The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data refers to all information with which you can be personally identified. Detailed information on the subject of data protection can be found in the privacy policy set out below this text.
The data processing on this website is carried out by the website operator. Their contact details can be found in the section “Information on the Responsible Party” in this privacy policy.
On the one hand, your data is collected when you provide it to us. This may, for example, include data that you enter into a contact form.
Other data is collected automatically, or with your consent, when you visit the website through our IT systems. This primarily includes technical data (e.g., internet browser, operating system, or the time of the page call-up). The collection of this data occurs automatically as soon as you access this website.
Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior.
You have the right, at any time and free of charge, to obtain information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the rectification or deletion of this data. If you have given your consent to data processing, you may withdraw this consent at any time with future effect. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. In addition, you are entitled to file a complaint with the competent supervisory authority.
For this purpose, as well as for any further questions on the subject of data protection, you may contact us at any time.
We host the content of our website with the following provider:
This website is externally hosted. The personal data collected on this website is stored on the servers of the hosting provider(s). This may primarily include IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website access data, and other information generated via a website.
External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast, and efficient delivery of our online offering by a professional provider (Art. 6 (1) (f) GDPR). Where consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent covers the storage of cookies or access to information in the user’s device (e.g., device fingerprinting) as defined by the TDDDG. Consent may be withdrawn at any time.
Our hosting provider(s) will only process your data to the extent necessary to fulfill their service obligations and will follow our instructions concerning this data.
We use the following hosting provider:
goneo Internet GmbH
Dresdener Straße 18
32423 Minden
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, ensuring that personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.
The operators of these pages take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations as well as this privacy policy.
When you use this website, various personal data is collected. Personal data is any information that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this occurs.
Please note that data transmission over the Internet (e.g., communication via email) can have security gaps. Complete protection of data against access by third parties is not possible.
The responsible party for data processing on this website is:
Joana Karsenty
Noué
Haupstraße 5c
63457 Hanau
Phone: +4917644250717
Email: joana@noue-atelier.de
The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing ceases to exist. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will occur once these reasons no longer apply.
If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, where special categories of data under Art. 9 (1) GDPR are being processed. In the case of explicit consent to the transfer of personal data to third countries, processing is also carried out on the basis of Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or to access to information on your end device (e.g., via device fingerprinting), data processing is also based on § 25 (1) TDDDG. Consent can be revoked at any time.
If your data is required for the fulfillment of a contract or for pre-contractual measures, we process it on the basis of Art. 6 (1) (b) GDPR. Furthermore, if data processing is required to fulfill a legal obligation, it is carried out on the basis of Art. 6 (1) (c) GDPR. In some cases, data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. The specific applicable legal basis in each case is explained in the following paragraphs of this privacy policy.
In the course of our business activities, we work with different external entities. In some cases, this also requires the transmission of personal data to such entities. We only share personal data with external parties if this is necessary for the performance of a contract, if we are legally obligated to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest under Art. 6 (1) (f) GDPR in such transfer, or if another legal basis permits the transfer of data. When using processors, we share the personal data of our customers only on the basis of a valid Data Processing Agreement. In cases of joint processing, a Joint Processing Agreement is concluded.
Many processing operations are only possible with your explicit consent. You may revoke consent that has already been given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
IF DATA PROCESSING IS BASED ON ART. 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH ANY PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 (1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING AT ANY TIME; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS CONNECTED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEREAFTER NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION UNDER ART. 21 (2) GDPR).
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.
You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract, either to yourself or to a third party, in a commonly used, machine-readable format. If you request the direct transfer of data to another controller, this will only be carried out where technically feasible.
Within the scope of the applicable legal provisions, you have the right at any time to obtain free-of-charge information about your stored personal data, its origin and recipients, and the purpose of the data processing, as well as, if applicable, a right to rectification or deletion of this data. For this purpose, and for further questions on the subject of personal data, you may contact us at any time.
You have the right to request the restriction of the processing of your personal data. For this purpose, you may contact us at any time. The right to restriction of processing applies in the following cases:
If you contest the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.
If we no longer require your personal data, but you need it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of the processing instead of its deletion.
If you have filed an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. Until it is determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, such data – apart from its storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send us as the website operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser’s address line changes from “http://” to “https://” and by the lock icon in your browser bar.
When SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
Our internet pages use what are known as “cookies.” Cookies are small data packages that do not cause any harm to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted once your visit ends. Persistent cookies remain stored on your device until you delete them manually or until they are automatically deleted by your web browser.
Cookies can be set either by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party providers within websites (e.g., cookies used for payment transaction services).
Cookies serve a variety of functions. Many cookies are technically necessary, as certain website features would not function without them (e.g., shopping cart functionality or video display). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies that are required for carrying out the electronic communication process, for providing certain functions you have requested (e.g., the shopping cart function), or for optimizing the website (e.g., cookies for measuring web audiences) (necessary cookies) are stored on the basis of Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized provision of its services. Where consent has been requested for the storage of cookies and comparable recognition technologies, processing is carried out exclusively on the basis of this consent (Art. 6 (1) (a) GDPR and § 25 (1) TDDDG); consent can be revoked at any time.
