Catalogues Stores
Configurator
Search
Catalogue

Pri­va­cy Pol­i­cy

PRIVACY POLICY

We have provided this privacy policy to explain to you, as required by the specifications of the EU General Data Protection Regulation, what information we collect, how we use data and what decision-making options you have as a visitor to this website.
The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online presence").
The terms used are not gender specific.
Unfortunately, it is in the nature of things that these explanations sound very technical, but we have tried to describe the most important things as simply and clearly as possible.

Dated: April 29, 2022

RELEVANT LEGAL BASES

Below you will find an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your and/or our country of residence or domicile. Should more specific legal bases be applicable in individual cases, we will inform you of them in the data protection declaration.
Consent (Art. 6 para. 1 p. 1 lit. a. GDPR) - The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or for several specific purposes.
Fulfilment of the contract and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures which are carried out at the request of the data subject.
Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR) - Processing is necessary to fulfil a legal obligation to which the controller is subject.
Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR) - Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless this is outweighed by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data.
In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Austria. This includes in particular the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act - DSG). In particular, the Data Protection Act contains special provisions on the right to information, the right to rectification or erasure, the processing of special categories of personal data, the processing for other purposes and for transmission, and on automated decision-making in individual cases.

SECURITY MEASURES

We shall take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in accordance with the legal requirements.

Measures shall include, in particular, the safeguarding of the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, ensuring availability and separation. We have also set up procedures to ensure the exercising of data subjects' rights, the deletion of data are deleted and reactions to threats to data. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technical design and data-protection-friendly default settings.

SSL encryption (https): To protect your data transmitted via our online presence, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

STORAGE OF PERSONAL DATA

Personal information that you provide to us electronically on this website, such as your name, e-mail address, postal address or other personal information, when submitting a form or posting comments on the blog, together with the time and IP address, will only be used by us for the purpose stated in each case, will be kept securely stored and will not be disclosed to third parties.
We therefore only use your personal data for communication with those visitors who expressly desire contacting us and for the handling of the services and products offered on this website. We do not pass on your personal data to third parties without your consent, but we cannot exclude the possibility that this data may be viewed in the event of illegal behaviour.
If you send us personal data by e-mail – thus outside of this website – we cannot guarantee secure transmission and protection of your data. We recommend that you never send confidential data by e-mail without encryption.

TRANSMISSION OF PERSONAL DATA

In the context of our processing of personal data, the data may be transmitted to other bodies, companies, legally independent organizational units or persons or disclosed to them. Recipients of this data may include, for example, service providers entrusted with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and conclude, in particular, appropriate contracts or agreements, with the recipients of your data, which serve to protect your data.

DATA PROCESSING IN THIRD COUNTRIES

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third party services or the disclosure and/or transmission of data to other persons, entities or companies, this takes place only in accordance with the legal requirements.

Subject to express consent or contractual or statutory transmission, we process or have the data processed only in third countries with a recognized level of data protection, contractual obligation by means of so-called standard protective clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission:https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

YOUR RIGHTS

You are basically entitled to the rights to access, rectification, erasure, restriction of processing, data portability, withdrawal and objection. For questions regarding your rights, please contact us at datenschutz@rika.at or write to:

RIKA Innovative Ofentechnik GmbH
FAO Data Privacy Department
Müllerviertel 19
4563 Micheldorf, Austria
E-Mail: datenschutz@rika.at

If you are of the opinion that the processing of your data violates data protection law or your rights under data protection law have otherwise been violated in any way, you can lodge a complaint with the supervisory authority. In Austria, this is the data protection authority, whose websites you can find at https://www.dsb.gv.at/.

USE OF COOKIES

Cookies are small text files or other memory entries that store information on terminals and read information from the terminals. For example, to store the login status in a user account, shopping basket contents in an e-shop, the accessed content or used functions of an online offer. Cookies can also be used for various purposes, e.g. for the purposes of operability, security and convenience of online offers as well as the creation of analyses of visitor flows.

