Privacy policy

I. Name and address of the person responsible

TriaPrima GmbH

representative d. the managing director Dirk Wasserthal

Headquarters Mannheim

O4 4

68161 Mannheim

Phone: +49 (0) 621 40545804

Email: [email protected]

II. Basics of data processing

Scope of data processing

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how this is done and for what purpose. We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of the data against access by third parties is not possible.

As a matter of principle, we only process personal data of our users to the extent that this is necessary for the provision of a functional website as well as our content and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. Article 1(a) of the EU General Data Protection Regulation (“GDPR”) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 letter b GDPR as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 letter c GDPR as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 letter f GDPR as the legal basis for processing.

Data sharing

Your personal data will not be transferred to third parties for purposes other than those listed below.

The controller may use service providers who act as processors to provide IT and other administrative support (e.g. service providers who offer IT hosting or maintenance support). These service providers may have access to your personal information to the extent necessary to provide such services.

Any access to your personal information is limited to those who need the information to complete their activities.

The controller may disclose your personal data if this is requested in particular by government authorities, external authorities and courts.

Data transfer to third countries

If we transfer data to a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing occurs as part of the use of third-party services (third-party plug-ins) or the disclosure or transfer of data to other persons, bodies or companies take place, this only takes place in accordance with the legal requirements. Subject to explicit consent or where transfer is required by contract or law, we only process or have data processed in third countries with a recognized level of data protection or on the basis of special guarantees, such as contractual obligations through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection rules (Articles 44 to 49 GDPR, EU standard contractual clauses to ensure an adequate level of data protection (https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors; https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en).

SSL encryption

This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the website operator. You can recognize an encrypted connection by the fact that the browser address bar changes from “http://” to “https://” and by the lock symbol in your browser bar.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Data deletion and storage period

The personal data will be stored by the controller and its service providers for as long as necessary until our obligations have been fulfilled. The data will be stored for as long as necessary for the purpose according to the GDPR. As soon as those responsible no longer need the data to fulfill their contractual or legal obligations, they will be removed from our systems and records and/or measures will be taken so that their personal data is anonymized and they are no longer identifiable. Excepted are cases in which we need to retain your personal data to comply with legal or regulatory obligations to which the controller is subject. This applies in particular to legally prescribed retention obligations such as those arising from the Commercial Code and tax law, which usually result in retention obligations of between 5 and 10 years. It is also possible that we need to preserve evidence within the statute of limitations, which is usually 3 years but can be up to 30 years.

III. Your rights

As a person affected by the processing of your data, you have the following rights against the website operator according to the GDPR:

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right of access (Art. 15 DSGVO)

You have the right to request information from us at any time about the data we hold about you. The information concerns, among other things, the categories of data processed by us, the purpose of the processing of the data, the origin of the data and, if applicable, recipients to whom your data are transmitted. You can also get a free copy of your data from us.

Right of rectification (Art. 16 DSGVO)

You can also ask us to correct your data. For this purpose, we take reasonable steps to keep your information accurate, complete, and current.

Right to erasure (Art. 17 DSGVO)

Likewise, you can demand that we delete your data, provided that the legal requirements for this are met. This may be the case, among others, if:

– the data are no longer required for the purposes for which they were collected or otherwise processed,

– You withdraw your consent, which is the basis for data processing, and there is no other legal basis for the processing,

– You object to the processing of your data and there are no overriding legitimate grounds for the processing, or you object to the processing of your data for direct marketing purposes,

– the data were processed unlawfully,

– the processing is not necessary to ensure compliance with a legal obligation which requires us to process your data.

The right to deletion (“right to be forgotten”) does not apply in exceptional cases if processing is necessary for the reasons listed in Article 17 paragraph 3 GDPR. This may be the case, for example, if the processing is necessary to fulfill a legal obligation or to assert, exercise or defend legal claims (Article 17 paragraph 3 letters a and e GDPR).

Right to restriction of processing (Art. 18 DSGVO)

You may request us to restrict the processing of your data if you dispute the accuracy of the data within the period of time we need to verify the accuracy of the data,

the processing is unlawful and you refuse the erasure of your data and request the restriction of use instead,

we no longer need your data, but you need it to assert, exercise or defend legal claims,

you have objected to the processing as long as it has not yet been determined whether our legitimate grounds outweigh yours.

Right to data portability (Art. 20 DSGVO)

At your request, we will also transfer your data (if technically possible) to another data controller. You have this right if the data processing is based on your consent or is necessary to perform a contract.

Right to object (Art. 21 GDPR):

You can object to the processing of your data at any time if you cite reasons arising from your particular situation. This is possible if the data processing is based on your consent or on our legitimate interests or the legitimate interests of a third party. In the event of an objection, we will no longer process your data. However, this is not the case if compelling legitimate grounds for processing can be demonstrated by us and these override your interests or if we need your data to assert, exercise or defend legal claims.

If personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling, insofar as it is connected to such direct advertising. In the event of an objection to processing for direct advertising purposes, we will no longer process the personal data concerned for these purposes.

Complaint to supervisory authorities

You have the right to file a complaint with a competent data protection authority. This results from Art. 77 GDPR. Complaints to the supervisory authority can be made informally.

