Privacy policy

Data Protection
Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you how we process your personal data when you use our website. Personal data is any data that can be used to identify you.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is PHANTOM Izabela Karaś, ul. Sikorskiego 1A, 49-340 Lewin Brzeski, Poland, tel.: +48 731 222 891, e-mail: sale@phantomfurniture.de. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 If you use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the data transmitted by your browser to the website server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

The website visited
Date and time of access
Amount of data transmitted in bytes
Source/referrer from which you accessed the page
Browser used
Operating system used
IP address used (where possible, in anonymized form)

Processing is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be disclosed or used for any other purpose. However, we reserve the right to check the server log files subsequently if there are specific indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries sent to the controller). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser’s address bar.

3) Hosting and Content Delivery Network

We use a provider to host our website and display its content. The provider renders its services itself or through selected subcontractors exclusively on servers located within the European Union.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider, which ensures the protection of our website users’ data and prohibits unauthorized disclosure to third parties.

4) Cookies

In order to make your visit to our website more attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are deleted automatically when you close your browser (so-called “session cookies”), while others remain on your device for a longer period and enable us to save your settings (so-called “persistent cookies”). In the latter case, you can find the storage duration in your web browser’s cookie settings.

If any of the cookies we use process personal data, the processing is carried out either pursuant to Art. 6(1)(b) GDPR for the performance of the contract, pursuant to Art. 6(1)(a) GDPR on the basis of your consent, or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website and a customer-friendly and effective design of your visit.

You can configure your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting Us

5.1 Trusted Shops
We will forward your e-mail address and, where applicable, other customer data to the service provider solely on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR so that the provider can contact you by e-mail with a reminder about the possibility to submit a review.

You may revoke your consent at any time with effect for the future by notifying us or the provider.

Pursuant to Art. 26 GDPR, we and the provider are jointly responsible for the processing described above.

5.2 WhatsApp Business
You can contact us via the WhatsApp messenger service operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the “WhatsApp Business” version.

If you contact us via WhatsApp in connection with a specific transaction (e.g., an order you have placed), we will store and use your mobile phone number used for WhatsApp and your name (if provided) pursuant to Art. 6(1)(b) GDPR in order to process your request and respond to you. On the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address or e-mail address) in order to allocate your request to a specific transaction.

If you use our WhatsApp contact for general inquiries (e.g., about our range of services, availability, or our website), we store and use the mobile phone number you use for WhatsApp and, if provided, your name pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in providing the requested information effectively and promptly.

Your data will be used exclusively to answer your inquiry via WhatsApp and will not be passed on to third parties.

Please note that WhatsApp Business accesses the address book of the mobile device we use for this purpose and automatically transmits the telephone numbers stored there to servers of its parent company, Meta Platforms Inc., in the USA. To operate our WhatsApp Business account, we use a mobile device whose address book contains only WhatsApp contact data of users who have actually contacted us via WhatsApp.

This means that each person whose WhatsApp contact data is stored in our address book has given consent to the transfer of their WhatsApp phone number from the address books of their chat contacts pursuant to Art. 6(1)(a) GDPR by accepting WhatsApp’s terms when they first use the app on their device. Accordingly, the transfer of data of users who do not use WhatsApp and/or who have not contacted us via WhatsApp is excluded.

For information about the purpose and scope of data collection and the further processing and use of data by WhatsApp, as well as your rights and privacy settings, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

The processing described above may involve transfers of data to servers of Meta Platforms Inc. in the USA.

For transfers to the USA, the provider has joined the EU–US Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

5.3 If you contact us (e.g., via a contact form or e-mail), your personal data will be processed solely for the purpose of handling your request and replying to you and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR. Your data will be deleted when it is clear from the circumstances that the matter has been conclusively resolved, provided that no statutory retention obligations apply.

6) Data Processing When Creating a Customer Account

Pursuant to Art. 6(1)(b) GDPR, personal data is collected and processed to the extent necessary when you provide it to us for the purpose of creating a customer account. The data required for creating an account can be found in the input fields of the corresponding form on our website.

