benefit ratio, measure the success of individual advertising campaigns, and consequently optimize our online marketing efforts. Furthermore, we can use the data we gather to make our website more engaging for you and tailor our advertising even more precisely to your needs.

What data is stored in Google Ads conversion tracking?

We have integrated a conversion tracking tag or code snippet into our website to better analyze certain user actions. When you click on one of our Google Ads, a "Conversion" cookie from a Google domain is stored on your computer (usually in your browser) or mobile device. Cookies are small text files that store information on your computer.

Here is the data for the most important cookies used by Google for conversion tracking:

Name: Conversion
Value: EhMI_aySuoyv4gIVled3Ch0llweVGAEgt-mr6aXd7dYlSAGQ311850586-3
Purpose: This cookie stores every conversion you make on our site after arriving via a Google Ad.
Expiry date: after 3 months

Name: _gac
Value: 1.1558695989.EAIaIQobChMIiOmEgYO04gIVj5AYCh2CBAPrEAAYASAAEgIYQfD_BwE
Purpose: This is a standard Google Analytics cookie used to track various actions on our website.
Expiry date: after 3 months

Note: The _gac cookie appears to only be used in connection with Google Analytics. The list above is not exhaustive, as Google also uses other cookies for analytical purposes

As soon as you complete an action on our website, Google recognizes the cookie and saves your action as a so-called conversion. As long as you are browsing our website and the cookie has not yet expired, we and Google recognize that you found us via our Google Ads ad. The cookie is read and sent back to Google Ads along with the conversion data. It is also possible that other cookies are used to measure conversions. Google Ads conversion tracking can be further refined and improved using Google Analytics. For ads that Google displays in various locations on the web, cookies named “__gads” or “_gac” may be set under our domain. Since September 2017, various campaign information from analytics.js has been stored using the _gac cookie. This cookie stores this data as soon as you visit one of our pages for which Google Ads automatic tagging has been enabled. Unlike cookies set for Google domains, Google can only read these conversion cookies when you are on our website. We do not collect or receive any personal data. We receive a report from Google containing statistical analyses. This allows us to see, for example, the total number of users who clicked on our ad and which advertising measures were successful.

How long and where will the data be stored?

At this point, we would like to emphasize that we have no control over how Google uses the collected data. According to Google, the data is encrypted and stored on secure servers. In most cases, conversion cookies expire after 30 days and do not transmit any personally identifiable information. The cookies named "Conversion" and "_gac" (which is used in conjunction with Google Analytics) have an expiration date of 3 months.

How can I delete my data or prevent data storage?

You have the option to opt out of Google Ads conversion tracking. If you disable the Google conversion tracking cookie in your browser, you will block conversion tracking. In this case, you will not be included in the tracking tool's statistics. You can change your browser's cookie settings at any time. The process varies slightly depending on the browser. Here are instructions on how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

If you generally do not want to allow cookies, you can configure your browser to always notify you when a cookie is about to be set. This allows you to decide whether to allow each individual cookie. Downloading and installing this browser plug-in from https://support.google.com/ads/answer/7395996will also disable all advertising cookies. Please note that disabling these cookies will not prevent advertisements from being displayed, but only personalized advertising.

Legal basis

If you have consented to the use of Google Ads Conversion Tracking, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur during the collection of data by Google Ads Conversion Tracking.

We also have a legitimate interest in using Google Ads Conversion Tracking to optimize our online service and marketing activities. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). However, we only use Google Ads Conversion Tracking if you have given your consent.

If you would like to learn more about data protection at Google, we recommend Google's general privacy policy: https://policies.google.com/privacy?hl=de.

Payment providers

Payment Provider Privacy Policy Summary
Data Subjects: Website visitors
Purpose: Enabling and optimizing the payment process on our website
Data Processed: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address, and contract data.
Further details can be found in the respective payment provider's tool.
Storage Period: Dependent on the payment provider used.
Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract)

What is a payment provider?

We use online payment systems on our website that ensure a secure and seamless payment process for both you and us. This may involve sending, storing, and processing personal data with the respective payment provider. These payment providers are online payment systems that allow you to place an order via online banking. The payment processing is handled by your chosen payment provider, and we subsequently receive confirmation of the payment. This method is available to any user with an active online banking account and PIN/TAN authentication. Very few banks still offer or accept such payment methods.