IV. Informational use of the website

During the purely informative use of the website, certain information is sent to the server of our website by the browser used on your end device for technical reasons, for example your IP address. We process this information to provide the content of the website that you have accessed. To ensure the security of the IT infrastructure used to provide the website, this information is also temporarily stored in a so-called web server log file.

These include in particular:

· Browser type and browser version

· operating system used

· Referrer URL

· Host name of the accessing computer

· Time of server request

· IP address

· Opt-in cookie data (absolutely necessary data such as your consent and, if applicable, your individual selection for the use of cookies on your device).

The collection of this data takes place on the legal basis of the balancing of interests according to Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to ensure the security of the IT infrastructure used for the provision of the website, in particular for the detection, elimination and evidentiary documentation of faults (e.g. DDoS attacks).

This data is not merged with other data sources. Data is stored in server log files in a form that allows the identification of the data subjects for a maximum period of 7 days, unless a security-related event occurs (e.g. a DDoS attack). In the event of a security-relevant event, server log files are stored until the security-relevant event has been eliminated and fully clarified.

The collection of data to provide the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility for the user to object

V. Use of cookies

Our websites use cookies. We use the processing and storage functions of your device’s browser and collect information from the memory of your device’s browser. Cookies are small text files that are stored on your computer and saved by your browser. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is accessed again. This website uses the following types of cookies:

Technically necessary cookies

We use cookies to make our website work. Some elements of our website require that the accessing browser can be identified even after a page change. The following data is stored and transmitted in the cookies:

The following data is stored and transmitted in the cookies:

(a) Consents;

(b) language settings;

(d) Login Information.

Cookies that are not technically necessary (analysis cookies)

We also use cookies. We also use cookies on our website that enable us to analyze the surfing behavior of users on the website. The following data can be transmitted in this way:

· Search terms entered,

· Frequency of page views,

· Use of website functions.

When you access our website, you will be informed about the use of cookies for analysis purposes and your consent to the processing of the personal data used in this context will be obtained. In this context, a reference is also made to this data protection declaration.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 letter f GDPR. The legal basis for the processing of personal data using analysis cookies, if the user has given his consent, is Article 6 Paragraph. 1 letter a GDPR.

The purpose of using technically necessary cookies is to temporarily process the content and functions of the website accessed by the user (e.g. shopping cart, adoption of language settings, log-in information) on our web server. For these, it is necessary that the browser is recognized even after a page change. The user data collected through technically necessary cookies are not used to create user profiles.

The analysis cookies are used for the purpose of improving the website and to better achieve the website’s goals (e.g. frequency of visits, increase in page views) and to continually optimize our offering. The behavior of users is recorded on our website and analyzed in a pseudonymized form using cookies that are not technically necessary. Pseudonymous usage profiles are created, but are not merged with data about the bearer of the pseudonym.

The data is processed for the purpose of providing the website content accessed by the user and measuring the web audience on the websites. Our legitimate interest also exists in these purposes.

Cookies are stored on the user’s computer and transmitted by the user to our site. As a user, you therefore have full control over the use of cookies. The storage period of the individual cookies used can be found in the text display when you call up the website. Cookies that have already been saved can be deleted at any time. This can also be automated. Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. When cookies are disabled, the functionality of this website may be limited.

VI. All in One Accessibility / Skynet Technologies

We use the “All in One Accessibility” widget on our website. The provider is Skynet Technologies USA LLC. The widget provides additional usability and display features to improve the accessibility of our website and enable users to use our online services more easily.

When loading and using the widget, a connection may be established to servers of Skynet Technologies, in particular via the domain skynettechnologies.com. Technically necessary access data may be processed in this process, including IP address, date and time of access, browser and device information, the accessed URL, and technical information for the provision and use of the widget.

The processing is carried out to provide accessibility features and to improve the accessibility of our website. The legal basis is our legitimate interest in providing an accessible, user-friendly and legally compliant online service in accordance with Article 6(1)(f) GDPR. 1 lit. f GDPR.

Insofar as the widget stores or reads technically necessary information on the end device, this is done to provide the accessibility functions usable by the user and to ensure the functionality of the widget.

Further information on data processing by Skynet Technologies can be found in the provider’s privacy policy.

VII. Google Analytics, Conversion Tracking

To measure the web audience, we use the analysis and tracking technology Google Analytics from the provider Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Visits to our website are recorded via Google Analytics and analyzed in an anonymous form.

We use these analysis and tracking technologies to use cookies to record and analyze usage behavior on our website in order to improve the website and to better achieve the website’s goals (e.g. frequency of visits, increase in page views). In addition, to record and analyze usage behavior on our website for the purposes of (conversion) tracking and (re-)targeting. There is no automated decision making.

Personal data processed:

· IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access (“HTTP data”).

· Data about the use of the website, in particular page views, frequency of visits and time spent on pages accessed (“Google Analytics profile data”).

· Unique visitor ID to identify returning visitors, number of visits by the visitor, time of first visit, previous visits and current visit, start and expected end of the current visit, visitor category to which a user belongs, source or campaign that explains, how a user got to the website (“Google Analytics cookie data”).

The legal basis for the processing of users’ personal data is consent (Article 6 paragraph 1 letter a GDPR).

