Privacy Policy

Data Protection at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Data Collection on This Website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. The operator's contact details can be found in the section "Note on the Responsible Body" in this privacy policy.

How do we collect your data?

Your data is collected firstly by you providing it to us. This may, for example, be data that you enter in a contact form.

Other data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g., internet browser, operating system, or time of the page view). The collection of this data occurs automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time regarding this and other questions on the subject of data protection.

Analysis Tools and Tools from Third Parties

When visiting this website, your surfing behavior may be statistically evaluated. This is done primarily with so-called analysis programs.

Detailed information on these analysis programs can be found in the following privacy policy.

Hosting

We host the content of our website with the following provider:

Shopify

Provider is Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify").

Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address as well as information about the device and browser you use. Shopify also analyzes visitor numbers, visitor sources, and customer behavior and creates user statistics. If you make a purchase on our website, Shopify also collects your name, email address, delivery and billing addresses, payment data, and other data related to the purchase (e.g., phone number, amount of sales, etc.). For analysis, Shopify stores cookies in your browser.

Details can be found in Shopify's privacy policy: https://www.shopify.com/legal/privacy.

The use of Shopify is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

General Notes and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We point out that data transmission on the Internet (e.g., when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.

Note on the Responsible Body

The responsible body for data processing on this website is:

METARMAP Torben Ukena Alte Dorfstraße 44A 07751 Jena Email: hi@metarmap.eu

The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period is stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons cease to apply.

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed according to Art. 9(1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information in your terminal device (e.g., via device fingerprinting), data processing is also based on § 25(1) TTDSG. Consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing may also be based on our legitimate interest according to Art. 6(1)(f) GDPR. The relevant legal bases in each individual case are explained in this privacy policy.

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA, INCLUDING PROFILING BASED ON THOSE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have a right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

Information, Deletion, and Correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient, and the purpose of data processing and, if applicable, a right to correction or deletion of this data. For this purpose and for further questions on the subject of personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the review, you have the right to request the restriction of the processing of your personal data. If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion. If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion. If you have lodged an objection pursuant to Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data may – apart from their storage – only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Data Collection on This Website

Cookies

Our internet pages use so-called "cookies." Cookies are small text files and do not harm your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or automatic deletion by your web browser occurs.

Cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g., cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or displaying videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are required to carry out the electronic communication process, to provide certain functions you have requested (e.g., for the shopping cart function), or to optimize the website (e.g., cookies to measure the web audience) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

If cookies from third-party companies or for analysis purposes are used, we will inform you about this separately within the framework of this privacy policy and, if necessary, request your consent.

Cloudflare

We use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 München Deutschland (Cloudflare), to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6(1)(f) GDPR). A CDN is a network of servers worldwide that is capable of delivering optimized content to website users. For this purpose, personal data can be processed in server logs by Cloudflare.

Cloudflare is a recipient of your personal data and acts as a processor on our behalf. This corresponds to our legitimate interest in Art. 6(1) S. 1 lit. f GDPR, i.e., not operating a Content Delivery Network itself.

Through Cloudflare, content can be loaded faster and attacks can be prevented more easily. Bots and automated queries can also be detected without CAPTCHA.

You have the right to object to the processing. Whether the objection is successful is to be determined in the context of an interest balancing.

The processing of the data specified under this section is neither statutory nor contractual. The functionality of the website cannot be guaranteed without processing.

Your personal data are stored by Cloudflare as long as it is required for the purposes described.

Further information on objections and elimination options against Cloudflare can be found under: Cloudflare DPA

Cloudflare has implemented compliance measures for international data transfers. These apply to all worldwide activities in which Cloudflare processes personal data of natural persons in the EU. These measures are based on the EU standard contractual clauses (SCCs). Further information can be found under: https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf

Mapbox GL JS

On our website, we use the Mapbox API of the American software company Mapbox Inc., 740 15th Street NW, 5th Floor, District of Columbia 20005, USA. Mapbox is an online map tool (Open-Source-Mapping) that is accessed via an interface (API). Through the use of this tool, your IP address is forwarded and stored to Mapbox.

The collected data are stored and processed on American servers of the company Mapbox. Your IP address is kept for 30 days for security reasons and then deleted. Randomly generated IDs (no personal data) that analyze the use of the APIs will be deleted after 36 months.

