INFORMATION ABOUT THE PROCESSING OF YOUR DATA
In accordance with Art. 12 of the General Data Protection Regulation (hereinafter referred to as the GDPR), we are obliged to inform you about the processing of your data when you use our website. We take the protection of your personal data very seriously and this privacy policy informs you about the details of the processing of your data and about your legal rights in this regard.
We reserve the right to adapt the privacy policy with future effect, in particular in the event of further development of the website, the use of new technologies or changes to the legal bases or the corresponding case law.
We recommend that you read this privacy policy from time to time and take a printout or a copy for your documents.
DEFINITIONS
- In the following, website means all of the controller’s pages at https://www.bananabeauty.co.uk/.
- personal data means any information relating to an identified or identifiable natural person. A person is identifiable if they can be identified, either directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more special features that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. Personal data is therefore, for example, a person’s name, email address and telephone number, but may also include information about preferences, hobbies and memberships;
- processing means operations or sets of operations carried out with or without the aid of automated procedures in connection with personal data, such as the collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction;
- pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person;
- consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes in a particular case by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
- Google means Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; reachable in the European Union at: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001;
SCOPE
This privacy policy applies to all pages of https://www.bananabeauty.co.uk/. It does not cover any linked websites of other providers.
RESPONSIBLE PROVIDER
The following party is responsible for the processing of personal data within the scope of this privacy policy:
Grenion GmbHQ7 17a, 68161 Mannheim
QUESTIONS ABOUT DATA PROTECTION
If you have any questions about data protection with regard to our company or our website, you can contact our data protection officer:
Spirit Legal LLP RechtsanwälteAttorney-at-law and data protection officer
Peter Hense
Postal address:
Data protection officerc/o Grenion GmbH
Q7 17a, 68161 Mannheim
Contact via encrypted online form:
Contact data protection officer
SECURITY
We have taken comprehensive technical and organisational precautions to protect your personal data from unauthorised access, abuse, loss and other external disruption. To this end, we regularly review our security measures and adapt them to current standards.
YOUR RIGHTS
You have the following rights with regard to the personal data concerning you that you can assert against us:
- right of access (Art. 15 GDPR)
- right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR)
- right to restriction of processing (Art. 18 GDPR)
- right to object to processing (Art. 21 GDPR)
- right to withdraw your consent (Art. 7(3) GDPR)
- right to receive the data in a structured, commonly used, machine-readable format (data portability) and the right to transfer the data to another controller, if the prerequisites of Art. 20(1) (a), (b) GDPR are fulfilled (Art. 20 GDPR).
You can assert your rights by informing us using the contact details specified above under ‘Responsible provider’ or by contacting the data protection officer designated by us.
You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).
USE OF THE WEBSITE, ACCESS DATA
In principle, you can use our website for purely informational purposes without disclosing your identity. When you access the individual pages of the website in this sense, this only results in access data being transferred to our web hosting service so that the website can be displayed to you. This is the following data:
- browser type/browser version
- operating system used
- language and version of the browser software
- hostname of the accessing device
- IP address
- website from which the request comes
- content of the request (specific page)
- date and time of the server request
- access status/HTTP status code
- referrer URL (website visited before)
- volume of data transferred
- time zone difference from Greenwich Mean Time (GMT).
Temporary processing of the IP address by the system is necessary to make it technically possible to deliver the website to your device. This requires processing of your IP address for the duration of the session. The legal basis of this processing is Art. 6(1) Sentence 1(f) GDPR.
The access data is not used to identify individual users and is not combined with other data sources. The access data is erased when it is no longer required for achieving the purpose of its processing. In the case of recording the data to provide the website, this is the case when you end your visit to the website.
IP addresses are stored in log files to ensure the functionality of the website. In addition, the data serves us to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context either. In principle, data is erased after seven days at the latest; further processing is possible in individual cases. In this case, the IP address is erased or so transformed that an assignment of the retrieving client is no longer possible.
The recording of data for the provision of the website and the processing of data in log files is an absolute necessity for the operation of the website. You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). In the event that your objection is justified, we will examine the situation and either stop or adjust the data processing or point out to you the compelling legitimate reasons on the basis of which we will continue processing. You may send us your objection using the contact details specified under ‘Responsible provider’ above.
COOKIES
In addition to the aforementioned access data, so-called cookies are stored in the internet browser of the device you use to access the website. These are small text files with a sequence of numbers that are stored locally in the cache of the browser used. Cookies do not become part of the device system and cannot execute programs. They serve to make our website user-friendly. The use of cookies may be technically necessary or may occur for other purposes (e.g. analysis/evaluation of website use).
A) TECHNICALLY NECESSARY COOKIES
Some elements of our website require that the retrieving browser can be identified even after a page change. This involves processing the following data in the cookies:
- language settings
- items in shopping basket
- login information.
The user data collected by technically necessary cookies is not processed to create user profiles. We also use session cookies, which store a session ID that can be used to assign various requests from your browser to the shared session. Session cookies are required for using the website. In particular, they enable us to recognise the device used when you return to the website. If you have an account with us, we use this cookie to recognise you on subsequent visits to the website; otherwise you would have to log in again each time you visited. The legal basis of this processing is Art. 6(1) Sentence 1(f) GDPR. We use session cookies to make using our website more attractive and effective. Session cookies are erased as soon as you log out or close your browser.
Most browsers are preset to automatically accept cookies. You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
You can disable or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use the full functionality of the website.
B) TECHNICALLY NON-ESSENTIAL COOKIES
In addition, we also use cookies on the website which enable an analysis of users’ surfing behaviour. For example, this involves processing the following data in the cookies:
- entered search terms
- frequency of page views
- use of website functions.
These cookies are used to make using the website more efficient and attractive. The legal basis of this processing is Art. 6(1) Sentence 1(f) GDPR. The technically non-essential cookies are automatically erased after a specified period, which may vary depending on the cookie.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
You have the option of changing your browser settings in order to generally or selectively block the placement of cookies or remove stored cookies. You can also have the corresponding information displayed before a cookie is placed. You can also prevent the use of cookies by opening your browser in ‘private mode’. If you change the browser settings for the use of cookies or disable cookies, the functionality of this website may be restricted.
Where we integrate cookies from third-party providers into our website, we point this out to you separately below.
CONTACTING OUR COMPANY
When contacting our company, e.g. by using the contact form on the website, we will process the personal data provided by you so that we can respond to your request.