The processing of users’ personal data enables us to measure the web audience and analyze the surfing and purchasing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website (e.g. frequency of visits, increase in page views). This helps us to continually improve our website and its user-friendliness. These purposes also include our legitimate interest in processing the data in accordance with Art. 6 Paragraph. 1 letter f GDPR. Pseudonymous usage profiles are created from this information. The pseudonymous usage profiles are not merged with data about the bearer of the pseudonym. The aim of the procedure is to examine where users come from, which areas of the website are visited and how often and for how long which sub-pages and categories are viewed.

So-called IP anonymization is activated on this website for the use of the web analysis tool Google Analytics. This means that the IP address transmitted by the browser for technical reasons is anonymized by shortening the IP address (by deleting the last octet of the IP address) before it is stored. By anonymizing the IP address, the user’s interest in protecting personal data is sufficiently taken into account.

The data will be deleted as soon as it is no longer required for our recording purposes. The storage period is 2 months.

You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of the website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install. The current link is http://tools.google.com/dlpage/gaoptout?hl=de .

For data transfers to the USA, the Commission’s US Data Privacy Framework adequacy decision is in place: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en and safeguards exist in the form of the EU Standard Contractual Clauses: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de . Data protection notice from Google: https://policies.google.com/privacy?hl=de

VIII. Google Tag Manager

We have integrated the Google Tag Manager (GTM) on this website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The GTM collects data on the website and forwards it to the connected analysis tools. The tools save and evaluate these. The GTM does not store any data itself. He doesn’t have access to it. The GTM only collects data on how individual tags are used. The IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access (“HTTP data”) are collected.

The legal basis for the processing of this data is Article 6 Paragraph. 1 letter a GDPR; consent can be revoked at any time.

GTM enables us to integrate tags on our website, analyze them and provide a user-friendly offer. This also lies in our legitimate interest in the use of GTM (Art. 6 Para. 1 Letter f GDPR).

The personal data is transmitted anonymously to Google. This means that the IP address transmitted by the browser for technical reasons is anonymized by shortening the IP address (by deleting the last octet of the IP address) before it is stored. By anonymizing the IP address, the user’s interest in protecting personal data is sufficiently taken into account.

The data will be deleted as soon as it is no longer required for our recording purposes. The storage period is 2 years.

For data transfers to the USA, the Commission’s US Data Privacy Framework adequacy decision is in place: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en and safeguards exist in the form of the EU Standard Contractual Clauses: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de . Google’s privacy policy: https://policies.google.com/privacy?hl=de

IX. Meta Pixels, Custom Audiences

This website uses Meta Custom Audiences (target group formation) with the Meta Pixel and the server-side conversion API (“API”) from Meta Platforms Ireland Ltd. (“Meta”). This means that users of the website can be shown interest-based advertisements (“Meta Ads”) when they visit a Meta social network (e.g. Facebook, Instagram), associated apps and websites. Our aim is to show you advertising that is of interest to you in order to make our website more interesting for you.

The Meta Pixel uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analyzed. We also record using. Meta cookies are used to record and analyze usage behavior on our website for the purposes of (conversion) tracking and (re-)targeting. There is no automated decision making. The information generated by the cookie about your use of this website is usually transferred to a server in the USA and stored there.

Due to the Meta pixel used, your browser automatically establishes a direct connection to the Meta server. Using the API, web events from your browser are transmitted directly to Meta via a server connection. These events are used for the extended comparison of the integrated meta pixel. The data transmitted via the Meta Pixel and the API is used for success measurement, reporting and ad optimization. If you are registered with a Meta service, Meta can assign the website visit to your account.

Even if you are not registered on a Meta platform or have not logged in, there is a possibility that the provider will find out and store your IP address and other identifying features.

Facebook has entered into a joint controllership agreement with Meta (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Meta Platform, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA; Privacy Policy: https://www.facebook.com/privacy/policy/) for the collection and recording of data (but not further processing) in accordance with Article 26 GDPR (https://www.facebook.com/legal/controller_addendum), which in particular regulates which security measures Meta must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Meta has agreed to fulfill the rights of data subjects (i.e., users can, for example, address requests for information or deletion directly to Meta).

The following data is recorded by the Meta Pixel:

· HTTP data – all information commonly contained in HTTP headers. This is a standard web protocol that is sent between all browser requests and all servers on the Internet. This information may include data such as IP addresses, web browser information, page location, document, referrer and person using the website.

· Pixel-specific data – including the pixel ID and the meta cookie.

· Button click data – all buttons clicked by website visitors, the labels of those buttons, and all pages viewed as a result of those button clicks.

· Event data (which can be transmitted from us to Meta via meta pixels and relates to people or their actions, e.g. information about visits to websites, interactions with content, functions, installations of apps, Purchases of products, etc.; the event data is collected for the purpose of forming target groups for content and advertising information (custom audiences),

· Contact information, especially when using Meta Custom Audience, such as email, address, number, for purchasing a product or service.

· Content data (websites visited, online networks used)

The legal basis for the processing of personal data is Article 6 Paragraph. 1 letter. a DSGVO; the consent can be revoked at any time.