NOTES ON CONSENT

We use cookies in accordance with the legal requirements. Therefore, we obtain prior consent from the users, unless this is not required by law. In particular, consent is not necessary if the storage and reading out of the information, i.e. also of cookies, are absolutely necessary in order to provide the user with a telemedia service (i.e. our online offer) that they expressly desire. The revocable consent is clearly communicated to the users and contains the information on the respective cookie use.

NOTES ON DATA PROTECTION LEGAL BASES

The legal basis on which we process the personal data of users with the help of cookies depends on whether we ask users for their consent. If the users agree, the legal basis for processing your data is the stated consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in a business operation of our online offer and improvement of its usability) or, if this is done in the context of fulfilling our contractual obligations, if the use of cookies is necessary to fulfil our contractual obligations. In the course of this data protection declaration or within the scope of our consent and processing processes, we will make clear for which purposes we process the cookies.

DURATION OF STORAGE

A distinction is made between the following types of cookies as regards the duration of their storage:
Temporary cookies (also: session cookies) - Temporary cookies are deleted at the latest after a user has left an online offer and closed his terminal (e.g. browser or mobile application).
Permanent cookies - permanent cookies remain stored even after the terminal has been closed. For example, the login status can be saved or preferred content can be immediately displayed when the user visits a website again. Likewise, the data of the users collected by means of cookies can be used for measuring reach. If we do not provide users with explicit information about the type and storage period of cookies (e.g. in the context of obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.

GENERAL NOTES ON REVOCATION AND OBJECTION (OPT-OUT)

Users can at any time revoke the consent they have given and also file an objection to the processing in accordance with the legal requirements in Art. 21 GDPR (further information on objection is provided in the context of this data protection declaration). Users can also declare their objection by means of the settings of their browser.

PROCESSING OF COOKIE DATA ON THE BASIS OF CONSENT

We use a method for cookie consent management, in the context of which the user's consent to the use of cookies and/or the processing and provider mentioned in the context of the cookie consent management process, can be obtained and managed and revoked by the users. The declaration of consent is hereby stored in order not to have to repeat the inquiry and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server and/or in a cookie (so-called opt-in cookie, or by means of comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual information about the providers of cookie management services, the following information applies: The duration of storage of consent can be up to two years. In this case, a pseudonymous user identifier is formed and stored with the time of consent, information on the scope of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and used terminal.

AMENDMENT RE. DATA PROCESSING IN THE USA

Some services process personal data and send it to the United States of America ("USA"). The ECJ classifies the US as a country with insufficient data protection according to EU standards. For example, there is a risk that US authorities will process personal data in surveillance programs without a possibility of complaint for Europeans. By giving your consent to the use of services which are not technically necessary, you also agree to the processing of this data in the USA in accordance with Art. 49(1) lit. a GDPR.

PROVISION OF THE ONLINE OFFER AND WEB HOSTING

In order to be able to provide our online offer safely and efficiently, we use the services of one or more web hosting providers, from the servers of which the online offer can be called (or from servers managed by them). For these purposes, we may use infrastructure and platform services, computing capacity, storage memory and database services, as well as security and technical maintenance services.

The data processed in the context of the provision of the hosting offer may include all data concerning the users of our online offer, which are obtained in the context of use and communication. This includes, on a regular basis, the IP address that is necessary in order to be able to deliver the contents of online offers to browsers and all inputs made within our online offer or from websites.

CONTACT AND REQUEST MANAGEMENT

When contacting us (e.g. via contact form, e-mail, telephone or social media) and within the framework of existing user and business relations, the data of the requesting persons will be processed as far as this is necessary to answer the contact requests and any requested measures.

The answering of contact requests and the management of contact and inquiry data within the framework of contractual or pre-contractual relationships is done to fulfil our contractual obligations or to answer (pre-)contractual inquiries and otherwise on the basis of legitimate interests in the answering of inquiries and the maintenance of user and/or business relationships.

