• +49 (0)5235 97473 (Mon - Sat: 9 a.m. - 6 p.m.)
  • kundenservice@cantina24.de
  • We love Italy
  • Fast delivery
  • +49 (0)5235 97473 (Mon - Sat: 9 a.m. - 6 p.m.)
  • kundenservice@cantina24.de
  • We love Italy
  • Fast delivery

Cantina24 Privacy policy

Please be advised that only the German original of our Datenschutzerklärung is legally valid. This English translation has been provided solely for your convenience. It does not constitute a legal document.

Thank you for your interest in our website. As a member of Verein sicherer und seriöser Internetshopbetreiber e. V., the protection of your personal data is very important to us. In the following, we will inform you in a transparent and understandable language, about data collection and its scope, what your data will be used for and what rights you have.

You have the right to receive information about the origin, the recipient(s) and the purpose of your stored personal data at any time free of charge. You also have the right to request the correction, restriction or deletion as well as the disclosure of this data. If you have any questions about this or data protection, you can contact the person responsible for data processing at any time. The person responsible for data processing is named under point 1 of this data protection declaration. You also have the right to lodge a complaint with the responsible supervisory authority. Your rights in detail and detailed explanations can be found under point 6 of this data protection declaration.

Your data will be collected, stored and processed in compliance with the relevant legal regulations. Personal data are all types of data that can be used to identify you as a person.

1. Who is responsible for data processing?

In the sense of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations, the responsible body is a natural or legal person who alone or together with others decides about the purposes and means of processing personal data (names, contact details etc.).

Responsible for data processing on this website is:

Mario Pacillo

Nederlandpark 1

32825 Blomberg

Germany

Tel.: 0049 (0)5235 97 47 3

E-Mail: kundenservice@cantina24.de

2. What data is collected and processed on our website?

2.1 Automated collection of data:

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer, in so-called server log files. Some of this data is technically necessary to display our website to you. It is not merged with data from other sources. The following data is collected:

  • The pages viewed
  • Browser types and versions used
  • The operating system used by the accessing system
  • The website from which an accessing system reaches our site
  • The date and time the page was accessed
  • The internet service provider of the accessing computer
  • The Internet protocol address used (IP address)

The legal basis for data processing is Art. 6 Para. 1 lit. f of the General Data Protection Regulation (GDPR), which enables us to process the data in the event of a legitimate interest. In this case, our legitimate interest is the reliable and error-free functioning of our website. No other processing of this data takes place.

2.2 Collection of personal data

2.2.1 Data acquisition and processing when opening a customer account and when executing a contract

If you open a customer account on our website, this happens voluntarily. Registration is not a prerequisite for concluding a contract. Data is only collected to the minimum necessary, the mandatory information can be recognized from the correspondingly marked input fields. Deleting the customer account is possible at any time and free of charge. If you request a deletion, please contact the person responsible for data processing. This is mentioned under point 1 of this data protection declaration.

We only use your data for the purpose for which you have registered or for contract execution. The legal basis for data processing is Art. 6 Para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary to fulfil a contract with you or to carry out a pre-contractual measure.

The collected customer data will be blocked after completion of the order, after termination of the business relationship or after deletion of your customer account and deleted after tax and commercial retention periods, unless you have consented to further use of your data.

2.2.2 Data collection and processing when using our email address or contact function

For emails or messages via the contact form, we save your data until the processing of your message. The mandatory information in the mask of the contact form can be recognized by the correspondingly marked input fields. The data will only be used for the processing of your request, after the processing your data will be deleted. The legal basis for data processing is Art. 6 Para. 1 lit. f of the General Data Protection Regulation (GDPR), which enables us to process the data in the event of a legitimate interest. In this case, our legitimate interest is to answer your message or process your request.

For emails or messages via the contact form (if available) that aim to initiate a contract, the commercial and tax retention periods of 10 years apply from the end of the calendar year in which the data was collected. After the deadlines have expired, the data will be deleted on a regular basis, unless these are still required to initiate or fulfil the contract or there is a legitimate interest in us to continue storing the data. The legal basis for data processing is Art. 6 Para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary to fulfil a contract with you or to carry out a pre-contractual measure.