You can delete your customer account at any time by sending a message to the controller at the address provided above. After deletion of your customer account, your data will be deleted provided that all contracts concluded via the account have been fully processed, no statutory retention periods apply, and we have no legitimate interest in further storage.

7) Data Processing for Order Handling

7.1 To the extent necessary for contract performance for delivery and payment purposes, the personal data collected by us will be passed on to our driver and the commissioned credit institution pursuant to Art. 6(1)(b) GDPR.

If, based on the relevant contract, we owe you updates for goods with digital elements or for digital products, we process the contact details you provided when placing the order in order to inform you personally, pursuant to our legal obligation to provide information under Art. 6(1)(c) GDPR. Your contact data will be used solely for the purpose of informing you about updates owed to you and will be processed only to the extent necessary for this purpose.

For order processing, we also work with the following service providers who support us wholly or partly in fulfilling the contracts concluded. Certain personal data will be transferred to these service providers in accordance with the information below.

7.2 Use of Payment Service Providers (Payment Services)

Apple Pay
If you select the payment method “Apple Pay” of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is processed via the “Apple Pay” function on your iOS, watchOS, or macOS device by charging the payment card stored in “Apple Pay”. Apple Pay uses security features integrated into your device’s hardware and software to protect your transactions. Payment authorization requires the entry of a code previously set up and identity verification using “Face ID” or “Touch ID” on your device.

To process the payment, the information you provided during the order process together with the order details is transmitted to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key and transmits it to the payment service provider of the payment card stored in Apple Pay. This encryption ensures that only the website on which the purchase was made can access the payment information. After payment has been processed, Apple sends the device account number and a dynamic transaction-specific security code to the website from which the payment was initiated to confirm the successful payment.

Where personal data is processed in the course of the described transfers, processing is carried out exclusively for payment processing pursuant to Art. 6(1)(b) GDPR.

Apple stores anonymized transaction data, including the approximate purchase amount, date and time, and whether the transaction was successful. This anonymization completely excludes the possibility of identifying individuals. Apple uses these anonymized data to improve Apple Pay and other Apple products and services.

When you use Apple Pay on an iPhone or Apple Watch to complete a purchase made in Safari on a Mac, your Mac and the authorizing device communicate via an encrypted channel on Apple servers. Apple does not process or store any of this information in a format that allows identification of the user. You can disable the ability to use Apple Pay on your Mac in your iPhone settings under “Wallet & Apple Pay” by turning off “Allow Payments on Mac”.

Further information on data protection for Apple Pay can be found at: https://support.apple.com/de-de/HT203027

Google Pay
If you select the payment method “Google Pay” offered by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), payment processing is carried out via the “Google Pay” application on your mobile device, which must run Android 4.4 (“KitKat”) or have NFC functionality. Payment is made by charging the payment card stored in Google Pay or another verified payment system stored there (e.g., PayPal). To authorize a payment via Google Pay exceeding EUR 25, you must first unlock your mobile device using a configured verification method (e.g., face recognition, password, fingerprint, or pattern).

To process the payment, the information provided during the order process together with the order information is transmitted to Google. Google then transmits the payment data stored in Google Pay to the website from which the payment originates in the form of a unique transaction number used to verify the payment. This transaction number does not contain any information about the actual payment details of the payment method stored in Google Pay; instead it is created and transmitted as a unique numerical token. For all transactions via Google Pay, Google acts solely as an intermediary in the payment process. The transaction is carried out exclusively between you and the website from which the payment originates by charging the payment method stored in Google Pay.

Where personal data is processed in the course of the described transfers, processing is carried out exclusively for payment processing pursuant to Art. 6(1)(b) GDPR.

Google reserves the right to collect, store, and analyze certain transaction information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction; location and description of the merchant; description of the purchased goods or services; photos attached to the transaction; name and email address of the merchant and the buyer or sender and recipient; the payment method used; description of the reason for the transaction; and, where applicable, an offer associated with the transaction.

