0 0

Privacy policy

1. Preface and selected terms
2. responsibilities
3. brief overview of data processing
4. legal bases for the processing of personal data
5. your rights under the basic data protection regulation
6. external hosting
7. automatic server log files
8. use of cookies
9 Cookie consent
10. processing of personal data in the context of contacting and communication
11. information for applicants
12.A Auction participation and settlement (eppli.com)
12B. Data processing in the online shop (www.eppli.com)
12.C Auction and purchase processing
13. direct marketing and e-mail newsletters
14 Analysis, tracking and advertising
15 Trusted Shops ratings and integration of the trust badge
16. plugins, CDNs and script libraries
17 Our Social Media Presence
18 Supplementary information for business contacts

1. Preface and selected terms

On the one hand, this privacy policy informs visitors and users of our website about the data processing operations that take place online and involve the processing of personal data. On the other hand, you will receive information about our processing operations that do not primarily take place online.

  1. "Personal data" are all individual details that allow conclusions to be drawn about a natural person (for definition see Art. 4 (1) GDPR). This includes, for example, names, email addresses, telephone numbers, but also data such as IP addresses or customer numbers.
  2. The "processing of personal data" includes all operations, for example the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 (2) GDPR).
  3. The "data subject" within the meaning of data protection law is any natural person from whom personal data are processed.
  4. Further definitions of terms can be found in the General Data Protection Regulation, which can be found in Art. 4 of the GDPR (Definitions).

2. responsibilities

2.1 Name and address of the responsible person

The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:

Eppli am Markt Auktionshaus - Juwelier e.K.
Market Place 6
70173 Stuttgart
Phone +49 (0) 711 997 008 160
Fax +49 (0) 711 997 008 299
E-Mail:info@eppli.com
Represented by: Franz Eppli, Ferdinand Benedikt Eppli

2.2 Name and address of the data protection officer

The data protection officer of the data controller is:


DPO External Data Protection Officer Stuttgart
Fabian Henkel
Kant Street 14
71277 Rutesheim
Phone: +497152564773
E-mail: info@externer-datenschutzbeauftragter-stuttgart.de
Web:https://www.externer-datenschutzbeauftragter-stuttgart.de

3. brief overview of data processing

The following contents provide you with a brief overview of the processing of personal data; more detailed information can be found in the respective passages presented in detail.

Security on our website (SSL Secure Socket Layer)
Our website is equipped with an SSL certificate, with the help of which data transmission processes are encrypted. This happens, for example, when you send us a message via a form. However, we would like to point out as a precaution that one hundred percent security in electronic data processing is not possible and that there is always a residual risk.

Data that you transmit to us
On this site, we process data that you enter yourself, for example in a form. In this case, the purpose of the processing results from the type of form and, on the other hand, from this data protection declaration. Even if you send us a message by e-mail, for example, or contact us in some other way, we will process your data in accordance with the purpose of the contact.

Automatic server log files
On the other hand, our server automatically records all accesses and thus also IP addresses (log files), this serves the defence against attacks, the analysis of access figures and the smooth operation.

Use of cookies
Cookies help us to provide various services. Cookies are small text files that are stored in your browser and can be read. We use our own cookies as well as third-party cookies, you can find more information about this in this privacy policy.

Plugins and content delivery networks
We sometimes use plugins and content delivery networks, well-known examples of such services being the video service YouTube or the map service Google Maps. If such services are integrated via a website, access data is transmitted to the services. This is usually your IP address and other metadata, such as the time and date of access. As a rule, this data is made available by setting cookies.

Analysis and tracking tools

a) Analysis tools
In addition to the pure server log files, which also provide us with information on page views, we use analysis tools or tracking tools. These tools give us detailed insights into the content visited on our site, the flow of behaviour and, for example, the country from which access took place. In order for such services to function, cookies must be set for the site visitor.

b) Measuring the success of advertisements
We place online advertisements. If you reach our site via an advertisement, we record this click. This conversion tracking is used to measure the success of our advertisements. The conversion tracking is carried out via cookies.

Newsletter / Direct marketing

Direct marketing to existing customers in the legitimate interest

We reserve the right to send our customer email newsletter on the basis of §7 para. 3 UWG in conjunction with Art. 6 para. 1 lit. f DSGVO. We also reserve the right to send postal advertising to existing customers in our legitimate interest. You can of course object to receiving direct marketing information from us at any time.

Direct marketing based on your consent
If you give us your consent, we will send you newsletters until you revoke it. You can revoke your consent with us at any time with effect for the future.

Other data recipients

Other data recipients

a) Use of processors
We use processors in accordance with the requirements of Art. 28 DSGVO, for example in the area of IT services, web hosting, e-mail hosting or printing services. These process personal data for us in accordance with instructions.

b) Use of external services
If it is necessary (for example, to execute a contract), we pass on your data to banks, other payment service providers, shipping service providers, our tax advisor or lawyer, for example.

c) Legal obligations
In addition, in certain cases we are obliged to make a report to the competent authorities on the basis of the Money Laundering Act. In addition, we are subject to further legal obligations, such as trade laws or tax law, in this context we must disclose certain data to tax authorities, for example.

d) Investigation of criminal offences
Insofar as it should be necessary for the clarification of a criminal offence, we pass on data to the criminal prosecution authorities.