Cloudinary

We use the Cloud service Cloudinary for our website. The service provider is the American company Cloudinary Inc., 3400 Central Expressway, Suite 110 Santa Clara, CA 95051, USA. Cloudinary is used by us exclusively for the provision of web fonts.

Cloudinary processes data from you, among other things, also in the USA. We point out that, according to the opinion of the European Court of Justice, no adequate level of protection currently exists for data transfer to the USA. This can be associated with various risks for the legality and security of data processing.

As a basis for data processing by recipients with a seat in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., primarily in the USA) or a data transfer thereto, Cloudinary uses so-called standard contractual clauses (= Art. 46. Abs. 2 and 3 DSGVO). Standard contractual clauses (Standard Contractual Clauses – SCC) are templates provided by the European Commission and are intended to ensure that your data also comply with European data protection standards even if they are transferred and stored in third countries (e.g., in the USA). Through these clauses, Cloudinary is committed to complying with the European data protection level when processing your relevant data, even if the data are stored, processed, and managed in the USA. These clauses are based on a Commission Implementing Decision. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

More information on standard contractual clauses with Cloudinary can be found under https://cloudinary-res.cloudinary.com/image/upload/Cloudinary-Customer-Data-Processing-Addendum-DPA-November-2020.pdf

More information about the data processed by the use of Cloudinary can be found in the Privacy Policy on https://cloudinary.com/privacy

Google Tag Manager

We use the service called Google Tag Manager from Google. "Google" is a group of companies and consists of Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland, as well as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and other affiliated companies of Google LLC.

We have concluded a data processing agreement with Google. The Google Tag Manager is a support service and processes personal data only for technically necessary purposes. The Google Tag Manager ensures the loading of other components, which in turn may collect data. The Google Tag Manager does not access these data. Further information on the Google Tag Manager can be found in the privacy policy of Google.

Please note that American authorities, such as intelligence services, may potentially gain access to personal data that are unavoidably exchanged with Google when this service is integrated, due to the Internet Protocol (TCP).

reCAPTCHA

To protect input forms on our website, we use the service "reCAPTCHA" of the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereafter "Google". Through the use of this service, it can be distinguished whether an input form is human or machine-driven.

The legal basis for the use of Google DoubleClick is your consent pursuant to Art. 6(1). S. 1 lit. a DS-GVO, provided that you have given us this consent when you first accessed the page.

Since no adequacy decision of the European Commission exists for the transmission of personal data to the USA, we have concluded standard data protection clauses in the sense of Art. 46(2)(c) DSGVO with Google.

The functionality is implemented by transmitting your referrer URL, IP address, the behavior of website visitors, information about the operating system, browser, and session duration, cookies, presentation instructions, scripts, information about the user's input behavior, and mouse movements in the area of the "reCAPTCHA" checkbox to "Google".

Google uses the information obtained in this way, among other things, for digitalization and optimization of its own various services.

The IP address transmitted in the context of "reCAPTCHA" is not merged with other data from Google unless you are logged into your Google account at the time of using the "reCAPTCHA" plugin / i.e., at the time of visiting our website. If you want to prevent this transmission and storage of data by "Google" about you and your behavior on our website, you must log out of "Google" before accessing our page.

The terms of use of the service "reCAPTCHA" can be found here: https://www.google.com/intl/de/policies/privacy/.

Ajax-GoogleApis

On our internet pages, we use the Javascript library jQuery of the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View (hereinafter "Google").

To increase the loading speed of our website and to enable you a better user experience, we use the CDN (content delivery network) of Google to load this library. The probability is very high that you have already used jQuery from the Google CDN on another page. In this case, your browser can fall back to the cached copy and it does not have to be downloaded again.

If your browser does not have a copy in the cache or for other reasons the file from the Google CDN cannot be downloaded, then again data from your browser are transmitted to Google Inc. (“Google”).

The legal basis for the use of Ajax-GoogleApis is your consent pursuant to Art. 6(1). S. 1 lit. a DS-GVO, provided that you have given us this consent when you first accessed the page.

Since no adequacy decision of the European Commission exists for the transmission of personal data to the USA, we have concluded standard data protection clauses in the sense of Art. 46(2)(c) DSGVO with Google.

Further information on the data processing by Google can be found in the privacy policy of Google, currently available under: https://www.google.de/intl/de/policies/privacy/.

You can prevent the collection and processing of your data by Google-Apis by deactivating script execution in your browser or by installing a script blocker in your browser (you can find it, for example, under www.noscript.net or www.ghostery.com).

