Privacy Policy

Last updated: 13 July 2025

Table of contents

• Controller

• Overview of processing activities

• Relevant legal bases

• Security measures

• Disclosure of personal data

• International data transfers

• General information on data retention and deletion

• Rights of data subjects

• Business services

• Business processes and procedures

• Use of online platforms for offering and sales purposes

• Provision of the online offer and web hosting

• Use of cookies

• Contact and inquiry management

• Presences on social networks (social media)

Controller

Exklusiv Chemie GmbH
Am Pönitzer Dreieck 1
04425 Taucha

Authorized representative(s): Frank Teltscher

Email address: shop@exklusiv-chemie.de

Phone: +49 (0)34298 582988

Overview of processing activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.

Types of data processed

• Inventory data.

• Payment data.

• Contact data.

• Content data.

• Contract data.

• Usage data.

• Meta, communication and procedural data.

• Log data.

Categories of data subjects

• Recipients of services and clients.

• Interested parties.

• Communication partners.

• Users.

• Business and contractual partners.

• Customers.

Purposes of processing

• Provision of contractual services and fulfillment of contractual obligations.

• Communication.

• Security measures.

• Office and organizational procedures.

• Organizational and administrative procedures.

• Feedback.

• Marketing.

• Provision of our online services and user-friendliness.

• IT infrastructure.

• Public relations.

• Business processes and commercial procedures.

Relevant legal bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection requirements may apply in your and/or our country of residence or establishment. If, in individual cases, more specific legal bases are relevant, we will inform you of these in this privacy policy.

• Consent (Art. 6(1) sentence 1 lit. a GDPR) – The data subject has given consent to the processing of personal data relating to him or her for one or more specific purposes.

• Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

• Legal obligation (Art. 6(1) sentence 1 lit. c GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

• Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that the interests, fundamental rights and freedoms of the data subject requiring protection of personal data do not override those interests.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes in particular the Act on Protection against Misuse of Personal Data in Data Processing (Bundesdatenschutzgesetz – BDSG). The BDSG contains, in particular, special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transfers as well as automated individual decision-making including profiling. In addition, state data protection laws of the individual German federal states may apply.

Note on applicability of the GDPR and the Swiss FADP: These privacy notices serve to provide information both under the Swiss Federal Act on Data Protection (FADP) and under the General Data Protection Regulation (GDPR). For this reason, please note that due to the broader territorial scope and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms used in the Swiss FADP (“processing” of “personal data”, “overriding interest” and “particularly sensitive personal data”), the terms used in the GDPR (“processing” of “personal data”, “legitimate interest” and “special categories of data”) are used. However, the legal meaning of the terms continues to be determined under Swiss law within the scope of the Swiss FADP.

Security measures

In accordance with the statutory requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances and purposes of processing as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to the data itself, input, disclosure, ensuring availability and separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data and responses to threats to data. In addition, we take the protection of personal data into account already in the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default.

Truncation of IP addresses: If IP addresses are processed by us or by the service providers and technologies used, and the processing of a complete IP address is not necessary, the IP address is truncated (also referred to as “IP masking”). In this process, the last two digits, or the last part of the IP address after a dot, are removed or replaced by placeholders. Truncating the IP address is intended to prevent or substantially impede the identification of a person based on their IP address.

Securing online connections via TLS/SSL encryption technology (HTTPS): To protect users’ data transmitted via our online services from unauthorized access, we rely on TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and more secure version of SSL, ensures that all data transmissions comply with the highest security standards. If a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator for users that their data is transmitted securely and in encrypted form.

Disclosure of personal data

In the course of our processing of personal data, it may happen that the data is transferred to other bodies, companies, legally independent organizational units or persons, or disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content integrated into a website. In such cases, we observe the statutory requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International data transfers

Processing in third countries: If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this takes place in the context of using third-party services or the disclosure or transfer of data to other persons, bodies or companies (which can be recognized by the postal address of the respective provider or if the privacy policy explicitly refers to the transfer of data to third countries), this is always done in accordance with statutory requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the European Commission dated 10 July 2023. In addition, we have concluded Standard Contractual Clauses with the respective providers that comply with the requirements of the European Commission and set out contractual obligations to protect your data.

