Privacy & data protection

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1

We are pleased that you are visiting our website and thank you for your interest. On the following pages, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2

The controller in charge of data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is BestFans GmbH, Stadthausbrücke 5, 20355 Hamburg, Germany, e-mail: Email address support . The controller in charge of the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3

The controller has designated a data protection officer for this website. He can be reached as follows: Dr. Sebastian Kraska, IITR Datenschutz GmbH, Marienplatz 2, 80331 München, Email address data protection officer , +49(0)8918917360

2) Data collection when visiting our website

2.1

When using our website for information only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

Our visited website
Date and time at the moment of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

Data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.

2.2

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

For the hosting of our website and the presentation of the page content, we use a provider that provides its services itself or through selected subcontractors exclusively on servers within the European Union.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors data and prohibits unauthorized disclosure to third parties.

4) Cookies

5) Contacting Us

5.1 Freshdesk

We use the e-mail ticketing system of the following provider to process customer requests: Freshworks, Inc, 2950 S. Delaware Street, Suite 201, San Mateo, California 94403, USA

If you make contact requests by e-mail via our website, these are stored and organised in the ticketing system to enable chronological processing and to improve the service experience. You can always view the current status of the processing of your request via the individually assigned ticket number.

For the organisation and processing of requests, personal data is collected according to the scope of its provision, but in any case surname, first name and e-mail address, transferred to the provider, stored there and processed.

The legal basis for the processing of this data is our legitimate interest in the efficient design of our customer service, in answering your request as quickly as possible and in optimising our service offer in accordance with Art. 6 (1) point f GDPR.

We have concluded an order processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorised disclosure to third parties.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

5.2 WhatsApp Business

We offer visitors to our website the opportunity to contact us via the WhatsApp news service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called "Business Version" of WhatsApp.

If you contact us via WhatsApp in connection with a specific business transaction (e.g. an order placed), we will store and use the mobile telephone number you use at WhatsApp and - if provided - your first name and surname in accordance with Art. 6 para. 1 lit. b. GDPR to process and answer your request. Based on the same legal basis, we will ask you via WhatsApp to provide further data (order number, customer number, address or e-mail address), if necessary, in order to be able to allocate your enquiry to a specific transaction.

If you use our WhatsApp contact for general enquiries (e.g. about the range of services, availability or our website), we will store and use the mobile phone number you use at WhatsApp and - if provided - your first and last name in accordance with Art. 6 Para. 1 lit. f GDPR based on our justified interest in the efficient and prompt provision of the requested information.

Your data will always be used only to answer your request via WhatsApp. Your data will not be passed on to third parties.

Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transfers telephone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. To operate our WhatsApp Business account, we use a mobile device whose address book saves only the WhatsApp contact data of those users who have also contacted us via WhatsApp.

This ensures that each person whose WhatsApp contact data is stored in our address book has already consented to the transmission of his WhatsApp telephone number from the address books of his chat contacts in accordance with Art. 6 Para. 1 lit. a GDPR when using the app on his device for the first time by accepting the WhatsApp terms of use. The transmission of data of such users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

For the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your rights and setting options for protecting your privacy, please refer to WhatsApp's data protection information:
https://www.whatsapp.com/legal/?eea=1#privacy-policy

In the course of the above-mentioned processing, data may be transferred to servers of Meta Platforms Inc. in the USA.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

5.3

When you contact us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration.

The legal basis for processing data is our legitimate interest in responding to your request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, provided there are no legal storage obligations to the contrary.

6) Commentary Function

When you use the comment function on this website, your comment, the time the comment was made, and the commenter name you chose will be stored and published on this website. Your IP address is also logged and stored. This IP address is stored for security reasons and in case the person concerned violates the rights of third parties or posts illegal content in a comment. We need your email address to contact you in case a third party objects to your published content as illegal.

The legal basis for storing your data is Art. 6 (1) (b) and (f) GDPR. We reserve the right to delete comments if they are reported as illegal by third parties.

7) Data Processing When Opening a Customer Account and for Contract Processing

Pursuant to Art. 6 (1) point b GDPR, personal data will continue to be collected and processed to the extent required in each case if you provide us with this data when opening a customer account. The data required for opening an account can be found in the input mask of the corresponding form on our website. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. After deletion of your customer account, your data will be deleted, provided that all contracts concluded via it have been fully processed, no legal retention periods are opposed and no legitimate interest on our part in the continued storage exists.