General information on deletion periods for personal data
We process data as long as this is necessary for the respective purpose. As far as necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract; in addition, we are obliged to comply with statutory retention obligations. If the data processing is based on your consent, we will delete your data after your revocation.

Transfer of personal data to a third country
If possible, we try to have all service providers and services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and/or we have concluded a contract for commissioned processing pursuant to Art. 28 DSGVO, taking into account appropriate guarantees. In individual cases, we may use plugins or tools that are hosted in third countries, but we use them on the basis of our legitimate interests. In these cases, we point out the circumstance where appropriate.

Obligation to provide personal data
The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the required personal data, it will not be possible for us to conclude and fulfil a contract with you.

4. legal bases for the processing of personal data

The legal bases for the processing of personal data are exceptional circumstances that permit the processing of personal data. The main legal bases are illustrated in particular in Art. 6 DSGVO.

The legal bases on which we process personal data are described in the individual processing operations in this privacy policy.

  • Consent is one of these legal bases and requires that the consenting person gives it in an informed manner and on a voluntary basis. Consent based on Art. 6 para. 1 lit. a DSGVO can generally be revoked at any time without giving reasons.
  • The processing of personal data for the initiation or execution of contracts is also a legal basis and is defined in Art. 6 (1) lit. b DSGVO.
  • The exceptional case of data processing due to a legal obligation is found in Art. 6 para. 1 lit. c DSGVO, for example, we are obliged to comply with certain retention periods under commercial law and tax law.
  • The processing of personal data on the basis of a balancing of interests pursuant to Art. 6 (1) lit. f DSGVO permits the processing after careful consideration of financial or legal interests against the interests of the data subject that are worthy of protection.

5. your rights under the basic data protection regulation

Every natural person has certain rights, which are defined in particular in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can claim from us.

1. right to revoke consent granted according to Art. 7 DSGVO
You can revoke your consent at any time without giving reasons with effect for the future.

2. right to information (cf. Art. 15 DSGVO)
You have the right to request information about the data processed about you and the purposes of the processing at any time.

3. right to rectification (cf. Art. 16 DSGVO).
If you discover that we are processing incorrect or incomplete data about you, you have the right to rectification.

4. right to erasure (cf. Art. 17 DSGVO)
You have the right at any time to request the erasure of your personal data that we process about you. If complete deletion is not possible, for example because we have to comply with statutory retention obligations or we can assert legitimate interests for another reason, we will restrict your data until these reasons no longer apply.

5. right to restriction of processing / blocking (cf. Art. 18 DSGVO)
You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data has happened / is happening unlawfully, you can request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
  • If you have restricted the processing of your personal data, such data may - apart from being stored - only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

6. right to data portability (cf. Art. 20 DSGVO)
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

7. right to object to certain processing operations and direct marketing (cf. Art. 21 DSGVO).
If data processing is based on Art. 6(1)(e) or (f) DSGVO, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) of the GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection pursuant to Art. 21 (2) DSGVO).

8. right of appeal to a supervisory authority (cf. Art. 77 GDPR)
In the event of infringements of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. The right of appeal is without prejudice to any other administrative or judicial remedy.

6. external hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.

We have commissioned the following hoster for hosting:

Auctions at auctions.eppli.com
Bidpath GmbH
Theresienstraße 19
01097 Dresden

Main page/online shop (eppli.com)
Profihost AG
Expo Plaza 1
30539 Hanover

Conclusion of a contract on commissioned processing In order to ensure data protection-compliant processing, we have concluded a contract on commissioned processing with our hoster.

7. automatic server log files

Our web server automatically logs all accesses and thus also IP addresses of visitors. This serves to defend against attacks, analyse access figures and ensure smooth operation. We have a legitimate interest in this (Art. 6 lit. f DSGVO).

The server log usually records not only the IP address but also other metadata about the session, this data can be found below.

  • Date and time of the retrieval
  • Information about the type of browser and the version used Browser
  • Details of the operating system used
  • Device (Client)
  • Refferer URL (via which page you landed with us)
  • Invoked hyperlinks

We only process this data for the purposes mentioned above. We delete server log files after six months at the latest.

8. use of cookies

Our website uses cookies for the provision of services and to ensure full functionality. Cookies - which are small text files that are automatically stored in your browser or device - can have various functions and contain a characteristic string that allows the browser to be uniquely identified when you return to the website.

Cookies are stored on your terminal device and transmitted from it to our site. As a user, you have full control over the use of cookies. You can define whether and which cookies you generally allow in your browser settings. We recommend that you set your browser so that you are informed when a website wants to set cookies on your computer. This gives you control over which cookies you want to accept. However, if you do not allow cookies, the functionality of websites may be limited.

Cookies are basically divided into non-persistent and persistent cookies. A further distinction is made between first party cookies (which come directly from our web server) and third party cookies (which are set by third-party providers).

8.1 Cookie types by runtime

Session cookies: Session cookies are deleted at the latest when you leave our website and close your browser.