We use the meta pixel and the API for the following purposes:

• To deliver our advertisements to visitors of our online offer as a target group (so-called “Custom Audiences”) and to determine them for the display of advertisements (so-called “Meta-Ads”). We use the meta pixel and the API to show the meta ads we place only to those meta users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products). of the websites visited) which we transmit to Meta (so-called “Custom Audiences”).

· We want to ensure that our meta ads match the potential interest of users and are not annoying.

· To measure the effectiveness of meta-ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a meta-ad and interacted with our products (so-called “conversion”).

With the help of the use of Meta Pixel and the API, we are able to record and analyze data, for example when an item is added to the shopping cart or when a purchase is completed, and to continually improve our offers on the website for users. These purposes also include our legitimate interest in processing the data in accordance with Art. 6 Paragraph. 1 letter f GDPR.

The data will be deleted as soon as it is no longer required for our recording purposes. Storage period session/1 year.

You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of the website to their full extent. You can find opt-out options in Meta’s privacy policy under “Opt-out option”: https://www.facebook.com/settings?tab=ads .

To adjust which types of ads are displayed to you within Meta, you can visit the page provided by Meta and follow the instructions for setting up interest-based advertising: https://www.facebook.com/adpreferences/ad_settings/?entry_product=account_settings_menu . The settings are platform-independent, meaning they are applied to all devices, such as desktop computers or mobile devices.

X. Contact form and email contact

A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are in particular:

· First name Name

· E-mail address

· Phone number.

· Content of the request

The following data is also stored at the time the message is sent:

· The user’s IP address (anonymized)

· Date and time of order

For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation. For these purposes, the addresses of the recipients and senders as well as other information regarding the sending of emails (e.g. the providers involved) as well as the contents of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes. We ask you to note that e-mails are generally not sent encrypted on the Internet. As a rule, e-mails are encrypted in transit, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. Therefore, we cannot take any responsibility for the transmission path of the e-mails between the sender and the reception on our server.

The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 letter a GDPR.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 letter f) GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 letter b GDPR.

The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. In the event of revocation of consent or storage, please send an email with the appropriate subject to the person responsible.

All personal data stored in the course of contacting us will be deleted in this case.

XI. Newsletter

On the website we offer you the possibility to subscribe to our electronic newsletter. If you purchase goods or services on our website and provide your email address, we may subsequently use it to send you a newsletter. In such a case, the newsletter will only be used to send direct advertising for similar goods or services. No data is passed on to third parties in connection with the processing of data for the dispatch of newsletters. The data will be used exclusively for sending the newsletter. Shipping service provider: CleverReach GmbH & Co. KG //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany.

The data from the input mask is transmitted to us.

· IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access, which are displayed when you access the form for subscribing to and unsubscribing from our newsletters website via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons (“HTTP data”),

· Data that is stored on the user’s device to provide the form for subscribing to and unsubscribing from our newsletter (“newsletter form cookie data”),

· Salutation, last name, email address (required), title, first name, company (voluntary), which we collect when you register for the newsletter (“subscription data”).

• Date and time of registration for the newsletter, date and time of sending the registration notification in the double opt-in procedure, date and time of confirmation of registration in the double opt-in procedure, as well as the IP address of the device used for confirmation, date and time of any unsubscription from the newsletter, which we collect for technical reasons during registration and unsubscription for the newsletter (“registration and unsubscription data”)

· Data about the use of the newsletter and the shops, in particular the opening rate of the newsletter, click rate of individual linked posts, list of pages visited in the shop, total sales of products sold in the web shop via links in the newsletter in usage profiles, which we use by analyzing usage behavior in the newsletter create pseudonyms (“usage profile data”).

· In order to provide you with the form for subscribing to and unsubscribing from our newsletter on the website, we use cookies on the website (see section ‎Use of cookies), with which we process personal data.

The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 letter a GDPR. The legal basis for sending the newsletter as a result of purchasing our products is Section 7 Paragraph 3 UWG.

We process data of our newsletter subscribers for the following purposes:

· Sending newsletters, invitations to events and information about special offers,

· Providing the form for subscribing and unsubscribing from our newsletter on the website,

· Double opt-in procedure to confirm the subscription,

Storage and processing for evidentiary purposes for the possible assertion, exercise or defense of legal claims,

Analysis of the usage behavior of newsletter subscribers in our newsletter and creation of usage profiles when using pseudonyms for the purpose of personalizing the newsletter.

The collection of the e-mail address and the first name of the user serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

No data is passed on to third parties in connection with the processing of data for the dispatch of newsletters. The data will be used exclusively for sending the newsletter.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user’s email address and first name are therefore stored for as long as the newsletter subscription is active. We also store this data for evidentiary purposes for the possible assertion, exercise or defense of legal claims for a transitional period of three years from the end of the year in which you unsubscribed and, in the event of any legal disputes, until their termination. The other personal data collected as part of the registration process is usually deleted after a period of seven days, unless a security-relevant event occurs (e.g. a DDoS attack). In the event of a security-relevant event, server log files are stored until the security-relevant event has been eliminated and fully clarified.

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter. This also enables the revocation of consent to the storage of personal data collected during the registration process. Unsubscribing is possible at any time, for example via a link at the end of each newsletter. Alternatively, you can send your request to unsubscribe at any time by email to [email protected].