8) Use of customer data for direct marketing

8.1 Subscribe to our e-mail newsletter

If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory data for sending the newsletter is your e-mail address. The provision of further data is voluntary and will be used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter once you have expressly confirmed that you consent to receiving newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in future by clicking on an appropriate link.

By activating the confirmation link, you give us your consent for the use of your personal data pursuant to Art. 6 (1) point a GPPR. When you register for the newsletter, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration for the purpose of tracing any possible misuse of your e-mail address at a later date. The data collected by us when you register for the newsletter is used exclusively for the promotional purposes by way of the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data, or we reserve the right to a more extensive use your data which is permitted by law and about which we inform you in this declaration.

You can unsubscribe from the newsletter at any time by clicking on the link provided in the newsletter or by sending a message to the person responsible mentioned above. Once you have unsubscribed, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this statement.

8.2 Shopping cart reminders by email

If you cancel your purchase with us before completing your order, you have the option of receiving a one-time email reminder of the contents of your virtual shopping cart.

The only mandatory information required to send this reminder is your email address. Providing additional data is voluntary and may be used to address you personally. We use the double opt-in procedure for sending emails, which ensures that you will only receive a notification once you have expressly confirmed your consent by clicking on a verification link sent to the email address you provided.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR for the purpose of sending a shopping cart reminder. In doing so, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data collected by us when you register for our email notification service will be used strictly for the specified purpose.

You can unsubscribe from shopping cart reminders at any time by sending a message to the person responsible mentioned above. Once you have unsubscribed, your email address will be immediately deleted from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this, which is permitted by law and about which we inform you in this statement.

8.3.1 Newsletter distribution via MailChimp

Our email newsletters are sent via the technical service provider The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http://www.mailchimp.com/), to whom we pass on the data you provided when registering for the newsletter. This transfer is carried out in accordance with Art. 6 (1) lit. f GDPR and serves our legitimate interest in using an effective, secure, and user-friendly newsletter system. Please note that your data is usually transferred to a MailChimp server in the USA and stored there.

MailChimp uses this information to send and statistically evaluate the newsletters on our behalf. For evaluation purposes, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. With the help of web beacons, Mailchimp automatically generates general, non-personal statistics about the response behavior to newsletter campaigns. Based on our legitimate interest in the statistical evaluation of newsletter campaigns to optimize advertising communication and better target recipient interests, the web beacons also collect and use data from the respective newsletter recipient (email address, time of retrieval, IP address, browser type, and operating system) in accordance with Art. 6 (1) (f) GDPR. This data allows individual conclusions to be drawn about the newsletter recipient and is processed by Mailchimp for the automated creation of statistics that show whether a specific recipient has opened a newsletter message.

If you wish to deactivate data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

MailChimp may also use this data in accordance with Art. 6 (1) (f) GDPR on the basis of its own legitimate interest in the needs-based design and optimization of the service and for market research purposes, for example to determine the countries from which the recipients come. However, MailChimp does not use the data of our newsletter recipients to contact them itself or to pass it on to third parties.

To protect your data in the US, we have entered into a data processing agreement with MailChimp based on the European Commission's standard contractual clauses to enable the transfer of your personal data to MailChimp. If you are interested, this data processing agreement can be viewed at the following Internet address: https://mailchimp.com/legal/data-processing-addendum/

You can view MailChimp's privacy policy here:
https://mailchimp.com/legal/privacy/

8.3.2 Newsletter dispatch via Amazon SES

Our email newsletters are sent via this provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provide when registering for the newsletter to this provider in accordance with Art. 6 (1) lit. f GDPR so that they can send the newsletter on our behalf.

Subject to your express consent in accordance with Art. 6 (1) (a) GDPR, the provider also carries out a statistical evaluation of the success of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure opening rates and specific interactions with the content of the newsletter. In doing so, terminal device information (e.g., time of access, IP address, browser type, and operating system) is also collected and evaluated, but not merged with other data sets. You can revoke your consent to newsletter tracking at any time with effect for the future.

8.4 Sending the email newsletter to existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email. In accordance with Section 7 (3) UWG (German Unfair Competition Act), we do not need to obtain your separate consent for this. Data processing in this regard is based solely on our legitimate interest in personalized direct advertising in accordance with Art. 6 (1) lit. f GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller named at the beginning. You will only incur transmission costs according to the basic rates for this. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.