Persistentcookies: These cookies remain stored even after you leave our website and close your browser of the browser. Persistent cookies can have different durations, from one day to several years. These cookies can perform various functions, for example, your login details may be stored so that you are automatically logged in when you return to our website. Other persistent cookies are used for analysis, tracking and marketing purposes.

8.2 Cookie types by origin

We use both first-party cookies and third-party cookies. First-party cookies are cookies that come directly from us. Third-party cookies are cookies that are placed via a third-party provider. We use various third-party cookies for analysis, tracking and marketing purposes.

8.3 Cookie types according to function

Technically required or necessary cookies
These cookies enable the operation of our website. Without technically necessary cookies, our website would not be usable or only usable to a very limited extent. For example, such cookies are used when you log in to our site or place a product in the shopping basket. In some cases, necessary cookies also serve security purposes.

Analysis or statistics cookies
Analysis cookies collect information about the behaviour of page visitors, provide information about the length of stay and which information was called up. Furthermore, information is collected about which website page visitors come from, how many visitors the websites have and how long the user stays on the websites. The aim of these cookies is to optimise our website on the basis of the information collected.

Tracking and marketing cookiesTracking or marketing cookies (also remarketing and retargeting cookies) enable an analysis of browsing behaviour, they store which content was visited or which products the user searched for (tracking in this sense means tracing). On the basis of these cookies, a user can also be identified across pages with the aim of placing advertisements tailored to his or her interests.

Function cookies
Function cookies are used, for example, to integrate external content such as videos or map services. In addition, these cookies offer the possibility to use further functions.

8.4 Legal basis and information on setting your preferences

We use technically necessary cookies in the interest of a functional and stable website (Art. 6 para. 1 lit. f DSGVO), we only use other cookies with your consent (Art. 6 para. 1lit. a DSGVO). You can set your preferences regarding the selection of non-essential cookies at the beginning of your visit; in addition, you have the option of adjusting your preferences at any time. The individual legal bases for the use of various tools that use cookies can be found in the respective passages in our privacy policy.

9 Cookie consent

Cookie consent on auktionen.eppli.com
We offer you the possibility to choose whether and which cookies and services you want to allow. For this purpose, we have implemented a so-called consent management via our hoster Bidpath, which is automatically displayed the first time you visit our website or after the expiry of the preference cookie.

If you have confirmed your selection regarding cookies and services, a cookie will be stored in your browser to save your preferences. We use cookie content management in the legitimate interest (Art. 6 para. 1 lit. f DSGVO) and to comply with legal requirements (Art. 6 para.1 lit. c DSGVO) to obtain your consent to set cookies.

Use of Usercentrics on eppli.com
This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this consent in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").

When you enter our website, the following personal data is transferred to Usercentrics:

  • Your consent(s) or the revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your terminal
  • Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to allocate the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c DSGVO. In addition, we have a legitimate interest in obtaining cookie consent with user-friendly and professional software (Art. 6 (1) (f) DSGVO).

Order processing
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

10. processing of personal data in the context of contacting and communication

Message via contact form
You have the possibility to send us messages via contact form. In doing so, we process the data that you have entered in the data entry mask. As a rule, this is your name, your company if applicable, telecommunication data and the text entered. Mandatory fields are marked and must be filled in.

The purpose of the data processing is to process your request and, if necessary, to contact you afterwards. As a rule, we process your data in this context to initiate or execute contracts on the basis of Art. 6 (1) lit. b DSGVO. If we ask for your consent in the respective form, the processing is also based on Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time without giving reasons.

We store the transmitted data until the purpose of the data storage has been achieved or you revoke your consent. Please note that the process may be subject to legal retention periods. In this case, we restrict your data for further processing until they expire.

Communication by e-mail
If you send us an e-mail, we process your data according to the content and purpose of the message. As a rule, processing is carried out on the basis of pre-contractual measures or in the context of the implementation of a contractual relationship on the basis of Art. 6 para. 1 lit. b DSGVO and Art. 6 para. 1 lit. f. DSGVO. It is a legitimate interest to process your request quickly and efficiently.

Please note that in accordance with generally accepted accounting principles, we store all incoming e-mails for a period of ten years, starting on the first day of the following year in which the message was received. Therefore, insofar as you request us to delete the data, we will henceforth restrict your data for processing and only store it for the purpose of complying with retention periods in our legitimate interest.

Communication by telephone or fax
Even if you contact us by telephone or fax, we process your data either for the initiation and implementation of contractual relationships (if the content is product- or service-related) and/or in our legitimate interest, analogous to contacting you by e-mail. We do not record the content of conversations, but may make notes for processing your enquiry. We store these until the purpose of the data processing has been achieved and we no longer have a legitimate interest in processing them. If necessary, contents of the conversation will be stored anonymously for statistical purposes. Of course, you can request deletion at any time.

11. information for applicants

Data protection provisions Application procedure
If you apply to us, whether for an advertised position or on your own initiative, we will process your data in order to carry out the selection process. It is irrelevant to us whether you apply by post, by e-mail or, if available for the respective position, by online form.