According to Google, such processing is carried out solely pursuant to Art. 6(1)(f) GDPR on the basis of a legitimate interest in proper accounting, verification of transaction data, and optimization and maintenance of the Google Pay service.

Google also reserves the right to combine processed transaction data with other information collected and stored by Google when using other Google services.

Google Pay Terms of Service:
https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Google Pay Privacy Notice:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

Klarna
This website offers one or more online payment methods from Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden.

If you select a payment method offered by the provider that requires payment in advance (e.g., credit card payment), your payment data provided during the ordering process (including name, address, bank details and card details, currency and transaction number), as well as information about the contents of your order, will be transmitted to the provider pursuant to Art. 6(1)(b) GDPR. In this case, your data is transmitted solely for payment processing and only to the extent necessary for this purpose.

If you select a payment method in which the provider makes advance payments (e.g., invoice, installment purchase, or direct debit), you will be asked during the ordering process to provide certain personal data (name, street, house number, postal code, city, date of birth, email address, telephone number, and, where applicable, data relating to an alternative payment method).

In order to protect our legitimate interest in assessing our customers’ creditworthiness, we transmit this data to the provider for a credit check pursuant to Art. 6(1)(f) GDPR. Based on the personal data provided by you and other data (such as cart contents, invoice amount, order history, and payment history), the provider checks whether the selected payment method can be granted with regard to the payment risk and/or risk of default.

In addition to internal criteria of the provider pursuant to Art. 6(1)(f) GDPR, identity and creditworthiness information from credit agencies may also be included in the decision-making process:
https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may include probability values (so-called score values). If score values are included, they are based on a scientifically recognized mathematical-statistical method. Address data is one factor among others used to calculate score values.

You may object to the processing of your data at any time by sending a message to us or the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.

PayU
This website offers online payment methods from PayU S.A., ul. Grunwaldzka 186, 60-166 Poznań, Poland.

8) Online Marketing

Google AdSense
This website uses Google AdSense, an online advertising service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google AdSense uses cookies, i.e., text files stored on the user’s computer, to help analyze how users use the website. Google AdSense also uses web beacons (small invisible graphics) to collect information. These web beacons enable simple actions such as website traffic to be recorded, collected, and analyzed. Information generated by cookies and/or web beacons about the use of this website (including the user’s IP address) is generally transmitted to a Google server and stored there. This may also involve transmission to Google LLC servers in the USA.

Google uses this information to analyze your usage behavior with regard to AdSense ads. The IP address transmitted by your browser within the scope of Google AdSense is not merged with other Google data. The information collected by Google may be transferred to third parties if required by law and/or if third parties process the data on behalf of Google.

All processing operations described above, in particular the reading of information on the device used via cookies and/or web beacons, will only take place with your explicit consent pursuant to Art. 6(1)(a) GDPR. Without this consent, Google AdSense will not be used during your visit to our website.

You may revoke your consent at any time with effect for the future by disabling this service via the “cookie consent tool” provided on the website.

More information about Google’s privacy policy can be found here:
https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

9) Web Analytics Services

Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables an analysis of website usage.

By default, Google Analytics sets four cookies when you visit the website. These cookies are small text files stored on your device that collect certain information, including your IP address, which Google shortens by removing the last digits to prevent direct identification.

The information is transferred to Google servers and processed there. This may also involve transfers to Google LLC, based in the USA.

Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activity for us, and provide other services related to website activity and internet usage. The IP address transmitted by your browser within the scope of Google Analytics and shortened will not be merged with other Google data. Data collected via Google Analytics 4 is stored for two months and then deleted.

All processing described above, in particular the setting of cookies on your device, will only take place with your explicit consent pursuant to Art. 6(1)(a) GDPR. Without your consent, Google Analytics 4 will not be used during your visit to our website. You can revoke your consent at any time with effect for the future by disabling this service via the “cookie consent tool” available on the website.

We have concluded a data processing agreement with Google which ensures the protection of our website users’ data and prohibits unauthorized disclosure to third parties.