You can configure your browser to notify you when cookies are being set, to allow cookies only in individual cases, to exclude the acceptance of cookies in specific cases or in general, and to activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Details on what cookies and services are used on this website can be found in this privacy policy.
This website uses Usercentrics Consent Technology to obtain your consent for storing certain cookies on your device or for the use of certain technologies, and to document this in a manner compliant with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter “Usercentrics”).
When you enter our website, the following personal data is transmitted to Usercentrics:
Your consent(s) or the withdrawal of your consent(s)
Your IP address
Information about your browser
Information about your device
The time of your visit to the website
Geolocation information
Furthermore, Usercentrics stores a cookie in your browser in order to allow the consents granted or their withdrawal to be assigned to you. The data collected in this way will be stored until you ask us to delete it, delete the Usercentrics cookie yourself, or the purpose of data storage ceases to apply. Mandatory statutory retention obligations remain unaffected.
The use of Usercentrics takes place in order to obtain the legally required consents for the use of certain technologies. The legal basis for this is Art. 6 (1) (c) GDPR.
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures this provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
If you contact us by email or telephone your inquiry, including all personal data resulting from it (name, request), will be stored and processed by us for the purpose of handling your concern. We do not pass this data on without your consent.
The processing of this data is based on Art. 6 (1) (b) GDPR, provided your request is related to the performance of a contract or is necessary for carrying out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if such consent has been requested. Consent can be withdrawn at any time.
The data you send to us via contact inquiries will remain with us until you request its deletion, revoke your consent, or the purpose for the data storage no longer applies (e.g., after your request has been fully processed). Mandatory statutory requirements – in particular statutory retention periods – remain unaffected.
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It merely serves to manage and deliver the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transmitted to Google’s parent company in the United States.
The use of Google Tag Manager is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and administration of various tools on the website. If the corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the US. Each company certified under the DPF is committed to complying with these data protection standards. More information can be found at the following link: https://www.dataprivacyframework.gov/participant/5780.
This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics allows the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, time spent on site, operating systems used, and origin of the user. These data may be aggregated under a user ID and assigned to the respective device of the website visitor.
We may also use Google Analytics to record your mouse movements, scrolling behavior, and clicks. Google Analytics also uses modeling approaches to complement collected data sets and applies machine learning technologies during data analysis.
Google Analytics uses technologies that make it possible to recognize users for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google is usually transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent may be withdrawn at any time.
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the US. Each company certified under the DPF is committed to complying with these data protection standards. Further information is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
Google Analytics IP anonymization is activated. This means that your IP address is shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website usage and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data by Google.
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
We have concluded a Data Processing Agreement (DPA) with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.
This website uses the visitor action pixel from Facebook/Meta for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected may also be transferred to the USA and other third countries.
This allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. As a result, the effectiveness of Facebook ads can be evaluated for statistical and market research purposes and future advertising measures can be optimized.
The collected data is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook, which may allow a connection to the respective user profile and for Facebook to use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://de-de.facebook.com/about/privacy/). This enables Facebook to display ads both on Facebook pages and outside of Facebook. We have no influence on this use of data.
The use of this service takes place on the basis of your consent pursuant to Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent may be withdrawn at any time.
We use the advanced matching feature within the Meta Pixel.
Advanced matching allows us to send various types of data (e.g., place of residence, state, zip code, hashed email addresses, names, gender, date of birth, or phone numbers) of our customers and prospects that we collect via our website to Meta (Facebook). By enabling this, we can tailor our Facebook advertising campaigns even more precisely to individuals interested in our offerings. In addition, advanced matching improves the attribution of website conversions and expands custom audiences.
Insofar as personal data is collected on our website using the tool described and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The processing by Facebook that takes place after the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in an agreement on joint processing. The wording of the agreement can be found here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool securely in terms of data protection. Facebook is responsible for the data security of its products. Data subject rights (e.g., information requests) regarding data processed by Facebook can be asserted directly with Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
In Facebook’s privacy policy, you can find further information about the protection of your privacy: https://de-de.facebook.com/about/privacy/.
You can also deactivate the “Custom Audiences” remarketing function in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook.
If you do not have a Facebook account, you can deactivate user-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
The company is certified under the “EU-US Data Privacy Framework” (DPF). Further details about Meta’s certification can be found at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.
We have integrated the Facebook Conversion API on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected may also be transferred to the USA and other third countries.
The Facebook Conversion API enables us to track website visitor interactions with our website and transmit them to Facebook in order to improve ad performance on Facebook.
The data collected includes the time of access, the visited page, your IP address, your user agent, and, if applicable, other specific data (e.g., purchased products, shopping cart value, and currency). A detailed overview of the collectible data can be found here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.
The use of this service takes place on the basis of your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent may be withdrawn at any time.
