Privacy policy

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide it has no consequences. This only applies insofar as no other indication is given in the subsequent processing operations.
"Personal data" means any information relating to an identified or identifiable natural person.

Server log files
You can visit our website without providing any information about yourself. 
Every time you access our website, usage data is transmitted to us or our web host / IT service provider by your internet browser and stored in log data (so‑called server log files). This stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred and the requesting provider.
Processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in ensuring the trouble‑free operation of our website and in improving our services. 
 

Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. For Canada, there is an adequacy decision by the EU Commission. For the USA, there is an adequacy decision by the EU Commission, the Trans‑Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission’s standard contractual clauses.

Contact

Controller
You can contact us if you wish. The controller responsible for data processing is: A & A FASHION OHG, Floßwörthstr. 65, 68199 Mannheim Germany, 0049 621 4908320, info@kultfrau.de

Customer‑initiated contact by email
If you initiate business contact with us by email, we collect your personal data (name, email address, message text) only to the extent you provide it. Data processing serves the purpose of handling and responding to your contact request.
If the contact is made for the purpose of carrying out pre‑contractual measures (e.g. advice in case of purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 (1) (b) GDPR.
If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in processing and responding to your request. In this case, you have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you which is based on Art. 6 (1) (f) GDPR.
We use your email address only to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Use of Google Maps API Address Validation
We use the address validation service of Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, “Google”) on our website.
Data processing serves the purpose of checking your entries in our address forms in real time for input and spelling errors and, where applicable, completing missing data. If data is entered incorrectly, alternative suggestions for correcting the data are displayed. For this purpose, the address data you enter is transmitted to the provider, stored there and evaluated.
Among other things, the following information may be transmitted to and processed by Google: postal addresses (country, city, postal code, street, house number), email address, telephone number.
Your data may also be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans‑Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and is therefore obliged to comply with European data protection principles.
The processing of your personal data is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in having correct data as a basis for fulfilling our contractual obligations. You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you.
The data is processed separately by the provider and is not merged with other data. It is deleted by the provider as soon as the status of the entered data has been determined, but no later than after 30 days.
Further information on terms of use and data protection at Google can be found at: https://cloud.google.com/maps-platform/terms and at https://www.google.de/policies/privacy/.
 

Customer account      Orders      

Customer account
When you open a customer account, we collect your personal data to the extent indicated there. Data processing serves the purpose of improving your shopping experience and simplifying order processing. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us, without affecting the lawfulness of processing carried out on the basis of the consent up to the time of revocation. Your customer account will then be deleted.

Collection, processing and transfer of personal data for orders
When you place an order, we collect and process your personal data only to the extent necessary to fulfil and process your order and to handle your enquiries. The provision of data is necessary for the conclusion of the contract. Failure to provide it means that no contract can be concluded. Processing is carried out on the basis of Art. 6 (1) (b) GDPR and is necessary for the performance of a contract with you. 
Your data is transferred, for example, to shipping companies, dropshipping or fulfilment providers, payment service providers, service providers for order processing and IT service providers. In all cases, we strictly observe the legal requirements. The scope of data transmission is limited to the minimum necessary.
 

Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. For Canada, there is an adequacy decision by the EU Commission. For the USA, there is an adequacy decision by the EU Commission, the Trans‑Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission’s standard contractual clauses.

Reviews       Advertising      


Use of the Trusted Shops review system (Trustbadge)
We use the review system of Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne, Germany (“Trusted Shops”) on our website.
Trusted Shops and we are joint controllers for the collection of your data and the transmission of this data to Trusted Shops when using the service. The basis for this is an agreement between us and Trusted Shops on the joint processing of personal data.
Accordingly, we and Trusted Shops are equally responsible for fulfilling the obligations under the GDPR, in particular for fulfilling the information obligations pursuant to Art. 13, 14 GDPR and for granting data subject rights pursuant to Art. 15–21 GDPR. Further information on this can be found at https://help.etrusted.com/hc/de/article_attachments/4422901015569.
Trusted Shops enables us to obtain customer reviews and display them on our website via the “Trustbadge” in order to give you an insight into the quality of our services.
After an order, you may receive an invitation from us or Trusted Shops to submit a review and then submit a review. The following data is processed by us or Trusted Shops: email address, order information (order total, order number, product purchased, if applicable). This data may also be used to verify your review.
When you access our website and the Trustbadge is displayed, the following data is also processed by us or Trusted Shops: your IP address, date and time of access, amount of data transferred and the requesting provider.
Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent, provided you have expressly consented to the transfer of your data and the receipt of the review request. You can revoke your consent at any time without affecting the lawfulness of processing carried out on the basis of the consent up to the time of revocation.
Further information on data protection at Trusted Shops can be found at: https://www.trustedshops.de/impressum-datenschutz/#datenschutz.