2.2.3 Newsletter function, data processing and possibility to object

2.2.3.1 You have signed up for our newsletter subscription:

If you subscribe to our free newsletter, data from the registration mask will be transmitted to us. The mandatory information can be recognized from the correspondingly marked input fields and is limited to the required minimum (email address). For the processing of your data, consent is obtained in the registration process and reference is made to this data protection declaration. The legal basis for data processing is Art. 6 Para. 1 lit. a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have given your consent to the processing.

The data will not be passed on to third parties but will only be used for sending newsletters. You can object to the subscription to the newsletter (your consent) at any time in the future. To revoke your consent, there is a link in each newsletter to unsubscribe from the newsletter, but you can also opt out directly from our website. The request to unsubscribe from the newsletter can of course also be addressed directly to the person responsible for data processing. This is mentioned under point 1 of this data protection declaration. After unsubscribing from the newsletter subscription, the data will be deleted unless you have consented to further use, or we reserve the right to continue using it (as explained below under 2.2.3.2), which is permitted by law.

2.2.3.2 When we send newsletters to our existing customers:

If you have purchased goods or services on our website and have stored your email address, we can use this to send you a newsletter, unless you have objected to this. In such a case, the newsletter will only send direct mail for similar goods or services from our range. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG. The legal basis for data processing is Art. 6 Para. 1 lit. f of the General Data Protection Regulation (GDPR), which enables us to process the data in the event of a legitimate interest. In this case, our legitimate interest is to send you personalized advertising. You can object to the use of your data for this purpose at any time with future effect. To object, please contact the person responsible for data processing. This is mentioned under point 1 of this data protection declaration.

2.2.3.3 CleverReach

We use CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. With this service we can organize and analyze the newsletter dispatch. The data you enter to receive the newsletter, such as your email address, will be stored on CleverReach's servers. Server locations are Germany and Ireland.

Sending newsletters with CleverReach allows us to analyze the behavior of the newsletter recipient. The analysis shows, among other things, how many recipients have opened their newsletter and how often links in the newsletter were clicked. CleverReach supports conversion tracking in order to analyze whether a previously defined action, such as a product purchase, has taken place after clicking on a link. Details on data analysis by CleverReach can be found at: https://www.cleverreach.com/en/features/reporting-tracking/open-and-click-rate/

The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your already given consent at any time. For the revocation, an informal message by email is sufficient or you can unsubscribe using the "Unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

If you do not want an analysis by CleverReach, you have to unsubscribe from the newsletter. To unsubscribe, an informal e-mail to us is sufficient or you can unsubscribe using the "Unsubscribe" link in the newsletter.

Data entered to set up the subscription will be deleted from our servers and the CleverReach servers if you unsubscribe. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.

For details on the data protection provisions of CleverReach, see: https://www.cleverreach.com/en/privacy-policy/

2.2.3.3.1 Order processing

In order to fully comply with the statutory data protection requirements, we have concluded an order processing contract with CleverReach.

2.2.4 Live-Chat

You can use the "Smartsupp" live chat tool we provide to contact us. For the purpose of answering your request, data is collected, saved and processed. This concerns the data that you voluntarily provide to us via this contact, such as your name, your email address, message. This data is stored by our service provider Smartsupp.com, s.r.o. (Milady Horakove 13, 602 00 Brno, Czech Republic) on servers in the European Union. All data and communication via the live chat tool are protected by 256-bit SSL encryption.

Further information on data protection at Smartsupp: https://www.smartsupp.com/help/privacy/

2.2.4.1 Order processing

In order to fully comply with the statutory data protection requirements, we have concluded an order processing contract with Smartsupp.

2.3 Forwarding the data to third parties to fulfil the contract

2.3.1 Disclosure to shipping service providers in general and credit institution

For payment transactions and, if necessary, for the delivery of goods, we pass on personal data, to the minimum extent required, to service providers (third parties) if this is necessary for the execution of the contract.

If we pass on your data to a shipping service provider (such as DHL, DPD, UPS, Hermes or GLS), the legal basis for this is Art. 6 Para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary to fulfil a contract with you or to carry out a pre-contractual measure.

