Privacy Policy

Data Protection

Privacy Notice of TUSH Magazine

 

General information regarding the handling of your data

 

The following notes provide you with information on the type, scope and purposes of the collection, use and processing of personal data on our website:

http://store.tushmagazine.com/

 

1.    Responsible Office – contact

1.1. Responsible body within the meaning of the Data Protection Act

​The responsible body within the meaning of Article 4 (7) of the EU General Data Protection Regulation (GDPR) is:

TUSH Magazine

Friesenweg 14 / Gleis 7

22763 Hamburg

Germany

Owner: Armin Morbach

Phone.:   +49 40 28 00 44 66

E-Mail:    info@tushmagazine.com

1.2. Contact

a) If you have any questions regarding data protection, or if you wish to exercise any rights or claims regarding your personal data, you can contact us using the contact details given above (under section 1.1.).

b) In our contact form, you must provide mandatory information (e.g. your e-mail address, your name) in order to answer your request. We need this information in order to process your inquiry and to be able to contact you. You can fill in the other fields voluntarily.

c) When you contact us (e.g. by telephone, e-mail), your details will be stored in accordance with Art. 6 para. 1 lit. b) GDPR for the purpose of processing your enquiry and in the event that follow-up questions arise. We delete the data arising in this connection after storage is no longer required or restrict processing if there are legal obligations to retain data (see section 16).

 

2.    Data processed by us

2.1. Legal grounds

a) Personal data may be processed during each visit to our website. Your personal data will only be processed if this is legally permitted (legal basis). This is the case in accordance with Art. 6 para. 1 GDPR, if

– you have given us your consent, or

– the processing is necessary for the performance of our contract with you, or

– pre-contractual measures are required in the event of a request by you, or

– the processing is necessary in order to protect your vital interests, or

– to protect that of another natural person, or

– the processing is necessary for the protection of our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, outweigh the processing (balancing of interests)

b) The personal data collected from you will be deleted as soon as the purpose of the collection no longer applies (see section 16).

 2.2. What are personal data?

a) The meaning of “personal data” can be derived from Article 4 of the General Data Protection Regulation (GDPR). According to this, personal data is information that can be assigned to your person using proportionate means. Personal data are divided into four groups. These include inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of clerks, payment information), usage data (e.g. the websites visited by our online offer, interest in our products) and content data (e.g. entries in the contact form). Information that cannot be attributed to a specific or determinable person, or only with a disproportionately large expenditure of time, cost and labour, are called anonymous data and are therefore not personalized.

b) In addition, when visiting our website, certain data is also processed for technical reasons. These are mainly technical information such as the IP address that your Internet access provider assigns to your computer when you connect to the Internet, or information about the Internet page from which you accessed our website or about the type and version of the Internet browser you are using. However, this also includes login data, your operating system, download errors, the length of visits to certain pages, and all telephone numbers from which you call our customer service number. This technical information may be personal data in individual cases. That technical information will only be used by us if this is necessary for technical reasons concerning the operation and protection of our website against attacks and misuse in accordance with Art. 6 para. 1 (f) GDPR.

2.3. What does “processing” mean?

“Processing”, as defined by Article 4 of the GDPR, includes all operations that are part of the handling of data. The term “processing” covers not only the collection or registration of data, but also its organisation, classification, storage, adaptation or modification. However, the term also covers other actions, such as actual use, or transmission or distribution. Ultimately, however, this also includes the restriction, deletion or destruction of data.

 

3.    Data Security

The security of your personal data has a very high priority for us. Therefore, we protect your stored data by technical and organisational measures. This ensures compliance with data protection laws and effectively prevents loss or abuse by third parties. In particular, our employees who process personal data are obliged to maintain data secrecy and must comply with it.

4.    SSL-encryption

Our website uses secure SSL encryption when transmitting personal data or personal content of our users. Please make sure that SSL encryption is activated for corresponding activities from your side. You can recognise an encrypted connection by your browser’s address bar changing from “http://” to “https://”. Data encrypted via SSL cannot be read by third parties. Therefore, please transmit your confidential information only if SSL encryption is activated and contact us if in doubt.