XII. Brevo

We use the Brevo plugin and services on our website. The provider for users based in Germany, Austria, and Switzerland is Brevo GmbH, Köpenicker Str. 126, 10179 Berlin, Germany.

Brevo can be used by us for managing contacts, integrating registration forms, synchronizing contact and customer data, improving email deliverability, sending transactional emails, and, if the respective function is activated, for newsletter communication, marketing automation, SMS communication, web push communication, chat communication, and analyzing email or shop interactions.

To the extent that Brevo is used in connection with our online shop, customer, contact, order and product data from WooCommerce may be transferred to and processed by Brevo. This may include, in particular, name, email address, billing and shipping information, order details, product information, communication data, login and unsubscribe data, as well as technical shipping and delivery data.

To the extent that we use Brevo for transactional emails, this is done in particular for emails relating to orders, customer accounts, password resets, contact forms, or other function-related messages. In this context, the email address, name, content of the respective message, shipping status, delivery status, and technical log data may be processed.

To the extent that Brevo is used for newsletters, marketing automation, or similar promotional communication, additional information about the use of our emails may be processed, in particular opens, clicks, deliverability, unsubscribes, and similar interaction data. This serves to manage recipient lists, document granted consent, improve deliverability, and analyze and optimize our communication.

If the Brevo tracker, abandoned cart functions, or similar tracking and automation functions are activated, information about user behavior on our website may also be processed, in particular page views, shopping cart events, purchases, and other interactions with our online shop. Such processing only takes place if there is a legal basis for it, in particular consent or a legitimate interest, and if it is technically configured accordingly.

The legal basis for processing personal data in connection with transactional emails, orders, and customer accounts is Article 6(1)(b) GDPR, insofar as the processing is necessary for the performance of a contract or for taking steps prior to entering into a contract. Insofar as the processing is necessary for compliance with a legal obligation, the legal basis is Article 6(1)(c) GDPR. Insofar as we use Brevo to improve deliverability, manage our communications, or secure our systems, the processing is based on our legitimate interest pursuant to Article 6(1)(f) GDPR. 1 letter f GDPR. Insofar as Brevo is used for newsletters, advertising communication, tracking, marketing automation or similar functions and consent is required for this, the processing is based on Art. 6 para. 1 letter a GDPR.

Brevo processes personal data on our behalf. This is governed by the contractual agreements for data processing provided by Brevo, or a data protection agreement. Brevo may use sub-processors to provide its services. In this context, personal data may also be processed outside the European Union or the European Economic Area, provided the legal requirements for this are met.

You can withdraw your consent at any time with effect for the future. Where processing is based on our legitimate interest, you can object to the processing in accordance with the legal requirements. Further information on the processing of personal data by Brevo can be found in Brevo’s privacy policy.

XIII. Online Shop

You have several options for placing orders in our online shop. You can order as a guest or as a registered customer using your user account. To provide various functions in our online shop, including the wishlist, the conclusion and execution of purchase agreements, the management and collection of our purchase price receivables, the user account functions, the identification of those collecting ordered goods using an official photo ID to verify that the person collecting is the customer or a person authorized by the customer, as well as for evidentiary purposes and to fulfill legal retention obligations, we process various personal data when you use our online shop, in particular the data you provide to us in the order form or during contract processing.

To the extent necessary for contract processing, we transmit personal data to commissioned service providers, in particular shipping service providers, payment service providers, IT service providers and other vicarious agents.

The following data is processed as part of the ordering and registration process:

• Items in a shopping cart (“shopping data”),

Title, first name, last name, telephone number, billing and shipping address, and your email address. When opening a user account, we also collect a password of your choice and, for business customers, the company name and VAT ID number (“contact details”).

• depending on the selected payment method, the information required for payment with the respective payment method (“payment details”),

• Name, first name, address and information that an official photo ID was presented and the person picking up an order could be clearly identified by it (“ID data”),

• Information about current outstanding items, incoming payments, dunning levels, ongoing debt collection processes and returns (“debtor data”).

The following data is also stored at the time of ordering or registration:

• IP address, type and version of your internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access, and other data that are technically generated when using our shop via the Hypertext Transfer Protocol Secure (HTTPS) (“HTTP data”).

When you use the electronic cancellation function “Cancel contract” provided on our website, we also process the personal data required for this purpose. This includes, in particular, the information you enter or confirm, such as your name, contact details, email address, information to identify the contract or order in question, the content of your cancellation notice, and the date and time of submission and receipt of the cancellation notice. Furthermore, technically necessary log data may be processed to the extent required for providing the cancellation function, ensuring the security of our IT systems, documenting the proper transmission, and sending the electronic confirmation of receipt.