In order for us to process enquiries submitted via the contact form on the website, it is essential that you provide a name and a valid email address. At the moment when you submit the message to us, the following data will also be processed:
- IP address
- date/time of registration.
The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR and Art. 6(1) Sentence 1(b) GDPR, if the contact is made with the intention of concluding a contract. If it is necessary to provide your data in order to conclude a contract, it may be impossible to conclude or implement a contract or to process the request if the data is not provided.
Processing the personal data from the form allows us alone to process the contact you make with us. Where you contact us by email, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process serves to prevent any misuse of the contact form and to ensure the security of our information technology systems.
The data will not be transmitted to third parties in this context. The data is only processed in order to process the conversation. As soon as processing is no longer necessary, we erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
PROCESSING AND TRANSMISSION OF PERSONAL DATA FOR CONTRACTUAL PURPOSES
We process your personal data if and to the extent necessary for the initiation, creation, execution and/or termination of a legal transaction with our company. The legal basis of this results from Art. 6(1) Sentence 1(b) GDPR. If processing the data is necessary in order to conclude a contract, it may be impossible to conclude or implement a contract and/or to end a legal transaction with our company if the data is not provided.
Once the purpose has been achieved (e.g. contract processing), the personal data will be blocked for further processing or erased, unless we are entitled to retain the data for a longer period and process it as required in the respective context on the basis of a consent granted by you (e.g. consent to the processing of your email address for sending promotional emails), a contractual agreement, a statutory authorisation (e.g. authorisation to send direct marketing) or on the basis of justified interests (e.g. retention for asserting claims).
Your personal data will be passed on if
- it is necessary for the creation, execution or termination of legal transactions with our company (e.g. when transmitting data to a payment service provider/a shipping company to process a contract with you) (Art. 6(1) Sentence 1(b) GDPR), or
- a subcontractor or party we use to perform our obligations, which we use exclusively within the framework of providing the offers or services requested by you, needs this data (unless you are expressly informed otherwise, such auxiliary parties are only entitled to process the data insofar as this is necessary for the provision of the offer or service), or
- there is an enforceable official order (Art. 6(1) Sentence 1(c) GDPR), or
- there is an enforceable court order (Art. 6(1) Sentence 1(c) GDPR), or
- we are legally obliged to do so (Art. 6(1) Sentence 1(c) GDPR), or
- the processing is necessary in order to protect the vital interests of the data subject or another natural person (Art. 6(1) Sentence 1(d) GDPR), or
- this is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6(1) Sentence 1(e) GDPR), or
- we are authorised or even obliged to pursue overriding legitimate interests (Art. 6(1) Sentence 1(f) GDPR).
Your personal data will not be transmitted to other persons, companies or bodies unless you have effectively consented to such transmission. The legal basis of the processing is then Art. 6(1) Sentence 1(a) GDPR.
PROCESSING AND TRANSMISSION OF PERSONAL DATA IN THE ONLINE ORDERING SYSTEM
If you wish to submit an order or booking in our online shop, it is necessary for the initiation and conclusion of the contract that you provide personal data such as your name, your address and your email address. The mandatory data required for order and contract processing is marked as such; further information is provided voluntarily. If you do not provide the necessary data, it will not be possible to conclude a contract. We process your data for order processing; in particular, we will forward payment data to your chosen payment service provider or our main bank. The legal basis for the processing is Art. 6(1) Sentence 1(b) GDPR. To prevent unauthorised third parties from accessing your personal data, the order process on the website is encrypted using SSL/TLS technology.
You can voluntarily create a customer account in which we store your data for future visits to the website. When you create a customer account, the data you enter is processed. Once you have successfully logged in, you are free to edit or delete all other data, including your customer account.
As soon as storage is no longer necessary, we erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of ten years. Two years after termination of the contract, we will restrict the processing and reduce the processing to compliance with our existing legal obligations.
REGISTRATION/PASSWORD-PROTECTED AREA ON THE WEBSITE/CUSTOMER ACCOUNT
If you wish to use the password-protected area of our website, you must register by providing the following information:
- email address
- first and last name, and address if a customer account is being opened in connection with an order.
Furthermore, the following data is processed at the time of registration:
- IP address
- date/time of registration.
The data will be erased as soon as it is no longer required for achieving the purpose of its processing. This is the case for the data collected during the registration process if the registration on the website is cancelled or modified.
The following functions are available to you in the password-protected area:
- edit your profile data
- view past orders
- manage reward system (‘Refer a friend’ and loyalty programme).
If you use the password-protected area of the website, e.g. to edit your profile data or to view past orders, we also process the data about your person required for the initiation or performance of the contract, in particular address data and information about the payment method. The legal basis for the processing is Art. 6(1) Sentence 1(b) GDPR. The data will be erased as soon as it is no longer required for achieving the purpose of its processing or as soon as there are no legitimate interests preventing its erasure. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of ten years. Two years after termination of the contract, we will restrict the processing and reduce the processing to compliance with our existing legal obligations. The data processing is necessary for the conclusion and initiation of the contract. If you do not provide your data, you may be unable to use the password-protected area and conclusion or implementation of the contract may be impossible.
If you provide further data voluntarily (e.g. about interests, age, gender, preferences), we process your data which is not necessary for the initiation or performance of a contract, for as long as you use the password-protected area and if you do not delete it yourself beforehand. Our aim in this respect is to optimise the use of the website for you as a user. The legal basis for this is Art. 6(1) Sentence 1(f) GDPR.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.>
You can manage, change or delete your voluntary information yourself at any time in the password-protected area. You are free to take measures in accordance with the ‘Your rights’ section, although if you do have any complaints, we request that you first contact our company.
APPLICATION PROCESS
We are pleased that you are interested in us and that you wish to apply or have already applied for a position in our company. In the following, we would like to provide you with information about the processing of your personal data in connection with your application. We process the data necessary for the online application process (e.g. name, email address and location) as well as data that you have sent us in connection with your application in order to check your suitability for the position (or any other vacancies within our company) and to carry out the application process.
The legal basis for the processing of your personal data in this application process is primarily Section 26 of the German Federal Data Protection Act (BDSG) as amended on 25 May 2018. It allows the processing of data required in connection with hiring decisions. Should the data be required for the assertion of legal rights after completion of the application process, data may be processed on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Art. 6(1) Sentence 1(f) GDPR. In such cases, our interest is in asserting or defending claims.