This dual safeguard ensures comprehensive protection of your data: the DPF forms the primary layer of protection, while the Standard Contractual Clauses serve as an additional safeguard. Should changes occur within the DPF framework, the Standard Contractual Clauses will act as a reliable fallback option. In this way, we ensure that your data remains adequately protected at all times, even in the event of political or legal changes.

We will inform you for each individual service provider whether they are certified under the DPF and whether Standard Contractual Clauses are in place. Further information on the DPF and a list of certified companies can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, corresponding safeguards apply, in particular Standard Contractual Clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the information provided by the European Commission at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

General information on data retention and deletion

We delete personal data that we process in accordance with statutory provisions as soon as the underlying consents are revoked or no other legal bases for processing exist. This includes cases in which the original purpose for processing no longer applies or the data is no longer required. Exceptions to this rule apply if statutory obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax-law reasons, or whose storage is necessary for legal prosecution or for protecting the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that apply specifically to certain processing activities.

If several retention periods or deletion deadlines are specified for a date, the longest period always applies. Data that is retained not for the originally intended purpose but due to statutory requirements or other reasons is processed by us exclusively for the reasons that justify its retention.

Retention and deletion of data: The following general periods apply for retention and archiving under German law:

• 10 years – retention period for books and records, annual financial statements, inventories, management reports, opening balance sheet as well as the work instructions and other organizational documents required for their understanding (§ 147(1) no. 1 in conjunction with (3) AO, § 14b(1) UStG, § 257(1) no. 1 in conjunction with (4) HGB).

• 8 years – accounting vouchers, such as invoices and expense receipts (§ 147(1) no. 4 and 4a in conjunction with (3) sentence 1 AO and § 257(1) no. 4 in conjunction with (4) HGB).

• 6 years – other business documents: received commercial or business letters, copies of sent commercial or business letters, other documents insofar as they are relevant for taxation, e.g., time sheets, operating accounting sheets, calculation documents, price labels, and payroll documents insofar as they are not already accounting vouchers, as well as cash register receipts (§ 147(1) nos. 2, 3, 5 in conjunction with (3) AO, § 257(1) nos. 2 and 3 in conjunction with (4) HGB).

• 3 years – data required to consider potential warranty and damages claims or similar contractual claims and rights, and to handle related inquiries, based on previous business experience and common industry practices, is stored for the regular statutory limitation period of three years (§§ 195, 199 BGB).

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1) lit. e or f GDPR; this also applies to profiling based on those provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.

• Right to withdraw consent: You have the right to withdraw consent at any time.

• Right of access: You have the right to obtain confirmation as to whether personal data concerning you is being processed and, where that is the case, access to the data and further information as well as a copy of the data in accordance with statutory requirements.

• Right to rectification: In accordance with statutory requirements, you have the right to obtain the completion of personal data concerning you or the rectification of inaccurate personal data concerning you.

• Right to erasure and restriction of processing: In accordance with statutory requirements, you have the right to obtain the erasure of personal data concerning you without undue delay, or alternatively, to obtain restriction of processing in accordance with statutory requirements.

• Right to data portability: You have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, or to have it transmitted to another controller, in accordance with statutory requirements.

• Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Business services

We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as “contractual partners”), within the scope of contractual and comparable legal relationships and related measures, and with regard to communication with contractual partners (or pre-contractually), e.g., to answer inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed services, any updating obligations, and remedies for warranty and other service disruptions. In addition, we use the data to safeguard our rights and for the purposes of administrative tasks associated with these obligations as well as corporate organization. Furthermore, we process the data on the basis of our legitimate interests in proper and commercially sound business management as well as in security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g., involving telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or financial authorities). Within the framework of applicable law, we only pass on contractual partner data to third parties insofar as this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, such as for marketing purposes, within the scope of this privacy policy.