We process data in particular for the following purposes:

• Provision of forms for registration and ordering of goods as a customer, as well as for submitting offers as a customer for our services and goods on the website,

· Storing the goods in the shopping cart,

• Provision of the wishlist,

• Conclusion, execution and reversal of purchase contracts,

• Provision and management of the user account,

Payment processing, management of outstanding receivables, dunning and collection of our purchase price claims,

· Sending and delivery of information related to the purchased goods,

• Identification of collectors when picking up ordered goods,

• Provision of the electronic revocation function, receipt, processing and documentation of revocation declarations as well as transmission of the legally required electronic confirmation of receipt,

Storage and processing for evidentiary purposes for the possible assertion, exercise or defense of legal claims,

• Bookkeeping and invoicing as well as proper storage of documents to fulfill legal, in particular anti-money laundering, commercial and tax law retention obligations,

• Payments and processing of payments, for example advance payment, bank transfer, direct debit or PayPal,

· Double opt-in procedure to confirm registration for the newsletter,

• Analysis of the usage behavior of customers and users and creation of usage profiles using pseudonyms, insofar as this is legally permissible or the necessary consent has been obtained.

To provide you with the order form for guest or registered customer, as well as for registering a user account on the website, we use cookies that process personal data. Further information can be found in the “Cookies” section of this privacy policy.

The legal basis for the processing of personal data for the implementation of pre-contractual measures as well as for the conclusion, execution and termination of contracts is Article 6(1)(f) GDPR. 1 letter b GDPR. Where processing is necessary for compliance with legal obligations, in particular in connection with commercial, tax, anti-money laundering or consumer protection obligations, as well as with the provision and processing of the electronic revocation function, the legal basis is Article 6(1)(c) GDPR. Where we obtain your consent, in particular for the use of certain cookies, third-party providers or analytics functions, the legal basis is Article 6(1)(f) GDPR. 1 letter a GDPR. The legal basis for the use of the double opt-in procedure is additionally Article 6, paragraph 1. 1 letter f GDPR. Our legitimate interest lies in the legally compliant documentation of your registration. Insofar as processing is necessary for the security of the online shop, for the prevention of misuse, for technical provision, for documentation, for the administration and enforcement of outstanding claims, or for the establishment, exercise or defense of legal claims, the processing is based on Article 6(1)(f) GDPR. 1 letter f GDPR.

We store this data for as long as it is necessary for the performance of the contract, order processing, payment processing, shipping, returns, cancellations, warranty claims, or other claims. Furthermore, we store this data for evidentiary purposes in the event of the assertion, exercise, or defense of legal claims for a transitional period of three years from the end of the year in which you unsubscribed or the respective process was completed, and in the event of any legal disputes, until their conclusion.

We also store this data beyond this period to the extent that legal retention obligations exist, in particular those relating to money laundering, commercial law, or tax law. Depending on the type of documents, legal retention periods of six or ten years may apply, in particular according to Section 147 of the German Fiscal Code (AO) and Section 257 of the German Commercial Code (HGB).

The data will be deleted as soon as it is no longer required for the purpose for which it was collected and no contractual, legal, or legitimate grounds preclude its deletion. If the data is required for the performance of a contract or for carrying out pre-contractual measures, premature deletion is only possible if no contractual or legal obligations prevent such deletion.

We offer payment via PayPal as a payment option. For this purpose, payment data may be transmitted to payment service providers with whom we work. The legal basis is Art. 6 para. 1 letter b GDPR. Insofar as processing is necessary for payment verification, fraud prevention, debt collection or for safeguarding other legitimate interests, Article 6(1)(f) GDPR also serves as the legal basis.

Further information on how the payment service provider processes your personal data can be found in its privacy policy. PayPal (Europe) S.à rl et Cie, SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Privacy Policy: https://www.paypal.com/us/webapps/mpp/ua/privacy-full

XIV. Purchase

On our website you have the possibility to use our contact form to sell coins to us there. There are various options available to you for selling through our website. You can basically make the sale as a registered customer using your user account. For the provision of various functions in our purchase store, for the conclusion and execution of purchase contracts and for the provision of the user account functions, we process various personal data when you use our purchase store, for example your data that you provide to us in the sales form.

· IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access (log data).

· Data that you provide to us to process your sale as a guest or registered customer (contact details);

· Data that you provide to us for payment of the items you sell (payment data);

· Log data that arises for technical reasons when opening a user account (user account log data);

· Information in transactional emails that we send for the (re)processing of your sales request (e.g. confirmation of receipt) (transactional email data).

The legal basis for collecting this data is Article 6 paragraph 1 letter f of the GDPR. Our legitimate interest is to provide the content of the website accessed by the user.

The purpose of data processing is: conclusion and fulfillment of purchase contracts concluded via our purchase store. This includes, in particular, preparing the shipment of the respective goods to us (depending on the shipping method you have chosen; see the description on our website), reviewing your sales offer, and sending transactional emails to inform you about the respective status of your order.

We store the data until the purchase has been completed. We also store this data for evidence purposes for the possible assertion, exercise or defense of legal claims for a transitional period of three years from the end of the year in which you provided us with the data and, in the event of any legal disputes, until their termination.

We also store this data beyond that, insofar as legal, in particular commercial and tax law, retention obligations exist. Depending on the type of documents, there may be retention obligations under commercial and tax law of six or ten years (Section 147 of the German Fiscal Code (AO), Section 257 of the German Commercial Code (HGB).