In the event of a rejection, candidate data will be deleted after six months. In the event that you have agreed to further storage of your personal data, we will add your data to our applicant pool. There the data will be deleted after two years. If you are offered a job in the context of the application process, the data from the applicant data system will be transferred to our HR information system.
We use a specialist software provider for the application process. It acts as a service provider for us and may also become aware of your personal data in the context of system maintenance and support. We have concluded what’s known as a data processing agreement with this provider, which ensures that data processing is carried out in a permissible manner.
Upon receipt of your application, your application data will be reviewed by the HR department. Suitable applications are then forwarded internally to the department heads for the respective vacancies. The next steps to be taken are then agreed upon. In principle, only those persons in the company have access to your data who need this for the regular conduct of our application process.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
EMAIL MARKETING
ADVERTISING TO EXISTING CUSTOMERS
We reserve the right to use the email address provided by you when ordering in accordance with the statutory provisions in order to send you the following content by email during or after the order, unless you have already objected to this processing of your email address:
- other interesting offers from our portfolio
- information about company events
- questions about special requirements for product development
- requests for feedback.
If it is not essential to send information electronically for contract processing (e.g. an informative email) based on Art. 6(1) Sentence 1(b) GDPR, the legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests in the processing described lie in enhancing and optimising our services, conducting direct marketing and ensuring customer satisfaction. We will erase your data when you cancel your user contract, but no later than three years after termination of the contract.
We would like to point out that you can object to receiving direct marketing and to the processing of data for direct marketing purposes at any time without incurring any costs other than the transmission costs according to the basic rates. Here you have a general right of objection without giving reasons (Art. 21(2) GDPR). After exercising your right of objection, we will erase your data in connection with the sending of advertising to existing customers. To do this, click on the unsubscribe link in the respective email or send us your objection to the contact details provided under ‘Responsible provider’.
USE OF ZENLOOP FOR SENDING FEEDBACK REQUESTS
We also process your email address to send feedback requests. The email contains a so-called NPS query, a Net Promoter Score for measuring customer satisfaction, which is created and sent by zenloop (zenloop GmbH, Brunnenstraße 196, 10119 Berlin). For this purpose, zenloop receives your email address, name and order number after you have placed an order. zenloop stores your data as well as your feedback within the European Union. zenloop uses your data after anonymisation to create reports or benchmarks; the anonymised data is used for security and operational management purposes, to create statistical analyses and for research and development purposes. In principle, zenloop will erase your data after the legal retention periods have expired, unless other legal grounds justify the data processing. Please refer to zenloop’s privacy policy for more information: https://www.zenloop.com/de/legal/privacy
We, as well as the companies affiliated with our company, use your data to enhance our services and to make improvements. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
USE OF MAILJET FOR SENDING PRODUCT-RELATED FEEDBACK REQUESTS
We use the Mailjet email marketing service, provided by Mailjet GmbH (c/o Workrepublic, Berliner Allee 26, 40212 Düsseldorf, Germany; https://www.mailjet.de/), to send you product-related feedback requests by email after you have made a purchase. For this purpose, Mailjet processes your email address within the European Union, provided this is necessary for the provision of its services. Additional technical information is processed, such as the browser used, time of the page retrieval and IP address. This information is processed to analyse and technically improve our services.
The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. We have no knowledge of how long Mailjet stores data and have no way of influencing this.
For more information, please refer to Mailjet’s security and privacy information at https://www.mailjet.de/sicherheit-datenschutz/ as well as its privacy policy, which is accessible at https://www.mailjet.de/privacy-policy/?_ga=2.212624340.1786717741.1542624534-1074210499.1542624534
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
COMMENT FEATURE, GUESTBOOK ON THE WEBSITE
Using the link to our shop system sent via Mailjet, you can, if you own a customer account, rate the product you have purchased on our website.
When you post, we process the following personal data:
- email address
- first and last name
- username
- town.
Furthermore, the following data is processed at the time of posting:
- IP address
- date/time of post.
When your post is published, we will only publish the name stored in your user account, and not the email address you provided. You do not have to enter a real name and are free to use the feature pseudonymously. You can change your display name within your customer account at any time. We will check your post before publication. We reserve the right to remove posts at any time if they are found to be unlawful.
If necessary, we process your email address and your name/pseudonym in order to be able to determine whether the content shared in the post is genuine. Furthermore, we would like to be able to contact you if someone else objects to your post on the website, and to defend ourselves against complaints or claims that may be brought against us as a result of your post.
For this purpose, we also process your IP address. We erase the IP address after one week. However, we will process your email address as long as the post continues to exist on the website or we are involved with the post in the context of a legal dispute.
If you or we delete your post, we process the email address, the name provided and other voluntary information up to the expiry of the statutory limitation periods for the aforementioned reasons of prevention and defence, but restrict the processing of this data after six months.
We do not pass the data on to third parties, unless we are obliged to do so by law or by official or judicial order or transmission is necessary for the enforcement of our legitimate interests. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
You can have us delete your post at any time. To do this, simply contact us using the contact details provided under ‘Responsible provider’. You are free to take measures in accordance with the ‘Your rights’ section, although if you do have any complaints, we request that you first contact our company.
NEWSLETTER
You have the possibility to subscribe to our email newsletter on the website, which we use to inform you regularly about the following content:
- offers from our portfolio
- information about company events
- third-party offers (including events), provided you have consented to this
- new articles/collections
- special/time-limited offers.
In order to receive the newsletter, you need to give us a valid email address.
To subscribe to our email newsletter, please use the double opt-in process. Once you have entered the data marked as mandatory, we will send you an email to the email address you have provided, in which we ask you to expressly confirm your subscription to the newsletter (by clicking on a confirmation link). This is how we ensure that you really want to receive our email newsletter. If no confirmation takes place within 24 hours, we block the information transferred to us and erase it automatically after one month at the latest.
Furthermore, the following data is processed at the time of subscription:
- IP address
- date/time of registration for the newsletter
- time when you click on the confirmation link.
We process your IP address, the time of registration for the newsletter and the time of your confirmation in order to document your newsletter registration and to prevent abuse of your personal data. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. We process this data until two years after termination of the contract. If registration for the newsletter takes place and it is unrelated to the conclusion of a contract, we process this data until two years after termination of the usage. We erase this data when the newsletter subscription ends.