5.   Collection of personal data when visiting our website

a) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure its stability and security [legal basis is Art. 6 para. 1 (f) GDPR]:

– the IP address of the requesting device (i.e. your computer or smartphone)

– Date and time of access to our website,

– Search words you used to find our site,

– Time zone difference to Greenwich Mean Time (GMT),

– Content of the request ( specific page),

– Access status/ http status code,

– the amount of data transmitted,

– the website from which access is made (referrer URL),

– Operating system and its interface,

– as well as the browser used and, if applicable, the operating system of your computer and the name of your access provider.

b) For security reasons (e.g. for the investigation of potential cases of abuse or fraud), the above-mentioned data will be stored for a maximum of seven days and then deleted. Data whose further storage is required for evidential purposes are excluded from deletion until the respective incident has been conclusively clarified.

c) In addition to the data mentioned above, cookies are stored on your computer when you use our website. You will find more detailed information on cookies under section 8.

d) The data are collected by us on the basis of our legitimate interests as defined in Art. 6 para. 1 (f) GDPR. We do not use the collected data for the purpose of drawing conclusions about your person. The purposes pursued by us include in particular:

– ensuring a smooth connection to the website,

– ensuring a comfortable use of our website,

– the investigation of cases of abuse or fraud,

– the evaluation of system safety and stability, and

– other administrative purposes.

​

6.     Transfer of data to third parties and third party providers

a) Data will only be passed on to third parties within the scope of the legal requirements. We therefore only pass on user data to third parties if:

– you have given your explicit consent in accordance with Art. 6 para. 1 (a) GDPR,

– the passing on is necessary in accordance with Art. 6 para. 1 (f) GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have a serious, great interest in your data not being passed on,

– if there is a legal obligation to pass on the data in accordance with Art. 6 para. 1 © GDPR, and

– this is legally permitted and is required under Art. 6 para.1 (b) GDPR for the handling of contractual relationships with you.

b) When passing on your personal data, we always ensure the highest possible level of security. For this reason, your data will only be passed on to service providers and partner companies that have been carefully selected and contractually obliged to ensure that personal data is protected in accordance with the relevant legal regulations.

c) We would like to point out to you that in addition to this data protection declaration, the data protection guidelines and declarations of the locally responsible partners and their authorised institutions may also apply.

7. Registration

a) As far as we offer a registration function, you may create a user account at our site. Within the scope of the registration, you will be provided with the required mandatory personal information. These are marked with an asterisk “*”. Voluntary information is not marked with an asterisk “*”.

b) Your user account is not public and cannot be indexed by search engines. If you have cancelled your user account, your data belonging to the user account will be deleted. This does not apply unless storage is necessary for reasons of commercial or tax law in accordance with Art. 6 Para. 1 lit. c GDPR (see Section 16).

c) Within the scope of registration and repeated logins as well as the use of our online services, we will save your IP address and the time of your respective use. The storage is based on our legitimate interests, in particular to protect against abuse and other unauthorized use (Art. 6 para. 1 p. 1 lit. f GDPR). In principle, this data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c GDPR.

8. Fulfillment of contracts/orders

In accordance with Art. 6 para. 1 lit. b GDPR, personal data will be collected and processed if you provide us with such data for the execution of a contract or when opening a customer account. Which kind of data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above mentioned address of the responsible person. We store and use the data you provide us with for the purpose of fulfilling the contract. After completion of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by us, about which we will inform you accordingly below.

