Privacy

Basic
We provide this information in order to transparently explain how we handle your personal data (which, according to supreme court rulings, also includes the IP address) when you visit our website. According to Article 4 (1) of General Data Protection Regulation (in the following: “GDPR”), personal data is any information relating to an identified or identifiable natural person.

Privacy policy and information
We take the protection of your data and your privacy very seriously and comply with our obligations under data protection law. We collect and process your personal data in accordance with European and national legal requirements. We explicitly explain how and in what form we process your data in this privacy policy.

When visiting our website, we are forced to collect various personal data - this serves on the one hand to ensure the functionality of our website and on the other hand to increase the attractiveness of our website through the use of various tools.

In addition, we would like to point out that data transmission over the Internet is not possible without accepting possible security gaps. Even we cannot guarantee complete protection of your data, but we make every effort to protect your data comprehensively.

Why do we need your data?
Your data is collected so that we can display our website without errors. Other data could be used to analyze your user behavior.

Furthermore, the data collection is carried out on a legal basis:

If you have consented to data processing, we process your personal data on the basis of Article 6 Paragraph 1 Subparagraph 1 (a) GDPR respectively Article 9, Paragraph 2 (a) GDPR, if sensitive data are processed according to Article 9 Paragraph 1 GDPR. The processing of data according to Article 9 GDPR is only permitted in certain cases.

If you have consented to the storage of cookies or to the access to information on your device, such as by device fingerprinting, the data processing is based on Section 25 Paragraph 1 German Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG).

The consents can be revoked at any time with effect for the future. You assert the revocation by means of informal communication by e-mail to us. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

If we collect your data to fulfill a contract or to carry out pre-contractual measures, your data will be processed on the basis of Article 6 Paragraph Subparagraph 1 (b) GDPR. If your data is required for the fulfillment of a legal obligation, we process your data on the basis of Article 6 Paragraph 1 Subparagraph 1 (c) GDPR.

Data processing may also be collected on the basis that we are exercising our legitimate interest in data processing. In this case, data processing is possible provided that your interests or the interests of third parties do not conflict with the data processing. According to this, data processing is carried out in accordance with Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.

We will specify the relevant legal basis in each individual case in the relevant section.

Who is responsible?
As the website operator, we are responsible for the data processing on our website under data protection law in accordance with Article 4 (7) GDPR. You can reach us at the following contact details:
Hotel Bayerischer Hof Kur- & Sporthotel GmbH
Marius Levinger
Hochgratstraße 2
87534
Oberstaufen
Tel: +49 8386 4950
Fax: +49 8386 495414
E-Mail: info@no-spam.bayer-hof.no-spam.de

How to reach our data protection officer
#KOMM#IT, Funke Solution GmbH & Co. KG, Salmas 52, 87534 Oberstaufen
Tel: +49 8325 927050, dsb@komm-it.info

How long do we store your data?
We adhere to the respective statutory retention period for the maximum duration of the storage of your personal data. Your data will only be stored by us until we no longer need it for our data processing. With regard to the storage of your data, we are bound by the purpose for which we collected your data. Unless a specific storage period is stated in this information, your personal data will remain with us until the purpose for data processing no longer applies.

If you assert a legitimate request for deletion or revoke your consent to data processing, we must delete your data in the event that there are no other legally permissible reasons for the continued storage of your data, such as retention periods under commercial and tax law. We can only comply with your request for deletion when these reasons no longer apply.

Where do we get your data?
We collect your data because you provide us with the data via a contact form or other means. There is additional data that is collected automatically or only after your consent when you visit our website. This is mainly technical data such as your operating system and the time of the page view

To whom do we provide your data?
We use tools from third-party companies based in and outside the EU and the EEA. Your personal data may be transferred to these third-party companies if you have activated these tools - unless they are necessary for the functionality of the website.

Furthermore, we also use tools from companies based in the USA or other third countries that are not secure under data protection law. Your personal data may also be transferred to these companies if you have activated the corresponding tools. In these countries, there is no level of data protection comparable to that in the EU

Such data transfer requires an adequacy decision issued by the EU Commission, which ensures a comparable level of protection of your personal data. In the event that there is no such adequacy decision, other appropriate safeguards pursuant to Article 44 GDPR et seq. must be taken.

