Privacy policy

1. Data protection at a glance

General Notes

The following notes provide a simple overview of what happens to your personal information when you visit this website. Personal data is all data with which you can be personally identified. Detailed information on data protection can be found in our privacy policy below this text.

Data collection on this website

Who is responsible for the data collection on this website?

The data processing on this website is carried out by the website operator. Your contact details can be found in the “Note to the Responsible Body” section of this Privacy Policy.

How do we collect your data?

On the one hand, your data is collected by providing us with it. For example.B data that you enter in a contact form. Other data is collected automatically or with your consent when visiting the website by our IT systems. These are mainly technical data (e.B. Internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior.

What rights do you have with respect to your data?

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to request the rectification or deletion of this data. If you have given your consent to the processing of data, you can revoke this consent at any time for the future. You also have the right to request, in certain circumstances, the restriction of the processing of your personal data. You shall also have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time for further questions regarding data protection.

Third-party analytics tools and tools

When you visit this website, your browsing behavior can be statistically evaluated. This is mainly done with so-called analysis programmes. Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

IONOS

The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter referred to as IONOS). When you visit our website, IONOS collects various log files, including your IP addresses. For details, please refer to IONOS’ privacy policy:
https://www.ionos.de/terms-gtc/terms-privacy.

The use of IONOS is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art.6 Abs. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Order processing

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General notes and mandatory information

Privacy

The operators of these sites take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data are collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.B. when communicating via e-mail)
may have security vulnerabilities Complete protection of data against access by third parties is not
possible.

Note on the responsible body

The data controller on this website is:

Style Design by Thomas Bäcker
Wilhelm-Busch-Straße 15
58706 Menden
Phone: 0049 2373 15999
Email: info@tb-styledesign.de

The controller is the natural or legal person who, alone or together with others,
the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Storage time

Unless a specific storage period has been specified within this Privacy Policy, the
your personal data with us until the purpose for data processing ceases to apply. If you make a legitimate request for deletion or revoke your consent to the processing of data, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g. .B. tax or commercial retention periods); in the latter case, the deletion shall take place after the abolition of these grounds.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, if special data categories according to Art. 9 para. 1 GDPR. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.B. via device fingerprinting), the data processing will also take place on the basis of § 25 para. 1 TTDSG. The consent can be revoked at any time. If your data is required for the fulfilment of the contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if it is necessary to fulfil a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Furthermore, data processing may be carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The relevant legal bases in each individual case are provided in the following paragraphs of this data protection declaration.

Note on data transfer to the USA

Our website includes tools from companies based in the United States. When these tools are active, your personal information may be shared with the U.S. servers of the respective companies. We would like to point out that the US is not a safe third country within the meaning of EU data protection law. U.S. companies are required to disclose personal information to security agencies without you, as a person concerned, being able to take legal action against it. It cannot therefore be ruled out that US authorities (e.B. intelligence agencies) process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.

Revocation of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can use a
already given consent at any time revoke. The legality of the data made up to the revocation

Data processing remains unaffected by the revocation.

Right to object to the collection of data in special cases as well as to direct marketing (Art. 21 GDPR)

IF THE DATA PROCESSING ON THE BASIS OF ART. 6 ABS. 1 LIT. E OR F GDPR HAVE AT ALL TIMES THE RIGHT, FROM THE RIGHTS THAT ARE FROM YOUR SPECIALSITUATION, AGAINST THE PROCESSING OF YOUR PERSONAL DATA DISENTER; THIS GILT ALSO FOR A ON THIS DETERMINATIONS Profiling. THE LEGAL BASIS ON WHICH PROCESSING IS BASED TAKE THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NOT PROCESS MORE PERSONAL DATA, THIS ISTHAT, WE CAN EXPERIENCE RECOMMENDED RIGHTS FOR THE PROCESSING THAT YOUR INTERESTS, RIGHTS AND FREEDOMS ARE WEIGHING OR THE PROCESSING OF THE RIGHT, EXERCISE OR DEFENSE OFLEGAL RIGHTS(DISCLAIMER TO ART. 21 ABS. 1 GDPR).

WILL BE PERSONAL DATA TO USE FOR DIRECT USE, YOU HAVE THE RIGHT, AT ALL TIMES AGAINST THE PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF THE PERSONALDATA; THIS GILT ALSO FOR PROFILING, SOWEIT IT WITH THE DIRECT CONNECTION. IF YOU ARE CONTACTING, YOUR PERSONAL DATA WILL BE SUBSEQUENTLY NO LONGER USED FOR THE PURPOSE OF DIRECT MARKETING (OPPOSITION TO AFTER ART. 21 ABS. 2 GDPR).