After your confirmation, we will process the email address of the recipient concerned for the purpose of sending our email newsletter. The legal basis of the processing is Art. 6(1) Sentence 1(a) GDPR. We erase this data when you unsubscribe from the newsletter.
You can withdraw your consent to the processing of your email address for receiving the newsletter at any time, either by sending us a message (see the contact details under ‘Responsible provider’) or by clicking directly on the unsubscribe link in the newsletter. This does not affect the lawfulness of processing that has occurred based on the consent up until the point of your withdrawal (Art. 13(2)(c) GDPR).
We would like to point out that we analyse your user behaviour in relation to the sending of our newsletter. For this analysis, the emails sent out contain so-called web beacons or tracking pixels, which display single-pixel image files that are embedded in our website. For analysis purposes, we link the data mentioned under ‘Access data’ and the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID.
We use the data collected in this way to create a user profile in order to tailor the newsletter to your individual interests. Here we record when you read our newsletters and which links you click on in them, and draw conclusions about your personal interests. We link this data to actions you perform on our website. The information is processed for as long as you have subscribed to the newsletter. Once you unsubscribe, we process the data for purely statistical purposes and anonymously.
Our intention here is to analyse the use of and to optimise the email advertising we send you. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR.
We would like to point out that you can object to receiving direct marketing and to the processing of data for direct marketing purposes at any time without incurring any costs other than the transmission costs according to the basic rates. Here you have a general right of objection without giving reasons (Art. 21(2) GDPR). After exercising your right of objection, we will erase your data in connection with direct marketing. To do this, click on the unsubscribe link in the respective email or send us your objection to the contact details provided under ‘Responsible provider’.
You can also prevent tracking by disabling the display of images in your email client by default. This will mean that the newsletter will not be displayed completely and you may not be able to use all functions. If you choose to display the images manually, the above tracking will take place.
MAILCHIMP EMAIL MARKETING SERVICE
We use the email marketing service MailChimp, provided by Rocket Science Group, LLC (675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, web: https://mailchimp.com/; hereinafter referred to as MailChimp).
If you have registered for the newsletter, the data provided during registration will be stored and processed on MailChimp’s servers in the USA. MailChimp has subjected itself to the EU-US Privacy Shield, . You can view Rocket Science Group’s certification at https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG. MailChimp processes this information for sending and analysing the newsletters on our behalf. The newsletters contain what are known as web beacons, which are pixel-sized files that are retrieved from the MailChimp server when the newsletter is opened. In the context of the retrieval, technical information, such as the browser used, time of the page retrieval and IP address, is collected. This information is processed to analyse and technically improve our services. Furthermore, it is analysed whether and when newsletters are opened and which links are clicked on by the reader. This information can theoretically be assigned to individual newsletter recipients. However, neither we nor MailChimp have any intention of monitoring individual recipients; the analysis of the information mentioned serves rather to recognise the reading habits of the recipients so as to better adapt, enhance and manage our newsletter content accordingly. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. We have no knowledge of how long MailChimp stores data and have no way of influencing this.
We would like to point out that you can object to receiving direct marketing and to the processing of data for direct marketing purposes at any time without incurring any costs other than the transmission costs according to the basic rates. Here you have a general right of objection without giving reasons (Art. 21(2) GDPR). After exercising your right of objection, we will erase your data in connection with direct marketing. To do this, click on the unsubscribe link in the respective email or send us your objection to the contact details provided under ‘Responsible provider’.
This will simultaneously end the processing of data for you being sent the newsletter and for statistical analysis. It is not possible to object to the distribution via MailChimp or the statistical evaluation separately.
Alternatively, you can object at https://www.aboutads.info/choices/ and https://www.youronlinechoices.com/ (for the European Union area). You can also prevent the use of cookies by opening your browser in ‘private mode’.
Furthermore, MailChimp has informed us that it may use the transferred data to optimise or improve its own services, e.g. to technically optimise the sending and presentation of newsletters. According to its own declarations, MailChimp neither processes the data in order to write to you with its own advertising nor transmits the data to third parties.
As the recipient of the newsletter, you may be redirected to the MailChimp website, for example if there are problems displaying the newsletter in your email client and you follow the link contained in the newsletter to retrieve the newsletter online. In this context, we would like to point out that further analysis services and cookies may be used on the MailChimp website, which may process your personal data on behalf of MailChimp. We have no influence on this processing.
EMARSYS EMAIL MARKETING SERVICE
To send out newsletters, we use the Emarsys email marketing service, provided by Emarsys eMarketing Systems AG, which is headquartered at Hans-Fischer-Straße 10, 80339 Munich (web: https://www.emarsys.com/de, hereinafter referred to as Emarsys). Emarsys is a service which allows the organisation and analysis of newsletter mailing. The data you enter to subscribe to the newsletter (e.g. email address) will be stored on Emarsys’s servers in the USA.
The newsletters we send out with Emarsys enable us to analyse the behaviour of newsletter recipients. Among other things, it is possible to analyse how many recipients have opened the newsletter message and how often each link was clicked on in the newsletter. With the help of what’s known as conversion tracking, it can also be analysed whether a pre-defined action (e.g. purchase of a product on our website) took place after the newsletter link was clicked on.
The analysis of the information mentioned serves to recognise the reading habits of the recipients so as to better adapt and distribute our newsletter content accordingly. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. We process this data until two years after termination of the contract. If registration for the newsletter takes place and it is unrelated to the conclusion of a contract, we process this data until two years after termination of the usage. We erase this data when the newsletter subscription ends. We have no knowledge of how long Emarsys stores data and have no way of influencing this. For further information about the protection of your data and your privacy, please refer to https://www.emarsys.com/en/privacy-policy/.
We would like to point out that you can object to receiving direct marketing and to the processing of data for direct marketing purposes at any time without incurring any costs other than the transmission costs according to the basic rates. Here you have a general right of objection without giving reasons (Art. 21(2) GDPR). After exercising your right of objection, we will erase your data in connection with direct marketing. To do this, click on the unsubscribe link in the respective email or send us your objection to the contact details provided under ‘Responsible provider’.
This will simultaneously end the processing of data for you being sent the newsletter and for statistical analysis. It is not possible to object to the distribution via Emarsys or the statistical evaluation separately.
PAYMENT SERVICE PROVIDERS (PSPS)
PAYPAL
On our website we give you the option of paying via PayPal. This payment service is provided by PayPal (Europe) S.à. r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as PayPal).