How is the handling of money on this website?
We offer the direct conclusion of a contract with costs on our website. In order to be able to fulfil this contract and process the payment, you are required to provide us with your payment details. The payment details are the account number, IBAN, BIC, account holder, credit card number, validity period and other details required for the payment.

A payment transaction via the common means of payment such as Visa, MasterCard or direct debit is carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes to https://. Furthermore, you can recognise it by the lock symbol in your browser line. With encrypted communication, your payment data cannot usually be read by third parties.

What rights do you have? - Your data subject rights
You can assert your rights according to Article 12 GDPR et seq. can be asserted.

Revocation of consent to data processing
In part, we process your data with your express consent. You can revoke an already given consent at any time with effect for the future. You assert the revocation by means of informal communication by e-mail to us. You can also contact our data protection officer, he will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

Objection in special cases / against direct advertising, Article 21 GDPR
If the data processing is carried out on the basis of Article 6 Paragraph 1 Subparagraph 1 (f) GDPR, then you can object to the processing of your personal data for reasons that arise from your particular situation. This also applies to any profiling - the legal basis for such profiling can be found in this information. If you exercise your right to object, your personal data concerned will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims under Article 21 Paragraph 1 GDPR.

If we process your personal data for direct marketing, you have the right to object to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling insofar as it is related to direct advertising. If you object, your personal data will subsequently no longer be sent for the purpose of direct advertising in accordance with Article 21 Paragraph 2 GDPR.

Right to data portability
You have the right to have data that we process automatically handed over to you or to a third party in a common machine-readable format. If you request the transfer of the data to another controller, it will only be done if it is technically possible.

Right to information, deletion and correction
Within the scope of Article 15 Paragraph 1 GDPR, you can assert the right to free information about your stored personal data, their origin, recipients and the purpose of data processing. Furthermore, you could assert a right to correction or deletion of this data, if applicable. If you have any questions about your rights, you can contact us or our data protection officer at any time.

Right to restriction of processing
You may also request the restriction of the processing of your personal data. If you have any questions about this right, you can contact us or our data protection officer at any time. A right to restriction exists in the cases specified by law. If you dispute the accuracy of your data, we need time to verify this. For this period, you have the right to request restriction of your data. In the event that the processing of your data is unlawful, you can demand the restriction of processing instead of the deletion of the data. If we no longer need your personal data, but you wish to exercise, defend or assert legal claims, you have the right to request at least the restriction of data processing. If you have lodged an objection in accordance with Article 21 Paragraph 1 GDPR, we must weigh your interests against ours, during which time you have the right to request the restriction of the data.

If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or any Member State.

Right of complaint to a competent supervisory authority
As a data subject, you still have the right to file a complaint with a supervisory authority in the event of violations of the GDPR. This must be the competent supervisory authority under data protection law in your federal state. You always have the right to file a complaint, regardless of what other measures you take.

More information
We expressly object to the sending of unsolicited advertising and information material to our contact data. We expressly reserve the right to take legal action against unsolicited advertising, such as the sending of spam e-mails.

For security reasons and to protect the transmission of confidential content, we use an SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

Server log files
The site provider collects and stores information in server log files that your browser automatically transmits to us. This includes the following data: Browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request and furthermore also your IP address.

Your data will not be merged with data from other data sources. The legal basis for data processing is Article 6 Paragraph 1 Subparagraph 1 (f) GDPR, as we as site operator have a legitimate interest in the technically error-free presentation and optimisation of our website. Server log files must be collected for this purpose.

Hosting of our website
We host our website with an external provider.

All personal data collected on the website - such as your IP address, meta and communication data, contract data, contact data, names, accesses and other data generated via a website are stored on the hoster's servers.

The legal basis for the processing of your personal data is Article 6 Paragraph 1 Subparagraph 1 (f) GDPR. Our legitimate interest lies in the most reliable presentation of our website.