If we pass on your payment data to the commissioned credit institution, the legal basis for this is Art. 6 Para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary to fulfil a contract with you or to carry out a pre-contractual measure.

2.3.2 Forwarding of email address and/or telephone number to shipping service providers

2.3.2.1 DHL

If the delivery of your goods is carried out by the shipping service provider DHL and you have expressly agreed to the forwarding of your email address in the ordering process, this will be sent to DHL (Deutsche Post AG, Charles-de-Gaulle-Strasse 20, 53113 Bonn, Germany) to announce the delivery or coordination of the delivery date. The legal basis for data processing is Art. 6 Para. 1 lit. a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have given your consent to the processing. If you do not consent to the forwarding of the email address, delivery will be made in accordance with the conditions of paragraph 2.3.1 of this data protection declaration. An announcement of the delivery or a coordination of the delivery date by DHL is then not possible.

A given consent to the use of data can be revoked at any time for the future. For this purpose, please contact the person responsible for data processing (this is mentioned under point 1 of this data protection declaration) or the shipping service provider directly.

2.3.2.2 UPS

If the delivery of your goods is carried out by the shipping service provider UPS and you have expressly consented to the forwarding of your email address in the ordering process, this will be sent to UPS (United Parcel Service Deutschland Inc. & Co.OHG, Görlitzer Straße 1, 41460 Neuss, Germany) to announce the Delivery or coordination of the delivery date. The legal basis for data processing is Art. 6 Para. 1 lit. a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have given your consent to the processing. If you do not consent to the forwarding of the email address, delivery will be made in accordance with the conditions of paragraph 2.3.1 of this data protection declaration. An announcement of the delivery or a coordination of the delivery date by UPS is then not possible.

A given consent to the use of data can be revoked at any time for the future. For this purpose, please contact the person responsible for data processing (this is mentioned under point 1 of this data protection declaration) or the shipping service provider directly.

2.3.2.3 DPD

If the delivery of your goods is carried out by the shipping service provider DPD and you have expressly consented to the forwarding of your email address in the ordering process, this will be sent to DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany) to announce the Delivery or coordination of the delivery date. The legal basis for data processing is Art. 6 Para. 1 lit. a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have given your consent to the processing. If you do not consent to the forwarding of the email address, delivery will be made in accordance with the conditions of paragraph 2.3.1 of this data protection declaration. An announcement of the delivery or a coordination of the delivery date by DPD is then not possible.

A given consent to the use of data can be revoked at any time for the future. For this purpose, please contact the person responsible for data processing (this is mentioned under point 1 of this data protection declaration) or the shipping service provider directly.

2.3.3 Payment Services

On our website you have the choice of various payment service providers. In the following we inform you which data will be passed on and on which legal basis this happens:

2.3.3.1 PayPal / PayPal Checkout

If you choose this payment service provider, the data required for payment will be passed on to PayPal (PayPal Europe, S.à.rl. et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg). The legal basis for this is Article 6(1)(a) of the General Data Protection Regulation (GDPR), which enables us to process the data if you have consented to the processing and Article 6(1)(b) of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary to fulfil a contract with you or to carry out a pre-contractual measure. You have the right to revoke your declaration of consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

This website also uses PayPal Checkout, an online payment system from PayPal, which is made up of PayPal's own payment methods and local third-party payment methods. When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "Pay later" via PayPal, we pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). The data is passed on in accordance with Article 6(1)(b) GDPR and only to the extent that this is necessary for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "Pay later" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6(1)(f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

If you select the PayPal payment method "purchase on account", your payment data will first be sent to PayPal to prepare the payment, after which PayPal will forward it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") to carry out the payment. The legal basis is Article 6(1)(b) GDPR. In this case, RatePay carries out an identity and credit check on its own behalf to determine solvency in accordance with the principle already mentioned and gives your payment data to credit agencies based on the legitimate interest in determining solvency in accordance with Article 6 (1) (f) GDPR. A list of the credit agencies that Ratepay can use can be found here: https://www.ratepay.com/en/legal-payment-creditagencies/

When using the payment method of a local third-party provider, your payment data will first be passed on to PayPal in accordance with Article 6(1)(b) GDPR in order to prepare the payment. Depending on your selection of an available local payment method, PayPal then transmits your payment data to the relevant provider to carry out the payment in accordance with Article 6 (1) (b) GDPR:

- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 München, Germany)

- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)

- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)

- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brüssel, Belgium)

- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warschau, Poland)

- eps (STUZZA Studiengesellschaft für Zusammenarbeit im Zahlungsverkehr GmbH, Frankgasse 10/8, 1090 Wien, Austria)

- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)

- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)

For further data protection information, please refer to PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_DE

2.3.3.2 Payment by SOFORT Banking via Mollie

When paying by SOFORT Banking, the payment is processed by the payment service provider Mollie BV, Keizersgracht 313, 1016 EE Amsterdam, Netherlands (hereinafter referred to as "Mollie"), to whom we will provide the information you provided during the ordering process along with the information about your order according to Art. 6 para. 1 lit. b GDPR. Mollie is a licensed payment institution within the meaning of Directive 2007/64/EC and is regulated and monitored by the Dutch Central Bank (DNB). Your data will only be passed on for the purpose of processing payments with the payment service provider Mollie and only to the extent that it is necessary for this. You can find more information about Mollie's data protection provisions at the following Internet address: https://www.mollie.com/uk/privacy

You can find Klarna's privacy policy here: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en_gb/privacy

2.3.3.3 Payment by Klarna Pay Later via Mollie

When paying by Klarna Pay Later, the payment is processed by the payment service provider Mollie BV, Keizersgracht 313, 1016 EE Amsterdam, Netherlands (hereinafter referred to as "Mollie"), to whom we will provide the information you provided during the ordering process along with the information about your order according to Art. 6 para. 1 lit. b GDPR. Mollie is a licensed payment institution within the meaning of Directive 2007/64/EC and is regulated and monitored by the Dutch Central Bank (DNB). Your data will only be passed on for the purpose of processing payments with the payment service provider Mollie and only to the extent that it is necessary for this. You can find more information about Mollie's data protection provisions at the following Internet address: https://www.mollie.com/uk/privacy

You can find Klarna's data protection provisions here: https://cdn.klarna.com/1.0/shared/content/legal/terms/Klarna/en_gb/privacy/

2.3.3.4 Payment by debit- and credit card via Mollie

When paying by credit card with 3D-Secure, the payment is processed by the payment service provider Mollie BV, Keizersgracht 313, 1016 EE Amsterdam, Netherlands (hereinafter referred to as "Mollie"), to whom we will provide the information you provided during the ordering process along with the information about your order according to Art. 6 para. 1 lit. b GDPR. Mollie is a licensed payment institution within the meaning of Directive 2007/64/EC and is regulated and monitored by the Dutch Central Bank (DNB). Your data will only be passed on for the purpose of processing payments with the payment service provider Mollie and only to the extent that it is necessary for this. You can find more information about Mollie's data protection provisions at the following Internet address: https://www.mollie.com/uk/privacy

2.3.3.5 Payment by Apple Pay via Mollie

When paying by Apple Pay, the payment is processed by the payment service provider Mollie BV, Keizersgracht 313, 1016 EE Amsterdam, Netherlands (hereinafter referred to as "Mollie"), to whom we will provide the information you provided during the ordering process along with the information about your order according to Art. 6 para. 1 lit. b GDPR. Mollie is a licensed payment institution within the meaning of Directive 2007/64/EC and is regulated and monitored by the Dutch Central Bank (DNB). Your data will only be passed on for the purpose of processing payments with the payment service provider Mollie and only to the extent that it is necessary for this. You can find more information about Mollie's data protection provisions at the following Internet address: https://www.mollie.com/uk/privacy

You can find Apple Pay's privacy policy here: https://support.apple.com/en-gb/HT210665

3. What are cookies and what data is processed?

3.1 Cookies that are set by our website

Our website uses so-called cookies. Cookies are text files that are saved in the Internet browser or on your computer by the Internet browser. We use cookies to make our website more user-friendly for you. Some elements of our website require that the calling browser can be identified even after a page change. For example, to save and transmit the items in your shopping cart or your login information. Most of the cookies we use are so-called "session cookies", which are automatically deleted when the browser is closed. Some cookies remain stored on your device and enable recognition when you next visit the site (so-called persistent cookies). These are automatically deleted after a specified period of time. You can find more detailed information on individual cookies in the settings of your browser.