Google Web Fonts

On this website, we use the service of "Google Fonts", operated by the Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or, if you are in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

This allows us to load external fonts in your browser and thus achieve a uniform display of our website in all browsers and on all devices. Through the visit to the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the

  • IP address,
  • Date and time of the request,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Content of the request (specific page),
  • Access status/HTTP status code,
  • Data volume transferred,
  • Website from which the request originates (so-called referrer),
  • Browser type and language version used, as well as
  • Operating system type and user interface
    are transmitted directly to a server of Google. Google does not store these data according to its own data and uses them only to deliver the requested fonts and to detect and, if necessary, prevent attacks on the IT system.

These data processing operations are carried out in accordance with Art. 6(1) S. 1 lit. f GDPR on the basis of our legitimate interest. In our case, this legitimate interest lies in a uniform presentation of our website. In Google's case, this legitimate interest lies in detecting and preventing attacks on its own infrastructure and thus ensuring the functionality of its own information technology system.

Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the privacy policies of the providers. There you will also find further information about your rights and settings for protecting your privacy: http://www.google.de/intl/de/policies/privacy.

Since no adequacy decision of the European Commission exists for the transmission of personal data to the USA, we have concluded standard data protection clauses in the sense of Art. 46(2)(c) DSGVO with Google.

Facebook Custom Audiences

We use Facebook Custom Audiences on our website, a server-side event tracking tool. The service provider is the American company Meta Platforms Inc. For the European market, the company Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible.

Facebook processes data from you, among other things, also in the USA. Facebook or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information on this can be found on https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Furthermore, Facebook uses so-called standard contractual clauses (= Art. 46. Abs. 2 and 3 DSGVO). Standard contractual clauses (Standard Contractual Clauses – SCC) are templates provided by the European Commission and are intended to ensure that your data also comply with European data protection standards even if they are transferred and stored in third countries (e.g., in the USA). Through the EU-US Data Privacy Framework and the standard contractual clauses, Facebook is committed to complying with the European data protection level when processing your relevant data, even if the data are stored, processed, and managed in the USA. These clauses are based on a Commission Implementing Decision. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing conditions, which refer to the standard contractual clauses, can be found under https://www.facebook.com/legal/terms/dataprocessing

More information about the data processed by the use of Facebook Custom Audiences can be found in the Privacy Policy on https://www.facebook.com/about/privacy

Google Analytics

We use Google Analytics to analyze website usage. The data obtained from this is used to optimize our website and advertising measures.

Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the data for website usage in our order and is contractually obliged to take measures to ensure the security and confidentiality of the processed data.

During your website visit, the following data are recorded:

  • Accessed pages
  • Orders including the turnover and the ordered products
  • The achievement of "website goals" (e.g., contact inquiries and newsletter registrations)
  • Your behavior on the pages (e.g., session duration, clicks, scroll behavior)
  • Your approximate location (country and city)
  • Your IP address (in shortened form, so that no unique identification is possible)
  • Technical information such as browser, internet provider, device, and screen resolution
  • Source of your visit (i.e., via which website or via which advertising medium you came to us)

Personal data such as name, address, or contact details are never transmitted to Google Analytics.

These data are transmitted to servers in the USA. We point out that in the USA, data protection law does not guarantee the same level of protection as within the EU.

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID, with which you can be recognized on future website visits.

The recorded data are stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. These user-related data are automatically deleted after 14 months. Other data remain in aggregated form indefinitely.

If you do not agree to the collection, you can prevent this by installing the browser add-on for deactivation of Google Analytics once or by rejecting the cookies via our cookie settings dialog.

Meta Pixel

We use the Facebook Pixel on our website. For this, we have implemented a code on our website. The Facebook Pixel is a snippet of JavaScript code that loads a collection of functions, with which Facebook can track your user actions, if you have come to our website via Facebook Ads. If, for example, you purchase a product on our website, the Facebook Pixel is triggered and stores your actions on our website in one or more cookies. These cookies enable Facebook to match your user data (customer data such as IP address, user ID) with your Facebook account data. Then Facebook deletes these data again. The data collected are anonymous for us and not accessible and are only usable for advertising purposes within the framework of advertising measures. If you are a Facebook user and logged in, the visit to our website is automatically linked to your Facebook user account.

We want to show our services/products only to those people who are also genuinely interested in them. With the help of Facebook Pixel, our advertising measures can be better tailored to your wishes and interests. So Facebook users (if they have allowed personalized advertising) see appropriate advertising. Furthermore, Facebook uses the collected data for analysis purposes and its own advertising measures.