Why do we use payment providers on our website?

Naturally, we want to offer the best possible service with our website and integrated online shop, so that you feel comfortable on our site and can take advantage of our offers. We know that your time is valuable and that payment processing, in particular, needs to be quick and seamless. For this reason, we offer you various payment providers. You can choose your preferred payment provider and pay in the usual way.

What data is processed?

The exact data processed depends, of course, on the specific payment provider. However, data such as name, address, and bank details (account number, credit card number, passwords, TANs, etc.) are generally stored. This data is necessary to process a transaction. Additionally, any contract data and user data, such as when you visit our website, which content you are interested in, or which subpages you click on, may also be stored. Most payment providers also store your IP address and information about the computer you are using.

The data is generally stored and processed on the payment providers' servers. We, as website operators, do not receive this data. We are only informed whether the payment was successful or not. For identity and credit checks, payment providers may forward data to the relevant authorities. All payment transactions are always subject to the terms and conditions and privacy policies of the respective provider. Therefore, please always review the payment provider's terms and conditions and privacy policy. You also have the right to have your data deleted or corrected at any time. Please contact the respective service provider regarding your rights (right of withdrawal, right of access, and data subject rights).

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. Generally, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If legally required, as in the case of accounting, this storage period may be exceeded. For example, we retain accounting documents pertaining to a contract (invoices, contracts, bank statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they are generated.

Right to object

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the responsible parties at the payment provider you are using. Contact details can be found either in our specific privacy policy or on the website of the respective payment provider.

You can delete, disable, or manage cookies used by payment providers in your browser. The process varies depending on your browser. Please note, however, that this may prevent the payment process from working.

Legal basis

For processing contractual and legal transactions (Art. 6 para. 1 lit. b GDPR), We offer payment service providers in addition to traditional banks and credit institutions. The privacy policies of the individual payment providers (such as Amazon Payments, Apple Pay, or Discover) provide you with a detailed overview of their data processing and storage practices. Furthermore, you can always contact the responsible parties with any questions regarding data protection issues.

Information on specific payment providers can be found – if available – in the following sections.

Instagram Privacy Policy

Instagram Privacy Policy Summary
Data Subjects: Website visitors
Purpose: Optimization of our service
Data Processed: Data such as user behavior, information about your device, and your IP address.
More details can be found below in the privacy policy.
Storage Period: Until Instagram no longer needs the data for its purposes
Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Instagram?

We have integrated Instagram features into our website. Instagram is a social media platform operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA. Since 2012, Instagram has been a subsidiary of Facebook Inc. and is part of the Facebook family of products. Embedding Instagram content on our website allows us to display content such as buttons, photos, or videos from Instagram directly on our site. When you visit pages on our website that have an integrated Instagram feature, data is transmitted to, stored by, and processed by Instagram. Instagram uses the same systems and technologies as Facebook. Therefore, your data is processed across all Facebook companies.

Below, we'll give you a more detailed look at why Instagram collects data, what data it collects, and how you can largely control its processing. Since Instagram belongs to Facebook Inc., we draw our information from both Instagram's policies and Facebook's own data policy.

Instagram is one of the most popular social media networks worldwide. It combines the advantages of a blog with those of audiovisual platforms like YouTube or Vimeo. On "Insta" (as many users casually call the platform), you can upload photos and short videos, edit them with various filters, and share them on other social networks. And if you don't want to be active yourself, you can simply follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has truly exploded in popularity in recent years. And of course, we've responded to this boom. We want you to feel as comfortable as possible on our website. That's why a diverse presentation of our content is given for us. The embedded Instagram features allow us to enrich our content with helpful, funny, or exciting material from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also be used for personalized advertising on Facebook. This ensures that our ads are only shown to people who are genuinely interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We receive aggregated statistics, giving us more insight into your preferences and interests. It's important to note that these reports do not personally identify you.

What data does Instagram store?