The legal basis for data processing is either Art. 6 Para. 1 lit. a of the General Data Protection Regulation (GDPR), which enables us to process the data if you have consented to the processing, or Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR), which enables us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure, or Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR), which enables us to process the data in the event of a legitimate interest. In this case, it is our legitimate interest to offer you a technically error-free and function-optimized website.

If we save other cookies (for example from partner companies or to analyse your surfing behaviour) on your device, we will inform you in detail below.

You can set your browser so that you are informed about the setting of cookies and then only allow these cookies in individual cases. You can also generally exclude the acceptance of cookies or only accept them in certain cases. You can also set your browser so that cookies that are set are deleted after the browser window is closed. The setting options differ depending on the browser. You can find help on the possible settings (for the most common browsers) under the following links:

Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop

Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/12.0/mac/10.14

Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB&hlrm=en

Opera: https://help.opera.com/en/latest/web-preferences/ 

Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

Please note that the functionality of our website may be significantly restricted if cookies are not accepted.

4. Comment functions on our website

For this function, your comment (if specified), your username (nickname), the time when your comment was created, your IP address and your email address are saved. Your data will be stored until the content you commented on has been completely deleted (or had to be deleted for legal reasons). We reserve the right to delete comments that have been found unlawful by third parties.

The legal basis for the storage and processing of your comment, the username and the time of the creation of the comment is Art. 6 Para. 1 lit. a of the General Data Protection Regulation (GDPR), which enables us to process the data if you give us your consent. You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent will affect the legality, which will not affect processing based on your consent prior to your withdrawal.

The legal basis for the data processing of your IP address and your email address is Art. 6 Para. 1 lit. f of the General Data Protection Regulation (GDPR), which enables us to process the data in the event of a legitimate interest. In this case, it is our legitimate interest to be able to act against you in the event of legal violations such as insults or propaganda. We need the email address in order to contact you if your comment is found to be unlawful by third parties.

5. Webanalytics/Marketing

5.1 Google Analytics

We use the analysis tool Google Analytics on our website. The provider of this analysis tool is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". Cookies are small text files that are stored on your computer and thus enable an analysis of your use of the website. This analysis data is usually transmitted to a Google server in the USA and stored there.

We would like to point out that on this website Google Analytics has been extended by the code "_anonymizeIp();" in order to ensure anonymous recording of IP addresses (so-called IP masking). By activating IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.

The IP address transmitted by your Internet browser as part of Google Analytics will not be merged with other Google data.

The data is processed, and cookies are set on the legal basis for data processing in accordance with Article 6 (1) (a) of the General Data Protection Regulation (GDPR), which enables us to process the data if you give us your express consent to do so have granted. Without your consent, Google Analytics will not be used while you are visiting our website. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on our website.

Further information on Google Analytics can be found here: https://policies.google.com/privacy?hl=en-GB&gl=de

6. Social media/Plugins

6.1 Facebook, Google+, Instagram, Pinterest and Twitter using the "2-click solution."

So-called social plugins ("plugins") from the social networks Facebook, Instagram, Pinterest and Google+ and the microblogging service Twitter are used on our website. These services are provided by Facebook Inc., Google Inc., Instagram LLC., Pinterest Inc. and Twitter Inc. are offered ("Providers").

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins/?locale=en_US

Google+ is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). An overview of the plugins from Google and their appearance can be found here: https://www.google.com/permissions/logos-trademarks/

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). An overview of the Twitter buttons and their appearance can be found here: https://about.twitter.com/de/resources/buttons

Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). An overview of the Instagram plugins and their appearance can be found here: https://about.instagram.com/blog/announcements/introducing-instagram-badges-for-webpage-embedding

Pinterest is operated by Pinterest Inc., 635 High Street, Palo Alto, CA 94301, USA ("Pinterest". An overview of the Pinterest plugins and their appearance can be found here: https://developers.pinterest.com/docs/widgets/save/?