Further legal information on Google Analytics 4 can be found at
https://business.safety.google/intl/de/privacy/ , https://policies.google.com/privacy?hl=de&gl=de and https://policies.google.com/technologies/partner-sites

Demographic data: Google Analytics 4 uses the special “Demographics” feature to generate statistics that provide information about the age, gender and interests of website visitors. This is possible through the analysis of advertising and information from third-party providers. The collected data cannot be attributed to a specific person and is deleted after two months.

Google Signals
As an extension of Google Analytics 4, this website may use Google Signals to generate cross-device reports. If personalized ads are enabled and your devices are linked to your Google account, Google may, subject to your consent to the use of Google Analytics pursuant to Art. 6(1)(a) GDPR, analyze your user behavior across devices and create database models, including those relating to cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to opt out of cross-device analysis, you can disable the “Personalized Ads” feature in your Google account settings (instructions: https://support.google.com/ads/answer/2662922?hl=de). Further information on Google Signals: https://support.google.com/analytics/answer/7532985?hl=de

User IDs
The “User IDs” function is available on this website as an extension of Google Analytics 4. If you have consented to the use of Google Analytics 4 pursuant to Art. 6(1)(a) GDPR, have created an account on this website, and log into it on different devices, your activity, including conversions, may be analyzed across devices.

10) Remarketing and Conversion Tracking

10.1 Meta Pixel with Advanced Matching
Within our online offering, we use the “Meta Pixel” of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”) in advanced matching mode.

When you click one of our ads on Facebook or Instagram, the URL of our linked page is extended by a parameter using the Meta Pixel. This URL parameter is then entered into your browser after redirection by a cookie set by our linked page. In addition, this cookie collects certain customer data such as email address that we collect on our website linked to the Facebook or Instagram ad during processes such as purchases, account logins, or registrations (advanced matching). The cookie is then read and allows the data, including customer-specific data, to be transmitted to Meta.

We use the Meta Pixel with advanced matching to make our ads (“Ads”) on Facebook and/or Instagram more effective and to align them with users’ interests or certain characteristics (e.g., interest in certain topics or products determined based on visited websites) that we transmit to Meta (“Custom Audiences”).

In addition, we analyze the effectiveness of our ads by tracking whether users were redirected to our website after clicking an ad (conversion). Compared to the standard Meta Pixel function, the advanced matching function helps us measure the effectiveness of our advertising campaigns more accurately by recording more attributable conversions.

All transmitted data is stored and processed by Meta, enabling association with the relevant user profile and allowing Meta to use the data for its own advertising purposes in accordance with Meta’s data policy (https://www.facebook.com/about/privacy/). This data may enable Meta and its partners to display ads on and off Facebook.

All processing operations described above, in particular the setting of cookies to read information on the device used, will only be carried out with your explicit consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by disabling this service in the cookie consent tool provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our website users’ data and prohibits unauthorized disclosure to third parties.

Information generated by Meta is usually transmitted to and stored on Meta servers; in this context, data may also be transferred to Meta Platforms Inc. servers in the USA.

10.2 Google Ads Remarketing
This website uses retargeting technology from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google places a cookie in your browser that automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited. Further processing only occurs if you have consented to Google linking your browsing and app history with your Google account and using information from your Google account to personalize ads. If you are logged in to Google during your visit to our website, Google uses your data together with Google Analytics data to create and define target audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data to create target audiences. When using Google Ads Remarketing, personal data may also be transferred to Google LLC servers in the USA.

All processing operations described above, in particular the setting of cookies to read information on your device, will only be carried out with your explicit consent pursuant to Art. 6(1)(a) GDPR. Without this consent, retargeting technology will not be used during your visit to our website.

You can revoke your consent at any time with effect for the future by disabling this service in the cookie consent tool provided on the website.