As a matter of principle, we only process the data that you yourself have provided to us within the scope of an application procedure. The use of other sources may only be considered after you have been informed and consulted. For example, whether we may contact a former employer. The legal basis for carrying out an application procedure is §26 BDSG in conjunction with Art. 6 para. 1 lit. b DSGVO (initiation of employment contract). If you give us your consent to store your data for a longer period of time, this is done on the legal basis of Art. 6 para. 1 lit. a DSGVO.

Deletion periods for applicant data
We delete applicant data a maximum of 6 months after the end of the application process (when a candidate has been selected and all applicants have been informed of the outcome). In principle, the purpose of data processing ceases to exist at the end of the selection procedure, but we have a legitimate interest (Art. 6(1)(f) DSGVO) in being able to defend ourselves against any claims by rejected applicants. If you have the impression that your interests in immediate deletion outweigh this, you have the option of requesting us to do so. We will then examine your request and provide you with feedback.

After the expiry of the above-mentioned period, your data will be deleted, unless we have to defend ourselves, for example, in ongoing proceedings, such as a lawsuit under the General Equal Treatment Act. In this case, we will delete your data after the proceedings have been concluded, provided that there are no statutory retention periods.

If we are allowed to store your data for a longer period on the basis of your consent, we will delete your data if you request us to do so and revoke your consent. If necessary, we will also delete your data before revoking your consent if it is foreseeable that no position will be available.

Inclusion in our applicant pool
If we are unable to offer you a position at the current time, we may ask you for your consent to continue storing your data. This serves the purpose of offering you a suitable position at a later date.

The legal basis for processing your data in our applicant pool is your consent (Art. 6 Aba. 1 lit. a DSGVO). Of course, you can revoke your consent at any time with effect for the future. If you do not revoke your consent yourself within a period of two years, we will delete your data from our applicant pool by then at the latest.

12.A Auction participation and settlement (eppli.com)

User account registration

In order to participate in our online auctions, it is necessary for you to create a user account. For this purpose, it is mandatory to provide an e-mail address. You will receive a confirmation link after your registration. Your account will only be activated after its confirmation. The processing of the data entered during registration is carried out on the one hand for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6 para. 1 lit. b DSGVO).

On the other hand, the processing of your data for this purpose is based on your consent (Art. 6 para. 1 lit. a DSGVO). Of course, you can revoke your consent at any time with effect for the future and request us to delete your user account.

Your data will be stored for as long as you maintain your user account on our site.

Insofar as legal retention periods exist for all or parts of your data, we must comply with these and restrict your data after revocation. However, this does not directly affect the data from your user account, but rather data that was processed as part of a sales contract. In this case, the retention period is usually 10 years (§147 AO / §257 HGB / §14b UstG).

Use of Auctio Novo
We use a tool from the provider Auctio Novo for our action platform and the execution of auctions. The provider is Bidpath GmbH, Theresienstraße 19, 01097 Dresden. We have concluded an order processing contract with Auctio Nov.

12.B Data processing in the online shop (www.eppli.com)

User account registration

You have the option of creating a user account. This enables you to use an extended functionality, but is not mandatory. In the registration process you will be asked to enter various data, some of these fields are mandatory and marked accordingly.

With a user account, you can log in to the site with a user name and password; passwords are always stored in encrypted form.

Whether you create a user account is up to you. The processing of the data entered during registration is carried out on the one hand for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6 para. 1 lit. b DSGVO).

Secondly, the processing of your data for this purpose is based on your consent (Art. 6 para. 1 lit. a DSGVO). Of course, you can revoke your consent at any time with effect for the future and request us to delete your user account.

Your data will be stored for as long as you maintain your user account on our site.

Insofar as legal retention periods exist for all or parts of your data, we must comply with these and restrict your data after revocation. However, this does not directly affect the data from your user account, but rather data that was processed as part of a sales contract. In this case, the retention period is usually 10 years (§147 AO / §257 HGB / §14b UstG).

Favourites list

You can add products to your favourites list by clicking on the heart icon. Products are thereby saved in your customer account until you deselect a product again or the product is no longer available.

The use of the favourites list is based on your consent (Art. 6 para. 1 lit. a DSGVO) and for the initiation of contractual relationships (Art. 6 para. 1 lit. b DSGVO). You can revoke your consent at any time by deleting a product from the favourites list.

Setting up a search request

If you, as a registered user, enter a search request in our online shop, you will automatically be notified by e-mail when products become available. The creation of a search request is based on your implied consent (Art. 6 para. 1 lit. a DSGVO) and for the initiation of contractual relationships (Art. 6 para. 1lit. b DSGVO). You can delete a search request at any time in your customer account. To do so, navigate to the following page: https://www.eppli.com/mein-konto/.

12.C Auction and purchase processing

If you make a transaction with us, for example with the purchase of goods, your data is processed for the initiation and implementation of contractual relationships (according to the legal basis Art. 6 para. 1 lit b DSGVO). We only process the data that is necessary for the execution of the transaction. These are usually title, surname and first name, if applicable company name, invoice address, if applicable a different delivery address as well as your e-mail address and if applicable your telephone and fax number.

