Datenschutz I MEDICE Health Family Plattform

Privacy Policy

1. Introduction

With the following information, we would like to give you an overview of the scope and purpose of the personal data we collect, use, and process, as well as your rights arising from data protection laws. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

2. Data Controller

The responsible entity for processing within the meaning of the GDPR is:

MEDICE Arzneimittel Pütter GmbH & Co.KG Kuhloweg 37, 58638 Iserlohn, Germany Telephone: +49 2371 937-0 Fax: +49 2371 937-106 Email: info@MEDICE.de

Representatives of the responsible entity: Dr. med. Katja Pütter-Ammer Dr. med. Dr. oec. Richard Ammer Dr. rer. nat. Uwe Baumann Annick Berreur-Igersheim Eric Neyret

3. Data Protection Officer

You can reach our Data Protection Officer as follows:

MEDICE Arzneimittel Pütter GmbH & Co.KG,

Kuhloweg 37, 58638 Iserlohn

Email: datenschutz@medice.de

You can contact our Data Protection Officer at any time with any questions or suggestions regarding data protection.

4. Legal Basis of the Processing

Art. 6 para. 1 lit. a) GDPR (in conjunction with § 25 para. 1 TTDSG) serves as the legal basis for processing operations in which we obtain your consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 para. 1 lit. b) GDPR. The same applies to processing operations necessary for the conduct of pre-contractual measures, such as in cases of inquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our establishment and, as a result, their name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third party. In that case, the processing would be based on Art. 6 para. 1 lit. d) GDPR.

Finally, processing operations may be based on Art. 6 para. 1 lit. f) GDPR. This legal basis covers processing operations not covered by any of the aforementioned legal bases, if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not prevail. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it was considered that a legitimate interest might be assumed if you are a customer of our company (Recital 47 sentence 2 GDPR).

5. Transfer of Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only disclose your personal data to third parties if:

1. You have given us your explicit consent pursuant to Art. 6 para. 1 lit. a) GDPR,

2. the disclosure is permissible under Art. 6 para. 1 lit. f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,

3. in the event that there is a legal obligation for disclosure under Art. 6 para. 1 lit. c) GDPR, and

4. this is legally permitted and required for the processing of contractual relationships with you under Art. 6 para. 1 lit. b) GDPR.

To protect your data and, if necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements on the basis of the Standard Contractual Clauses of the European Commission. If the Standard Contractual Clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 para. 1 lit. a) GDPR may serve as the legal basis for the transfer to third countries. This does not apply, however, to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

Your data may be transferred to the following third parties:

• For advertising purposes to the subsidiaries of MEDICE Arzneimittel Pütter GmbH & Co.KG.

• To state authorities or enforcement agencies: If, after our legal review, we determine that we are legally required to pass on your personal data. The legal basis for the use of your data in this case is Art. 6 para. 1 lit. c) GDPR.

• To tax, auditing, or other authorities, if we are, in good faith, convinced that we are legally or otherwise obligated to disclose this data (for example, because there is an inquiry from a tax authority or in connection with a prospective legal dispute). The legal basis for the use of your data in this case is Art. 6 para. 1 lit. c) GDPR.

6. Technology

6.1 SSL/TLS Encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact inquiries that you send to us as the operator. You can recognize an encrypted connection by the presence of "https://" instead of "http://" in your browser’s address bar and by the padlock icon in your browser.

We use this technology to protect the data you transmit.

6.2 Data Collection When Visiting the Website

6.2.1 Informational Use of the Website:

When using our website solely for informational purposes, without registering, transmitting information to us in any other way, or giving consent to processing operations that require consent, we only collect data that is technically indispensable for providing the service. This usually includes data that your browser transmits to our server (in so-called server log files). Each time a page is accessed by you or an automated system, our website collects a number of general data and information. This general data and information are stored in the server’s log files.

The following may be collected:

1. Browser types and versions used,

2. The operating system used by the accessing system,

3. The website from which an accessing system reached our website (so-called referrer),

4. The subpages that are accessed on our website via an accessing system,

5. The date and time of an access to the website,

6. A shortened Internet protocol address (anonymized IP address), and

7. The Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. Rather, this information is needed to:

1. Deliver the content of our website correctly,

2. Optimize the content of our website as well as the advertising for it,

3. Ensure the ongoing functionality of our IT systems and the technology of our website, and

4. Provide law enforcement agencies with the information necessary for criminal prosecution in the event of a cyberattack.