In the event that we have requested your consent, the processing of your data is based on Article 6 Paragraph 1 Subparagraph 1 (a) GDPR and Section 25 Paragraph 1 TDDDG, if the data use is subject to the consent to store cookies or access information in the user's terminal device, such as device fingerprinting, as defined by the TDDDG. Consent can be revoked at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

In order to demonstrate data protection-compliant processing and to outline our respective obligations, we have concluded an agreement on commissioned processing. This is a contract required under Article 28 Paragraph 3 GDPR, which ensures that our order processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPR. Our hosting provider is called:

Brandnamic GmbH
Brandnamic Campus, 39042 Brixen, Italien

Setting cookies
We use cookies on our website. These are small text files and data packets that are placed on the end devices but do not cause any damage there. The cookies are stored either temporarily for a session as session cookies or permanently as permanent cookies on your terminal device. Session cookies are automatically deleted at the end of the session, whereas permanent cookies are stored on the end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies could also be stored on your end devices; these are third-party cookies. They enable the use of services of this company, such as cookies for processing payment services.

Cookies fulfill different functions. In part, they are technically necessary for certain applications on the website to function at all, such as the shopping cart function. Other cookies are used to evaluate user behavior on our site or to display advertising. Cookies that are technically absolutely necessary and are therefore to be regarded as necessary cookies are stored on the basis of Section 25 Paragraph 2 TTDSG, unless another legal basis is explicitly stated. The storage of cookies is mandatory in order to be able to create the technical prerequisites for an error-free and optimized website. For cookies that are not technically mandatory, consent is requested in accordance with Section 25 Paragraph 1 TTDSG. In this case, the cookies will only be stored on the basis of this consent. The consent can be revoked at any time with effect for the future. You assert the revocation by means of informal communication by e-mail to us. You can also contact our data protection officer, he will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

You can set your browser to inform you about the setting of cookies and to allow them only in individual cases. Furthermore, you can also generally exclude the storage of cookies and activate automatic deletion of cookies when closing the browser. We would recommend this procedure. In the event that you generally deactivate cookies, the functionality of our website as well as the display may be limited. When using cookies from third-party companies and for analysis purposes, we will again inform you separately. In this case, we will additionally request your consent.

Cookie banner on our website:
Our cookie banner on our website (request for consent) comes from a third-party provider.

With the help of the cookie banner, we obtain your consent that certain cookies that are not required for the technical presentation of the website may be stored on your end device. We need this consent in order to be able to demonstrate a legal basis for the storage.

When you enter our website, personal data is transmitted to our cookie banner provider. This involves the following data: Your response to our consent request in the context of the cookie banner, your IP address, information about your browser and your terminal device as well as the time of your visit to our website.

When you enter our website, a connection is established to the provider's servers so that your consent or other declarations regarding the setting of cookies can be obtained. After the declaration has been made, our provider stores a cookie in your internet browser so that it can assign whether you have consented to the cookies being set or whether you have rejected them. Furthermore, it is used to allocate any revocation that may have taken place at a later date. This data is stored until you request us to delete the data, delete the cookie yourself or the purpose for data processing no longer applies. If the deletion conflicts with legal retention periods, these remain unaffected.

The legal basis for obtaining consent is Section 25 Paragraph 1 TDDDG. You can revoke your consent at any time with effect for the future. If you wish to change your settings, please contact us or follow the instructions on our website. You can assert a possible revocation by means of an informal message sent to us by e-mail. You can also contact our data protection officer, who will inform us of your request. However, the lawfulness of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

In order to demonstrate data protection-compliant processing and to outline our respective obligations, we have concluded an agreement on commissioned processing. This is a contract required under Article 28 Paragraph 3 of GDPR, which ensures that our order processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPR. The provider of the cookie banner is called:

Usercentrics
Sendlinger Straße 7, 80331 München

Special offers on our website
We offer services on our website that are specifically tailored to our industry. These are the following services:

Online bookings, booking requests and reservations
We use an external booking platform to offer you online bookings, booking requests and reservations.

If you would like to make an online booking, a booking request or reservation on our website, we need your data. In order to be able to process your request, we need your e-mail address, your travel dates, the product booked, your first and last name and, if you wish, your title. In certain cases, we also request your telephone number so that we can contact you in the event of unforeseen events that require notification at short notice, insofar as these could have an impact on your booking.