We process your data for the purpose of processing the legal transaction. After processing, we store your data for the purpose of complying with statutory retention periods, which amount to 10 years in accordance with §257 (1) HGB and §147 (2) AO (legal basis Art. 6 para. 1 lit. c DSGVO), starting with the year following the legal transaction.

Please note that we reserve the right to process your data received as part of a transaction in the legitimate interest for advertising purposes. You can object to this type of processing at any time; you can find our contact details in the imprint of this page, among other places.

Data transfer upon conclusion of the contract
We only transmit your personal data to third parties if this is necessary within the framework of the contract processing on the basis of Art. 6 Para. 1 lit. b DSGVO.

Transmission of data Shipping service provider

Insofar as goods are being shipped, we will transfer your data to the selected or available shipping service provider to handle the shipping process. We only transfer the data necessary for the transaction unless you explicitly consent to the transfer of further data.

We use various shipping service providers and freight forwarders for the shipment of goods, these may be, for example, the following:

  • German Post AG
    Robert-Bosch-Str. 200
    73257 Köngen

  • DHL Parcel GmbH
    Sträßchensweg 10
    53113 Bonn

  • DHL Express Germany GmbH
    Heinrich-Brüning-Str. 5
    53113 Bonn

  • Mail Boxes Etc.
    Friedrich-List-Str. 8
    70771 Leinfelden-Echterdingen

  • Galle Werttransporte GmbH
    An der Breitheck 23
    55743 Idar-Oberstein

  • OPExx Stuttgart GmbH
    Zaunackerstr. 15
    70771 Leinfelden-Echterdingen

  • Malca-Amit Germany GmbH
    Sophienstr. 1
    51149 Cologne

Transmission of your e-mail address and/or telephone number to the selected shipping service provider.
If you give your consent as part of the check-out process, we will transmit your e-mail address and/or telephone number to the selected shipping service provider. They will use your email address to send you information about your delivery. If you wish to revoke this, please address your revocation directly to the shipping service provider.

Payment processing

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of processing the payment. The respective contractual and data protection provisions of the respective providers apply to these transactions.

The use of payment service providers is based on Art. 6 para. 1 lit. b DSGVO (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 lit. f DSGVO). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a DSGVO is the legal basis for data processing; consents can be revoked at any time for the future.

Payment methods for our auctions

Payment in advance
Payment in advance is made by bank transfer to our house bank. Our house bank is
Südwestbank AG
Rotebühlstr. 125
70178 Stuttgart

Payment via PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full. Details can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Payment methods when buying in our online shop

Payment in advance Payment in advance is made by bank transfer to our house bank. Our house bank is
Südwestbank AG
Rotebühlstr. 125
70178 Stuttgart

PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full. Details can be found in PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Sofortüberweisung (Sofort GmbH via Klarna)
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter "Sofort GmbH"). With the help of the "Sofortüberweisung" procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfil our obligations. If you have opted for the "Sofortüberweisung" payment method, you transmit the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, it also automatically checks your turnover, the credit line of the overdraft facility and the existence of other accounts and their balances. In addition to the PIN and the TAN, the payment data you have entered as well as your personal data are transmitted to Sofort GmbH. Your personal data includes your first and last name, address, telephone number(s), e-mail address, IP address and, if applicable, other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent fraud attempts. For details on payment with Sofortüberweisung, please see the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

Giropay
The provider of this payment service is paydirekt GmbH, Stephanstraße 14 - 16, 60313 Frankfurt am Main (hereinafter "giropay"). For details, please refer to the giropay privacy policy: https://www.paydirekt.de/agb/index.html.

Alipay
The provider of this payment service is Alipay (Europe) Limited S.A., 9, rue du Laboratoire, L-1911, Luxembourg, Luxembourg. Alipay (Europe) Limited S.A. is a subsidiary of Ant Financial Headquarters, Z Space, No. 556 Xixi Road, Hangzhou, China. We would like to point out that Alipay processes personal data outside the European Union on the basis of Art. 49 para. 1 lit. b DSGVO. Information on the data protection of Alipay Europe can be found in several languages here https://global.alipay.com/docs/ac/Platform/hi1wau and at https://render.alipay.com/p/f/agreementpages/alipayglobalprivacypolicy.html.

Credit card payment with American Express
The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter "American Express"). American Express may transmit data to its parent company in the USA. The data transfer to the USA is based on the Binding Corporate Rules. Details can be found here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/. For further information, please refer to the American Express privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

Credit card payment with Mastercard
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter "Mastercard"). Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.htmlhttps://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

Credit card payment with VISA
The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter "VISA"). The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection equivalent to the level of data protection in the European Union. VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html. For more information, please see VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Purchase on account and hire purchase via Unzer

We handle the payment methods

  • Purchase on account
  • Instalment purchase
  • Sepa direct debit
via Unzer E-Com GmbH (Unzer E-Com GmbH, Vangerowstraße 18, 69115 Heidelberg).