Details on the processing initiated by Google and how Google processes data from websites can be found here: https://policies.google.com/technologies/partner-sites
Google’s privacy policy: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

10.3 Google Ads Conversion Tracking
This website uses the “Google Ads” advertising program and, within Google Ads, conversion tracking provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

We use Google Ads to advertise our attractive offers on external websites by means of advertising materials (Google Ads/AdWords). Using data from the advertising campaigns, we can determine the success of individual advertising measures. Our aim is to show you ads that are relevant to you, make our website more interesting for you, and ensure correct billing of advertising costs.

A conversion tracking cookie is set when a user clicks a Google ad. Cookies are small text files stored on your device. These cookies usually expire after 30 days and are not used for personal identification. If you visit certain pages of this website while the cookie is still valid, Google and we can recognize that you clicked the ad and were redirected to that page. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across the websites of different Google Ads customers.

The information collected using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked their ad and were redirected to a page tagged for conversion tracking. However, they do not receive information that personally identifies users.

When using Google Ads, personal data may also be transferred to Google LLC servers in the USA.

Details on the processing triggered by Google Ads conversion tracking and how Google processes website data can be found here: https://policies.google.com/technologies/partner-sites

You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the browser plugin available from Google at:
https://www.google.com/settings/ads/plugin?hl=de

To better target ads at users whose data we have obtained in the context of business relationships or similar, we use the Customer Match function in Google Ads. For this purpose, we electronically transmit one or more files containing aggregated customer data (primarily email addresses and telephone numbers) to Google. Google does not gain access to unencrypted data; instead, Google automatically encrypts the information in the customer files during upload using a special algorithm. Google can then use the encrypted information only to match it with existing Google accounts created by users. This enables personalized ads across all Google services linked to the relevant Google account.

Customer data is transmitted to Google only if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. This consent can be revoked at any time with effect for the future. More information on Google’s data protection measures regarding Customer Match can be found here:
https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182

Google’s privacy policy: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

10.4 Pinterest Tag Conversion Tracking
This website uses conversion tracking technology provided by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

If you reached our website via an ad in the provider’s domain, the success of the ad can be tracked using cookies and/or similar technologies (tracking pixels, web beacons, pings, or HTTP requests).

For this purpose, the tracking technology reads certain information from the device and browser used, including, where applicable, the IP address, in order to record and analyze user actions predefined by us (e.g., completed transactions, leads, inquiries via site search, product page views). This allows us to compile statistics about users’ behavior on our website after being redirected from an ad, which we use to optimize our offering.

All processing operations described above, in particular the setting of cookies to read information on the device used, will only take place with your explicit consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by disabling this service in the cookie consent tool provided on the website.

We have concluded a data processing agreement with the provider, which ensures the protection of our website users’ data and prohibits unauthorized disclosure to third parties.

11) Site Functionalities

11.1 Facebook Plugins
Our website uses plugins of the social network provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

These plugins enable direct interaction with content within the social network.

To increase the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the page using a so-called “two-click solution” or “Shariff”.

This integration ensures that no connection to the provider’s servers is established when you access a page of our website that contains such plugins.

Only when you activate the plugins and give your consent to data transfers pursuant to Art. 6(1)(a) GDPR will your browser establish a direct connection to the provider’s servers. In this process, regardless of whether you are logged into an existing user profile, information about your device (including IP address), browser and browsing history will be transmitted to the provider to a certain extent and may be further processed there.

If you are logged into an existing user profile on the provider’s social network, information about interactions carried out via the plugins will also be published there and displayed to your contacts.

You can revoke your consent at any time by deactivating the plugin again (clicking it again). This revocation does not affect data that has already been transferred to the provider.

Data may also be transferred to: Meta Platforms Inc., USA.

We have concluded a data processing agreement with the provider, which ensures the protection of our website users’ data and prohibits unauthorized disclosure to third parties.

11.2 Instagram Plugins
Our website uses plugins of the social network provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

These plugins enable direct interaction with content within the social network.

To increase the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the page using a so-called “two-click solution” or “Shariff”.

This integration ensures that no connection to the provider’s servers is established when you access a page of our website that contains such plugins.