Right to complain to the competent supervisory authority

In the event of breaches of the GDPR, the persons concerned shall have the right to complain to a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged infringement. The right to appeal is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically processed on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as a site operator, this site uses SSL or TLS encryption.
You can recognize an encrypted connection by changing the address line of the browser from “http://” to “https://” and by the lock icon in your browser line. If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.

Encrypted payment transactions on this website

If, after the conclusion of a paid contract, there is an obligation to provide us with your payment data (e.B.g. account number in case of direct debit), this data will be required for payment processing.

Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock icon
in your browser line.

In the case of encrypted communication, your payment data, which you transmit to us, cannot be read by third parties.

Information, deletion and rectification

Within the scope of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to rectification or deletion of this data. You can contact us at any time for further questions regarding personal data.

Right to restrict processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time. The right to restrict processing exists in the following cases:

• If you dispute the accuracy of your personal data stored by us, we need to
  usually time to check this. For the duration of the examination, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data has been/happens unlawfully, you can request the restriction of data processing instead of deletion.
• If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
• If you have an objection under Article 21(0) of the 1 GDPR, a balance must be made between your interests and our interests. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may be processed, except for its storage, only with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Objection to promotional e-mails

The use of contact data published within the scope of the imprint obligation for sending unsolicited advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, e.g. by spam e-mails.

4. Data collection on this website

Cookies

Our websites use so-called “cookies”. Cookies are small data packets and do not cause any damage to your device. They are either temporarily used for the duration of a session;
(session cookies) or permanently (permanent cookies) stored on your device. Session cookies are automatically deleted after the end of your visit. Permanent

Cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR unless otherwise stated. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. When disabling cookies, the functionality of this website may be limited.

You can find out which cookies and services are used on this website in this privacy policy.

Consent with Borlabs Cookie

Our website uses the consent technology of Borlabs Cookie to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you give or the revocation of these consents are stored. This data will not be passed on to the provider of Borlabs Cookie.

The collected data will be stored until you request us to delete it or delete the Borlabs cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing of Borlabs Cookie can be found at
https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

The Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• operating system used
• Referrer URL
• Host name of the accessing machine
• Time of server request
• IP address

This data is not merged with other data sources.

The collection of this data is carried out on the basis of Article 6(3). 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.

Contact

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not share this data without your consent.

The processing of this data is carried out on the basis of Article 6(4) of the European Data Protection.35 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.B. after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your request, including any personal data (name, request) resulting from it, will be stored and processed by us for the purpose of processing your request. We do not share this data without your consent.

The processing of this data is carried out on the basis of Article 6(4) of the European Data Protection.35 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 sec. 1 lit. f GDPR) or on your consent (Art. 6 sec. 1 lit. a GDPR) if this has been queried.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage is omitted (e.B. after your request has been completed). Mandatory statutory provisions, in particular statutory retention periods, remain unaffected.

Registration on this website

You can register on this website to take advantage of additional features on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The required information requested during registration must be provided in full. Otherwise, we will refuse registration.

For important changes, for example in the scope of the offer or in the case of technically necessary changes, we use the e-mail address provided at the time of registration to inform you in this way.

The processing of the data entered at the time of registration takes place for the purpose of carrying out the user relationship established by the registration and, if applicable, for the initiation of further contracts (Art. 6 sec. 1 lit.b GDPR).

The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.

Comment function on this website

For the comment function on this page, in addition to your comment, information about the time the comment is created, your e-mail address and, if you do not post anonymously, the username you have chosen will be saved.

Storage of the IP address

Our comment function stores the IP addresses of the users who write comments. Since we do not review comments on this website before activation, we need this data in order to be able to take action against the author in case of violations of the law such as insults or propaganda.

Storage time of comments

The comments and related data are stored and remain on this website until the commented content has been completely deleted or the comments need to be deleted for legal reasons (e.B. offensive comments).

Legal basis

The comments are stored on the basis of your consent (Art. 6 sec. 1 lit. a GDPR). You can revoke your consent at any time. An informal message by e-mail to us is sufficient for this purpose. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

5. Social media

Facebook

Elements of the social network Facebook are integrated into this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

An overview of the Facebook social media elements can be found here:
https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and the Facebook server. As a result, Facebook receives the information that you have visited this website with your IP address. If you click on the Facebook “Like” button while you are logged into your Facebook account, you can link the contents of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, see Facebook’s privacy policy at:
https://de-de.facebook.com/privacy/explanation.