The data and information collected in this way are therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest arises from the purposes listed above for data collection.

6.2.2 Registration and Consent to Data Processing:

As a customer of our online shop and/or a participant in the training offer of the MEDICE Health Family Platform, the following data may be collected with your consent:

Customer Data:

• Salutation (for addressing in emails and in the shop in the future)

• Title (optional)

• First name

• Last name

• Email address

• Street including house number

• Postal code

• City

• Customer number

• Customer group (Standard, Employee, PTA)

• Account status active/inactive

• Orders

• Points earned in 360Learning (for voucher triggering when a threshold is exceeded)

• Optional: Occupation (specialist journalist, doctor, pharmacist, pharmacy specialist, clinic specialist, practice specialist, alternative practitioner, psychotherapist, and others, other business partners) and contact details of the institution

Order Data:

• Order number

• Date and time

• First name

• Last name

• Email address

• Telephone number (optional)

• Billing address (street, house number, postal code, city)

• Shipping address (street, house number, postal code, city)

• Order value

• Ordered items

• Shipping costs

• Voucher redeemed yes/no

• Order status

• Payment status

• Delivery status

• Tracking number

• Payment method

The legal basis for the processing of your personal data is Art. 6 para. 1 sentence b) GDPR, as the collection and processing of data are necessary measures within the framework of your order processing.

As well as your informed, voluntary consent pursuant to Art. 6 para. 1 sentence 1 lit. a) and Art. 9 para. 2 lit. a) GDPR.

6.2.3 Werkbank Cookie-Consent Management and Identity and Access Management Tool

We use the cookie-consent management tool “Vinegar” from Werkbank GmbH, Viktoriastraße 75, 44787 Bochum, and the Single Sign-On service Keycloak.

In the identity and access management tool Keycloak, your login data is managed. Your login data (username and password) are stored exclusively on the servers of Werkbank GmbH in 44787 Bochum. By logging in and giving your consent to data protection within the framework of the MEDICE login, you consent to the processing of your data by us.

The legal basis for the processing of your personal data is your informed, voluntary consent pursuant to Art. 6 para. 1 sentence 1 lit. a) and Art. 9 para. 2 lit. a) GDPR.

6.3 Amazon CloudFront (Content Delivery Network)

We use Amazon CloudFront, a web service of Amazon Web Services Inc., 410 Terry Avenue North, 98109, Seattle, Washington, USA.

Amazon CloudFront is a content delivery network (CDN). It routes the transfer of information between your browser and our website through the CloudFront network. This reduces the latency with which we can provide static and dynamic web content. In addition, it improves the security of our website through encrypted data traffic and access controls.

Furthermore, CloudFront stores cookies on your computer to optimize the service. You can delete cookies in your browser, allow cookies only in individual cases, and enable the automatic deletion of cookies when the browser is closed.

Amazon Web Services receives and processes personal data as our data processor in accordance with EU standard contractual clauses. With CloudFront, statistical data about the visit to our website is collected.

This includes, among other things:

• IP address

• Accessed website

• Referrer URL

• Browser type

• Operating system

• Device type

If you have consented to the use of CloudFront, the legal basis for processing personal data is Art. 6 para. 1 lit. a) GDPR. In addition, it is in our legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR to use CloudFront to optimize and secure our website, as well as to avoid operating our own content delivery network. The personal data will be retained by Amazon Web Services for as long as necessary to achieve the described purpose.

The transfer of your personal data to the USA is carried out on the basis of the Standard Contractual Clauses. For further information, please refer to: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

More detailed information on CloudFront can be found at: https://aws.amazon.com/de/cloudfront/

6.4 Microsoft Cloud Services – Hosting 360Learning

For our interactive training offer, we use the service of 360Learning GmbH, Stephaniestr. 94, 76133 Karlsruhe.

360Learning is a learning platform for collaborative learning.

More detailed information on 360Learning can be found at:

360Learning – Data Protection Policy (prismic.io)

6.5 Hosting by Amazon Web Services – AWS

We host our website with Amazon Web Services (AWS). The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg.

When you visit our website, your personal data is processed on the servers of AWS. In this context, personal data may also be transferred to AWS’s parent company in the USA.

The use of AWS is based on Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in presenting our website as reliably as possible.