We inform contractual partners before or during data collection, e.g., in online forms, by special marking (e.g., colors) or symbols (e.g., asterisks) or in person, which data is required for the aforementioned purposes.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., for as long as it must be retained for statutory archiving purposes (e.g., for tax purposes generally ten years). Data disclosed to us by the contractual partner in the context of an order will be deleted in accordance with the specifications, generally after the end of the order.

• Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or phone numbers); contract data (e.g., subject matter of the contract, term, customer category); usage data (e.g., page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).

• Data subjects: Recipients of services and clients; interested parties; business and contractual partners.

• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures; business processes and commercial procedures.

• Retention and deletion: Deletion in accordance with the information in the section “General information on data retention and deletion”.

• Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); legal obligation (Art. 6(1) sentence 1 lit. c GDPR); legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further notes on processing activities, procedures and services:

• Online shop, order forms, e-commerce and fulfillment: We process our customers’ data to enable them to select, purchase and/or order the chosen products, goods and related services, as well as their payment and provision, delivery or performance. If required for the execution of an order, we engage service providers, in particular postal, forwarding and shipping companies, to carry out delivery and/or performance for our customers. For payment processing, we use the services of banks and payment service providers. The required details are marked accordingly during the ordering process or a comparable purchasing process and include the information necessary for delivery and billing as well as contact information to allow for follow-up questions; Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).

Business processes and procedures

Personal data of recipients of services and clients, including customers, clients, or in specific cases mandatees, patients or business partners, as well as other third parties, is processed within the scope of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates commercial operations in areas such as customer management, sales, payment transactions, accounting and project management.

The collected data serves to fulfill contractual obligations and to organize business processes efficiently. This includes the handling of business transactions, the management of customer relationships, the optimization of sales strategies and ensuring internal accounting and financial processes. In addition, the data supports the safeguarding of the controller’s rights and promotes administrative tasks and the organization of the company.

Personal data may be disclosed to third parties if this is necessary to fulfill the purposes mentioned or to comply with legal obligations – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext

• Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext); payment data (e.g., bank details, invoices, payment history – This text section must be unlocked with a premium license. – premiumtext premiumtext); contact data (e.g., postal and email addresses or – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext); content data (e.g., text or image messages and posts as well as information related to them, such as authorship details – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext); contract data (e.g., subject matter of the contract, term, customer category – This text section must be unlocked with a premium license. – premiumtext premiumtext); usage data (e.g., page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext premiumtext premiumtext); meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext).

• Data subjects: Recipients of services and clients; interested parties; communication partners; business and contractual partners; customers.

• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; business processes and commercial procedures; security measures; provision of our online services and user-friendliness.

• Retention and deletion: Deletion in accordance with the information in the section “General information on data retention and deletion”.

• Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further notes on processing activities, procedures and services:

• Customer account: Customers can create an account within our online services (e.g., customer or user account, “customer account”). If registration of a customer account is required, customers will be informed accordingly as well as about the details required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration as well as subsequent logins and use of the customer account, we store customers’ IP addresses and access times in order to prove registration and to prevent misuse of the customer account. If the customer account is terminated, the customer account data will be deleted after the termination date unless it is retained for other purposes than provision within the customer account or must be retained for legal reasons (e.g., internal storage of customer data, ordering processes or invoices). It is the customer’s responsibility to back up their data when terminating the customer account; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Use of online platforms for offering and sales purposes

We offer our services on online platforms operated by other service providers. In this context, the privacy notices of the respective platforms apply in addition to our privacy notices. This applies in particular with regard to payment processing and the methods used on the platforms for reach measurement and interest-based marketing.

• Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or phone numbers); contract data (e.g., subject matter of the contract, term, customer category); usage data (e.g., page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).

• Data subjects: Recipients of services and clients; business and contractual partners.

• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; marketing; business processes and commercial procedures.