When you visit one of our pages that includes Instagram features (such as Instagram images or plugins), your browser automatically connects to Instagram's servers. Data is then sent to, stored, and processed by Instagram, regardless of whether you have an Instagram account or not. This includes information about your visit to our website, your computer, purchases you've made, advertisements you see, and how you use our services. The date and time of your interaction with Instagram are also recorded. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume that Instagram does the same. Customer data includes, for example, name, address, phone number, and IP address. This customer data will only be transmitted to Instagram after it has been hashed. Hashing means that a data record is transformed into a string of characters. This allows contact information to be encrypted. In addition, the aforementioned "event data" is also transmitted. Facebook—and consequently Instagram—understands “event data” as data about your user behavior. It is also possible that contact information may be combined with event data. The collected contact information is then compared with the data that Instagram already holds about you.

Small text files (cookies), usually placed in your browser, transmit the collected data to Facebook. The amount of data stored varies depending on the Instagram features you use and whether you have an Instagram account.

We assume that Instagram's data processing works the same way as Facebook's. This means that if you have an Instagram account or have visited www.instagram.com, Instagram has set at least one cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you interact with an Instagram feature. This data is deleted or anonymized after a maximum of 90 days (after reconciliation). Although we have thoroughly examined Instagram's data processing practices, we cannot say with absolute certainty exactly which data Instagram collects and stores.

Below, we show you the minimum number of cookies that are set in your browser when you click on an Instagram feature (such as a button or an Instagram image). For our test, we assume you do not have an Instagram account. If you are logged into Instagram, significantly more cookies will be set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: “”
Purpose: This cookie is most likely set for security reasons to prevent request forgery. However, we were unable to determine this more precisely.
Expiration date: after one year

Name: mid
Value: “”
Purpose: Instagram sets this cookie to optimize its own services and offers both on and off Instagram. The cookie establishes a unique user ID.
Expiry date: at the end of the session

Name: fbsr_311850586124024
Value: not specified
Purpose: This cookie stores the login request for users of the Instagram app.
Expiry date: at the end of the session

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiry date: at the end of the session

Name: urlgen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe311850586”
Purpose: This cookie is used for Instagram's marketing purposes.
Expiry date: at the end of the session

Note: This list is not exhaustive. Which cookies are set in each individual case depends on the embedded functions and your use of Instagram.

How long and where will the data be stored?

Instagram shares the information it receives between Facebook companies, external partners, and people you connect with worldwide. Data processing is carried out in accordance with its own data policy. Your data is distributed across Facebook servers around the world, partly for security reasons. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation (GDPR), you have the right to access, transfer, rectify, and erase your data. You can manage your data in your Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

And this is how you delete your Instagram account:

First, open the Instagram app. On your profile page, scroll down and tap "Help Center." This will take you to the company's website. On the website, tap "Manage your account" and then "Delete your account."

If you delete your account entirely, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you is not part of your account and will therefore not be deleted.

As mentioned above, Instagram primarily stores your data using cookies. You can manage, disable, or delete these cookies in your browser. The process varies slightly depending on your browser. Here, we'll show you the instructions for the most common browsers.

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

You can also configure your browser to always notify you when a cookie is about to be set. This allows you to decide individually whether or not to allow the cookie.

Legal basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR)in fast and effective communication with you or other customers and business partners. However, we only use the embedded social media elements if you have given your consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

Instagram and Facebook process data, among other places, in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the lawfulness and security of data processing.

Facebook uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 of the GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, ie, in particular the USA) or for transferring data to such countries. These clauses oblige Facebook to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

We have tried to provide you with the most important information about data processing by Instagram. You can find more detailed information about Instagram's data policy at https://help.instagram.com/519522125107875 .

Google Fonts Privacy Policy

Google Fonts Privacy Policy Summary
Data Subjects: Website visitors
Purpose: Optimization of our service
Data Processed: Data such as IP address and CSS and font requests
More details can be found below in this privacy policy.
Storage Period: Font files are stored at Google for one year
Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are Google Fonts?

We use Google Fonts on our website. These are the “Google fonts” from Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.

You don't need to register or provide a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don't need to worry about your Google account data being transmitted to Google while using Google Fonts. Google collects data on the usage of CSS (Cascading Style Sheets) and the fonts used, and stores this data securely. We will examine the specifics of this data storage in more detail later.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users free of charge.