9. Newsletter

a) We send newsletters, e-mails and other electronic notifications containing promotional information (hereinafter referred to as “newsletters”) only with your consent or with a legal permission. If, in the process of registering for the newsletter, its contents are described specifically , these contents are decisive for the user’s consent. Our newsletters also contain information about our products, offers, promotions and our company.

b) For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP address as well as the time of registration and confirmation. The purpose of this procedure is to be able to verify your registration and, if necessary, to clarify any possible misuse of your personal data. We are interested in the use of a user-friendly and secure newsletter that serves our business interests and meets the expectations of the users. The legal basis is. Art. 6 para. 1 lit. f DS-GVO.

c) Your e-mail address is the only mandatory information for the newsletter. The supply of further, separately marked data is voluntary and will be used to address you personally. After your confirmation we will save your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a DS-GVO.

d) You can revoke your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail or by sending an e-mail to info@tushmagazine.com.

e) The newsletter is sent using the dispatch service provider SendinBlue. The provider is SendinBlue SAS, 55 rue d’Amsterdam, 75008 Paris, France.

The newsletter enables us to analyse the behaviour of the newsletter recipients. Among other things, we can analyse how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. The links in the e-mail are so-called tracking links, with which the clicks of the newsletter recipients can be counted.

If the analysis is not wanted, the newsletter must be unsubscribed.

The data deposited with us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter. After unsubscribing from the newsletter, the data is deleted from our servers as well as from the servers of SendinBlue.

Further information can be found in the SendinBlue data protection declaration: https://de.sendinblue.com/legal/privacypolicy/

10.     Where is your personal data stored?

a) The personal data we collect is generally stored within the European Union (“EU”). However, it may happen in exceptional cases that personal data is transferred to non-European countries. In these so-called “third countries” the GDPR is not a directly applicable law. In such countries, the data protection law may be less strict.

b) Such transfer of data to countries outside the European Economic Area may occur, for example, when processing a request for services or providing support services by electronic means.

c) However, in the event of such a transfer of data to a third country, we will ensure that it takes place in accordance with this Privacy Policy. In addition, we will ensure that the recipient in the third country ensures an adequate level of data protection for you and other parties concerned or that a legal permission exists. This is done, for example, by concluding a contract with the recipient in the third country on the basis of the so-called standard contractual clauses of the European Commission. These standard contractual clauses guarantee a similar level of data protection as the one provided by the European Data Protection Regulation.

11.     Cookies

a) We use so-called “cookies” to recognise multiple use of our offer by the same user or Internet connection holder. Cookies are small text files that are stored by the web browser on the user’s terminal device to store certain information.

b) If the user consents to the use of cookies, the legality of the data processing is governed by Art. 6 para. 1 (a) GDPR. If consent is not requested, our legitimate interest (i.e. interest in the analysis, optimisation and economic operation of this website and services) within the meaning of Art. 6 para. 1 (f) GDPR constitutes the legal basis for the use of cookies.

c) The cookies used by the website are divided into the following categories according to their purpose and function: Necessary cookies; functional cookies; performance cookies; marketing / third party cookies; cooking requiring consent.

Necessary cookies ensure that this website and the service functions properly. Functional cookies enable this website to store information such as the user name or language selection and to offer the user improved and personalised functions based on this information. These cookies collect and store only anonymous information. Performance cookies collect information on how our website is used in order to improve its attractiveness, content and functionality. Marketing / third party / consent cookies originate from external advertising companies and are used to collect information about the websites last visited by the user.

d) Necessary cookies cannot be deactivated or activated individually. The user has the possibility to adjust his cookie settings at any time or to deactivate cookies generally in his browser. The user can object to the use of functional cookies, performance cookies or marketing cookies at any time by adjusting his cookie settings accordingly. However, the exclusion of cookies may lead to functional restrictions of this online service. Information on how to deactivate cookies in the most common browsers can be found under the following links:

• Google Chrome https://support.google.com/accounts/answer/61416?co

• Microsoft Internet Explorer https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

• Safari https://support.apple.com/guide/safari/sfri11471/mac

• Firefox  https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox

• Opera   https://help.opera.com/latest/web-preferences/#cookies

12. External payment providers

a) Within the scope of fulfilling contracts (Art. 6 para. 1 lit. b. GDPR) we use external payment service providers through whose platforms the users and we can carry out payment transactions. Furthermore, the external payment service providers are selected on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR in order to offer our users effective and secure payment options.