Insofar as consent has been obtained, the use of the above-mentioned service is based on Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its disclosure to Facebook. The processing by Facebook after the forwarding is not part of the joint responsibility. The obligations incumbent on us together have been set out in a joint processing agreement. The terms of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) with regard to the data processed by Facebook directly with Facebook. If you assert the rights of the affected parties with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://de-de.facebook.com/help/566994660333381 and
https://www.facebook.com/policy.php.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

Instagram Plugin

Functions of the Instagram service are integrated on this website. These features are offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland integrated.

If you are logged into your Instagram account, you can link the contents of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, do not receive any knowledge of the content of the transmitted data as well as their use by Instagram.

The storage and analysis of the data is carried out on the basis of Article 6(3). 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility on social media. If a corresponding consent has been requested, the processing shall be carried out exclusively on the basis of Article 6(0). 1 lit. a GDPR; consent can be revoked at any time.

Insofar as personal data is collected on our website and forwarded to Facebook or Instagram using the tool described here, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its disclosure to Facebook or Instagram. The processing by Facebook or Instagram after the forwarding is not part of the joint responsibility. The joint obligations were set out in an agreement on joint processing. The terms of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the data protection-safe implementation of the tool on our website. Facebook is responsible for the data security of Facebook and Instagram products. You can assert data (e.B. requests for information) with regard to the data processed on Facebook or Instagram directly from Facebook. If you assert the rights of the persons concerned with us, we are
to forward them to Facebook.

Data transfer to the US is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://help.instagram.com/519522125107875 and
https://de-de.facebook.com/help/566994660333381.

For more information, see Instagram’s privacy policy:
https://instagram.com/about/legal/privacy/.

6. Analysis tools and advertising

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out any independent analyses. It is only used to manage and play out the tools integrated via it. However, Google Tag Manager collects your IP address, which may also be transmitted to Google’s parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in a quick and uncomplicated integration and administration of various tools on its website. If a corresponding consent has been requested, the processing shall be carried out exclusively on the basis of Article 6(0). 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Analytics

This website uses functions of the web analytics service Google Analytics. Provider is Google Ireland
Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data is assigned to the respective end device of the user. There is no assignment to a user ID.

Furthermore, with Google Analytics, we can, among other things: Record your mouse and scroll movements and clicks. Furthermore, Google Analytics uses various modeling approaches to complement the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. The consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

You can deactivate Google Analytics.

7. eCommerce and payment providers

Processing data (customer and contract data)

We collect, process and use personal data only to the extent that they are necessary for the establishment, content or change of legal relationship (stock data). This is done on the basis of Article 6(3). 1 lit. b GDPR, which requires the processing of data in order to comply with a
contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable or bill the user to use the service.

The collected customer data will be deleted after the conclusion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data transfer at the conclusion of the contract for online shops, dealers and goods dispatch

We only transmit personal data to third parties if this is necessary in the context of contract processing, for example to the companies entrusted with the delivery of the goods or to the credit institution entrusted with the payment processing. Further transmission of the data will not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without express consent, for example for the purposes of advertising.

The basis for data processing is Art. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.

Payment services

We include third-party payment services on our website. When you make a purchase with us, your payment details (e..B. name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. These transactions are subject to the respective contractual and data protection provisions of the respective providers. The use of payment service providers is based on Article 6(3) of the Order of The European Financial Protection Service. 1 lit. b GDPR (contract processing) and in the interest of a smooth, comfortable and secure payment process (Art. 6 sec. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 1 lit. a GDPR legal basis for data processing; Consents can be revoked at any time for the future.

We use the following payment services / payment service providers within the framework of this website:

PayPal

This payment service is PayPal (Europe) S.A.R.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

Data transfer to the US is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Details can be found in PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Apple Pay

Payment service provider is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. the
Apple’s Privacy Policy can be found at:
https://www.apple.com/legal/privacy/de-ww/.

Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd.,1 Grand Canal Street Lower,
Grand Canal Dock, Dublin, Ireland (hereinafter referred to as “Stripe”).
Data transfer to the US is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://stripe.com/de/privacy and
https://stripe.com/de/guides/general-data-protection-regulation.
Details of this can be found in Stripe’s privacy policy at the following link:
https://stripe.com/de/privacy.

American Express

The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter referred to as “American Express”). American Express may transfer data to its parent company in the United States. The data transfer to the USA is based on the Binding Corporate Rules. Details can be found here:
https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/.
For more information, please refer to American Express’ Privacy Policy:
https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

Mastercard

The provider of the payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”). Mastercard may transfer data to its parent company in the United States. The data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Details can be found here:
https://www.mastercard.de/de-de/datenschutz.html and
https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISAS

The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”). Great Britain is considered a safe third country under data protection law. This means that the UK has a level of data protection that corresponds to the level of data protection in the European Union.
VISA may transfer data to its parent company in the United States. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
For more information, please refer to VISA’s Privacy Policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.