Your data will be passed on to the payment service provider Unzer in accordance with Art. 6 Para. 1 lit. b DSGVO for the purpose of payment processing. To ensure creditworthiness, Unzer carries out a credit check; this is done to protect our legitimate interests in the solvency of our customers and to prevent payment defaults (Art. 6 para. 1 lit. f DSGVO). Details on data protection law and information on credit checks for payment by invoice and hire purchase via Unzer can be found at https://payment.payolution.com/payolution-payment/infoport/dataprivacydeclaration?&mId=RVBQTEkgYW0gTWFya3QgQXVrdGlvbnNoYXVzIOKAkyBKdXdlbGllciBlLksu. Further information on data protection law regarding Unzer can be found at Detailed information on data collection and the processing of user data by Unzer can be found in the data protection declarations: https: //www.unzer.com/de/datenschutz/.

Data transfer to debt collection companies
In order to fulfil the contract in accordance with Art. 6 Para. 1 lit. b DSGVO, we pass on your data to a commissioned collection agency if our payment claim has not been settled despite a previous reminder. In this case, the debt is collected directly by the collection agency. Furthermore, the transfer serves to protect our legitimate interests in an effective assertion or enforcement of our payment claim in accordance with Art. 6 Para. 1 lit. f DSGVO.

13. direct marketing and e-mail newsletters

Direct marketing to existing customers in a legitimate interest

We reserve the right to use the data collected on the occasion of a purchase contract or service contract, if necessary, for direct advertising by e-mail or post in accordance with Section 7 (3) of the German Unfair Competition Act (UWG) if the customer does not object or has not objected to this use.

The direct advertising exclusively comprises offers for similar products or services as the products or services already purchased by the user from us. We have a legitimate, economic interest (Art. 6 para. 1 lit. f DSGVO) in informing our customers about new products and improving our services.

We use your data for up to three years after the last legal transaction for direct marketing purposes in the legitimate interest.

Of course, you can object toreceiving direct advertising by e-mail at any time. Address your objection to the above-mentioned responsible office.

Subscribe to our newsletter

You have the option to give us your consent to receive direct marketing content. If you give your consent (Art. 6 para. 1 lit. a DSGVO), for example, to receive our email newsletter, we will process your data for direct marketing measures by email for a specific purpose.

As we are obliged to check the correctness of your e-mail address provided as part of the newsletter registration and want to ensure that it is correct, we use procedures that allow us to check the ownership of the e-mail address. As a rule, this verification is carried out by means of the double opt-in procedure; after registration, you will receive an e-mail with a link that you must click to confirm. If, due to temporary technical causes, the double opt-in procedure is not available, we will send you an email to which you can reply without text to confirm your identity.

You can revoke your consent at any time with effect for the future. To do so, you will find an "unsubscribe" link in every newsletter. Alternatively, you can send us an email with the subject "Unsubscribe from newsletter". We will process your data until you revoke your consent. Legal retention periods remain unaffected.

After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

Use of Auctio Novo for newsletter distribution

This website uses a tool from Bidpath GmbH for sending newsletters. The provider is Bidpath GmbH, Theresienstraße 19, 01097 Dresden (Germany).

The Bidpath tool is used to organise and analyse our newsletter dispatch. The data you enter for the purpose of receiving the newsletter is stored on the servers of Bidpath GmbH in Germany.

If you do not want any analysis by our tool, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe directly on the website.

Data analysis through Bidpath
With the help of Bidpath, we are able to analyse our newsletter campaigns. Among other things, we can see whether a newsletter message has been opened and which links, if any, have been clicked. In this way, we can determine, among other things, which links were clicked on particularly often. Bidpath also allows us to subdivide the newsletter recipients according to different recipient categories (e.g. place of residence). In this way, the newsletters can be better adapted to the respective target groups.

Legal basis
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage period
The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Bidpath after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the members' area) remain unaffected by this.

Conclusion of a contract for commissioned data processing
We have concluded a contract with AucioNovo in which we oblige Bidpath to protect the data of our customers and not to pass them on to third parties. Information on data protection at Bidpath den can be found in the following link: https://.de/datenschutzerklaerung/.

14 Analysis, tracking and advertising

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager collects your IP address, which may also be transmitted to Google's parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on his website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data may be summarised by Google in a profile that is assigned to the respective user or their end device.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisation
We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Order processing
We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Storage duration
Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=en

Google Ads
The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing, for example, which search terms have led to the display of our advertisements and how many advertisements have led to corresponding clicks. The use of Google Ads is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in marketing its service products as effectively as possible. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognise whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of Google conversion tracking is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

You can find more information on Google conversion tracking in Google's privacy policy: https://policies.google.com/privacy?hl=en.

15 Trusted Shops ratings and integration of the trust badge

Rating reminder by Trusted Shops
If you have given us your express consent to do so during or after your order in accordance with Art. 6 (1) p. 1 lit. a DSGVO, we will transmit your e-mail address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www.trustedshops.de) so that they can send you a rating reminder by e-mail.

This consent can be revoked at any time by sending a message to the contact option described below or directly to Trusted Shops.

Integration of the Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and to offer Trusted Shops products to buyers after they have placed an order.