Many of these fonts are released under the SIL Open Font License, while others are released under the Apache License. Both are free software licenses.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our own website without having to upload them to our own server. Google Fonts is an important component for maintaining the high quality of our website. All Google fonts are automatically optimized for the web, which saves data volume and is a significant advantage, especially for use on mobile devices. When you visit our site, the small file size ensures fast loading times. Furthermore, Google Fonts are reliable web fonts. Different rendering systems in various browsers, operating systems, and mobile devices can lead to errors. Such errors can sometimes distort text or even entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts so that we can present our entire online service as beautifully and consistently as possible.

What data does Google store?

When you visit our website, the fonts are loaded from a Google server. This external request transmits data to Google's servers. This allows Google to recognize that you, or rather your IP address, have visited our website. The Google Fonts API was developed to minimize the use, storage, and collection of end-user data to only what is necessary for the proper delivery of fonts. API stands for "Application Programming Interface" and serves, among other things, as a data transmitter in the software field.

Google Fonts securely stores CSS and font requests with Google, thus protecting them. The collected usage statistics allow Google to determine the popularity of individual fonts. Google publishes these results on internal analytics pages, such as Google Analytics. Additionally, Google uses data from its own web crawler to identify which websites use Google Fonts. This data is published in the Google Fonts BigQuery database. Businesses and developers utilize the Google web service BigQuery to analyze and manipulate large datasets.

It should be noted, however, that every Google Font request also automatically transmits information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google servers. Whether this data is also stored is unclear and not explicitly communicated by Google.

How long and where will the data be stored?

Google stores requests for CSS assets on its servers, which are primarily located outside the EU, for one day. This allows us to use the fonts with a Google stylesheet. A stylesheet is a formatting template that allows you to easily and quickly change, for example, the design or font of a website.

The font files are stored at Google for one year. Google's goal is to improve website loading times in general. When millions of websites reference the same fonts, they are cached after the first visit and appear instantly on all subsequent visits. Google sometimes updates font files to reduce file size, increase language coverage, and improve design.

How can I delete my data or prevent data storage?

The data that Google stores for a day or a year cannot be easily deleted. This data is automatically transmitted to Google when you visit our website. To delete this data prematurely, you must contact Google Support at https://support.google.com/?hl=de&tid=311850586 . In this case, you can only prevent data storage by not visiting our website.

Unlike other web fonts, Google Fonts grants us unrestricted access to all its fonts. This means we can access a vast array of fonts and choose the perfect one for our website. You can find more information about Google Fonts and answers to frequently asked questions at https://developers.google.com/fonts/faq?tid=311850586 . While Google addresses data privacy issues there, truly detailed information about data storage is not included. Obtaining precise information from Google about the data they store is relatively difficult.

Legal basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur when Google Fonts collects it.

We also have a legitimate interest in using Google Fonts to optimize our online service. The legal basis for this is Article 6(1)(f) GDPR (legitimate interests) . However, we only use Google Fonts if you have given your consent.

Google uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or transferring data to such countries. These clauses oblige Google to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de .

You can also read about what data Google collects and what this data is used for at https://www.google.com/intl/de/policies/privacy/ .

Google Maps Privacy Policy

Google Maps Privacy Policy Summary
Affected parties: Website visitors
Purpose: To optimize our service performance
Data processed: Data such as entered search terms, your IP address and also the latitude and longitude coordinates.
You can find more details below in this privacy policy.
Storage duration: depends on the stored data
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Maps?

We use Google Maps from Google Inc. on our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Maps allows us to show you locations more effectively and thus better tailor our service to your needs. By using Google Maps, data is transferred to Google and stored on Google's servers. Here we would like to explain in more detail what Google Maps is, why we use this Google service, what data is stored, and how you can prevent this.

Google Maps is an online mapping service from Google. With Google Maps, you can search for the exact locations of cities, landmarks, accommodations, or businesses online using a PC, tablet, or app. If businesses are listed on Google My Business, additional information about the company is displayed alongside the location. To show directions, map snippets of a location can be embedded into a website using HTML code. Google Maps displays the Earth's surface as a road map or as aerial/satellite imagery. Thanks to Street View and high-quality satellite imagery, very detailed representations are possible.