Types of data processed - inventory data (e.g. names, addresses); contact details (e.g. e-mail, telephone numbers); content data (e.g. input in online forms).
Persons concerned - communication partners.
Purposes of processing - contact inquiries and communication; provision of contractual services and customer service.
Legal bases - contractual performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR); legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR); legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR).

REACH MEASUREMENT

The web analysis (also referred to as “reach measurement") is used to evaluate the visitor flows of our online offer and may include behaviour, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the aid of the range analysis we can e.g. identify at which time our online offer or its functions or contents are used most often or invite reuse. We can also see which areas require optimisation. In addition to web analysis, we can also use test methods in order e.g. to test and optimize different versions of our online offer or of its constituent parts. Unless something else is stated, profiles, i.e. data combined for a usage process, can be created for these purposes and information can be stored in a browser and/or in a terminal and read out from this. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used and information on usage times. If users have declared to us, or to the providers of the services that we use, their consent to the collection of their location data, then their location data can also be processed.

The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e., pseudonymisation by shortening the IP address) to protect users. In general, no plain data of the users (such as e.g. e-mail addresses or names) is saved in the context of web analysis, A/B testing and optimising, but pseudonyms. That is, we and the providers of the software used do not know the actual identity of the users, but only the data stored in their profiles for the purposes of the respective procedures.

NOTES ON LEGAL BASES

If we ask the users for their consent to the use of the third party providers, the legal basis for the processing of data is consent. Otherwise, the data of the users is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and receiver-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Types of data processed - usage data (e.g. visited websites, interest in content, access times); meta data/communication data (e.g. device information, IP addresses).
Persons concerned - users (e.g. website visitors, users of online services).
Purposes of processing - reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles).
Security measures - IP masking (pseudonymisation of the IP address).
Legal bases - consent (Art. 6 para. 1 p. 1 lit. a. GDPR); legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

GOOGLE SERVICES

GOOGLE OPTIMIZE

We use Google Optimize, a service of Google ("Google Optimize"). Google Optimize analyses the use of different variants of the website, so that we are able to adapt user-friendliness to the behaviour of the website users. Google Optimize is a tool integrated into Google Analytics and uses cookies. The IP address thus received is anonymised immediately after processing. In exceptional cases, the full IP address is transmitted to a Google server in the USA and encrypted there. The transmitted IP address is not combined with other data of Google. You can prevent the storage of cookies by setting your browser accordingly. However, we would like to point out that in this case it may be that not all functions of our website can be used to their full extent. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the website by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link:http://tools.google.com/dlpage/gaoptout?hl=de.

GOOGLE ANALYTICS

Web analysis, reach measurement and measurement of user flows.

Service provider - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website - https://marketingplatform.google.com/intl/de/about/analytics/
Privacy policy - https://policies.google.com/privacy
Order processing contract - https://business.safety.google/adsprocessorterms
Standard contractual clauses (guaranteeing the level of data privacy in processing in third countries) - https://business.safety.google/adsprocessorterms
Possibility to object (opt-out) - opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the displaying of pop-up advertising: https://adssettings.google.com/authenticated
Further information - https://privacy.google.com/businesses/adsservices (types of processing and of processed data)

DEACTIVATION OF DATA COLLECTION BY GOOGLE ANALYTICS

Using the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js), website visitors can prevent Google Analytics from using their data.
You can prevent the collection of the data generated by the cookie and related to your use of the website by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link https://tools.google.com/dlpage/gaoptout?hl=de

GOOGLE ANALYTICS AMENDMENT ON DATA PROCESSING

We have concluded a direct customer agreement with Google for the use of Google Analytics by accepting the "data processing amendment" in Google Analytics.
You can find more information about the data processing amendment for Google Analytics here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad

GOOGLE ANALYTICS DEACTIVATION LINK

If you click on the following deactivation link, you can prevent Google from recording further visits to this website. Attention: Deleting cookies, using the incognito/private mode of your browser, or using another browser will result in data being collected again.
Disable Google Analytics

GOOGLE ANALYTICS IP-ANONYMISATION

We have implemented the IP address anonymisation of Google Analytics on this website. This function was developed by Google to enable this website to comply with the applicable data protection regulations and recommendations of local data protection authorities if they prohibit the saving of the complete IP address. The anonymisation or masking of the IP takes place as soon as the IP addresses enter the Google Analytics data collection network and before the data is saved or processed.