This serves to protect our legitimate interests in optimal marketing by enabling secure shopping in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO, which prevail in the context of a balancing of interests. The trust badge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided by a CDN provider (Content Delivery Network) within the framework of order processing. Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured. Further information on the data protection of Trusted Shops GmbH can be found here: https://www.trustedshops.de/impressum/#datenschutz

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of the call-up, amount of data transferred and the requesting provider (access data) and documents the call-up. Individual access data are stored in a security database for the analysis of security anomalies. The log files are automatically deleted 90 days after creation at the latest.

Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered to use them. The contractual agreement between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you as a buyer are already registered for product use is automatically checked using a neutral parameter, the email address hashed by cryptological one-way function. The e-mail address is converted into this hash value, which cannot be decrypted by Trusted Shops, before it is transmitted. After checking for a match, the parameter is automatically deleted.

This is necessary for the fulfilment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional evaluation services pursuant to Art. 6 (1) sentence 1 lit. f DSGVO. Further details, including the objection, can be found in the Trusted Shops privacy policy linked above and in the Trustbadge.

16. plugins, CDNs and script libraries

YouTube

This website embeds videos from the website YouTube. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

Furthermore, YouTube may store various cookies on your terminal device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Further information on the handling of user data can be found in YouTube's privacy policy at: https://policies.google.com/privacy?hl=en.



Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en.



Heyflow forms

We use the service of Heyflow (Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg) for the implementation of dynamic forms.

The personal data that you provide in these forms, such as

  • E-mail address
  • Name
  • Telephone number
  • Addresses
and other form-specific data are processed by Heyflow on our behalf.

Heyflow uses the Google Cloud Platform for hosting its services, the provider is Google Ireland Limited, Gordon House, Barrow Street Dublin 4. Ireland.

Heyflow only stores all data on our behalf for a short period of time and transfers it to us via interface, we use the service Integromat for the management of form requests and internal distribution.

The use of HeyFlow services is based on our legitimate interests within the meaning of Art. 6 (1) lit. f DSGVO. We have a legitimate interest in the use of dynamic forms that significantly improve the user-friendliness and service quality of our website.

We store requests received by form until the purpose of the processing has been achieved. This may vary depending on the type of form, so we cannot give a definite time limit.

Order processing contract
We have concluded a contract with Heyflow for the processing of personal data on behalf of Heyflow, which processes data strictly in accordance with our instructions.

You can find Heyflow's privacy policy at https://heyflow.app/de/datenschutz.



Integromat

We use the service Integromat, provider is Integromat s.r.o., Novákových 1954/20a, 180 00 Prague 8, Czech Republic (hereinafter "Integromat"). Integromat allows us to link between different web tools and enables us to execute automatic processes.

We use Integromat in particular for the internal management of enquiries received via forms. The legal basis for the use of Integromat is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

Order processing contract
We have concluded a contract with Integromat for the processing of personal data on behalf of Integromat, Integromat processes data strictly in accordance with our instructions.

You can find Integromat's privacy policy at https://www.integromat.com/en/help/privacy-policy.

MirrAR Virtual Try On

We use the MirrAR service for virtual fitting. The provider is Mirrar Innovation Technologies Private Limited, A-6 Mogappair Industrial Estate, Mogappair West, Mogappair East, Chennai, Tamil Nadu 600037, India. We would like to point out that, in terms of data protection law, India is considered a so-called third country without an adequate level of data protection. We have concluded an order processing agreement with the provider based on the EU standard contractual clauses. Further information on data protection at MirrAR can be found at https://www.mirrar.com/privacy.

MirrAR is an augmented reality plugin that allows our users to virtually try on different products. For this purpose, MirrAR needs access to your webcam and projects the respective product on your screen onto the image of your webcam. MirrAR uses cookies and cookie-like technologies for this purpose. In addition to the transmitted image of your webcam, metadata is also transmitted to MirrAR, including information on the browser used, the browser version, information on the end device and operating system, the screen resolution and your IP address. Image data and metadata are not stored by MirrAR and are used solely for the purpose of making the plugin available.

The digital fitting is voluntary and not mandatory for the purchase. On the one hand, the processing of your webcam data is based on Art. 6 para. 1 lit. b DSGVO, the digital fitting represents a pre-contractual measure. Furthermore, MirrAR is only activated if you have given your consent, in particular as part of the consent to the use of cookies and services. Accordingly, we only use MirrAR with your consent, the legal basis being Art. 6 para. 1 lit. a DSGVO. You can adjust your preferences for the use of cookies at any time by accessing the cookie settings again.

17 Our Social Media Presence

Data processing by social networks

We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Twitter, etc. can usually comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal grounds, which are to be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a DSGVO).

Responsible person and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage period

The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

Facebook
We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries. We have entered into a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads. For details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/.

Twitter

We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. You can independently adjust your Twitter data protection settings in your user account. To do so, click on the following link and log in: https://twitter.com/personalization. Details can be found in Twitter's privacy policy: https://twitter.com/de/privacy.

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how they handle your personal data, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875YouTube We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube's privacy policy: https://policies.google.com/privacy?hl=en.

18 Supplementary information for business contacts

Type of data we process from our business contacts and purposes of the processing

We process personal data of our customers that we receive directly in the course of our business relationship. If we have received data from you, we generally only process it for the purposes for which we received or collected it.