9) Processing of Data for the Purpose of Order Handling

9.1

Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact data (name, address, e-mail address) provided by you when placing the order in order to inform you personally by suitable means of communication (e.g. by post or e-mail) about upcoming updates within the legally stipulated period of time within the framework of our statutory duty to inform pursuant to Art. 6 Para. 1 lit. c GDPR. Your contact details will be used strictly for the purpose of informing you about updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the respective information.

In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.

9.2

In the case of orders for age-restricted goods, we ensure in accordance with the applicable youth protection law that you have reached the legally required minimum age for the goods in question. For this purpose, we use an age verification procedure with which we can ensure your personal identification (age check) and, if necessary, authentication. For this purpose we use the services:

SOFORT Ident from https://integration.sofort.com/integrationCenter-eng-DE/content/view/full/2867/
Selfie-Ident from https://nect.com/en/
Selfie-Ident from https://www.yoti.com/privacy/
Selfie-Ident “VerifyMyAge” from https://verifymyage.com/

For the purpose of checking the required minimum age, some of your personal data will be transmitted to the above service provider. This data processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interests, which outweigh the interests of the service provider, in ensuring a service that complies with youth protection legislation and also in order to comply with the legal provisions on the protection of minors.

9.3 Use of payment service providers (payment services)

9.3.1 Computop

If you choose to pay by credit card via the payment service provider Computop, payment will be processed by the payment service provider Computop GmbH, Schwarzenbergstr. 4, 96050 Bamberg, to whom we will pass on the information you provided during the ordering process together with the information about your order in accordance with Art. 6 (1) (b) GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider Computop and only to the extent necessary for this purpose. You can find more information about Computop's privacy policy at the following Internet address:
https://computop.com/en/legal-notices/

9.3.2 Shift4

If you choose to pay by credit card via the payment service provider Shift4, payment will be processed via the payment service provider Shift4 Corporate, 3501 Corporate Pkwy Center Valley, PA 18034, USA, to whom we will pass on the information you provided during the ordering process together with the information about your order in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment processing with the payment service provider Shift4 and only to the extent that it is necessary for this purpose. You can find more information about Shift4's privacy policy at the following Internet address:
https://www.shift4.com/privacy-policy

9.3.3 Paysafecard

This website offers one or more online payment methods from the following provider: Prepaid Services Company Limited, Roßstr. 92, D-40476 Düsseldorf, Germany

If you select a payment method from the provider that requires advance payment (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. In this case, your data will be passed on exclusively for the purpose of processing payment with the provider and only to the extent necessary for this purpose.

9.3.4 SOFORT

This website offers one or more online payment methods from the following provider: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany

If you select a payment method from the provider that requires advance payment (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. In this case, your data will only be passed on for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

9.3.5 Epoch

This website offers one or more online payment methods from the following provider: Epoch Payment Solutions 30th Street, 2nd Floor Santa Monica, CA 90405 USA

If you select a payment method from the provider that requires advance payment (such as credit card payment), your payment details provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) (b) GDPR. In this case, your data will be passed on exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

9.4 Credit Check

If we make advance payments (e.g. delivery on account), we reserve the right to carry out a credit check on the basis of mathematical-statistical procedures in order to safeguard our legitimate interest in determining the solvency of our customers. We transmit the personal data required for a creditworthiness check to the following service provider in accordance with Art. 6 (1) point GDPR:

9.4.1 SCHUFA Holding AG

If we make advance payments (e.g. delivery on account), we reserve the right to carry out a credit check on the basis of mathematical-statistical procedures in order to safeguard our legitimate interest in determining the solvency of our customers. We transmit the personal data required for a creditworthiness check to the following service provider in accordance with Art. 6 (1) point GDPR:

SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, these are based on recognized scientifical mathematical-statistical methods. The calculation of the score values includes, but is not limited to, address data. We use the result of the credit assessment regarding the statistical probability of non-payment for a balanced decision on the establishment, implementation or termination of the contractual relationship.

You can object to this processing of your data at any time by sending a message to the data controller or to the aforementioned credit agency. However, we may still be entitled to process your personal data if this is necessary for contractual processing of payments.

9.5

We reserve the right to pass on your data to the debt collection service provider REAL Solution Inkasso GmbH & Co. KG if our payment claim has not been settled despite a previous reminder. In this case, the claim will be collected directly by the debt collection service provider.

The transfer of your data serves the purpose of fulfilling the contract in accordance with Art. 6 (1) (b) GDPR and safeguarding our legitimate interests in the effective assertion or enforcement of our payment claim in accordance with Art. 6 (1) (f) GDPR, which prevail in the context of a balancing of interests.

h3 class="fs-20"> 9.6 Electronic termination option for continuing obligations with consumers

Consumers who have entered into contracts for paid continuing obligations (such as subscription contracts) on this website have the option of terminating these contracts via an electronic button in accordance with the applicable notice periods.