XV. Cloud Services (SaaS)

We use software services accessible via the internet and running on the servers of cloud service providers (“SaaS” = Software as a Service), in particular the accounting software https://www.zervant.com/de/ from Zervant Oy (Ltd.), Keilaranta 17, 02150 Espoo, Finland. Privacy policy: https://www.zervant.com/de/datenschutzbestimmungen/ . Zervant is based in the EU.

In this context, personal data may be processed and stored on the servers of the providers to the extent that these are part of communication processes with us or are otherwise processed by us as set out in the context of this privacy policy. This data may include, in particular, master data and contact data of customers, (potential) business and contractual partners data on transactions, contracts, other processes and their contents. The cloud service providers also process usage data and metadata, which they use for security purposes and service optimization.

If we use SAAS to provide forms or other documents and content to other users or publicly accessible websites, the providers may place cookies on users’ devices for purposes of web analytics or to remember and store users’ settings (e.g., in the case of media controls).

The following data can be processed:

· Inventory data (e.g. names, addresses),

· Contact details (e.g. email, telephone numbers),

· Content data (e.g. text entries, photographs, videos),

Log data (e.g. websites visited, interest in content, access times),

· Meta/communication data (e.g. device information, IP addresses).

Affected persons can be: customers, employees (e.g. employees, applicants), interested parties, (potential) contractual partners.

If consent is given, the legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

Insofar as the use of SAAS is based on (pre)contractual services, the legal basis is the performance of the contract and the execution and processing of pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO). Otherwise, user data is processed on the basis of a balancing of interests. Our legitimate interest is the efficient, secure internal administration (Art. 6 para. 1 p. 1 lit. f. DSGVO).

The purpose of data processing is the safe and efficient storage and organization of documents, internal administration and accounting.

We store the data until the expiry of the retention obligation under money laundering law, i.e. for a period of five years after the end of the calendar year in which the business relationship was terminated or the information was ascertained (Section 8 (4) of the German Money Laundering Act (GWG)). In addition, we store the data insofar as other legal, in particular commercial or tax law, retention obligations exist. Depending on the type of documents, there may be retention obligations under commercial and tax law of six or ten years (§147 of the German Fiscal Code (AO), §257 of the German Commercial Code (HGB)).

XVI. Protection against brute-force and DDoS attacks

We protect our websites from unauthorized access and malicious cyberattacks. Among other things, an endpoint firewall and a malware scanner are used.

For this we use the WordPress plugin Wordfence. Wordfence is a plugin for the WordPress content management system. The provider is Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA. Our websites establish a permanent connection to Wordfence’s servers so that Wordfence can compare its databases with the access made to our website and, if necessary, block them.

For this purpose, Wordfence uses a cookie to record, evaluate and analyze usage behavior on our website (e.g. frequency of page views on the website). In this way, we also process log data that arises for technical reasons when using the web analysis tool used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes a unique ID for (re)identification of returning visitors , IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

The legal basis for the processing of users’ personal data is Article 6 paragraph 1 letter a GDPR, insofar as the consent requires the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of this and Section 25 paragraph . 1 TTDSG includes. Consent can be revoked at any time.

The processing of users’ personal data enables us to protect the functions and infrastructure of our website from cyberattacks as effectively as possible and to take measures against IP addresses that are classified as questionable. These purposes also include our legitimate interest in processing the data in accordance with Art. 6 Paragraph. 1 letter f GDPR.

The data is stored in server log files in a form that allows the identification of the data subjects for a maximum period of 7 days, unless a security-related event occurs (e.g. a DDoS attack). In the event of a security-relevant event, server log files are stored until the security-relevant event has been eliminated and fully clarified.

The collected data is sent to our service provider’s servers in the USA. Our service provider receives the data as our processor. There is an order processing contract with the provider.

For data transfers to the USA, the Commission’s US Data Privacy Framework adequacy decision is in place: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en and safeguards exist in the form of the EU Standard Contractual Clauses: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de . Further data protection information: https://www.wordfence.com/privacy-policy/

XVII. CAPTCHA / Cloudflare Turnstiles

We use Cloudflare Turnstile on our website. The provider is Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. For Germany, Cloudflare Germany GmbH, c/o Design Offices München Atlas, Rosenheimer Straße 143C, 8th floor, 81671 Munich, Germany, is also listed.

Cloudflare Turnstile protects our website from spam, automated access, form abuse, and other malicious bot activity. Turnstile checks whether entries and accesses to our website are made by a human or by an automated program. This check may be used, in particular, for contact forms, registration functions, customer accounts, password reset functions, and checkout functions.

As part of the audit, technical information may be processed. This includes, in particular, the IP address, information about the browser and device used, user-agent data, technical connection data such as the TLS fingerprint, the site key, and the origin of the request. According to Cloudflare, they use this information to detect and block bots and to protect the respective website.

The processing is based on Article 6(1)(a). 1 lit. f GDPR. Our legitimate interest lies in the secure provision of our website, protection against spam, abuse, automated attacks and the safeguarding of our forms, customer accounts and ordering processes.

Where personal data is transferred to the USA, Cloudflare relies, among other things, on the EU-US Data Privacy Framework and standard contractual clauses. Cloudflare provides a Data Processing Addendum for this purpose.