Insofar as personal data is collected on our website using the tool described and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. Processing by Facebook that takes place after transfer is not part of joint responsibility. The obligations incumbent upon us jointly have been set out in an agreement on joint processing. The wording of the agreement can be found here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for data privacy-compliant implementation of the tool on our website. Facebook is responsible for the data security of its products. Data subject rights (e.g., access requests) regarding data processed by Facebook can be asserted directly with Facebook. If you assert such rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Further information on protecting your privacy can be found in Facebook’s privacy notice: https://de-de.facebook.com/about/privacy/.
The company is certified under the “EU-US Data Privacy Framework” (DPF). More information can be found at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.
We have concluded a Data Processing Agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
When you visit or use our websites and apps, use our free or paid services, transmit data to us, or interact with our company’s Facebook content, we collect your personal data in the process. If you grant us consent to use Facebook Custom Audiences, we will transmit these data to Facebook, which allows Facebook to display appropriate advertising to you. Additionally, your data can be used to define target groups (lookalike audiences).
Facebook processes this data as our processor. Details can be found in Facebook’s usage agreement: https://www.facebook.com/legal/terms/customaudience.
The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent may be withdrawn at any time.
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing.
The company is certified under the “EU-US Data Privacy Framework” (DPF). Further details can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.
This website integrates videos from the site YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our web pages on which YouTube is embedded, a connection to the YouTube servers is established. In this process, the YouTube server is informed about which of our pages you have visited.
Furthermore, YouTube may store various cookies on your device or use similar recognition technologies (e.g., device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to compile video statistics, improve user-friendliness, and prevent fraud attempts.
If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube takes place in the interest of presenting our online offerings in an attractive way. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Where corresponding consent has been obtained, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.
More information about how user data is handled can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the US. Each company certified under the DPF is committed to complying with these data protection standards. More information can be found from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
This site uses so-called Google Fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to Google’s servers. This gives Google knowledge that this website has been accessed through your IP address. The use of Google Fonts is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under the TDDDG. Consent can be withdrawn at any time.
If your browser does not support Google Fonts, a standard font from your computer will be used.
More information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the US. Each company certified under the DPF is committed to complying with these data protection standards. More information can be found from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of this service, we can integrate map material on our website.
To use the functions of Google Maps it is necessary to store your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no control over this data transmission. If Google Maps is activated, Google may use Google Fonts for the uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offerings and in making the locations specified on the website easy to find. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Where corresponding consent has been obtained, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
More information about how user data is handled can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the US. Each company certified under the DPF is committed to complying with these data protection standards. More information can be found from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
We collect, process, and use personal customer and contract data for the establishment, content, and modification of our contractual relationships. Personal data regarding the use of this website (usage data) are collected, processed, and used only to the extent required to enable the user to utilize the service or to bill them for it. The legal basis for this processing is Art. 6 (1) (b) GDPR.
The collected customer data will be deleted after completion of the order or termination of the business relationship and after the expiration of any existing statutory retention periods. Statutory retention periods remain unaffected.
When you order goods from us, we pass on your personal data to the transport company entrusted with delivery as well as to the payment service provider tasked with payment processing. Only the data required by the respective service provider to fulfill its task will be disclosed. The legal basis is Art. 6 (1) (b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
If you have given the corresponding consent pursuant to Art. 6 (1) (a) GDPR, we will also provide your email address to the delivery company responsible so they can notify you via email about the shipping status of your order. This consent can be revoked at any time.
We transmit personal data to third parties only if this is necessary in the context of contract processing, for example, to the financial institution responsible for payment processing.
No further data will be shared, or only if you have expressly consented to such transmission. Your data will not be passed on to third parties without your explicit consent, for example for advertising purposes.
The legal basis for this processing is Art. 6 (1) (b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
We integrate third-party payment services on our website. When you make a purchase with us, your payment data (e.g., name, payment amount, account details, credit card number) are processed by the respective payment service provider for the purpose of payment processing. For these transactions, the terms and privacy policies of the respective providers apply.
The use of payment service providers is based on Art. 6 (1) (b) GDPR (contract performance) and in the interest of a smooth, convenient, and secure payment process (Art. 6 (1) (f) GDPR). To the extent that consent is requested for certain actions, Art. 6 (1) (a) GDPR is the legal basis of data processing. Consent may be withdrawn at any time with future effect.
We use the following payment services / payment service providers on this website:
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”).
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Details can also be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The privacy policy of Google can be found here: https://policies.google.com/privacy.
The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”).
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation.
Further details can be found in Stripe’s privacy policy: https://stripe.com/de/privacy.
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (“Mastercard”).
Mastercard may transfer data to its parent company in the USA. Data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
The provider of this payment service is Visa Europe Services Inc., London branch, 1 Sheldon Square, London W2 6TT, United Kingdom (“VISA”).
The United Kingdom is considered a data protection-safe third country. This means that the UK has a level of data protection equivalent to that of the European Union.
VISA may transfer data to its parent company in the USA. Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
More information can be found in VISA’s privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