More information on IP anonymisation can be found at https://support.google.com/analytics/answer/2763052?hl=de.

PRESENCES IN SOCIAL NETWORKS (SOCIAL MEDIA)

We maintain online presences within social networks and process users' data in this context in order to communicate with the users active there or to offer information about ourselves. We would like to point out that in the course of this the data of users can be processed outside the European Union. This may result in risks for the users, because e.g. it could make the enforcement of the rights of the users more difficult.

Furthermore, the data of users within social networks are usually processed for market research and advertising purposes. Thus, for example, usage profiles can be created on the basis of the usage behaviour and the resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the networks, which supposedly correspond to the interests of the users. For these purposes, cookies are usually stored on the computers of the users - the usage behaviour and the interests of the users are stored in these cookies. Furthermore, data can also be stored in the usage profiles independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the possibilities for objecting (opting-out), we refer to the privacy policies and statements of the operators of the respective networks.

Even in the case of requests for information and the assertion of rights of persons concerned, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you should nevertheless require help, please contact us.

Types of data processed - contact details (e.g. e-mail, telephone numbers); content data (e.g. input in online forms); usage data (e.g. visited websites, interest in content, access times); meta-data/communication data (e.g. device information, IP addresses).
Persons concerned - users (e.g. website visitors, users of online services).
Purposes of processing - contact inquiries and communication; feedback (e.g. collecting feedback via online form); marketing.
Legal bases - legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

INSTAGRAM

Social network

Service provider - Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA
Website - https://www.instagram.com
Privacy policy - https://instagram.com/about/legal/privacy.

FACEBOOK PAGES

Profiles within the social network Facebook - Together with Meta Platforms Ireland Limited, we are responsible for the collection (but not the further processing) of data from visitors to our Facebook page (so-called "fan page").

This data includes information about the types of content that users view or interact with, or the actions they perform (see "Things you and others do and provide" in the Facebook privacy policy: https://www.facebook.com/policy), and information about the terminals used by the users (e.g. IP addresses, operating system, browser type, language settings, cookie data. See under “Device Information” in the Facebook privacy policy: https://www.facebook.com/policy). As explained in the Facebook data policy under "How do we use this information?", Facebook also collects and uses information to provide analysis services, so-called "page insights," to page operators to gain insights into how people interact with their pages and the content associated with them. We have entered into a special agreement with Facebook ("Information about Page Insights Data", https://www.facebook.com/legal/terms/page_controller_addendum), which in particular regulates which security measures Facebook must observe and in which Facebook has agreed to comply with the rights of the persons affected (i.e. users can e.g. address information or requests for deletion directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. For more advice, see "Information about Page Insights Data" (https://www.facebook.com/legal/terms/information_about_page_insights_data)

Service provider - Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Website - https://www.facebook.com
Privacy policy - https://www.facebook.com/about/privacy
Standard contractual clauses (guaranteeing the level of data privacy in processing in third countries) - https://www.facebook.com/legal/EU_data_transfer_addendum
More information - agreement on shared responsibility: https://www.facebook.com/legal/terms/information_about_page_insights_data

LINKEDIN

Social network

Service provider - LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Website - https://www.linkedin.com
Privacy policy - https://www.linkedin.com/legal/privacy-policy
Order processing contract - https://legal.linkedin.com/dpa
Standard contractual clauses (guaranteeing the level of data privacy on processing in third countries) - https://legal.linkedin.com/dpa
Possibility to object (opt-out) - https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

YOUTUBE

Video content

Service provider - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website - https://www.youtube.com
Privacy policy - https://policies.google.com/privacy
Possibility to object (opt-out) - opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the displaying of pop-up advertising: https://adssettings.google.com/authenticated

PLUGINS AND EMBEDDED FUNCTIONS AND CONTENT

We integrate functional and content elements in our online offering which are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may be, for example, graphics, videos or city maps (uniformly referred to below as “content”).