In order for us to be able to calculate your travel price, we need your dates of stay, the selected product, the number of travellers and the indication whether the travellers are children or adults. If you are travelling with children, the specific age will also be requested to calculate the price. In order for the booking to be made, we need the desired means of payment for the trip. If you would like to make an advance payment, we will forward you to your desired payment service provider to process the payment. Further information in the booking form is provided on a voluntary basis and is of no significance to us for the online booking, the booking request or reservation.

The legal basis for data processing in the context of an online booking or booking request is Article 6 Paragraph 1 Subparagraph 1 (b) GDPR for the fulfilment of a contract or the implementation of pre-contractual measures.The data collected during the inquiry is stored in a system. If you provide special personal data that is relevant to the fulfillment of our services, e.g. allergy-related intolerances, this data will also be stored. The data transmitted to us will remain with us until the purpose for storing the data no longer applies, for example after your request has been processed. However, mandatory statutory retention periods prevent your data from being deleted.

In order to demonstrate data protection-compliant processing and to outline our respective obligations, we have concluded an agreement on commissioned processing. This is a contract required under Article 28 Paragraph 3 of GDPR, which ensures that our order processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPR. This booking platform is provided by:

Brandnamic GmbH
Brandnamic Campus, 39042 Brixen, Italien

Contact options on our website
We offer various ways to contact us on our website.

Subscribe to our newsletter
You can register voluntarily for our newsletter. We process the data you provided in the registration form as well as your email address in order to process your registration and in case we have follow-up questions for you. However, we do not pass on your data to third parties without your consent.

The legal basis for the processing of your data is your consent according to Article 6 Paragraph 1 Subparagraph 1 (a) GDPR and Section 25 Paragraph 1 TDDDG. You can revoke your consent at any time with effect for the future. For this purpose, an informal communication by e-mail to us is sufficient. However, this does not affect the lawfulness of our data processing until revocation has taken place.

The data you provide will remain with us until you request us to delete it or revoke your consent to store it. Mandatory legal provisions such as statutory retention periods remain unaffected.

Inquiries by e-mail, telephone and fax
You can contact us at any time by e-mail, telephone and fax. In doing so, we process the data that you have provided to us in order to be able to process your inquiry. However, we will not pass on your data to third parties without your consent.

The legal basis for the processing of your data is Article 6 Paragraph 1 Subparagraph 1 (b) GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures or based on your consent according to Article 6 Paragraph 1 Subparagraph 1 (a) GDPR, if this was requested by us. You can revoke your consent at any time with effect for the future. For this purpose, an informal communication by e-mail to us is sufficient. However, the legality of our data processing until the revocation is not affected.

The data you provide will remain with us until you request us to delete it or revoke your consent to store it. Mandatory legal provisions such as statutory retention periods remain unaffected.

In other cases, the processing is based on our legitimate interest in the effective processing of your request in accordance with Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.

Mailing of postal advertising
We use your address to send you postal advertising.

The legal basis for the processing of your data is our legitimate interest in direct marketing according to Article 6 Paragraph 1 Subparagraph 1 (f) in conjunction with EW 47 of GDPR.

In the event that we have requested consent, the data processing will only be carried out on the basis of Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. All you need to do is send us an informal e-mail. However, the lawfulness of our data processing up to the point of revocation is not affected by this.

The data you provide will remain with us until you request us to delete it or revoke your consent to store it. Mandatory legal provisions such as statutory retention periods remain unaffected.

We use a service provider to send our postal advertising:

Data processing by social networks
We use a publicly accessible profile on various social networks.

The social networks may already analyse your behaviour when you visit our website, as we have integrated plug-ins of the social networks or other links. Personal data is also collected if you are not logged in as a user or do not have an account with the respective provider. Your data is collected via cookies that are stored in your terminal device or by recording your IP address.

The social networks create user profiles. In these profiles, they store your interests and preferences so that you are shown interest-based advertising. If you maintain a profile with the respective provider, the advertising will be displayed on all devices on which you are or were logged in.