Use of email address for sending newsletters
We use your email address to send you information and offers by newsletter, provided you have expressly consented to this. Data processing serves exclusively the purpose of direct advertising. For this purpose, we process your email address and, where applicable, other data that you voluntarily provided when registering for our newsletter.
Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time without affecting the lawfulness of processing carried out on the basis of the consent up to the time of revocation.
You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the mailing list. Despite removal from the mailing list, we may continue to store your email address in a so‑called blacklist in order to prevent you from receiving newsletter emails from us in the future. This storage is based on Art. 6 (1) (f) GDPR due to our and your legitimate interest in preventing the renewed use of your email address for sending our newsletter. You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you.

Use of email address for sending direct advertising
We use the email address that we obtained from you in connection with the sale of a product or service to send you electronic advertising for our own products or services that are similar to those you have already purchased from us, unless you have objected to this use. The provision of the email address is necessary for the conclusion of the contract. Failure to provide it means that no contract can be concluded. Processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in direct advertising. You can object to this use of your email address at any time by notifying us. The contact details for exercising your right to object can be found in the legal notice. You can also use the link provided in the advertising email. You will incur no costs other than the transmission costs at basic rates.

Use of Klaviyo
We use the services of Klaviyo Inc. (125 Summer St Floor 7, Boston, MA 02111, USA; “Klaviyo”) for sending newsletters as part of a data processing agreement.
We pass on the information you provide during newsletter registration (email address, and where applicable first and last name) to Klaviyo. Data processing serves the purpose of sending the newsletter and its statistical evaluation.
To evaluate newsletter campaigns, the newsletters sent contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This enables us to determine whether you have opened the newsletter and whether you have clicked on any integrated links. In this context, we collect your personal data such as IP address, browser type and device, and the time. Usage profiles can be created from this data under a pseudonym. The data collected is not used to identify you personally. The data collected is used solely for statistical evaluation to improve newsletter campaigns.
Your data is generally transferred to and stored on Klaviyo servers in the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans‑Atlantic Data Privacy Framework (TADPF). Klaviyo is certified under the TADPF and is therefore obliged to comply with European data protection principles.
The processing of your personal data is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in a targeted, effective and user‑friendly newsletter system. You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you.
Further information on data protection at Klaviyo can be found at https://www.klaviyo.com/legal/privacy-notice and at https://www.klaviyo.com/legal/data-processing-agreement

Prize draw for newsletter subscribers
When you sign up for our newsletter, you are automatically entered into our monthly prize draw. In this context, we process your email address exclusively for the purpose of running the prize draw – i.e. selecting the winners and notifying them of their prize. The legal basis is Art. 6 (1) (b) GDPR (performance of a contract in the context of participation in the prize draw) as well as Art. 6 (1) (f) GDPR (our legitimate interest in strengthening customer loyalty).

Unsubscribing from the newsletter before the draw takes place will result in exclusion from the current prize draw. Your data will not be passed on to third parties.

Use of email address for availability notifications
We offer a product availability notification service on our website. If an item is temporarily unavailable, you have the option of entering your email address for the respective item and being informed by us by email when it becomes available again, provided you have consented to this. When the item becomes available, you will receive a one‑time email notification about the availability of the respective item. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time without affecting the lawfulness of processing carried out on the basis of the consent up to the time of revocation. You can unsubscribe from the availability notification at any time by notifying us. Your email address will then be removed from the mailing list.
 