b) The data processed by the payment service providers include basic data, such as name and address, bank data, such as account or credit card numbers, passwords, TANs and checksums, as well as contract sums and recipient related data. These details are required to complete the transactions. However, the data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the payment service providers may transfer the data to credit agencies. The purpose of this transmission is to check the buyers identity and credit rating.

c) In addition, the data protection notices of the respective payment service providers apply to the processing:

• Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)

• Klarna ( https://www.klarna.com/international/privacy-policy/)

• Visa (https://bb.visa.com/legal/global-privacy-notice.html)

• Mastercard (https://www.mastercard.us/en-us/vision/corp-responsibility/commitment-to-privacy/privacy.html)

• American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)

13.    Integration of third party content

13.1. Integration of YouTube

a) Components (videos) of the company YouTube are used on our website. The legal basis for the use of YouTube is Art. 6 para. 1 (f) GDPR. We use it in order to make our website more appealing to the respective user and thereby make it better known. The advertising purpose behind this is to be regarded as a legitimate interest within the meaning of the GDPR.

(b) YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, is a company belonging to Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA.

c) The YouTube videos on our website are all embedded in “enhanced privacy mode”, which means that no data about you as a user is transferred to YouTube if you do not watch the videos. Only when you do start playing the videos, the following data will be transmitted. We have no influence on this data transmission.

d) By visiting the website, YouTube is informed that you have visited the relevant subpage of our website. In addition, the data referred to under section 5 will be transmitted. This occurs regardless of whether YouTube provides a user account which you are logged into or whether no user account exists.

e) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under section 5 will be transmitted. This will occur regardless of whether YouTube provides a user account which you are logged in to or whether no user account exists. If you are logged in to your Google account, your data will be directly associated with your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button.

YouTube stores your data in user profiles and uses them for the purposes of advertising, market research and/or the demand-oriented design of its website. Such an analysis is carried out in particular (even for users who are not logged in) to offer demand-oriented and tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. You must contact YouTube to exercise this right.

f) For more information on the purpose and scope of data collection and processing by YouTube, please see their privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

13.2. Google Analytics

a) For the purpose of a demand-oriented design and continuous optimisation, we use Google Analytics, a web analysis service of Google Inc. (“Google”), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

b) The use of Google Analytics is based on our legitimate interests within the meaning of Art. 6 para. 1 (f) GDPR. We use Google Analytics to analyse and thus regularly improve the use of our website. We can use the statistics obtained to optimise our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has committed itself to the EU-US Privacy Shield and thus offers a guarantee of compliance with European data protection law https://www.privacyshield.gov/EU-US-Framework.

c) We also use Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.

d) We use Google Analytics with the addition “_anonymizeIp()”. This allows IP addresses to be processed in a shortened form, thus excluding the possibility of identifying a person. If the data collected about you contains a personal reference, it will immediately be excluded. The personal data will therefore be deleted immediately.

e) We use the “demographic characteristics” function of Google Analytics. This allows us to create reports that contain statements about the age, gender and interests of the site visitors. This data comes from interest-based advertising by Google as well as from visitor data from third parties. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”.

f) Google Analytics uses so-called “cookies”, text files which are stored on your computer and allow an analysis of your use of the website (see section 11). The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other states which are party to the Agreement of the European Economic Area. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating the use of the website by users, compiling reports on website activity and providing other services to the website operator relating to website activity and internet usage.

g) The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

h) You may refuse the use of cookies by selecting the appropriate settings on your browser; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as Google from processing this data by downloading and installing the browser plug-in available under the following link. The current link is: https://tools.google.com/dlpage/gaoptout?hl=en.

i) You can find further information on the use of data for advertising purposes by Google, as well as setting and objection options, on their websites:

– Use of data by Google https://marketingplatform.google.com/about/analytics/terms/us/

– Use of data for advertising purposes http://www.google.com/policies/technologies/ads