The data you provide will remain with us until you request us to delete it or revoke your consent to store it. Mandatory legal provisions such as statutory retention periods remain unaffected. Stored cookies, unless they are session cookies, remain on your device until you delete them.

In order to prove data protection-compliant processing and to outline our respective obligations, we have concluded an agreement on commissioned processing with the respective provider. This is a contract prescribed by data protection law in accordance with Art. 28 Paragraph 3 GDPR, which ensures that our commissioned processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DS-GVO.

Meta Plug-In and Meta Profile
We maintain a profile on Meta (formerly Facebook). The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: "Meta"). In addition, we have integrated a plug-in from Meta on our website. You can recognise these by the Meta profile button or the "Like" button. You can find an overview of the Facebook/Meta plug-ins at: developers.facebook.com/docs/plugins/.

The mere integration of the plug-in does not lead to any direct data transmission to Meta. Personal data is only processed when information is called up that goes beyond the start page of a Meta profile; this processing is no longer attributable to us as the operator, as you have voluntarily placed yourself under Meta's data sovereignty with your consent through the "two-click solution".

The legal basis for our data processing is our legitimate interest in achieving the greatest possible visibility in social media in accordance with Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.

If a corresponding consent has been requested, Meta's data processing is based on your consent in accordance with Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

The use of a Meta profile does not result in joint responsibility for any data processing of personal data according to Art. 26 GDPR. By using the "two-click solution" provided by us, you voluntarily decide to place yourself under the data sovereignty of Meta. Contrary to the ECJ ruling of 05.06.2018, C-210/16, there is therefore no responsibility based on a joint decision on the purposes and means of data processing, as Meta only processes personal data at the time when you have already voluntarily placed yourself under Meta's data sovereignty. The processing of personal data that takes place after the transfer to Meta is not attributable to us. Furthermore, in the event of joint responsibility, the required agreement pursuant to Art. 26 Paragraph 3 of GDPR can be found in the addendum provided by Meta: www.facebook.com/legal/controller_addendum. According to this agreement, we are obliged to provide the data protection information in accordance with Article 13 GDPR et seq. and to integrate the Meta-Tool on our website in a data protection compliant manner. You can assert your data protection rights directly with Meta. In the event that you assert your data protection rights with us in relation to the use of Meta, we are obliged to forward your request to Meta.

The data processed by Meta is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision of the EU Commission. Meta is a certified partner for the EU-US Privacy Framework. Details can be found at: facebook.com/legal/EU_data_transfer_addendum, de-de.facebook.com/help/566994660333381 and facebook.com/policy.php. Further information can be found in the Terms of Use and the Privacy Policy. These can be found at: de-de.facebook.com/about/privacy/ and de-de.facebook.com/legal/terms/.

Instagram plug-in and Instagram profile
We maintain a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: "Meta"). In addition, we have integrated a plug-in from Instagram on our website. You can recognise this by the Instagram profile button.

The mere integration of the plug-in does not lead to any direct data transmission to Meta. Personal data is only processed when information is called up that goes beyond the start page of an Instagram profile; this processing is no longer attributable to us as the operator, as you have voluntarily placed yourself under Meta's data sovereignty with your consent through the "two-click solution".

The legal basis for our data processing is our legitimate interest in achieving the greatest possible visibility in social media in accordance with Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.

If a corresponding consent has been requested, Meta's data processing is based on your consent in accordance with Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

The use of an Instagram profile does not result in joint responsibility for any data processing of personal data according to Article 26 GDPR. By using the "two-click solution" provided by us, you voluntarily decide to place yourself under the data sovereignty of Meta. Contrary to the ECJ ruling of 05.06.2018, C-210/16, there is therefore no responsibility based on a joint decision on the purposes and means of data processing, as Meta only processes personal data at the time when you have already voluntarily placed yourself under Meta's data sovereignty. The processing of personal data that takes place after the transfer to Meta is not attributable to us. Furthermore, in the event of joint responsibility, the required agreement pursuant to Art. 26 Paragraph 3 of GDPR can be found in the addendum provided by Meta: www.facebook.com/legal/controller_addendum. According to this agreement, we are obliged to provide the data protection information in accordance with Article 13 GDPR et seq. and to integrate the Meta-Tool on our website in a data protection compliant manner. You can assert your data protection rights directly with Meta. In the event that you assert your data protection rights with us in relation to the use of Instagram, we are obliged to forward your request to Meta.