The integration always requires that the third-party providers of this content process the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content or these functions. We endeavour to use only such content of which the respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to analyse information such as the traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and the operating system, websites to be referred to, the time of visit, as well as further information on the use of our online offer, as well as such information from other sources.

NOTES ON LEGAL BASES

If we ask the users for their consent to the use of the third party providers, the legal basis for the processing of data is consent. Otherwise, the data of the users is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and receiver-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Types of processed data - usage data (e.g. visited websites, interest in content, access times); meta-data/communication data (e.g. device information, IP addresses); inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. input in online forms).
Persons concerned - users (e.g. website visitors, users of online services).
Purposes of processing - provision of our online offer and user-friendliness; rendering of contractual performances and customer service.
Legal bases - consent (Art. 6 para. 1 p. 1 lit. a. GDPR); contractual performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR); legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

GOOGLE MAPS

We integrate the maps of the service "Google Maps" of the provider Google. The processed data may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually within the scope of the settings of their mobile devices).

Service provider - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website - https://cloud.google.com/maps-platform
Privacy policy - https://policies.google.com/privacy
Possibility to object (opt-out) - opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the displaying of pop-up advertising: https://adssettings.google.com/authenticated

YOUTUBE

Video content

Service provider - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website - https://www.youtube.com
Privacy policy - https://policies.google.com/privacy
Possibility to object (opt-out) - opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the displaying of pop-up advertising: https://adssettings.google.com/authenticated

ALGOLIA

This website uses the search technology Algolia via an API. The provider is Algolia, Inc., 589 Howard Street, Suite 5, San Francisco, CA 94105, USA. Use of the functions of the Algolia search necessitates the saving of your IP address and of your search request. This information is usually transmitted to and stored on a server of Algolia in Europe or the USA. The provider of this page has no influence on this data transmission.

The use of the Algolia search is conducted in the interests of the ease of access and finding of our online offers. This is ensured by your consent in accordance with Art. 6 para. 1 lit. a GDPR.

For more information on the handling of user data, see the privacy policy of Algolia: https://www.algolia.com/policies/privacy.

VIMEO

Our website uses plug-ins from Vimeo, for the integration and display of video content. The provider of the video portal is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. When a page with integrated Vimeo plug-in is called up, a connection to the Vimeo servers is established. This informs Vimeo which of our pages you have visited. Vimeo learns your IP address, even if you are not logged into the video portal or not have an account there. The information gathered by Vimeo is transmitted to servers of the video portal in the USA.

Vimeo can assign your surfing behaviour directly to your personal profile. By logging out beforehand you have the possibility to prevent this.

For details on the handling of user data, see the privacy policy of Vimeo at: https://vimeo.com/privacy.

MAILCHIMP

To send our newsletter, we use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp). This allows us to contact subscribers directly. In addition, we analyse your user behaviour in order to optimise our offer.

For this purpose, we pass on the following personal data to Mailchimp:

[E-mail address]
[First name]
[Surname]
[Telephone number]
[Our e-mail messages include a link with which you can update your personal information.]

Mailchimp is the recipient of your personal data and acts as a processor for us as far as the sending of our newsletter is concerned. The processing of the data specified under this section is neither legally nor contractually required. Without your consent and the transfer of your personal data, we cannot send you a newsletter. In addition, Mailchimp collects the following personal data using cookies and other tracking methods: information about your device (IP address, device information, operating system, browser ID, information about the application you use to read your emails, and more information about hardware and Internet connection. In addition, usage data such as date and time, when you opened the e-mail / campaign and browser activities (e.g. which e-mails / websites were opened) are collected. Mailchimp needs this data to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of misuse. This corresponds to the legitimate interest of Mailchimp (acc. to Art. 6 para. 1 lit. f GDPR) and is used for contract performance (acc. to Art. 6 para. 1 lit. f GDPR). Mailchimp also analyses performance data, such as delivery statistics for e-mails and other communication data. This information is used to produce usage and performance statistics for the services. Mailchimp also collects information about you from other sources. In an unspecified period and scope, personal data is collected through social media and other third party providers of data. We have no influence on this process.