– About data protection https://marketingplatform.google.com/about/analytics/terms/us/

– To the privacy policy http://www.google.de/intl/de/policies/privacy

13.3. Google Ad-sense

a) For the purpose of demand-oriented design and continuous optimisation and to statistically record our website, we also use Google Adsense, a web analysis service of Google Inc. (“Google”), 1600 Amphitheatre Parkway Mountain View, CA94043, USA.

b) The use of Google Adsense is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO. We use the service to display ads on our website and to receive remuneration for this. For these purposes, user data, such as the click on an advertisement and the IP address of the users are processed, whereby the IP address is shortened by the last two digits. Therefore, the processing of the users’ data is pseudonymised. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield and thereby offers a guarantee of compliance with European data protection law: https://www.privacyshield.gov/EU-US-Framework.

c) In the case of advertisements that are displayed on our website, we receive remuneration for their display or other use. For these purposes, usage data, such as the click on an advertisement and the IP address of the user are processed, whereby the IP address is shortened by the last two digits. Therefore, the processing of the users’ data is pseudonymised.

d) For more information about Google’s use of data, settings and opt-out options, please see Google’s privacy policy https://policies.google.com/technologies/ads and the settings for the display of advertisements by Google.: https://adssettings.google.com/authenticated.

13.4. Integration of social plugins

a) We use the social plugins described below provided by the platforms Facebook, Twitter, LinkedIn, Pinterest and Instagram on our website. We also maintain links to the providers Facebook, Instagram and Pinterest.

b) Legal basis for the use of the plugins as well as the provision of links is Art. 6 paragraph 1 S. 1 lit. f GDPR. We use these to make our website more appealing to the respective user and thus ultimately more well-known. The advertising purpose behind this is to be regarded as a legitimate interest in the sense of the GDPR.

c) In order to increase the protection of your data when visiting our website, the social media functions are not fully integrated as plugins, but only by using an HTML link. This type of integration ensures that no connection to the Instagram servers is established when a page of our website containing such function is accessed. If you use the social media function by clicking on it, a new browser window opens and accesses the Instagram page, where you can interact with the plug-ins there (if necessary after entering your login data).

13.4.1. Instagram

a) We use the social plugin of the social media service Instagram and link to the service operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”) to display images, videos and texts. When you visit pages that display these elements, data is transmitted from your browser to the respective social media service and stored there. We do not have access to this data. Facebook Inc. with headquarters in the USA is certified for the us-European data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.

b) For more information, please see Instagram’s privacy policy at https://help.instagram.com/155833707900388.

13.4.2 Facebook

a) We use the social plugin of the social network Facebook and link to the service operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Facebook Inc. with its headquarters in the USA is certified for the us-European data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.

b) The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook’s privacy policy: https://www.facebook.com/policy.php/

13.4.3. Pinterest

a) We use the plugin of the service Pinterest and link to the service, which is operated by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

b) For the purpose and scope of the data collection and the further processing and use of the data by Pinterest, as well as your rights in this regard and setting options for protecting your privacy, please refer to Pinterest’s privacy policy: https://about.pinterest.com/de/privacy-policy

13.4.4. Twitter

a) We use the social plugin of the microblogging service Twitter, which is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). Twitter Inc. is based in the USA and is certified for the us-European data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.

b) For the purpose and scope of the data collection and the further processing and use of the data by Twitter, as well as your rights in this respect and setting options for protecting your privacy, please refer to Twitter’s data protection information: https://twitter.com/privacy/

13.4.5. LinkedIn

a) We use the social plugin of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. LinkedIn is certified for the us-European data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.

b) The purpose and scope of the data collection and the further processing and use of the data by LinkedIn, as well as your rights in this regard and setting options for protecting your privacy, can be found in LinkedIn’s privacy policy: https://de.linkedin.com/legal/privacy-policy

13.5.   GeoIP2 Precision City (MaxMind)

a) We use the geolocation service GeoIP2 Precision City. GeoIP2 Precision City is a service of MaxMind, Inc., Waltham, MA, 14 Spring St., Suite 3, Waltham, Massachusetts 02451, USA which is certified for the us-European data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.

b) We only use GeoIP2 Precision with IP anonymization. By integrating the service, we pursue the purpose of determining the user’s approximate location on the basis of the transmitted IP address in order to adapt the currency to the user’s country, among other things.