Shipping service providers       Inventory management      

Transfer of email address to shipping companies for shipping status information
We pass on your email address to the transport company as part of contract processing, provided you have expressly consented to this during the ordering process. The transfer serves the purpose of informing you by email about the shipping status. Processing is carried out on the basis of Art. 6 (1) (a) GDPR with your consent. You can revoke your consent at any time by notifying us or the transport company, without affecting the lawfulness of processing carried out on the basis of the consent up to the time of revocation.

Use of an external inventory management system
We use an inventory management system as part of a data processing agreement for contract processing. For this purpose, the personal data collected from you in the course of the order is transferred to
Buhl Data Service GmbH, Am Siebertsweiher 3/5, 57290 Neunkirchen 
for processing.

The processing of your personal data serves the purpose of fulfilling the contract concluded with you and is carried out on the basis of Art. 6 (1) (b) GDPR.

Payment service providers       Credit check      

Use of PayPal
We use the PayPal payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22–24 Boulevard Royal, L‑2449 Luxembourg; “PayPal”) on our website. Data processing serves the purpose of enabling you to pay via this payment service. When you select and use payment via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfil the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 (1) (b) GDPR.

All PayPal transactions are subject to the PayPal Privacy Policy, which can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Use of PayPal Express
We use the PayPal Express payment service of PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22–24 Boulevard Royal, L‑2449 Luxembourg; “PayPal”) on our website. Data processing serves the purpose of enabling you to pay via the PayPal Express payment service. To integrate this payment service, it is necessary for PayPal to collect, store and analyse data (e.g. IP address, device type, operating system, browser type, location of your device) when the website is accessed. Cookies may also be used for this purpose. Cookies enable your browser to be recognised.
The processing of your personal data is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in offering a customer‑oriented range of different payment methods. You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you.
When you select and use PayPal Express, the data required for payment processing is transmitted to PayPal in order to fulfil the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 (1) (b) GDPR. Further information on data processing when using the PayPal Express payment service can be found in the associated privacy policy at www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#Updated_PS.

Use of Klarna payment options 
We use the payment service of Klarna Bank AB (publ) (Sveavägen 46, 111 34 Stockholm, Sweden; “Klarna”) on our website. When you select and use payment via Klarna, the data required for payment processing is transmitted to Klarna in order to fulfil the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 (1) (b) GDPR.

Cookies may be stored in this context, enabling your browser to be recognised. The resulting data processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in offering a customer‑oriented range of different payment methods. You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you.
 
“Pay Later” (invoice), “Pay Now” (payment by direct debit, credit card, instant transfer), “Financing” (instalment purchase)
For individual payment methods such as “Pay Later” (invoice), “Pay Now” (payment by direct debit, credit card, instant transfer), “Financing” (instalment purchase), Klarna reserves the right to obtain a credit report based on mathematical‑statistical methods using credit agencies.
For this purpose, Klarna transmits the personal data required for a credit check, such as first and last name, address, gender, email address, IP address and data relating to the order, to a credit agency for the purpose of identity and credit assessment and uses the information received on the statistical probability of default for a balanced decision on the establishment, implementation or termination of the contractual relationship. The credit report may contain probability values (score values) that are calculated on the basis of scientifically recognised mathematical‑statistical methods and in whose calculation, among other things, address data is included. Your legitimate interests are taken into account in accordance with the statutory provisions. Data processing serves the purpose of credit assessment for contract initiation. Processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in protection against payment default when Klarna makes advance payments. You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR by notifying Klarna. The provision of data is necessary for the conclusion of the contract with the payment method you have requested. Failure to provide it means that the contract cannot be concluded using the payment method you have selected.
Further information, in particular on which credit agencies Klarna passes on your personal data to, can be found for Germany at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies and for Austria at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/credit_rating_agencies.
General information about Klarna can be found for Germany at: https://www.klarna.com/de/ and for Austria at https://www.klarna.com/at/. Your personal data will be processed by Klarna in accordance with the applicable data protection regulations and as described in Klarna’s privacy notices for Germany at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy and for Austria at https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_at/privacy.
 