If you choose to pay via PayPal, the payment details you enter will be transferred to PayPal. The transfer of your data to PayPal is performed on the basis of Art. 6(1) Sentence 1(b) GDPR (processing for the performance of a contract). If you do not provide your data, it may not be possible to conclude or execute a contract. We have no knowledge of how long PayPal stores data and have no way of influencing this.
PAYMENT VIA STRIPE
The payment service provider Stripe (Stripe Payments Europe Ltd., Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland) is available to you as a payment method. Your data will be passed on to Stripe, and Stripe may perform identity and credit checks on the basis of the data provided by you (name, address, account number, bank sort code, credit card number, invoice amount, currency and transaction number). Further details can be found in the information displayed during our booking process. The legal basis for the processing for payment processing is Art. 6(1) Sentence 1(b) GDPR. The data processing is necessary in particular to conclude the contract. If you do not provide your data, it may not be possible to conclude or execute a contract.
We and Stripe have a legitimate interest in the transmission of your personal data in the context of an identity and credit check based on your data. We and Stripe require this data to obtain information from credit reference agencies for purposes of identity and credit checks (Art. 6(1) Sentence 1(f) GDPR). These can be the credit agencies mentioned at https://stripe.com/de/privacy.
As soon as storage is no longer necessary, we erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data.
For further information on the Stripe privacy policy, please refer to: www.stripe.com/de/privacy.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
Stripe shall, however, continue to be entitled to process and transmit the customer data if this is necessary for the contractual payment processing or is required by law or an official or court order. You can contact Stripe at info@stripe.com.
TRANSMISSION OF PERSONAL DATA FOR PURPOSES OF ENFORCING RIGHTS/ASCERTAINING AN ADDRESS/DEBT COLLECTION
In the event of non-payment, we reserve the right to pass on the data provided at the time of ordering to a lawyer and/or to external companies (e.g. Verband der Vereine Creditreform e. V., Hellersbergstraße 12, 41460 Neuss, Germany) if we have a legitimate interest pursuant to Art. 6(1) Sentence 1(f) GDPR in order to ascertain an address and/or enforce our rights.
In addition, we may pass on your information if this is necessary to protect our rights, as well as the rights of our affiliates, our cooperation partners, our employees and/or users of our website. Under no circumstances will we sell or rent your data to third parties. Such a transmission of your data would be based on Art. 6(1) Sentence 1(f) GDPR.
As soon as storage is no longer necessary, we erase the data generated in this context or, if statutory retention obligations apply, restrict processing of the data.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
HOSTING
We use external hosting services for the provision of the following services: infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. This involves processing all data necessary for the operation and use of our website.
We use external hosting services to run this website. By using external hosting services, we aim to make the provision of our website efficient and secure. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR.
The recording of data for the provision and use of the website and the processing of data using external web hosting services is an absolute necessity for the operation of the website. You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
INTEGRATION OF THIRD-PARTY CONTENT
The website integrates third-party content such as videos, maps, RSS feeds and graphics from other websites. This integration always requires that the providers of this content (“third-party providers”) perceive the IP addresses of users. This is because without the IP address they would not be able to send the content to the browser of the respective user. As such, the IP address is required to display this content.
We endeavour to only use content from third-party providers who process the IP address solely for delivering the content. We do however have no influence over whether the third-party providers process the IP addresses, e.g. for statistical purposes. If we are aware of such activity, we inform you of this in the following.
Some of the third-party providers may process data outside the European Union.
You can object by installing a JavaScript blocker such as the browser plug-in NoScript (www.noscript.net) or disabling JavaScript in your browser. You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
WORKABLE
We use the application tool from workable (Workable Software Limited, 21a Kingly Street, 2nd Floor, London) via https://bananabeauty.workable.com/. workable processes the data you enter when applying. workable processes this data within the European Union. We integrate this tool in order to enhance our website and offer you a better service. The legal basis for the data processing is Art. 6(1) Sentence 1(f) GDPR. For more information about privacy at workable, please refer to https://www.workable.com/privacy. We have no knowledge of how long workable processes data and have no way of influencing this.
When applying via the application tool, you can also use and integrate the data you have stored with LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View CA 94043). If you select this feature, LinkedIn will learn that you are accessing LinkedIn from https://bananabeauty.workable.com/. This will involve sending data about you to LinkedIn. In addition, the data you have stored with LinkedIn (profile data, such as names, photos, profile slogans, work experience, education, knowledge and recommendations as well as your email address, telephone numbers and other contact data linked to your LinkedIn account) will be transferred to workable. This data transfer from LinkedIn to workable occurs on the basis of the consent granted by you based on Art. 6(1) Sentence 1(a) GDPR. The transfer of your IP address to LinkedIn occurs on the basis of Art. 6(1) Sentence 1(f) GDPR. The purpose of this processing is also to improve our services as well as to make our website more attractive and applicant-friendly. LinkedIn also processes data outside the European Union. However, it has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active), thus offering a guarantee that it complies with European data protection standards. We have no knowledge of how long data is stored by LinkedIn and have no way of influencing this. For more information about privacy at LinkedIn, please refer to https://www.linkedin.com/legal/privacy-policy. For more information on data usage by applications, click here: https://www.linkedin.com/help/linkedin/answer/1207?lang=de
You can withdraw your consent to the processing of your LinkedIn data at any time by sending us a message (see the contact details specified under ‘Responsible provider’ above). This does not affect the lawfulness of processing that has occurred based on the consent up until the point of your withdrawal (Art. 13(2)(c) GDPR). You can cancel the synchronisation of the data in your LinkedIn settings at https://www.linkedin.com/psettings/permitted-services.
In addition, you have the right to object to the processing of your other data. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR).
GOOGLE RECAPTCHA
We use Google reCAPTCHA (hereinafter referred to as reCAPTCHA) on our website. This service is provided by Google.
reCAPTCHA is used to check whether data entered on the website (e.g. in a contact form) is provided by a person or by an automated program. To do this, reCAPTCHA analyses various aspects of the way in which the visitor to the website behaves. This analysis starts automatically as soon as the user accesses the website. For this analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google’s certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
reCAPTCHA analyses run completely in the background. You will not be notified that an analysis is taking place.
The processing occurs on the basis of Art. 6(1) Sentence 1(f) GDPR. We have a legitimate interest in protecting our website from abusive automated spying and unsolicited email advertising (spam). We have no knowledge of how long reCAPTCHA stores data and have no way of influencing this.