For more information on possibilities for objection and deletion regarding Mailchimp, see: https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts

The legal basis for these processing operations is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent to the processing of your personal data at any time. All mailings contain a link for this purpose. Revocation can also take place via the stated contact options. The declaration of revocation does not affect the legality of the processing carried out up to this point. Your data will be processed as long as you have given your consent. Apart from this, it will be deleted after termination of the contract between us and Mailchimp, unless legal stipulations require further storage.

Mailchimp has implemented compliance measures for international data transfers. These apply to all worldwide activities where Stripe processes personal data of natural persons in the EU. These measures are based on the EU standard contractual clauses (SCCs).

You can find further information at: https://mailchimp.com/legal/data-processing-addendum/

MANDRILL

For the sending of system e-mails we use - via our web hoster - the service provider Mandrill, a service of Mailchimp provided by The Rocket Science Group, LLC 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

The data entered in the form and the e-mail address are processed. This data is only used for direct service fulfilment in our context and is not processed by Mandrill for its own purposes. A transfer to a third country takes place because the information gathered by Mandrill is usually stored on a Mandrill server in the USA. As a service of Mailchimp, Mandrill is also certified according to the data protection agreement US-EU Privacy Shield and has undertaken to comply with the GDPR.

The use of Mandrill is in the interest of an easy-to-use management of system e-mails to allow the sending and processing of contact requests, and thus on the basis of Art. 6 para. 1 lit. f GDPR.

For more information on the handling of user data, see the privacy policy of Mailchimp at https://mailchimp.com/legal/privacy/.

GOOGLE RECAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

ReCAPTCHA is used to check whether the data input on our websites (e.g. in a contact form) is performed by a person or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various criteria. This analysis starts automatically as soon as the website visitor enters the website. For this analysis, reCAPTCHA evaluates a variety of information (e.g. IP address, duration of stay of the website visitor on the website and mouse movements made by the user). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not being notified that an analysis is taking place. The data processing takes place on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offers against abusive automated spying and against spam.

You can find more information on Google reCAPTCHA and the privacy policy of Google at the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

ROLLBAR

This website uses the Rollbar error analysis service provided by Rollbar Inc. (Rollbar, 51 Federal Street, San Francisco, CA 94107, USA).

This service reports technical errors that occur on the website in order to enable us to remedy these errors promptly. The data is transmitted after an error has been detected. The purpose of the processing is the technical monitoring of our website and the recording of error messages in order to ensure and optimise the technical stability of the website in order to make visitor’s use of our website as free from errors as possible. The data is only transmitted for the purpose of troubleshooting; it is not used for advertising purposes.

Information about errors in the use of the website is transmitted to servers of Rollbar Inc. in the USA.

This includes, among other things:

  • IP addresses
  • Information about the error that has occurred
  • Page views that have caused the error
  • The user agent that has been used

The use of Rollbar is based on our legitimate interest in making our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).

The transmission of data to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://docs.rollbar.com/docs/data-processing-agreement

The contract with Rollbar was concluded by our technical service provider in its name. In order to ensure data-protection-compliant processing, our technical service provider has concluded a contract for order processing with Rollbar.

Rollbar provide further information relevant to data protection law at https://rollbar.com/privacy

ALTERATION AND UPDATING THE PRIVACY STATEMENT

We ask you to inform yourself regularly about the content of our privacy policy. We will adjust the privacy policy as soon as the changes to the data processing we perform make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy statement, we ask you to please note that the addresses may change over time and to check the information before contacting us.