Use of the payment service provider Stripe
We use the Stripe payment service of Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, on our website. Data processing serves the purpose of enabling you to pay via this payment service. When you select and use Stripe, the data required for payment processing is transmitted to Stripe in order to fulfil the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 (1) (b) GDPR. 
Stripe reserves the right to obtain a credit report based on mathematical‑statistical methods using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received on the statistical probability of default for a balanced decision on the establishment, implementation or termination of the contractual relationship. The credit report may contain probability values (score values) that are calculated on the basis of scientifically recognised mathematical‑statistical methods and in whose calculation, among other things, address data is included. Your legitimate interests are taken into account in accordance with the statutory provisions. Data processing serves the purpose of credit assessment for contract initiation. Processing is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in protection against payment default when Stripe makes advance payments. 
You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR by notifying Stripe. The provision of data is necessary for the conclusion of the contract with the payment method you have requested. Failure to provide it means that the contract cannot be concluded using the payment method you have selected.
All Stripe transactions are subject to the Stripe Privacy Policy, which can be found at https://stripe.com/de/privacy 
 

Cookies

Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is accessed again.
 
Cookies are stored on your computer. You therefore have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide on their acceptance on a case‑by‑case basis, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
 
You can find out how to manage (including disabling) cookies in the most important browsers via the links below:
 
Technically necessary cookies
Unless otherwise stated in this privacy policy below, we only use these technically necessary cookies for the purpose of making our services more user‑friendly, effective and secure. Furthermore, cookies enable our systems to recognise your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised again even after a page change.
 
The use of cookies or comparable technologies is based on Section 25 (2) TDDDG. The processing of your personal data is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in ensuring the optimal functionality of the website as well as a user‑friendly and effective design of our services.
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you.
 

Use of Pandectes
We use the Pandectes GDPR Compliance consent management tool from Pandectes in our shop. This tool allows you to manage your consents to data processing via the shop, in particular to the setting of cookies, and to exercise your right to withdraw consents already given.

The purpose of this data processing is to obtain and document the consents required for data processing and to fulfil legal obligations. For this purpose, cookies may be used and the following information may be collected and transmitted to Pandectes: anonymised IP address, date and time of consent, URL from which consent was given, anonymous, random, encrypted key and consent status. This data is not passed on to other third parties.

Data processing is carried out for the fulfilment of a legal obligation pursuant to Art. 6 (1) (c) GDPR. It also applies to other data processing operations.

Further information on the terms of use and data protection at Pandectes can be found at: Terms of Service and Privacy Policy


 


Advertising tracking       Communication      


Use of the Meta Pixel
We use the Meta Pixel of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “Meta”) on our website.
Meta and we are joint controllers for the collection of your data and the transmission of this data to Meta when the service is integrated. The basis for this is an agreement between us and Meta on the joint processing of personal data, which defines the respective responsibilities. The agreement can be accessed at https://de-de.facebook.com/legal/terms/businesstools. According to this, we are in particular responsible for fulfilling the information obligations pursuant to Art. 13, 14 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations under Art. 33, 34 GDPR, insofar as a personal data breach affects our obligations under the joint processing agreement. Meta is responsible for enabling data subject rights pursuant to Art. 15–20 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the security of the service and for fulfilling the obligations under Art. 33, 34 GDPR, insofar as a personal data breach affects Meta’s obligations under the joint processing agreement.
The application serves the purpose of targeting visitors to the website with interest‑based advertising on the social networks Facebook and Instagram. For this purpose, the Meta remarketing tag has been implemented on the website. When you visit the website, a direct connection to the Meta servers is established via this tag. This transmits to the Meta server which of our pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram user account. When you visit the social networks Facebook or Instagram, you will then be shown personalised, interest‑based ads.
The application also serves the purpose of creating conversion statistics. In this process, we learn the total number of users who have clicked on one of our ads and were redirected to a page tagged with a conversion tracking tag, as well as which actions are taken after being redirected to this website. However, we do not receive any information that would allow users to be personally identified.
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans‑Atlantic Data Privacy Framework (TADPF). Meta is certified under the TADPF and is therefore obliged to comply with European data protection principles.
The processing of your personal data is carried out with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the lawfulness of processing carried out on the basis of the consent up to the time of revocation.
You can deactivate the “Custom Audiences” remarketing function here. Further information on the collection and use of data by Meta, your rights in this regard and options for protecting your privacy can be found in Meta’s privacy policy at https://www.facebook.com/about/privacy/.