Clicking on the button leads to a confirmation page where the consumer can provide further details about the termination, clearly identify themselves, and then declare their termination electronically.

The collection of personal data and its transmission to us is carried out in accordance with Art. 6 (1) (b) GDPR and only to the extent that it is necessary for the proper processing of the termination. Also on the basis of Art. 6 (1) lit. b GDPR, the personal data provided is used to confirm receipt of the notice of termination and the date of termination electronically in text form. A further legal basis for processing is Art. 6 (1) lit. c GDPR. We are legally obliged to provide an electronic termination option for consumer contracts concluded by means of electronic commerce for continuing obligations subject to a fee.

10) Online Marketing

10.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables analysis of your use of our website. By default, Google Analytics 4 does not use cookies when you visit the website unless you expressly agree to cookies. Instead, information about your usage behavior is collected and processed by means of so-called pings (small data packets sent to the host of a terminal device) . This information also includes your IP address, which is truncated by Google to exclude direct personal references . The information is transmitted to Google servers and further processed there. Transfers to Google LLC, based in the USA, are also possible. Google uses the information collected on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide other services related to website activity and internet usage. The information transmitted by your browser within the scope of Google Analytics and truncated IP addresses are not merged with other Google data. The data collected through the use of Google Analytics 4 is stored for a period of two months and then deleted. Copyright © 2026, IT-Recht-Kanzlei GmbH & Co. KG · Alter Messeplatz 2 · 80339 Munich www.it-recht-kanzlei.de All processing described above, including data transmission via “pings” and the possible setting of Google Analytics cookies, will only take place if you have given us your express consent in accordance with Art. 6 (1) lit. a GDPR. Without your consent, Google Analytics 4 will not be used during your visit to our website. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service using the “Cookie Consent Tool” provided on the website. We have entered into a data processing agreement with Google that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties. Further legal information about Google Analytics 4 can be found at https://business.safety.google/intl/privacy/, https://policies.google.com/privacy?hl=en and at https://policies.google.com/technologies/partner-sites Demographic characteristics Google Analytics 4 uses the special “demographic characteristics” function and can use it to generate statistics that provide information about the age, gender, and interests of site visitors. This is done by analyzing advertising and information from third-party providers. This allows target groups for marketing activities to be identified. However, the data collected cannot be attributed to any specific person and is deleted after being stored for a period of two months. Google Signals As an extension to Google Analytics 4, Google Signals can be used on this website to generate cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google may analyze your usage behavior across devices and create database models, including for cross-device conversions, subject to your consent to the use of Google Analytics in accordance with Art. 6 (1) (a) GDPR. We do not receive any personal data from Google, only statistics. If you wish to stop cross-device analysis, you can disable Disable the “Personalized advertising” feature in your Google Account settings. To do so, follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl= For more information about Google Signals, please visit the following link: https://support.google.com/analytics/answer/7532985?hl=de UserIDs As an extension to Google Analytics 4, the “UserIDs” function can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 (1) (a) GDPR, have set up an account on this website, and have agreed to Copyright © 2026, IT-Recht-Kanzlei GmbH & Co. KG · Alter Messeplatz 2 · 80339 Munich www.it-recht-kanzlei.de you can log in to this account on different devices, your activities, including conversions, can be analyzed across devices. For data transfers to the US, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

11) Web Analysis Services

11.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables analysis of your use of our website.

By default, when you visit the website, Google Analytics sets cookies, which are small text files stored on your device and collect certain information. This information includes your IP address, but Google truncates the last few digits to prevent direct personal identification.

The information is transmitted to Google servers and processed there. This may also involve transfers to Google LLC, which is based in the USA.

Google uses the information collected on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide other services related to website activity and internet usage . The IP address transmitted by your browser as part of Google Analytics and shortened is not merged with other Google data. The data collected as part of the use of Google Analytics 4 is stored for a period of two months and then deleted. /p>

All processing described above, in particular the setting of cookies on the device used, will only take place if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. Without your consent, Google Analytics 4 will not be used during your visit to the website. You can revoke your consent at any time with effect for the future . To exercise your right of revocation, please deactivate this service using the “Cookie Consent Tool” provided on the website.