Why do we use Google Maps on our website?

All our efforts on this page aim to provide you with a useful and meaningful experience on our website. By integrating Google Maps, we can provide you with essential information about our various locations. You can see at a glance where our company headquarters are located. The directions always show you the best and fastest way to reach us. You can access directions for routes by car, public transport, on foot, or by bicycle. For us, providing Google Maps is part of our customer service.

What data does Google Maps store?

In order for Google Maps to fully offer its service, the company needs to collect and store your data. This includes, among other things, the search terms you enter, your IP address, and your latitude and longitude coordinates. If you use the route planner function, the starting address you enter will also be saved. This data storage, however, takes place on Google Maps' websites. We can only inform you about this, but we have no control over it. Because we have integrated Google Maps into our website, Google places at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google primarily uses this data to optimize its own services and to provide you with personalized advertising.

The following cookie will be set in your browser due to the integration of Google Maps:

Name: NID
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ311850586-5
Purpose: NID is used by Google to personalize ads based on your Google searches. With the help of this cookie, Google "remembers" your most frequent search queries or your previous interactions with ads. This ensures you always receive tailored advertisements. The cookie contains a unique ID that Google uses to collect your personal preferences for advertising purposes.
Expiry date: after 6 months

Note: We cannot guarantee the completeness of the stored data. Changes are always possible, especially when using cookies. To identify the NID cookie, a separate test page was created that only included Google Maps.

How long and where will the data be stored?

Google's servers are located in data centers around the world. However, most servers are in the United States. Therefore, your data is also primarily stored in the USA. You can find detailed information about the locations of Google's data centers here: https://www.google.com/about/datacenters/inside/locations/?hl=de

Google distributes the data across various storage devices. This makes the data faster to access and better protected against potential manipulation attempts. Each data center also has specific emergency programs. For example, if there are problems with Google hardware or a natural disaster cripples the servers, the data remains quite secure.

Google stores some data for a set period. For other data, Google only offers the option to delete it manually. Furthermore, the company also anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 or 18 months.

How can I delete my data or prevent data storage?

With the automatic deletion feature for location and activity data introduced in 2019, information about your location and web/app activity is stored for either 3 or 18 months, depending on your choice, and then deleted. You can also manually delete this data from your history at any time via your Google account. If you want to completely prevent location tracking, you need to pause the "Web & App Activity" section in your Google account. Click on "Data & Personalization" and then on the "Activity controls" option. Here you can turn activity tracking on or off.

In your browser, you can also disable, delete, or manage individual cookies. Depending on which browser you use, this process varies slightly. The following instructions show you how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Deleting and managing cookies

Legal basis

If you have consented to the use of Google Maps, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur when collected by Google Maps.

We also have a legitimate interest in using Google Maps to optimize our online service. The legal basis for this is Article 6(1)(f) GDPR (legitimate interests). However, we only use Google Maps if you have given your consent.

Google uses standard contractual clauses approved by the EU Commission (Article 46, paragraphs 2 and 3 GDPR) as the basis for processing data with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or transferring data to such countries. These clauses oblige Google to maintain the EU level of data protection when processing relevant data even outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses, among other places, here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de

If you would like to learn more about Google's data processing, we recommend that you consult the company's own privacy policy at https://policies.google.com/privacy?hl=de

THE NEW FLASH COLLECTION

Spring Summer 2026

Herzens Story

FAQs

Contact Us

Change shipping country

Change shipping country

Data Protection

Introduction and Overview

Scope

Legal basis

Contact details of the responsible party

Contact details of the data protection officer

Storage duration

Rights under the General Data Protection Regulation

Data transfer to third countries

Data processing security

Cookies

Facebook Pixel Privacy Policy

Google Analytics Privacy Policy

Google Site Kit Privacy Policy

Google Tag Manager Privacy Policy

MailChimp Privacy Policy

Google Ads (Google AdWords) Conversion Tracking Privacy Policy

Payment providers

Instagram Privacy Policy

Google Fonts Privacy Policy

Google Maps Privacy Policy

How long and where will the data be stored?