• Retention and deletion: Deletion in accordance with the information in the section “General information on data retention and deletion”.

• Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further notes on processing activities, procedures and services:

• eBay: Online marketplace for e-commerce; Service provider: eBay Marketplaces GmbH, Helvetiastrasse 15/17, 3005 Bern, Switzerland; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.ebay.de/; Privacy policy: https://www.ebay.de/help/policies/member-behavior-policies/datenschutzerklrung?id=4260. Data processing agreement: Provided by the service provider.

Provision of the online offer and web hosting

We process users’ data in order to provide our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

• Types of data processed: Usage data (e.g., page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved); log data (e.g., log files relating to logins or data retrieval or access times); content data (e.g., text or image messages and posts as well as information related to them, such as authorship details or time of creation).

• Data subjects: Users (e.g., website visitors, users of online services).

• Purposes of processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures.

• Retention and deletion: Deletion in accordance with the information in the section “General information on data retention and deletion”.

• Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further notes on processing activities, procedures and services:

• Provision of the online offer on rented storage space: To provide our online services, we use storage space, computing capacity and software that we rent from a suitable server provider (also known as a “web host”) or obtain otherwise; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

• Collection of access data and log files: Access to our online services is logged in the form of so-called “server log files”. Server log files may include the address and name of the retrieved web pages and files, date and time of retrieval, amounts of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. Server log files may be used for security purposes, e.g., to prevent server overload (especially in the event of abusive attacks, so-called DDoS attacks), and to ensure server utilization and stability; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained further for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

• Email sending and hosting: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the recipients’ and senders’ addresses as well as other information relating to email transmission (e.g., the providers involved) and the content of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails are generally not sent in encrypted form on the Internet. As a rule, emails are encrypted during transmission, but (unless so-called end-to-end encryption is used) not on the servers from which they are sent and received. We therefore cannot assume responsibility for the transmission path of emails between the sender and receipt on our server; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

• ALL-INKL: Services in the field of providing IT infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: ALL-INKL.COM – Neue Medien Münnich, owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://all-inkl.com/; Privacy policy: https://all-inkl.com/datenschutzinformationen/. Data processing agreement: Provided by the service provider.

Use of cookies

The term “cookies” refers to functions that store information on users’ devices and read information from them. Cookies may also be used for various purposes, such as ensuring functionality, security and convenience of online services and creating analyses of visitor flows. We use cookies in accordance with legal regulations. Where required, we obtain users’ consent in advance. If consent is not required, we rely on our legitimate interests. This applies when storing and reading information is essential to provide expressly requested content and functions. This includes, for example, storing settings and ensuring the functionality and security of our online services. Consent may be revoked at any time. We clearly inform users about the scope and which cookies are used.

Notes on data protection legal bases: Whether we process personal data using cookies depends on consent. If consent has been given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the respective services and procedures.

Storage duration: With regard to storage duration, the following types of cookies are distinguished:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).

• Persistent cookies: Persistent cookies remain stored even after the device is closed. For example, the login status may be saved and preferred content displayed directly when the user visits a website again. Likewise, the user data collected using cookies may be used for reach measurement. If we do not provide users with explicit information on the type and storage duration of cookies (e.g., when obtaining consent), users should assume that these are persistent and that the storage duration can be up to two years.

General notes on withdrawal and objection (opt-out): Users may withdraw their consents at any time and also object to processing in accordance with statutory requirements, including via their browser’s privacy settings.

• Types of data processed: Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).

• Data subjects: Users (e.g., website visitors, users of online services).

• Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); consent (Art. 6(1) sentence 1 lit. a GDPR).