Use of Google Ads Conversion Tracking
We use the online advertising program “Google Ads” and, in this context, conversion tracking (visitor action evaluation) on our website. Google Conversion Tracking is an analysis service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”).
If you click on an ad placed by Google, a cookie for conversion tracking is stored on your computer. These cookies have a limited validity, do not contain any personal data and therefore do not serve the purpose of personal identification. If you visit certain pages on our website and the cookie has not yet expired, Google and we can recognise that you clicked on the ad and were redirected to this page. Each Google Ads customer receives a different cookie. There is therefore no possibility that cookies can be tracked across the websites of Ads customers.
The information obtained with the help of the conversion cookie is used to create conversion statistics. In this process, we learn the total number of users who have clicked on one of our ads and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that would allow users to be personally identified.  
Your data may be transferred to Google LLC servers in the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans‑Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Section 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the lawfulness of processing carried out on the basis of the consent up to the time of revocation.
Further information and Google’s privacy policy can be found at: https://www.google.de/policies/privacy/
 
Use of the Google Inc. Remarketing or “Similar Audiences” function
We use the Remarketing or “Similar Audiences” function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.
The application serves the purpose of analysing visitor behaviour and visitor interests. Google uses cookies to carry out the analysis of website usage, which forms the basis for creating interest‑based advertisements. The cookies record visits to the website and anonymised data on the use of the website. No personal data of website visitors is stored. If you subsequently visit another website in the Google Display Network, you will be shown ads that are highly likely to take into account previously viewed product and information areas.
Your data may be transferred to Google LLC servers in the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans‑Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Section 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the lawfulness of processing carried out on the basis of the consent up to the time of revocation.
Further information on Google Remarketing and the associated privacy policy can be found at: https://www.google.com/privacy/ads/
 

Use of TikTok Pixel
We use the TikTok Pixel of TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland; “TikTok Ireland”) and TikTok Information Technologies UK Limited (6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom; “TikTok UK”) on our website. Both companies are joint controllers for data processing (hereinafter “TikTok”). 
Data processing serves the purpose of identifying and analysing website visits by our customers and of improving customer targeting by placing targeted advertising and evaluating the effectiveness of advertising on TikTok. For this purpose, TikTok uses technologies such as cookies and pixels that enable your browser to be recognised. In this context, the following information may be collected and transmitted to TikTok: date and time of visit, information about the browser and device type you use, screen resolution, IP address. TikTok can assign this information to your personal TikTok user account. Usage profiles can be created from the data collected using pseudonyms. This does not allow users to be personally identified.
Your data may be transferred to third countries, such as the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans‑Atlantic Data Privacy Framework (TADPF). TikTok is not certified under the TADPF. Data transfer to the USA and to third countries without an adequacy decision is based, among other things, on standard contractual clauses as appropriate safeguards for the protection of personal data, which can be viewed at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.   
The use of cookies or comparable technologies is carried out with your consent on the basis of Section 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the lawfulness of processing carried out on the basis of the consent up to the time of revocation.
Further information on data protection can be found at https://www.tiktok.com/legal/page/eea/privacy-policy/de and https://ads.tiktok.com/i18n/official/policy/controller-to-controller.


Plug‑ins and other tools


Use of Google Tag Manager
We use Google Tag Manager of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website. 
This application is used to manage JavaScript tags and HTML tags that are used to implement, in particular, tracking and analysis tools. Data processing serves the purpose of designing and optimising our website in line with requirements.
Google Tag Manager itself does not store cookies, nor does it process personal data. However, it enables the triggering of additional tags that may collect and process personal data.
Further information on terms of use and data protection can be found here.
 