In the following, we show you those cookies that were set when the Facebook Pixel was integrated on a test page. Please note that these are only example cookies. Depending on the interaction on our website, different cookies are set.

Name: _fbp Value: fb.1.1568287647279.257405483-6331695570586-7 Purpose of use: This cookie is used by Facebook to display advertising products. Expiration date: after 3 months

Name: fr Value: 0aPf312HOS5Pboo2r..Bdeiuf…1.0.Bdeiuf. Purpose of use: This cookie is used to ensure that the Facebook Pixel works correctly. Expiration date: after 3 months

Name: comment_author_50ae8267e2bdf1253ec1a5769f48e062331695570586-3 Value: Name of the author Purpose of use: This cookie stores the text and the name of a user who, for example, leaves a comment. Expiration date: after 12 months

Name: comment_author_url_50ae8267e2bdf1253ec1a5769f48e062 Value: https%3A%2F%2Fwww.testseite…%2F (URL of the author) Purpose of use: This cookie stores the URL of the website from which the user enters a text field on our website. Expiration date: after 12 months

Name: comment_author_email_50ae8267e2bdf1253ec1a5769f48e062 Value: Email address of the author Purpose of use: This cookie stores the email address of the user, if he has provided it on the website. Expiration date: after 12 months

Note: The above cookies relate to an individual user's behavior. Specifically with regard to the use of cookies, changes at Facebook can never be excluded.

If you are logged in to Facebook, you can change your advertising settings under https://www.facebook.com/adpreferences/advertisers/ yourself. If you are not a Facebook user, you can generally manage your usage-based online advertising on https://www.youronlinechoices.com/de/praferenzmanagement/ and thereby deactivate providers. There you have the option to deactivate providers or to activate them.

Use of Payment Service Providers (Payment Services)

Apple Pay

If you choose the payment method "Apple Pay" of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your iOS, watchOS, or macOS-operated device by charging a payment card registered with "Apple Pay". Apple Pay uses security functions that are integrated into the hardware and software of your device to protect your transactions. For this reason, the input of a previously specified code as well as the verification via the "Face ID" or "Touch ID" – function of your device is required.

The information you provided during the order process is transmitted to Apple in encrypted form together with the information about your order. Apple encrypts these data again with a developer-specific key before the data are transmitted to the payment service provider of the payment card registered with "Apple Pay" for the purpose of payment. The encryption ensures that only the website from which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number as well as a transaction-specific, dynamic security code to the originating website for confirmation of the payment result.

If personal data are processed in the context of these transmissions, processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR.

Apple maintains anonymized transaction data, including the approximate purchase amount, the approximate date and time, as well as the indication of whether the transaction was successful. By anonymization, a person reference is completely excluded. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase that you made via Safari on your Mac, the Mac and the authorization device communicate over an encrypted channel to the Apple servers. Apple does not process or store any of these information in a format that can identify your person. You can disable the possibility of using Apple Pay on your Mac in the settings of your iPhone. Go to "Wallet & Apple Pay", and deactivate "Allow payments on Mac".

Further information on data protection with Apple Pay can be found at the following Internet address: https://support.apple.com/de-de/HT203027

Google Pay

If you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment processing is carried out via the "Google Pay" application of your mobile device with at least Android 4.4 (“KitKat”) operated and equipped with an NFC function by charging a payment card registered with Google Pay or a verified payment system (e.g., PayPal). For the release of a payment in an amount of more than 25,- €, the prior unlocking of your mobile device by the respective set verification measures (e.g., face recognition, password, fingerprint, pattern) is required.

The information you provided during the order process is transmitted to Google together with the information about your order. Google then transmits your payment information registered with Google Pay in the form of a once-issued transaction number to the originating website, with which a successful payment can be verified. This transaction number does not contain any information about the actual payment data of your payment card registered with Google Pay, but is created as a one-time valid numerical token and transmitted. In all transactions via Google Pay, Google acts only as an intermediary for the settlement of the payment process. The execution of the transaction takes place exclusively in the relationship between the user and the originating website by charging the payment card registered with Google Pay.

If personal data are processed in the context of these transmissions, processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6(1)(b) GDPR.