We have concluded a data processing agreement with Google that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further legal information about Google Analytics 4 can be found at
https://business.safety.google/intl/privacy/,
https://policies.google.com/privacy?hl=en and at
https://policies.google.com/technologies/partner-sites

Demographic characteristics
Google Analytics 4 uses the special “demographic characteristics” function and can use it to generate statistics that provide information about the age, gender, and interests of website visitors. This is done by analyzing advertising and information from third-party providers. This allows target groups for marketing activities to be identified. However, the data collected cannot be attributed to a specific person and is deleted after being stored for a period of two months.

We have concluded a so-called data processing agreement with Google for our use of Google Analytics 4, by which Google is obliged to protect the data of our website users and not to pass it on to third parties.

Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to generate cross-device reports. If you have enabled personalized ads and linked your devices to your Google account, Google may analyze your usage behavior across devices and create database models, including cross-device conversions, subject to your consent to the use of Google Analytics in accordance with Art. 6 (1) (a) GDPR. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can disable the “Personalized Advertising” feature in your Google Account settings. To do so, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en For more information about Google Signals, please visit the following link: https://support.google.com/analytics/answer/7532985?hl=en

UserIDs
As an extension to Google Analytics 4, the “UserIDs” function can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 (1) (a) GDPR, have set up an account on this website, and log in to this account on different devices, your activities, including conversions, can be analyzed across devices.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with European data protection standards.

12) Retargeting/Remarketing/ Referral Advertising

12.1 Google Ads Remarketing

This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

For this purpose, Google places a cookie in the browser of your device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited. Any further data processing only takes place if you have agreed to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalize the ads you see on the web. In this case, if you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To do this, your personal data will be temporarily linked to Google Analytics data by Google in order to form target groups. When using Google Ads remarketing, personal data may also be transferred to the servers of Google LLC. in the USA.

All processing described above, in particular the setting of cookies for reading information on the device used, will only be carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. Without this consent, retargeting technology will not be used during your visit to the website.

You can revoke your consent at any time with future effect. To exercise your right of revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website.

For data transfers to the US, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

Details about the processing initiated by Google and Google's handling of website data can be found here:
https://policies.google.com/technologies/partner-sites

Further information on Google's privacy policy can be found here:
https://business.safety.google/intl/privacy/ and https://www.google.de/policies/privacy/

13) Site Functionalities

13.1 Facebook Connect

On our website, we provide a single sign-on function from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

In addition to transferring data to the above-mentioned provider location, data may also be transferred to: Google LLC, USA

If you have an account with the provider, you can use this account data to create a user account or to register on our website.

When you visit this page, a direct connection between your browser and the provider's servers can be established via this login function, even if you do not have an account with the provider or are not logged in to one. The provider thereby receives the information that you have visited our site. The information collected in this respect (including your IP address, if applicable) is transmitted by your browser directly to a server of the provider and stored there. However, the information is not used to identify you personally and is not passed on to third parties.

These data processing operations are carried out in accordance with Art. 6 (1) point f GDPR based on our legitimate interest in a user-friendly and interactive design of our online presence.

If you click on the registration button to register with your account data by logging into the provider's website, the provider will transmit the general and publicly accessible information stored in your account (user ID, name, address, e-mail address, age, and gender) to us based on your express consent pursuant to Art. 6 (1) point a GDPR.

We store and use the data transmitted by the provider to set up a user account containing the necessary data (title, first name, surname, address data, country, email address, date of birth), if you have released that data to the provider. Conversely, data (e.g., information about your surfing or purchasing behavior) may be transferred from us to your account held with the provider based on your consent.

The consent given can be revoked at any time with effect for the future vis-à-vis us.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

13.2 Google Sign-In

On our website we provide a single sign-on function offered by the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 ESW5, Ireland

In addition to the transfer of data to the above-mentioned provider location, data may also be transferred to: Google LLC, USA

If you have an account with the provider, you can use this account data to create a user account or to register on our website.

When you visit this page, a direct connection between your browser and the provider's servers can be established via this login function, even if you do not have an account with the provider or are not logged in to one. The provider thereby receives the information that you have visited our site. The information collected in this respect (including your IP address, if applicable) is transmitted by your browser directly to a server of the provider and stored there. However, the information is not used to identify you personally and is not passed on to third parties.

These data processing operations are carried out in accordance with Art. 6 (1) point f GDPR based on our legitimate interest in a user-friendly and interactive design of our online presence.