In order to increase the protection of your data when visiting our website, the plugins are integrated into the page using the so-called "2-click solution". This integration ensures that when you visit a page on our website that contains such plugins, no connection is yet established with the servers of Facebook, Google, Instagram, Pinterest and Twitter. Your browser will only establish a direct connection to the servers of Google, Facebook, Instagram, Pinterest or Twitter if you activate the plugins and thereby give your consent to the data transfer. The content of the respective plugin is then transmitted directly from the provider to your browser and integrated into the page. By integrating the plugins, the providers receive the information that your browser has called up the corresponding page of our website, even if you do not have a profile with the relevant provider or are not currently logged in. This information (including your IP address) is transmitted from your browser directly to a server of the respective provider in the USA and stored there.

If you are logged into one of the social networks, the providers can assign your visit to our website to your profile on Facebook, Instagram, Twitter, Pinterest or Google+. If you interact with the plugins, for example by clicking the "Like" - the "+1" - or the "Tweet" button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information is also published on the social network or on your Twitter account and displayed there to your contacts.

The purpose and scope of the data collection and the further processing and use of the data by the provider as well as your rights and setting options for protecting your privacy can be found in the data protection regulations of the provider.

Facebook data protection notice: https://www.facebook.com/policy.php

Data protection information from Google: http://www.google.com/intl/de/+/policy/+1button.html

Instagram data protection notice: https://www.facebook.com/help/instagram/155833707900388

Data protection information from Twitter: https://twitter.com/en/privacy

Data protection information from Pinterest: https://policy.pinterest.com/en/privacy-policy

If you do not want Facebook, Google, Instagram, Pinterest or Twitter to assign the data collected via our website directly to your profile in the respective service, you must log out of the corresponding service before activating the plugins.

6.2 Google Maps

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy findability of the places we have indicated on the website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f of the General Data Protection Regulation (GDPR).

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. We, as the provider of this site, have no influence on this data transfer.

You can find more information on handling user data in Google's privacy policy: https://policies.google.com/privacy?hl=en-GB

7. Use of videos (YouTube)

This website uses the YouTube embedding function to display and play back videos from the provider “YouTube”, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Here, the extended data protection mode is used, which, according to the provider, does not start storing user information until the video(s) are played. If the playback of embedded YouTube videos is started, the provider "YouTube" uses cookies to collect information about user behavior. According to information from “Youtube”, these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive practices. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not want the assignment to your profile on YouTube, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in accordance with Article 6 (1) (f) GDPR on the basis of Google's legitimate interests in displaying personalized advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. When using YouTube, personal data may also be transmitted to the servers of Google LLC. in the US.

Regardless of whether or not the embedded videos are played, a connection to the Google network is established each time this website is accessed, which can trigger further data processing operations beyond our control.

In the event that personal data is transmitted to Google LLC. based in the USA, Google LLC. is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list

You can find more information on data protection at "YouTube" in the provider's data protection declaration at: https://policies.google.com/privacy?hl=en&gl=de

8. How is the data saved?

The transmission of personal data is only encrypted via an SSL or TLS connection. This applies both to messages via our contact function and to data about your order and payment transactions. With encryption, your sensitive personal data cannot be intercepted and viewed by unauthorized third parties. You can recognize an encrypted connection by the fact that the address line of the browser begins with "https: //" (and the lock symbol in the browser line).

The data that is stored in the systems of our website are secured by passwords and cannot be viewed by unauthorized third parties.

The transmission of data on the Internet, for example when sending an email, is not 100% secure and in some cases can have security gaps.

9. How long will the personal data be saved?

How long your personal data is stored with us sometimes depends on the respective statutory retention period. For messages via our contact function and/or via our email address, your data will be deleted after completion of the processing, unless there is a legitimate interest in us to continue the storage.

The retention periods under commercial and tax law are 10 years from the end of the calendar year in which the data was collected. After the deadlines have expired, the data will be deleted on a regular basis, unless these are still required to initiate or fulfil the contract or there is a legitimate interest in us to continue storing the data.

10. What rights do you have towards the person responsible for data processing?

Below we list the rights that you have under the General Data Protection Regulation (GDPR) against the person responsible for data processing. The person responsible is named under point 1 of this data protection declaration. If personal data is processed by you, you are "data subject" within the meaning of the General Data Protection Regulation (GDPR).