The data processed by Meta is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision of the EU Commission. Meta is a certified partner for the EU-US Privacy Framework. Details can be found at: facebook.com/legal/EU_data_transfer_addendum, de-de.facebook.com/help/566994660333381 and facebook.com/policy.php. Further information can be found in the Terms of Use and the Privacy Policy. These can be found at: de-de.facebook.com/about/privacy/ and de-de.facebook.com/legal/terms/.

Pinterest Plug-In
We have integrated the Pinterest plug-in on our website. The provider is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (hereinafter: "Pinterest").

The integration of the plug-in alone does not lead to any direct data transmission to Pinterest. Personal data is only processed when information is called up that goes beyond the start page of a Pinterest profile; this processing is no longer attributable to us as the operator, as you have voluntarily placed yourself under the data sovereignty of Pinterest with your consent through the "two-click solution".

The legal basis for our data processing is our legitimate interest in achieving the greatest possible visibility in social media in accordance with Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.

If a corresponding consent was requested, the data processing by Pinterest is based on your consent pursuant to Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

The data processed by Pinterest is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision of the EU Commission. Pinterest is a certified partner for the EU-US Privacy Framework. Details can be found in Pinterest's privacy policy: policy.pinterest.com/de/privacy-policy.

Integration of analysis tools and plug-ins
We use various analytics and advertising tools

To provide evidence of data protection-compliant processing and to outline our respective obligations, we have concluded an agreement on commissioned processing with the respective provider. This is a contract required by Article 28 Paragraph 3 GDPR under data protection law, which ensures that our order processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPR

Integration of Google Analytics
We use the web analytics services of Google Analytics to perform user analysis. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google").

Google collects personal data for the analysis of user behaviour, which is stored on our server, whereby the storage of the IP address is only anonymised. Google helps us to collect data on when our site was accessed and from which region, as well as whether and which purchases were made via the website. In order to carry out this analysis, Google stores log files such as the IP address, referrers, browsers used and operating systems. In addition, Google may also record your mouse and scrolling movements as well as your clicks.

The legal basis for data processing is our legitimate interest in anonymised analysis to improve our services in accordance with Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.

If a corresponding consent was requested, the data processing by Google is based on your consent in accordance with Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

The data processed by Google is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision of the EU Commission. Google is a certified partner for the EU-US Privacy Framework. Details can be found at: privacy.google.com/businesses/controllerterms/mccs/

Google stores the data for two months, after which it is anonymised. You can view details on this at the following link: support.google.com/analytics/answer/7667196

Use of Google Signals: When using Google Signals, Google Analytics also collects your location, search history and YouTube history, if applicable, as well as demographic data such as visitor data. Google Signals uses this data to send you personalised advertising. If you have a Google account and are logged in to it, Google Signals will also pull your data from your Google account. Furthermore, Google also uses the data to create anonymised user profiles and to display user behaviour in statistics.

"E-commerce measurement": With the help of this measurement, we analyse the purchasing behaviour of our website visitors in order to improve our offer on our website. Google stores information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product. Google then summarises this information and assigns it to the respective user.

Adobe Fonts integration
We use Adobe Fonts for the uniform display of fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (hereinafter: "Adobe").

We use Adobe Fonts for the uniform display of fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (hereinafter: "Adobe"). Für die einheitliche Darstellung von Schriftarten verwenden wir Adobe Fonts. Anbieter ist Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (im Folgenden: "Adobe").

The legal basis for data processing is our legitimate interest in an appealing and uniform presentation of our online offer pursuant to Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.

If a corresponding consent was requested, the data processing is based on your consent according to Art. 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You assert the revocation by means of informal communication by e-mail to us. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

The data processed by Adobe is also transferred to the US and other third countries. The data transfer to the US is again based on an adequacy decision by the EU Commission. Adobe is a certified partner for the EU-US Privacy Framework. Details can be found at:https://adobe.com/de/privacy/eudatatransfer.html. For more information, see: fonts.adobe.com and Adobe's privacy policy: www.adobe.com/de/privacy/policy.html.