As a rule, we process the following categories of data from you:

  • Name, first name
  • Gender / Salutation
  • Company
  • Company address
  • Telecommunications data
  • E-mail address
  • Professional function and/or position
  • Company bank details / other payment details
  • Data on the history of the business relationship

Customer and supplier history
In the course of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts, initiated by you or by one of our employees, further personal data is generated, e.g. information on contact channel, date, occasion and result; (electronic) copies of correspondence as well as possible information on participation in direct marketing measures.

Customer loyalty measures
Within the scope of the legal permissible circumstances, we reserve the right to carry out measures for customer loyalty in accordance with Art. 6 Para. 1 lit. f DSGVO as well as § 7 Para. 3 UWG. You have the right to object at any time, please address this to the above-mentioned responsible office.

Changes of purpose
Data processing for other purposes can only be considered if the necessary legal requirements pursuant to Art. 6 (4) DSGVO are met. In this case, we will of course comply with any information obligations pursuant to Art. 13 (3) DSGVO and Art. 14 (4) DSGVO.

Legal bases according to which we process your data

On the basis of your consent (Art. 6 para. 1 lit. a DSGVO).
We process personal data for one or more specific purposes if you have given us consent to do so. If personal data is processed on the basis of your consent, you have the right to revoke your consent at any time with effect for the future.

Data processing for the performance of contracts (Art. 6 para. 1 lit. b DSGVO)
We process personal data for the performance of contracts. The performance of contracts includes, for example, the conclusion, execution and reversal of a contract. In addition, we process personal data that is required to carry out pre-contractual measures, such as the initiation of a contract, and that is provided at your request.

Data processing due to a legal obligation (Art. 6 para. 1 lit. c DSGVO)
Like any company, we have to comply with retention obligations and other documentation requirements, this may also affect documents containing personal information. Insofar as we process data for these purposes, the processing is based on a legal obligation.

Data processing on the basis of a balance of interests (Art. 6 para. 1 lit. f DSGVO)
If we process data on the basis of a balance of interests, you as the data subject have the right to object to the processing of personal data, taking into account the requirements of Art. 21 DSGVO. Insofar as the specific purpose permits, we process your data pseudonymously or anonymously.

Further legal bases result from the requirements of commercial law and tax law.

Other recipients of your data

Disclosure to processors within the scope of Art. 28 DSGVO
Order processors used by us (Art. 28 DSGVO), in particular in the area of IT services and, for example, printing services, who process your data for us in accordance with instructions. If we commission service providers to fulfil our tasks, we always observe the provisions of data protection law; in particular, data is only passed on after the conclusion of contracts for order processing.

For the execution of a contractual relationship
If it is necessary for the execution of the contract with you, we will pass on your data to banks, for example.

Disclosure due to a legal obligation
If there is a legal or official obligation, we will pass on your data to public bodies or institutions (authorities, for example as part of a criminal prosecution).

Other bodies, insofar as you have given us your consent.
If you have given us explicit consent, we will also pass on your data to other bodies. However, this is done within the limits of your verifiable consent.

General information on deletion periods for personal data

Principle of purpose limitation and compliance with statutory retention periods
We process data as long as this is necessary for the respective purpose. As far as necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract.

In addition, like any company, we are obliged to comply with the statutory retention periods, for example the periods under commercial and tax law. Insofar as statutory retention obligations exist, the personal data in question is stored for the duration of the retention obligation. The storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years. After expiry of the retention obligation, it is checked whether there is a further necessity for the processing. If there is no longer a need, the data is deleted.

Concrete example
If you enter into a legal transaction with us (Art. 6 para. 1 lit b DSGVO), we store your data for ten years until the expiry of the requirements under commercial and tax law. After this period, we check whether we can delete the data and, if necessary, we will delete it.

E-mails and business letters
We archive all our email traffic for ten years. If you write us an email, your data and the entire email content are stored accordingly for 10 years. Most e-mails count as business letters; in addition, e-mails may contain information relevant under tax law. In our opinion, the effort required to check each individual e-mail is not in proportion to the benefit and the interests of the sender that are worthy of protection. Of course, you can ask us to delete your e-mails at any time and we will carry out a case-by-case check and inform you of the result. This may lead to deletion or restriction of processing, depending on the content of the correspondence.

Revocation of your consent
Insofar as we process your data on the basis of your consent (Art. 6 para. 1 lit. a DSGVO), we will delete it after your revocation. Unless there are legitimate interests against complete deletion. For example, we generally retain declarations of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 para. 1 lit. f DSGVO). We only retain consent under restriction of processing in order to be able to defend ourselves in the event of a dispute.

Legal or contractual obligation to provide personal data
The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the required personal data, it will not be possible for us to conclude and fulfil a contract with you.

Transfer to a third country
Your personal data is generally processed by us in data centres in the Federal Republic of Germany, the European Union or secure third countries such as Switzerland.

A transfer to a third country with a non-adequate level of data protection only comes into question if you have given us your consent or we have concluded a contract for commissioned processing in accordance with Art. 28 DSGVO, taking into account appropriate guarantees or other suitable safeguards.