10.1 Your right to information in accordance with Art. 15 General Data Protection Regulation (GDPR)

You can request information from the person responsible for data processing as to whether your personal data is being processed. If there is such processing, you can also request information about the following purposes for which these personal data are processed; the categories of personal data that are processed; the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed; the planned storage period of the personal data concerning you or, if no specific information is available, the criteria for determining the storage period; the existence of a right to correction or deletion of your personal data, the existence of a right to restriction of processing by the data controller or a right to object to this processing; the existence of a right to lodge a complaint with a supervisory authority (the state data protection officer of the state in which we are based is responsible - you will find addresses and links here); all available information about the origin of the data if the personal data is not collected from the data subject (i.e. you); the existence of automated decision-making, including profiling, in accordance with Art. 22 Para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request the appropriate guarantees in accordance with Art. 46 General Data Protection Regulation (GDPR) to be informed in connection with the transmission.

10.2 Your right to rectification in accordance with Art. 16 General Data Protection Regulation (GDPR)

You have the right to the person responsible for data processing to correct and/or complete them immediately, provided that the processed personal data relating to you is incorrect or incomplete.

10.3 Your right to deletion in accordance with Art. 17 General Data Protection Regulation (GDPR)

You can request that the person responsible for data processing delete your personal data immediately, and he is obliged to delete this personal data immediately if one of the reasons from Art. 17 (1) GDPR applies.

The right to erasure does not exist if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or to assert, exercise or defend legal claims.

10.4 Your right to restriction of processing in accordance with Art. 18 General Data Protection Regulation (GDPR)

You have the right to request that the person responsible for data processing restrict processing, as long as the accuracy of the personal data relating to you is checked, you refuse to delete the personal data and instead request the restriction of the use of personal data, the person responsible for the personal data is no longer required for the purposes of processing, but you need it to assert, exercise or defend legal claims, or if you have objected to processing in accordance with Article 21 (1) GDPR and it is not yet certain whether the controller's legitimate reasons outweigh your reasons.

10.5 Your right to be informed in accordance with Art. 19 General Data Protection Regulation (GDPR)

If you have the right to correction, deletion or restriction of processing against the person responsible for data processing, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, be it because this proves to be impossible or involves a disproportionate effort.

You have the right vis-à-vis the person responsible to be informed about these recipients.

10.6 Your right to data portability in accordance with Art. 20 General Data Protection Regulation (GDPR)

You have the right to receive the personal data concerning you, which you have provided to the person responsible for data processing, in a structured, common and machine-readable format, and you have the right to transfer this data to another person responsible without hindrance from the person responsible for data processing, to which the personal data has been made available, insofar as this is technically feasible. This right to data portability does not apply to processing that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible for data processing.

The right to data portability must not affect the rights and freedoms of others.

10.7 Your right to withdraw consent declarations in accordance with Art. 77 General Data Protection Regulation (GDPR)

You have the right to revoke your data protection declaration of consent at any time with future effect. In the event of a revocation, the data concerned will be deleted immediately, if there is no legal basis for further processing that does not require consent. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

10.8 The automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which has legal effect on you or similarly significantly affects you. This does not apply if the decision is necessary for the conclusion or performance of a contract between you and the person responsible, is permitted by law of the European Union or the Member States to which the person responsible is subject and this law takes appropriate measures to safeguard your rights and Freedoms as well as your legitimate interests or with your express consent.

However, these decisions may not be based on special categories of personal data according to Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases mentioned in 6.8.1 and 6.8.3, the person responsible for data processing takes appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, and to present your own Viewpoint and contested the decision.

10.9 Your right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged violation, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority to which the complaint was submitted will inform the complainant about the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 General Data Protection Regulation (GDPR).

+++++++++++++++++++++++++++++

10.10 RIGHT TO OBJECT

You have the right, for reasons that arise from your particular situation, at any time against the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f GDPR, to lodge an objection with future effect; this also applies to profiling based on these provisions.

The person responsible for data processing will no longer process your personal data unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option of exercising your right to object in connection with the use of information society services using automated procedures that use technical specifications.

+++++++++++++++++++++++++++++

Blomberg, February 24, 2022