You can revoke your consent at any time by deactivating the plugin again (clicking it again). This revocation does not affect data that has already been transferred to the provider.

Data may also be transferred to: Meta Platforms Inc., USA.

We have concluded a data processing agreement with the provider, which ensures the protection of our website users’ data and prohibits unauthorized disclosure to third parties.

11.3 Google reCAPTCHA
This website uses a CAPTCHA service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data may also be transmitted to Google LLC, USA. The provider uses Google Fonts to visually design the CAPTCHA window; these are fonts downloaded from the internet by Google. No other information is processed beyond what is already transmitted to Google via reCAPTCHA.

The service checks whether an input is made by a natural person or is abusively made by automated processing and blocks spam, DDoS attacks and similar automated malicious attacks. To ensure that the action is performed by a human and not an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system type, as well as the date and duration of the visit and transmits this information to the provider’s servers for analysis. Cookies (small text files stored in the device browser) may be used in this process.

If the processing described above is based on cookies, these will only be set after you have given your explicit consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by disabling this service in the cookie consent tool provided on the website.

If the processing described above takes place without cookies, the legal basis is our legitimate interest in establishing individual accountability on the internet and preventing misuse and spam pursuant to Art. 6(1)(f) GDPR.

We have concluded a data processing agreement with the provider, which ensures the protection of our website users’ data and prohibits unauthorized disclosure to third parties.

Further information on Google’s privacy policy can be found here:
https://business.safety.google/intl/de/privacy/

12) Tools and Other Services

Cookie Consent Tool
This website uses a “cookie consent tool” to obtain valid user consent for cookies and cookie-based applications that require consent. The cookie consent tool is displayed to users upon visiting the site as an interactive interface in which consent for certain cookies and/or cookie-based applications can be given by ticking the relevant boxes. With this tool, all consent-requiring cookies/services are loaded only if the respective user gives consent by ticking the relevant boxes. This ensures that such cookies are only placed on the user’s device if consent has been granted.

The tool uses technically necessary cookies to store your cookie preferences. In this process, no personal data is generally processed.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is carried out pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly cookie consent management and thus in a legally compliant design of our website.

A further legal basis is Art. 6(1)(c) GDPR. As the controller, we are legally obliged to make the use of cookies that are not technically necessary dependent on the user’s consent.

Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our website users’ data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

13) Rights of the Data Subject

13.1 Applicable data protection law grants you the following rights as a data subject (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, with reference to the legal basis stated for the respective exercise requirements:

Right of access pursuant to Art. 15 GDPR
Right to rectification pursuant to Art. 16 GDPR
Right to erasure pursuant to Art. 17 GDPR
Right to restriction of processing pursuant to Art. 18 GDPR
Right to be informed pursuant to Art. 19 GDPR
Right to data portability pursuant to Art. 20 GDPR
Right to withdraw consent pursuant to Art. 7(3) GDPR
Right to lodge a complaint pursuant to Art. 77 GDPR

13.2 Right to Object
If we process your personal data on the basis of our overriding legitimate interest within the framework of a balancing of interests, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future.

If you exercise your right to object, we will stop processing the data concerned. Further processing may, however, remain possible if we can demonstrate compelling legitimate grounds for the processing that override your interests, fundamental rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. You may exercise the right to object as described above.

If you object, we will cease processing your personal data for direct marketing purposes.

14) Storage Period of Personal Data

The storage period of personal data is determined by the respective legal basis, the purpose of processing and—where applicable—also by statutory retention periods (e.g., retention periods under commercial and tax law).

If personal data is processed on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR, this data is stored until you withdraw your consent.

If statutory retention periods apply to data processed in the context of contractual or quasi-contractual obligations pursuant to Art. 6(1)(b) GDPR, this data is routinely deleted after the retention periods expire, provided it is no longer required for contract performance or contract initiation and/or we no longer have a legitimate interest in further storage.

If personal data is processed on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

If personal data is processed for direct marketing purposes on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(2) GDPR.

Unless otherwise stated in this privacy policy for specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.