Use of Google invisible reCAPTCHA
We use the invisible reCAPTCHA service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website. 
This serves the purpose of distinguishing input by a human from automated, machine processing. In the background, Google collects and analyses usage data, which is used by Invisible reCAPTCHA to distinguish regular users from bots. For this purpose, your input is transmitted to Google and further used there. In addition, the IP address and, where applicable, other data required by Google for the Invisible reCAPTCHA service are transmitted to Google.
This data is processed by Google within the European Union and may also be transferred to Google LLC servers in the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans‑Atlantic Data Privacy Framework (TADPF). Google is certified under the TADPF and is therefore obliged to comply with European data protection principles.
The use of cookies or comparable technologies is carried out with your consent on the basis of Section 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the lawfulness of processing carried out on the basis of the consent up to the time of revocation.
Further information on Google reCAPTCHA and the associated privacy policy can be found at: https://www.google.com/recaptcha/intro/android.html and https://www.google.com/privacy

Use of hCaptcha
We use hCaptcha (hereinafter “hCaptcha”) on this website. The provider is Intuition Machines Inc, 2211 Selig Dr, Los Angeles, CA 90026, United States (hereinafter “IMI”).

hCaptcha is used to check whether data entered on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, hCaptcha analyses the behaviour of the website visitor based on various characteristics.

This analysis starts automatically as soon as the website visitor enters a website with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to IMI. If hCaptcha is used in “invisible mode”, the analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

Data is stored and analysed on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from spam. If the corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data processing is based on the standard contractual clauses (SCC) contained in the data processing addendum to IMI’s General Terms and Conditions or in the data processing agreements.

Further information on hCaptcha can be found in the privacy policy and terms of use at the following links: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.


Use of Cloudflare
We use the Cloudflare CDN content delivery network of Cloudflare Inc. (101 Townsend St, San Francisco, CA 94107, USA; “Cloudflare”) on our website. This is a regional network of servers in various data centres that our web server connects to and through which certain content from our website is delivered.
Data processing serves the purpose of optimising the loading times of our website and thus making our services more user‑friendly.
The following information may be collected in this context: IP address, system configuration information, information about traffic to and from customer websites (so‑called server log files).
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the Trans‑Atlantic Data Privacy Framework (TADPF). Cloudflare is certified under the TADPF and is therefore obliged to comply with European data protection principles.
The processing of your personal data is carried out on the basis of Art. 6 (1) (f) GDPR due to our overriding legitimate interest in designing the website in line with requirements and in a targeted manner. You have the right, on grounds relating to your particular situation, to object at any time to this processing of personal data concerning you based on Art. 6 (1) (f) GDPR.
Further information on data protection when using Cloudflare can be found at https://www.cloudflare.com/de-de/privacypolicy/.

Data subject rights and storage period

Storage period
After full performance of the contract, the data is initially stored for the duration of the warranty period and then, taking into account statutory, in particular tax and commercial law retention periods, and deleted after expiry of these periods, unless you have consented to further processing and use.

Rights of the data subject
If the legal requirements are met, you have the following rights under Art. 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.
You also have the right to object to processing based on Art. 6 (1) (f) GDPR and to processing for direct marketing purposes pursuant to Art. 21 (1) GDPR.

Right to lodge a complaint with the supervisory authority
Under Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data is not lawful.

You may lodge a complaint, among others, with the supervisory authority responsible for us, which you can contact using the following details:

Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden‑Württemberg
Königstrasse 10 a
70173 Stuttgart
Tel.: +49 711 6155410
Fax: +49 711 61554115
Email: poststelle@lfdi.bwl.de

Right to object
If the processing of personal data listed here is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR, you have the right, on grounds relating to your particular situation, to object to such processing at any time with effect for the future.
After an objection has been made, the processing of the data concerned will be stopped unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

If the processing of personal data is carried out for direct marketing purposes, you may object to this processing at any time by notifying us. After an objection has been made, we will stop processing the data concerned for direct marketing purposes.

Last updated: 20/04/2026