Further information about reCAPTCHA and Google’s privacy policy can be found via the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
GOOGLE AJAX SEARCH API
We use Google AJAX Search API as a central search service. The integrated search service enables a full-text search of content on this website.
For the user’s information, the text “Search with Google™ …” is displayed in the search box. If the user selects the text field of the search box and enters a search term, an additional link will appear beneath the search box, which refers to this data protection information.
No data is transferred to Google until you activate the search box, start a full-text search and in turn access the search results page. By using the search function within the search results page, your data will also be transferred to Google at the same time. This includes, for example, the search terms you entered and the IP address of the device you are using. If you visit our official website without activating Google AJAX Search API, in principle no data will be transferred to Google. We would like to point out that the processing of any personal data transferred in this manner is the responsibility of Google and that we have no influence on the type or scope of the data transferred or on its further processing. If you are simultaneously logged in to Google, the Google service is able to link the information directly to your user profile. You should log out to prevent the collection of profile information about you.
The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. The processing serves to make our website more attractive and to offer you additional services. We have no knowledge of how long Google stores data and have no way of influencing this.
For further information about how Google handles user data (privacy policy), please refer to: https://www.google.com/intl/en/policies/privacy
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
You can disable or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. You can also prevent the use of cookies by opening your browser in ‘private mode’. If cookies are disabled for our website, it may no longer be possible to use the full functionality of the website.
GOOGLE FONTS
We use web fonts provided by Google for the uniform display of fonts. When you retrieve a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. By doing so, Google becomes aware that our website has been accessed via your IP address. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google’s certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Our use of Google Fonts is in the interest of a uniform and visually appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6(1) Sentence 1(f) GDPR. We have no knowledge of how long Google stores data and have no way of influencing this.
For more information about Google Fonts, please refer to https://developers.google.com/fonts/faq and Google’s privacy policy: https://www.google.com/policies/privacy/
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
GOOGLE TAG MANAGER
We use Google Tag Manager on our website. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookieless domain and does not record any personal data. The tool triggers other tags, which in turn may record data. Google Tag Manager does not access this data. If deactivation has occurred at the domain or cookie level, it will remain effective for all tracking tags implemented with Google Tag Manager.
YOUTUBE VIDEOS
Our website uses plug-ins from the video platform YouTube.de/YouTube.com, a service whose provider – represented by Google – is YouTube LLC (headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA; YouTube). The plug-ins allow us to embed visual content (videos) on this website that we have published on YouTube.de/YouTube.com.
The videos are all embedded in ‘extended privacy mode’, which means that no data about you as a user will be transferred to YouTube if you do not play the videos. Only when you play the videos is the following data transferred. We have no influence on this data transfer.
By visiting the website, YouTube receives the information that you have retrieved the corresponding subpage of our website. In addition, the data mentioned under ‘Access data’ is submitted. This occurs regardless of whether YouTube provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish for this data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and processes it for purposes of advertising, market research and/or the demand-oriented design of its website. Such analysis takes place in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google’s certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. The processing serves to make our website more attractive and to offer you additional services. We have no knowledge of how long YouTube stores data and have no way of influencing this.
For more information about the purpose and scope of processing by YouTube, please refer to its privacy policy at https://www.google.de/intl/de/policies/privacy.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
You can disable or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. You can also prevent the use of cookies by opening your browser in ‘private mode’. If cookies are disabled for our website, it may no longer be possible to use the full functionality of the website.
VIMEO
We use plug-ins from Vimeo to integrate videos on our website. Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. The plug-in allows us to embed visual content (videos) on this website which we have published on www.vimeo.com.
If you visit one of our web pages with the Vimeo plug-in, this establishes a connection to the Vimeo servers. In this way, the Vimeo server is notified of which web page you have visited. If you are simultaneously logged in as a member of Vimeo, Vimeo will associate this information with your personal user account. When using the plug-in, e.g. playing a video by pressing the play button, this information is also assigned to your user account. Vimeo stores your data as usage profiles and processes it for purposes of advertising, market research and/or the demand-oriented design of its website. Such analysis takes place in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website.
The legal basis for the processing is Art. 6(1) Sentence1(f) GDPR. The processing serves to make our website more attractive and to offer you additional services. We have no knowledge of how long Vimeo stores data and have no way of influencing this.
We have concluded ‘standard contractual clauses’ with Vimeo in order to obligate Vimeo to maintain an appropriate level of data protection. A copy of the agreement is available on request.
For further details about this data processing and about data protection at Vimeo, please refer to https://vimeo.com/privacy.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
You can disable or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. You can also prevent the use of cookies by opening your browser in ‘private mode’. If cookies are disabled for our website, it may no longer be possible to use the full functionality of the website.
SERVICES FOR STATISTICAL, ANALYSIS AND MARKETING PURPOSES
We use services from third parties for statistical, analysis and marketing purposes. This enables us to offer you a user-friendly, optimised experience when visiting the website. The third-party providers use cookies to control their services (see ‘Cookies’ above). Unless otherwise explained below, this does not involve the processing of personal data.
Some of the third-party providers offer users the option of directly objecting to the use of the respective feature, e.g. by placing an opt-out cookie.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
If you activate such an opt-out cookie, the third-party provider will no longer process data about your usage behaviour in the future. It is also possible to merely object individually to a partial selection of external services. If you change the browser or device used or delete all cookies, you will be required to set the opt-out cookie again.
Furthermore, you can also object directly to the use of cookies via the opt-out platform of the organisation Bundesverband Digitale Wirtschaft e. V. (BVDW) at https://www.meine-cookies.org/cookies_verwalten/praeferenzmanager.html or via the deactivation page of the Network Advertising Initiative at https://www.networkadvertising.org/choices/.
More information about usage-based advertising and opt-out options can also be viewed via the following link: https://www.youronlinechoices.com/de/
You can also prevent the use of cookies by opening your browser in ‘private mode’.
In the following, we inform you about the services from external providers currently in use on our website, about the purpose and scope of the respective processing in each case, and about how you can object.
GOOGLE ANALYTICS
In order to tailor our website perfectly to your interests, we use Google Analytics, a web analytics service from Google. Google Analytics uses cookies (see ‘Cookies’ above), which are stored on your device to enable the analysis of how you use the website. The information generated in this way about your use of this website is transferred to and stored by Google on a server in the USA.