We have concluded a data processing agreement with AWS. This is a data protection-mandated contract that ensures that AWS processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is in place, so that the transfer of personal data may take place without further guarantees or additional measures.

Further information on AWS’s data protection provisions can be found at: https://aws.amazon.com/de/privacy/?nc1=f_pr

7. Cookies

7.1 General Information on Cookies

Cookies are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.

The cookie contains information that is related to the specific device in use. However, this does not mean that we immediately gain knowledge of your identity.

The use of cookies is intended to make the use of our services more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted when you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specified period. When you visit our site again to use our services, it is automatically recognized that you have already been with us and which inputs and settings you have made, so that you do not have to enter them again.

Furthermore, we use cookies to statistically record the use of our website and to evaluate our services for optimization purposes. These cookies allow us to automatically recognize on a repeat visit that you have already visited our website. The cookies set in this way are automatically deleted after a defined period. The respective storage duration of the cookies can be found in the settings of the consent tool used.

7.2 Legal Basis for the Use of Cookies

The data processed by the cookies that are necessary for the proper functioning of the website are required to protect our legitimate interests as well as those of third parties under Art. 6 para. 1 lit. f) GDPR.

For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Art. 6 para. 1 lit. a) GDPR.

7.3 Notes on Preventing Cookies in Common Browsers

Through the settings of your browser, you have the option at any time to delete cookies, allow only selected cookies, or completely disable cookies. Further information can be found on the support pages of the respective providers:

Chrome: https://support.google.com/chrome/answer/95647?tid=311178978.

Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac?tid=311178978

Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?tid=311178978

Microsoft Edge: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?tid=311178978

7.4 Cookies in Use

Currently, we use, among others, the following cookies:

• _ga (Google Analytics)

• gaX (Google Tag Manager)

• pkid.XX.XXXX (Matomo)

• pkses.XX.XXXX (Matomo)

• sw-context-token (Shop system)

The “X” is a placeholder for a random combination of numbers and letters.

8. Content of Our Website

8.1 Data Processing When Opening a Customer Account and for Contract Processing

In accordance with Art. 6 para. 1 lit. b) GDPR, personal data is collected and processed when you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. You can delete your customer account at any time, which can, for example, be done by sending a message to the above address of the data controller. We store and use the data you provide for contract processing. After the contract has been fully executed or your customer account has been deleted, your data will be blocked in consideration of tax and commercial retention periods and will be deleted after these periods expire, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by us, about which we will inform you accordingly below.

8.2 Online Shop, Retailers, and Goods Shipping

8.2.1 Data Processing for Order Processing

The personal data we collect is passed on, as part of contract processing, to the transport company commissioned with the delivery, insofar as this is necessary for the delivery of the goods. Your payment data is passed on to the commissioned credit institution as part of the payment process, provided that this is necessary for payment processing. If payment service providers are used, we explicitly inform you about this below. The legal basis for the transfer of the data is Art. 6 para. 1 lit. b) GDPR.

8.2.3 Concluding Contracts in the Online Shop, with Retailers, and Goods Shipping

We only transmit personal data to third parties if this is necessary for contract processing, for example, to the companies responsible for the delivery of the goods or to the credit institution commissioned with payment processing. No further transmission of the data takes place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your explicit consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

8.3 Shopware eCommerce Software

In our webshop, we use the eCommerce software of shopware AG, Ebbinghoff 10, 48624 Schöppingen, Telephone: +49 (0) 2555 92885-0, Fax: +49 (0) 2555 92885-99.

Shopware stores cookies in your browser to ensure the basic functions of our shop. The cookies, for example, enable the shopping cart contents, the login status, and also the CSRF protection. Without having cookies enabled in your browser, Shopware cannot be used. Shopware only stores IDs in your browser; the assignment to the respective information takes place in the application area.

Based on the session cookie, Shopware determines whether you have an active shopping cart and whether you are logged in. It thus serves as identification between your browser and the server. No further information besides the session ID is stored in the browser. The handling of session cookies is controlled server-side via PHP and is independent of Shopware.

In addition, Shopware creates an individual CSRF cookie when you visit the shop so that you can operate the individual areas of the shop.

Furthermore, an SLT cookie is set, which enables us to recognize you when you return to our online shop, even if the session has already expired. The SLT cookie can be disabled in the basic settings of your browser.