Payment transactions on our website
We have integrated an online store on our website and therefore use online payments.

General information
In this context, we only process your personal data if it is necessary in connection with the execution of the contract or in the context of pre-contractual measures according to Article 6 Paragraph 1 Subparagraph 1 (b) GDPR. We process your usage data if it is necessary to offer you our online service in connection with an online payment.

Your data will be deleted after termination of the business relationship or after completion of the order, provided that no legal retention periods prevent deletion.

When ordering goods or providing services, your personal data will be passed on to our transport company, any other partners as well as to the payment service provider integrated by us. The data transfer is limited to the data that is absolutely necessary for the fulfillment of the respective task.

The legal basis for the data processing is Article 6 Paragraph 1 Subparagraph 1 (b) GDPR. If you have given your consent according to Article 6 Paragraph 1 Subparagraph 1 (a) GDPR, your e-mail address will be transferred to our transport company so that you can track the shipping status of your order. You can revoke your consent at any time with effect for the future. You assert the revocation by means of informal communication by e-mail to us. You can also contact our data protection officer, he will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

Payment service provider
We use various payment service providers for the processing of our contracts. The payment service provider receives parts of your personal data from us that are necessary for its task fulfillment, namely name, payment amount, account details and credit card information. The legal basis for the data processing is Article 6 Paragraph 1 Subparagraph 1 (b) GDPR.

Furthermore, the legal basis is our legitimate interest in a smooth, convenient and secure payment processing according to Article 6 Paragraph 1 Subparagraph 1 (f) GDPR.

If a corresponding consent was requested, the data processing is based on your consent according to Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You assert the revocation by means of informal communication by e-mail to us. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

If the respective provider also transfers the processed data to the USA and other third countries, this data transfer to the USA is based on an adequacy decision of the EU Commission. The decisive factor is whether the respective partner is certified for the EU-US Privacy Framework. Details can be found in the information on the respective provider.

To provide evidence of data protection-compliant processing and to outline our respective obligations, we have concluded an agreement on commissioned processing with the respective provider. This is a contract required by Art. 28 Paragraph 3 GDPR under data protection law, which ensures that our order processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPR.

American Express
We offer a straightforward payment option via American Express. The provider is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main.

Data transfer: www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/. Details on the privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklaerung.html.

Mastercard
We offer a straightforward payment via your Mastercard credit card. Provider is Mastercard Europe SA, Chausée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter: "Mastercard"). Data transfer:https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf - Privacy policy details: www.mastercard.de/de-de/datenschutz.html.

VISA
We offer a straightforward payment via your VISA credit card. Provider is Visa Europe Service Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter: "VISA"). Data transfer: www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zuzustandigkeitsfragen-fur-den-ewr.html - Privacy policy details: www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Our own services - dealing with applicants
You have the opportunity to send us an unsolicited application or apply for an advertised position at any time. We accept applications by e-mail, by post and via our online application form. In the following, we would like to inform you about the data processing within the application process.

We process your personal data such as contact and communication data, application documents and notes in the context of job interviews, insofar as they are necessary for the establishment of an employment relationship.

In the event that we introduce you to an employment relationship, your data will be further processed for the performance of your employment.

If we are unable to offer you a position, you decline our offer or withdraw your application, we reserve the right to retain your documents for up to six months after the end of the application process. After this period, your data will be deleted and destroyed. Mandatory legal retention periods remain unaffected. If you have given us your consent to store your data for a longer period, it may be stored for a longer period.

The legal basis for our data processing is Article 6 Paragraph 1 Subparagraph 1 (b) GDPR in conjunction with. Section 26 of German Bundesdatenschutzgesetz (BDSG). If you have given your consent in accordance with Article 6 Paragraph 1 Subparagraph 1 (a) GDPR, the data processing is based on your consent. You can revoke your consent at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

You have the option of being included in our applicant pool. This includes all documents and information from your application so that we can contact you if there are suitable vacancies. The legal basis for this data processing is your express consent in accordance with Article 6 Paragraph 1 Subparagraph 1 (a) GDPR. You can revoke your consent at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.