However, if IP anonymisation is activated on this website, then within European Union Member States or in other member states of the European Economic Area Google will shorten your IP address before transferring it. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On our behalf, Google will use this information for the purpose of evaluating your use of this website, compiling reports for us on website activity, and providing us with other services relating to website usage and internet usage.
Google will not associate the IP address transmitted by your browser for Google Analytics purposes with any other data held by Google.
This website uses Google Analytics with the “_anonymizeIp()” extension. As a result, IP addresses are further processed in abbreviated form, meaning that any association with individual persons can be ruled out. As far as the data collected about you relates to you personally, that relation is therefore excluded immediately and the personal data thus erased without delay.
We use Google Analytics to analyse and regularly improve the use of our website. The statistics help us to improve our website and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google’s certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
The legal basis of the processing by Google Analytics is Art. 6(1) Sentence 1(f) GDPR. The Analytics cookies are erased after 14 months at the latest.
For more information about the third-party provider Google, please refer to:
- https://www.google.com/analytics/terms/de.html,
- https://www.google.com/intl/de/analytics/learn/privacy.html,
- https://www.google.de/intl/de/policies/privacy.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
You can prevent the storage of cookies using the corresponding settings in your browser software; however, we would like to point out that if you do this you may not be able to use the full functionality of this website. Furthermore, you can prevent the recording of data generated by the cookie about your use of the website (including your IP address) and its processing by Google by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en. You can also prevent the use of cookies by opening your browser in ‘private mode’.
HOTJAR
We also use the Hotjar analysis service to make our website better and more user-friendly. This analysis service is provided by Hotjar Ltd. (Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, +1 (855) 464-6788, david@hotjar.com).
This tool records movements on the websites monitored in so-called heatmaps. All data is collected without us being able to assign it to specific users. All we can see is how a user’s mouse moves, where the user clicked and how far the user scrolled. This allows us to make our website better and more customer-friendly. The tool also records the screen size of the device, the device type, information about the browser, the country from which the site was accessed and the preferred language. If personal data is displayed on a website, it is automatically hidden by Hotjar. We therefore have no access to such personal data.
We use ‘cookies’ (see ‘Cookies’ above) to analyse your usage behaviour; these are stored on your device to enable the analysis of how you use the website. The information generated by the tracking code and cookie about your visit to our website is transmitted to the Hotjar servers and stored there. The tracking code is used to collect information about your device, such as the IP address, device type and browser information, geographic location (country only), and preferred language for displaying our website, pages visited, and the date and time when the website was accessed. Hotjar shortens your IP address before it is processed further. As far as the data collected about you relates to you personally, that relation is therefore excluded immediately and the personal data thus erased without delay.
Hotjar will use this information for the purpose of evaluating your use of our website, compiling reports on use for us, and providing us with other services relating to website usage and internet usage. Hotjar also uses third-party providers to provide its services, such as Google Analytics and Optimizely. These third-party providers may store information sent by your browser during your visit to the website, such as cookies and IP requests. For more details of how Google Analytics and Optimizely store and use data, please note their respective data protection information.
The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. The cookies used by Hotjar are stored for different amounts of time. Some are valid for up to 365 days, while others are only valid during the respective session. An overview of storage periods is available at: https://www.hotjar.com/legal/policies/cookie-information. Further information about Hotjar Ltd. and the Hotjar tool can be found at: https://www.hotjar.com/legal/policies/privacy
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
There are various ways in which you can object to the processing:
- by activating the ‘do not track’ function in your browser software, as suggested by Hotjar; instructions on how to activate the ‘do not track’ function are available at: https://www.hotjar.com/legal/compliance/opt-out;
- by setting your browser software accordingly; in particular, disabling third-party cookies means that you will not receive any ads from third-party providers;
- by disabling interest-based ads from providers who are part of the About Ads self-regulation initiative via the link https://www.aboutads.info/choices; please note that this setting will be erased if you erase your cookies;
- by opening your browser in ‘private mode’ in order to prevent the tracking of your usage behaviour.
USAGE-BASED ONLINE ADVERTISING
FACEBOOK CUSTOM AUDIENCES
The website also uses the Website Custom Audiences function, provided by Facebook (the provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, email: impressum-support@support.facebook.com, data protection information at: https://www.facebook.com/privacy/explanation; hereinafter referred to as Facebook). So-called web beacons, such as the Facebook Pixel, are used to record statistical information about you, which is then processed by Facebook. This allows users of the website to see interest-based advertisements (Facebook Ads) when visiting the social network Facebook or other websites that also use the process.
Your browser uses Facebook Pixels to automatically establish a direct connection to the Facebook server. We have no influence on the extent and further processing of the data collected by Facebook through the use of this tool and therefore inform you according to what we know: By integrating Facebook Pixels, Facebook receives the information that you have retrieved the corresponding page on our website, or that you have clicked on one of our ads. Facebook is informed that you have accessed certain parts of our website. To this end, Facebook uses tracking technologies such as web beacons (tracking pixels) in order to place a cookie on your device. Among other information, the data mentioned under ‘Access data’ is transmitted. If you are registered with a Facebook service, Facebook can associate the visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will obtain and store your IP address and other identifying information.
The legal basis for the processing of your data is Art. 6(1) Sentence 1(f) GDPR. We are pursuing the interest of showing you ads that are of interest to you in order to make our website more interesting for you. In this case, we do not store any personal data about you. We have no knowledge of how long Facebook stores data and have no way of influencing this.
For more information about processing by Facebook, please refer to: https://www.facebook.com/about/privacy
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
Logged-in users can disable the Facebook Custom Audiences feature at https://www.facebook.com/settings/?tab=ads#.
There are various ways in which you can prevent the Facebook Custom Audiences feature:
- by setting your browser software accordingly; in particular, disabling third-party cookies means that you will not receive any ads from third-party providers;
- by disabling interest-based ads from providers who are part of the About Ads self-regulation initiative via the link https://www.aboutads.info/choices; please note that this setting will be erased if you erase your cookies;
- by opening your browser in ‘private mode’ in order to prevent the use of cookies.
FACEBOOK ANALYTICS
We also use the Facebook Analytics tool, provided by Facebook (the provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, email: impressum-support@support.facebook.com, data protection information at: https://www.facebook.com/privacy/explanation; hereinafter referred to as Facebook). In order to use Facebook Analytics, we use what are known as Facebook Pixels to measure the reach of our ads. To this end, Facebook uses tracking technologies such as web beacons (tracking pixels) in order to place a cookie on your device. Among other information, the data mentioned under ‘Access data’ is transmitted.