If you click on the registration button to register with your account data by logging into the provider's website, the provider will transmit the general and publicly accessible information stored in your account (user ID, name, address, e-mail address, age, and gender) to us based on your express consent pursuant to Art. 6 (1) point a GDPR.

We store and use the data transmitted by the provider to set up a user account containing the necessary data (title, first name, surname, address data, country, email address, date of birth), if you have released that data to the provider. Conversely, data (e.g., information about your surfing or purchasing behavior) may be transferred from us to your account held with the provider based on your consent.

The consent given can be revoked at any time with effect for the future vis-à-vis us.

Further information on Google's privacy standards can be found here:
https://business.safety.google/privacy/

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

13.3 FontAwesome

This site uses so-called web fonts from the following provider to display fonts in a uniform manner: Fonticons, Inc, 710 Blackhorn Dr, Carl Junction, 64834, MO, USA

For this purpose, the browser you are using must connect to FontAwesome's servers. This may also result in personal data being transmitted to FontAwesome's servers in the USA. In this way, FontAwesome becomes aware that our website has been accessed via your IP address. The processing of personal data in the course of establishing a connection with the font provider will only be carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by deactivating this service in the “Cookie Consent Tool” provided on the website. If your browser does not support web fonts, a standard font from your computer will be used.

For more information about FontAwesome, visit: https://fontawesome.com/privacy

13.4 Google Web Fonts

This site uses web fonts from the following provider to ensure uniform font display: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

When you visit a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly and establishes a direct connection to the provider's servers. In doing so, certain browser information, including your IP address, is transmitted to the provider.

Data may also be transferred to: Google LLC, USA

The processing of personal data in the course of establishing a connection with the font provider will only be carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by deactivating this service via the “Cookie Consent Tool” provided on the website. If your browser does not support web fonts, a standard font from your computer will be used.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

Further information on Google's privacy standards can be found here:
https://business.safety.google/privacy/

13.5 Google reCAPTCHA

On this website, we use the CAPTCHA service of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transmitted to: Google LLC, USA. For the visual design of the CAPTCHA window, the provider uses "Google Fonts", i.e., fonts loaded from the Internet by Google. No further information is processed except that mentioned above, which is already transmitted to Google via the functionality of ReCaptcha.

The service checks whether an input is made by a natural person or abusively by machine and automated processing with the aim of blocking spam, DDoS attacks and similar automated malicious attacks. To ensure whether an action is performed by a human being and not by an automated bot, the provider collects the IP address of the end device used, the recognition data of the browser, the operating system type and the date and duration of the visit and transmits these data to the provider's servers to be evaluated.

This process is based on our legitimate interest in determining individual responsibility when using the Internet and in preventing abuse and spam in accordance with Art. 6 Para. 1 lit. f GDPR.

We have concluded an order processing contract with the provider, ensuring the protection of our site visitors' data and prohibiting unauthorized disclosure to third parties.

For data transfers to the USA, the provider participates in the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

Further information on Google's privacy standards can be found here:
https://business.safety.google/privacy/

14) Tools and Miscellaneous

14.1 Cookie-Consent-Tool

This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "cookie consent tool" is displayed to users in the form of an interactive user interface when they access the page, on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate box.

Using the tool, all cookies/services requiring consent are only loaded if the respective user provides the corresponding consent by ticking the corresponding box. This ensures that such cookies are only set on the respective end device of the user if consent has been granted.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) point GDPR based on our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

Further legal basis for the processing is Art. 6 (1) point c GDPR. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

15) Rights of the Data Subject

15.1

The applicable data protection law grants you the following comprehensive rights of data subjects (rights of information and intervention) vis-à-vis the data controller with regard to the processing of your personal data:

Right of access by the data subject pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to be informed pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw a given consent pursuant to Art. 7 (3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

15.2 RIGHT TO OBJECT

IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA WHICH ARE USED FOR DIRECT MARKETING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

16) Duration of Storage of Personal Data

The duration of the storage of personal data is based on the respective legal basis, the purpose of processing and - if relevant – on the respective legal retention period (e.g. commercial and tax retention periods).

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and, if relevant, additionally by the respective statutory retention period (e.g., commercial and tax law retention periods).

When processing personal data on the basis of express consent in accordance with Art. 6 (1) (a) GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data that is processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 (1) lit. b GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfillment or initiation of a contract and/or we no longer have a legitimate interest in its continued storage.

When processing personal data on the basis of Art. 6 (1) lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 (1) lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 (2) GDPR.

Unless otherwise specified in the other information in this statement on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.