Further notes on processing activities, procedures and services:

• Processing of cookie data based on consent: We use a consent management solution that obtains users’ consent for the use of cookies or for the procedures and providers named within the consent management solution. This procedure serves to obtain, document, manage and withdraw consent, in particular with regard to the use of cookies and comparable technologies used to store, read and process information on users’ devices. As part of this procedure, users’ consents are obtained for the use of cookies and the associated processing of information, including the specific processing operations and providers named in the consent management procedure. Users also have the option to manage and withdraw their consents. The consent declarations are stored to avoid repeated requests and to be able to provide proof of consent in accordance with statutory requirements. Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or using comparable technologies in order to assign the consent to a specific user or their device. If no specific information is available on the providers of consent management services, the following general notes apply: The consent is stored for up to two years. A pseudonymous user identifier is created and stored together with the time of consent, details of the scope of consent (e.g., the categories of cookies and/or service providers concerned) and information about the browser, system and device used; Legal basis: Consent (Art. 6(1) sentence 1 lit. a GDPR).

Contact and inquiry management

When contacting us (e.g., by mail, contact form, email, phone, or via social media) and within the scope of existing user and business relationships, the information provided by the inquiring persons is processed insofar as this is necessary to answer the contact inquiries and any requested measures.

• Types of data processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); content data (e.g., text or image messages and posts as well as information related to them, such as authorship details or time of creation); usage data (e.g., page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).

• Data subjects: Communication partners.

• Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form); provision of our online services and user-friendliness.

• Retention and deletion: Deletion in accordance with the information in the section “General information on data retention and deletion”.

• Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).

Further notes on processing activities, procedures and services:

• Contact form: When contacting us via our contact form, email or other communication channels, we process the personal data transmitted to us to answer and handle the respective request. This usually includes details such as name, contact information and, if applicable, further information provided to us that is necessary for appropriate handling. We use this data exclusively for the stated purpose of contacting and communicating; Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Presences on social networks (social media)

We maintain online presences within social networks and, in this context, process user data in order to communicate with users active there or to provide information about us.

Please note that user data may be processed outside the European Union. This may result in risks for users, for example because the enforcement of users’ rights could be made more difficult.

Furthermore, users’ data within social networks is usually processed for market research and advertising purposes. For example, usage profiles may be created based on users’ behavior and the interests derived from it. These usage profiles may in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to users’ interests. For this reason, cookies are generally stored on users’ computers in which the usage behavior and interests of users are stored. In addition, data may also be stored in the usage profiles independently of the devices used by users (especially if they are members of the respective platforms and are logged in there).

For a detailed description of the respective processing operations and the options to object (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we note that these can most effectively be asserted with the providers. Only the providers have access to the users’ data and can take appropriate measures directly and provide information. If you still need help, you can contact us.

• Types of data processed: Contact data (e.g., postal and email addresses or phone numbers); content data (e.g., text or image messages and posts as well as information related to them, such as authorship details or time of creation); usage data (e.g., page views and time spent, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).

• Data subjects: Users (e.g., website visitors, users of online services).

• Purposes of processing: Communication; feedback (e.g., collecting feedback via online form); public relations.

• Retention and deletion: Deletion in accordance with the information in the section “General information on data retention and deletion”.

• Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further notes on processing activities, procedures and services:

• Instagram: Social network enabling the sharing of photos and videos, commenting and favoriting of posts, sending messages, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.instagram.com; Privacy policy: https://privacycenter.instagram.com/policy/. Basis for third-country transfers: Data Privacy Framework (DPF).

• Facebook Pages: Profiles within the social network Facebook – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook Page (so-called “Fanpage”). This data includes information about the types of content users view or interact with, or actions they take (see “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device information” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, so-called “Page Insights”, for page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook (“Page Insights Controller Addendum”: https://www.facebook.com/legal/terms/page_controller_addendum) which regulates in particular which security measures Facebook must observe and under which Facebook has agreed to fulfill data subject rights (i.e., users can, for example, direct requests for information or deletion directly to Facebook). Users’ rights (in particular, the right of access, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information about Page Insights Data” (https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint controllership is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company established in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular includes the transfer of the data to the parent company Meta Platforms, Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/privacy/policy/. Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).

Created with the free Datenschutz-Generator.de by Dr. Thomas Schwenke