It cannot be ruled out that MaxMind also transmits the information to a server in a third-party country. Further information can be found at: https://support.maxmind.com/geoip-faq/

c) The legal basis for the use of GeoIP2 Precision is Art. 6 para. 1 lit. f) DSGVO. Our necessary legitimate interest lies in adapting our online offer to the location of the respective user. The service also simplifies the technical implementation of our website.

d) For further information on the handling of personal data by MaxMind, please refer to the MaxMind data protection information: https://www.maxmind.com/de/privacy_policy

14.   Your rights regarding your data

You have the following rights regarding the processed data:

– in accordance with art. 15 of the GDPR, you can request information about your personal data processed by us. In particular, you may request information on the purposes of the processing, the category of personal data, the categories of recipients to whom your data have been or will be transmitted, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details of the data;

– in accordance with Art. 16 GDPR, you can immediately request the correction of incorrect or incomplete personal data stored by us;

– in accordance with Art. 17 GDPR, you can request the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or if the data is necessary for the assertion, exercise or defence of legal claims

– in accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR

– in accordance with Art. 20 GDPR, you have the right to data transmission, i.e. to receive your personal data that you have provided us with in a structured, common and machine-readable format or may request the transfer to another responsible party, provided that the processing is based on your consent or on a contract with us and that the processing was carried out by using automated procedures. However, in the case of a transfer of data to another party, you can only request the transfer if it is technically feasible;

– In accordance with Art. 7 Para. 3 GDPR, you can withdraw your consent to us at any time. As a result, we may no longer continue to process the data that was based on this consent in the future; and

– Under Art. 77 GDPR, you have the right to file a complaint to a supervisory authority. To do so, you may contact the supervisory authority at your usual place of residence or work or at our head office.

In order to exercise your rights to correct or delete personal data, to request information, to revoke a consent or to object, only a simple message to us is required. There are no costs for you to exercise your rights. You can contact us using the contact information provided in section 1.1. of this data protection declaration.

​​

15.  Right of objection

a) If you have given your consent to the processing of your data, you can withdraw this consent at any time. After you have expressed it to us, such a withdrawal will affect the permissibility of the processing of your personal data.

b) If we base the processing of your personal data on the balancing of interests, you may object to the processing. If you do so, please explain the reasons why we should not process your personal data as we have done. If your objection is well-founded, we will examine the situation and either stop or adapt the data processing or outline our compelling reasons for continuing the processing. We will inform you of such compelling reasons. You have the right to file a complaint at any time to a supervisory authority (e.g. the supervisory authority at your place of residence or at the registered office of our company).

c) You can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us about your objection to advertising by using the contact details given in section 1.1.

d) If you wish to make use of your right of withdrawal or objection, it is sufficient to send an e-mail to the person named in section 1.1.

16.  Deletion and retention periods of your data

a) The data stored with us will be deleted as soon as they are no longer required for the intended purpose. For details, please refer to the sections of this notice which explain the nature and purpose of the processing of personal data in question.

b) Data which we are required to be stored by law, statutes or contractual obligations (e.g. for tax reasons) will be blocked instead of deleted to prevent use for other purposes. This includes storage for 6 years in accordance with § 257 (1) German HGB (for trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) or storage for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

17.  Updates to our Privacy Notice

a) This Privacy Notice is currently valid and was updated in 10/2021.

b) Due to changes in the law or adjustments in data processing, it may be necessary to update this data protection declaration. We therefore recommend that you check this page regularly for changes. If the change affects your consent or the provisions of the contractual relationship, these will only be made with your consent. You will be contacted separately by us for this purpose.