In the local storage of the browser, the information about the "recently viewed items" is also stored.

Further information about Shopware can be found at:

https://www.shopware.com/de/datenschutz/

8.4 Contact / Contact Form

As part of contacting us (e.g., via contact form or email), personal data is collected. Which data is collected in the case of using a contact form can be seen from the respective form. This data is stored and used exclusively for the purpose of answering your inquiry or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in answering your inquiry in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted after your inquiry has been fully processed, provided that it can be inferred from the circumstances that the matter in question has been conclusively resolved and that no statutory retention obligations prevent deletion.

8.5 Registration as a Participant

You have the option to voluntarily register on our website by providing personal data. Details on this can be found in the respective privacy policy displayed during the registration process.

In addition, when you register on our website, the IP address assigned by your Internet Service Provider (ISP), as well as the date and time of registration, are stored. The storage of these data is necessary to prevent the misuse of our services, and these data can, if necessary, enable the clarification of any criminal offenses committed. In this respect, the storage of these data is required for our security. A transfer of these data to third parties does not generally occur. This does not apply if we are legally obligated to transfer the data or if the transfer serves law enforcement purposes.

Registered persons have the option to change or completely delete the personal data provided during registration from our database at any time.

We will provide you with information on request at any time about which personal data is stored about you. Furthermore, we will correct or delete personal data at your request, provided that no statutory retention obligations conflict. A Data Protection Officer named in this privacy policy and all other employees are available as contact persons in this context.

8.6 Contact by Email from You

On the event page you will find the email addresses of the contact persons. This way, you can contact us via email.

When you contact us, the data you provide (in particular your email address, your first and last name, and the text of your inquiry as well as any other information you have provided by email) is stored by us to process your inquiry and answer your questions.

The data processing is justified according to Art. 6 para. 1 lit. f) GDPR. We are interested in contacting you via the website in response to your inquiry. If your inquiry is aimed at the fulfillment of a contractual or pre-contractual measure with you as a natural person, Art. 6 para. 1 lit. b) GDPR is the legal basis for data processing.

8.7 Services / Digital Goods

We only transmit personal data to third parties if this is necessary for contract processing, for example, to the credit institution commissioned with payment processing.

No further transmission of the data takes place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your explicit consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

8.8 Universal Vouchers

When purchasing a universal voucher, the data necessary for the purchase is forwarded to the provider Living Bytes Kundenbindungs- und Kundengewinnungsprogramme GmbH, Holsteiner Chaussee 183a, 22457 Hamburg. Further information on data protection can be found here: https://www.livingbytes.de/datenschutz/

9. Our Activities on Social Networks

In order for us to communicate with you on social networks and to inform you about our services, we have our own pages there. When you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing operations triggered thereby, in the sense of Art. 26 GDPR.

We are not the original provider of these pages, but we only use them within the framework of the possibilities offered to us by the respective providers.

Therefore, we would like to point out in advance that your data may also be processed outside the European Union or the European Economic Area. Thus, usage may be associated with data protection risks for you, as the protection of your rights (e.g., access, deletion, objection, etc.) could be more difficult, and the processing in social networks is often carried out directly for advertising purposes or for the analysis of user behavior by the providers, without this being influenced by us. If usage profiles are created by the provider, cookies are often used, or the usage behavior is assigned to the personal member profile you created in the social networks.

The described processing operations of personal data are carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider, in order to be able to communicate with you in a contemporary manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis is Art. 6 para. 1 lit. a) GDPR in conjunction with Art. 7 GDPR.

Since we do not have access to the data holdings of the providers, we point out that you are best able to assert your rights (e.g., access, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in social networks is provided below for the respective social network providers we use:

The data generated as part of your inquiry/contact will be deleted by us as soon as it is no longer required to process your inquiry. Insofar as statutory retention obligations exist, the data will be stored for the duration of the statutory retention period.

10. Web Analytics

10.1 Google Analytics 4 (GA4)

On our websites, we use Google Analytics 4 (GA4), a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

In this context, pseudonymized usage profiles are created and cookies (see the "Cookies" section) are used.

The information generated by the cookie about your use of this website may include, among other things:

• A short-term recording of the IP address without permanent storage

• Location data

• Browser type/version

• Operating system used

• Referrer URL (previously visited page)

• Time of the server request

The pseudonymized data may be transferred by Google to a server in the USA and stored there.