Further information on data processing by Cloudflare Turnstile can be found in Cloudflare’s privacy policy: https://www.cloudflare.com/turnstile-privacy-policy/

XVIII. Google Review

The website contains so-called third-party plug-ins from the provider Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, with which you can use the functionalities offered by the providers on the website. The plug-ins are integrated into the website using a so-called “2-click solution”. With this solution, the respective plug-in is not activated directly when you access the website, but only when you press the activation button provided for the respective plug-in. When you access the website, the provider of the respective plug-in cannot initially collect any personal data from you via the respective plug-in. The 2-click solution ensures that your Internet browser does not initially establish a connection to the servers of the provider of the respective plug-in when you access the website. Only when you press the button provided to activate the respective plug-in will the respective plug-in be activated. The activation button contains the name of the respective plug-in and, if applicable, a logo of the third-party provider. As a result of activation, a connection is established to the servers of the provider of the respective plug-in. This means that the provider of the respective activated plug-in can also collect personal data from you. Activating the respective plug-in is technically comparable to clicking on a link to an external website, with the difference that the content accessed does not appear in a new window/tab in your Internet browser, but is visually embedded in our website. The data exchange initiated by you activating and using the plug-in takes place exclusively between your Internet browser and the servers of the provider of the respective plug-in.

If you activate a third-party plug-in, you are using a functionality offered by the provider of the respective plug-in under their own responsibility, which is only visually embedded in the display of our website. When activating the respective plug-in, the provider of the respective plug-in may receive personal data from you. When activating the respective plug-in, the provider of the respective plug-in may also use cookies. When you activate the respective plug-in, the provider of the respective plug-in can at least receive the information that our website was accessed under the IP address assigned to you at the time of access. If you are registered as a user on the respective social media platform, the provider of the respective plug-in can usually also assign the data received to your user account. We would like to point out that we have no knowledge of the specific data collected by the provider of the respective plug-in. We also have no knowledge of the specific purposes of processing the collected data by the provider of the respective plug-in or of further details of the data processing of the respective provider. In particular, we do not know whether the respective provider processes the data collected solely to provide the functionality of the respective plug-in (e.g. for sharing certain content or making a comment) or for any other purposes (e.g. to create usage profiles or to personalize advertising).

· Privacy policy: https://policies.google.com/privacy?hl=de&gl=de ;

· Terms of Use:

https://developers.google.com/youtube/iframe_api_reference

https://policies.google.com/terms?hl=de

XIX. Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. In order to use the functions of Google Maps, it is necessary to save your IP address. This

Information is generally transferred to and stored on a Google server in the USA. The provider of this website has no influence over this data transfer. If Google Maps is activated, Google can use Google Web Fonts for the purpose of uniform font display. When you access Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. The use of Google Maps is in the interest of an attractive presentation of our online offerings and to make it easy to find the places we indicate on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 letter f GDPR.

If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 letter a GDPR, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting). Consent can be revoked at any time.

XX. WhatsApp Business Communications

On this website you have the opportunity to send text messages, photos, videos and voice messages to us via the WhatsApp Business instant messaging service. WhatsApp is an application of WhatsApp Ireland Limited based in the EU.

The following data can be processed: location information, documents, links and contact details.

In addition, WhatsApp can store data that users share with the app. For example

· News,

· Photos,

· Videos,

· Billing data and

· stored profile pictures.

The legal basis for the processing of users’ personal data is Article 6 paragraph 1 letter a GDPR. The user can revoke their consent to data collection at any time.

The purpose is to make contact with us simple, user-friendly and optimal via instant messaging. This also includes our legitimate interest in using the instant messaging service (Article 6 paragraph 1 letter f GDPR).

WhatsApp only saves all data in encrypted form. Accordingly, the group cannot view the data. According to WhatsApp, photos and videos are only temporarily stored. Then WhatsApp removes them. The app only saves messages until the recipient has received them. She then deletes them. If a message is not delivered within 30 days, WhatsApp will also delete it.

In its terms and conditions, WhatsApp states that it will pass on collected data to the parent company Meta in the USA and to other companies that belong to Meta. In addition, it remains open to sharing data with external companies, service providers and partners. However, personal data can also be passed on to the company WhatsApp LLC. This company is based in the USA. There is an adequacy decision for data transfer to the USA. Additionally, for data transfers to the USA, the Commission’s US Data Privacy Framework adequacy decision is in place: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en and the guarantees in the form of the EU Standard Contractual Clauses are in place: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de .

There is an order processing contract. WhatsApp Business receives the data as our processor. Further information on how to handle user data can be found in the

· Data protection https://www.whatsapp.com/legal/privacy-policy-eea?lang=de_DE

· Terms of use: https://www.whatsapp.com/legal/channels-terms-of-service-eea?lang=de_DE

21st century YouTube player

This website embeds videos from the YouTube website. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is integrated, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you have visited.

Furthermore, YouTube can store various cookies on your device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user experience and prevent fraud attempts.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an attractive presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 Para. 1 letter f GDPR. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 letter a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

For data transfer to the USA, the Commission’s US Data Privacy Frameworks adequacy decision is in place: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en and the guarantees in the form of the EU standard contractual clauses exist: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Further information on how user data is handled can be found in YouTube’s privacy policy at: https://policies.google.com/privacy?hl=de .

Privacy policy

Review Cart