Google reserves the right to collect certain specific transaction-specific information, to store and evaluate it, for example, date, time, and transaction amount, merchant location and description, a description of the goods or services provided by the merchant, photos attached to the transaction, the name and email address of the seller and buyer or sender and receiver, the payment method used, your description for the reason of the transaction, as well as the offer associated with the transaction.

According to Google, this processing is carried out exclusively on the basis of Art. 6(1)(f) GDPR on the basis of our legitimate interest in correct invoicing, verification of transaction data, and optimization and maintenance of the Google Pay service.

Google reserves the right to merge the processed transaction data with other information collected by Google when using other Google services.

The terms of use of Google Pay can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on data protection with Google Pay can be found at the following Internet address:

https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

Klarna

When selecting a Klarna payment service, the payment processing is carried out via the Klarna Bank AB (publ) (https://www.klarna.com/de), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna"). To enable the payment processing, your personal data (first and last name, street, house number, postal code, city, gender, email address, telephone number, and IP address) as well as data related to the order (e.g., invoice amount, article, delivery method) are transmitted to Klarna for the purpose of identity and creditworthiness check, provided that you have expressly consented to this in accordance with Art. 6(1)(a) GDPR within the order process. To which authorities your data are forwarded can be seen here:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The creditworthiness report may contain probability values (so-called score values). If score values are included in the creditworthiness report, they have their basis in a scientifically recognized mathematical-statistical method. The score values are calculated, among other things, but not exclusively, from address data. The information obtained about the statistical probability of a payment default is used by Klarna for a balanced decision regarding the justification, execution, or termination of the contractual relationship.

You can revoke your consent at any time by sending a message to the data protection officer or to Klarna. However, Klarna may still be entitled to process your personal data if this is required for the proper execution of the contractual relationship.

Your person data are processed in accordance with the applicable data protection regulations and in accordance with the information in Klarna's data protection regulations for persons with a seat in Germany https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

or for persons with a seat in Austria https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy treated.

Paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered - "Invoice on account" or "Installment payment" via PayPal, we provide your payment data in the context of payment processing to the PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The transmission is carried out in accordance with Art. 6(1)(b) GDPR and only to the extent that this is required for payment processing.

PayPal reserves the right for credit card via PayPal, direct debit via PayPal or – if offered - "Invoice on account" or "Installment payment" via PayPal to carry out a creditworthiness check. For this purpose, your payment data may be transmitted in accordance with Art. 6(1)(f) GDPR on the basis of PayPal's legitimate interest in ascertaining your payment ability to authorities. The result of the creditworthiness check regarding the statistical probability of a payment default is used by PayPal for the purpose of deciding whether to provide the respective payment method. The creditworthiness report may contain probability values (so-called score values). If score values are included in the creditworthiness report, they have their basis in a scientifically recognized mathematical-statistical method. The score values are calculated, among other things, but not exclusively, from address data. Further data protection information, including the authorities used, can be found in the privacy policy of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is required for the proper execution of the contractual relationship.

Shopify Payments

We use the payment service provider "Shopify Payments", 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered by the payment service provider Shopify Payments, the payment processing is carried out via the technical service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we transmit the information you provided during the order process together with the information about your order (name, address, account number, bank code, optionally credit card number, invoice amount, currency, transaction number) in accordance with Art. 6(1)(b) GDPR. The transmission of your data is carried out exclusively for the purpose of payment processing with the Stripe Payments Europe Ltd. and only to the extent that this is required. Further information on data protection with Shopify Payments can be found at the following Internet address: https://www.shopify.com/legal/privacy.

Data protection information for Stripe Payments Europe Ltd. can be found here: https://stripe.com/de/privacy

SOFORT

When selecting the payment method "SOFORT", the payment processing is carried out via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"), to which we transmit the information you provided during the order process together with the information about your order in accordance with Art. 6(1)(b) GDPR. SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transmission of your data is carried out exclusively for the purpose of payment processing with SOFORT and only to the extent that this is required. Further information on data protection with SOFORT can be found at the following Internet address: https://www.klarna.com/sofort/datenschutz.

Stripe

If you choose a payment method of the payment service provider Stripe, the payment processing is carried out via the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to which we transmit the information you provided during the order process together with the information about your order (name, address, account number, bank code, optionally credit card number, invoice amount, currency, transaction number) in accordance with Art. 6(1)(b) GDPR. The transmission of your data is carried out exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent that this is required. Further information on data protection with Stripe can be found under the URL https://stripe.com/de/privacy#translation.

Source: Created with the Data Protection Generator by AdSimple.