The information obtained with the help of the “Facebook cookie” serves us solely for statistical purposes, is transmitted to us anonymously by Facebook and does not provide any information about the person of the user. Facebook will process it with your Facebook account in accordance with its own privacy policy. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will obtain and store your IP address and other identifying information.
The processing of your data occurs on the basis of Art. 6(1) Sentence 1(f) GDPR. By using Facebook Analytics, we are pursuing the interest of being able to better evaluate our website and our ads and to improve our range of services. In this case, we do not store any personal data about you. We have no knowledge of how long Facebook stores data and have no way of influencing this.
For further information about Facebook’s data protection provisions, please refer to the relevant privacy policy at https://de-de.facebook.com/about/privacy/.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
Logged-in users can disable the Facebook Analytics function at https://www.facebook.com/settings/?tab=ads#.
There are various ways in which you can prevent the Facebook Analytics feature:
- by setting your browser software accordingly; in particular, disabling third-party cookies means that you will not receive any ads from third-party providers;
- by disabling interest-based ads from providers who are part of the About Ads self-regulation initiative via the link https://www.aboutads.info/choices; please note that this setting will be erased if you erase your cookies;
- by opening your browser in ‘private mode’ in order to prevent the tracking of your usage behaviour.
GOOGLE ADWORDS CONVERSION
We use the services of Google AdWords from Google to draw attention to our attractive offers with the help of advertising media (so-called Google AdWords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are.
These ads are delivered by Google via so-called ad servers. For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you reach our website via a Google ad, Google AdWords stores a cookie on your device. These cookies usually expire after 30 days and are not intended to identify you personally. Analysis values usually stored for this cookie are the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) and opt-out information (marker showing that the user no longer wishes to be targeted).
These cookies allow Google to recognise your internet browser. If a user visits certain pages of an AdWords customer’s website and the cookie stored on their device has not yet expired, Google and the customer can recognise that the user has clicked on the ad and has been redirected to this site. Each AdWords customer is assigned a different cookie. We only receive statistical analyses from Google for the purpose of measuring the success of our ads.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and further processing of the data collected by Google through the use of this tool and therefore inform you according to what we know: By integrating AdWords Conversion, Google receives the information that you have retrieved the corresponding part of our website, or that you have clicked on one of our ads. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will obtain and store your IP address.
Google processes the data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google’s certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
The legal basis for the processing of your data is Art. 6(1) Sentence 1(f) GDPR. We are pursuing the interest of showing you ads that are of interest to you in order to make our website more interesting for you and to achieve a fair calculation of advertising costs. The maximum storage period with Google is eighteen months. For further information about privacy at Google, please refer to: https://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
There are various ways in which you can prevent the processing:
- by setting your browser software accordingly; in particular, disabling third-party cookies means that you will not receive any ads from third-party providers;
- by disabling cookies for conversion tracking, by setting your browser in such a way that it blocks cookies from the domain www.googleadservices.com, https://www.google.de/settings/ads; please note that this setting will be erased if you erase your cookies;
- by permanent deactivation in your browser Firefox, Internet Explorer or Google Chrome via the link https://www.google.com/settings/ads/plugin. We would like to point out that if you do so you may not be able to use the full functionality of this service;
- by opening your browser in ‘private mode’ in order to prevent the use of cookies;
- by disabling interest-based ads from providers who are part of the About Ads self-regulation initiative via the link https://www.aboutads.info/choices; please note that this setting will be erased if you erase your cookies.
GOOGLE REMARKETING
Besides AdWords Conversion, we also use Google’s remarketing feature. This is a process we use in an attempt to contact you again. After visiting our website, this feature allows you to be shown our ads when you continue to use the internet. This is done by means of cookies stored in your browser, which Google uses to record and evaluate your usage behaviour when visiting various websites. This is how Google can determine that you have previously visited our website. According to its own information, Google does not combine the data collected in the context of remarketing with any of your personal data which may be processed by Google. Specifically, according to Google, pseudonymisation is used during remarketing.
The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. We have no knowledge of how long Google stores data and have no way of influencing this.
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
There are various ways in which you can prevent your participation in this tracking procedure:
- by setting your browser software accordingly; in particular, disabling third-party cookies means that you will not receive any ads from third-party providers;
- by disabling cookies for conversion tracking, by setting your browser in such a way that it blocks cookies from the domain www.googleadservices.com, https://www.google.de/settings/ads; please note that this setting will be erased if you erase your cookies;
- by disabling interest-based ads from providers who are part of the About Ads self-regulation initiative via the link https://www.aboutads.info/choices; please note that this setting will be erased if you erase your cookies;
- by opening your browser in ‘private mode’ in order to prevent the use of cookies;
- by permanent deactivation in your browser Firefox, Internet Explorer or Google Chrome via the link https://www.google.com/settings/ads/plugin.
BING ADS
Our website uses the conversion and tracking tool Bing Ads, which is provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399; hereinafter referred to as Microsoft).
This involves Microsoft storing a cookie on users’ computers to enable an analysis of how our website is used. The prerequisite for this is that the user has reached our website via an ad from Bing Ads. In this way, both we and Microsoft can see that someone has clicked on an ad, has been redirected to our website and has reached a predetermined target page. We only see the total number of users who have clicked on a Bing ad and were then forwarded to the target page (conversions). No IP addresses are stored.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Microsoft server. We have no way of influencing the scope or the further processing of the data caused by the use of Bing Ads. Microsoft has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework), thus offering a guarantee that it complies with European data protection law. You can view Microsoft’s certification at https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK.
The legal basis for the processing of your data is Art. 6(1) Sentence 1(f) GDPR. We have no knowledge of how long Microsoft stores data and have no way of influencing this. For further information about privacy at Microsoft, please refer to: https://privacy.microsoft.com/en-gb/privacystatement
You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. We will not process your data further, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). You may send us your objection using the contact details specified under ‘Responsible provider’ above.
There are various ways in which you can object to the processing:
- by setting your browser software accordingly; in particular, disabling third-party cookies means that you will not receive any ads from third-party providers;
- by opening your browser in ‘private mode’ in order to prevent the use of cookies;
- by disabling interest-based ads from providers who are part of the About Ads self-regulation initiative via the link https://www.aboutads.info/choices; please note that this setting will be erased if you erase your cookies.