The information is used to evaluate the use of the website, to compile reports on website activities, and to provide further services associated with website and internet usage for market research and needs-based design of these websites. In addition, this information may be transferred to third parties, if this is required by law or if third parties process these data on behalf of us.

These processing operations are carried out exclusively upon your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Google’s preset storage period for the data is 14 months. Otherwise, the personal data will be stored for as long as they are necessary to fulfill the processing purpose. The data will be deleted as soon as they are no longer required to achieve the purpose.

The parent company Google LLC, as a US company, is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is in place, so that the transfer of personal data may take place without further guarantees or additional measures.

Further information on data protection when using GA4 can be found at: https://support.google.com/analytics/answer/12017362?hl=de

10.2 Google Analytics Remarketing

We have integrated services of Google Remarketing on this website. The operating company of the Google Remarketing services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Remarketing is a function of Google AdWords that enables a company to display advertising to internet users who have previously visited the company's website. The integration of Google Remarketing thus allows a company to create user-related advertising and consequently display advertising relevant to the interests of the internet user.

The purpose of Google Remarketing is to display advertising that is relevant to the interests of the user. Google Remarketing enables us to display advertising via the Google advertising network or on other websites, which are tailored to the individual needs and interests of internet users.

Google Remarketing sets a cookie on the IT system of the data subject. By setting the cookie, Google is enabled to recognize the visitor of our website when they subsequently access websites that are also members of the Google advertising network. With each visit to a website on which the Google Remarketing service is integrated, your internet browser automatically identifies itself to Google. In the context of this technical procedure, Google gains knowledge of personal data, such as your IP address or browsing behavior, which Google uses, among other things, to display advertising relevant to your interests.

Using the cookie, personal information is stored, for example, the websites you have visited. With each visit to our websites, personal data, including your IP address, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may, under certain circumstances, pass this personal data obtained through the technical procedure on to third parties.

These processing operations are carried out exclusively upon your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You can view the privacy policy of Google Analytics Remarketing at: https://www.google.de/intl/de/policies/privacy/

10.3 Matomo

We have integrated the Matomo component from the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, on this website. Matomo is a software tool for web analysis, that is, for the collection, gathering, and evaluation of data about the behavior of visitors to websites. Among other things, data is collected about which website a data subject came from (the so-called referrer), which subpages of the website were accessed, or how often and for how long a subpage was viewed. This is used to optimize the website and for a cost-benefit analysis of online advertising.

The software is operated on the server of the data controller, and the privacy-sensitive log files are stored exclusively on this server.

Matomo sets a cookie on your IT system. By setting the cookie, an analysis of the usage of our website is enabled for us. With each visit to one of the individual pages of this website, your internet browser is automatically prompted by the Matomo component to transmit data for the purpose of online analysis to our server. In the context of this technical procedure, we gain knowledge of personal data, such as the IP address of the data subject, which, among other things, serves to track the origin of visitors and clicks.

Using the cookie, personal information is stored, for example, the time of access, the location from which an access was made, and the frequency of visits to our website. With each visit to our website, these personal data, including the IP address of the internet connection you use, are transmitted to our server. This personal data is stored by us. We do not pass this personal data on to third parties.

These processing operations are carried out exclusively upon your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You can view Matomo’s privacy policy at: https://matomo.org/privacy/

11. Advertising

11.1 Google Ads with Conversion Tracking

We have integrated Google Ads on this website. The operating company of the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an online advertising service that allows advertisers to display ads both in Google’s search results and within the Google advertising network. Google Ads enables an advertiser to predefine certain keywords so that an ad is displayed in Google’s search results only when the user retrieves a search result relevant to those keywords. In the Google advertising network, the ads are distributed on topic-relevant websites by means of an automatic algorithm while taking into account the previously set keywords.

The purpose of Google Ads is to promote our website by displaying interest-based advertising on third-party websites and in Google’s search results, as well as displaying third-party advertising on our website.

If you arrive at our website via a Google ad, a so-called conversion cookie will be placed on your IT system by Google. A conversion cookie expires after thirty days and is not used to identify you. Through the conversion cookie, it is tracked—provided the cookie has not yet expired—whether certain subpages, for example the shopping cart of an online shop system, have been accessed on our website. With the conversion cookie, both we and Google can determine whether a user, who reached our website via an AdWords ad, generated a sale—that is, completed or abandoned a purchase.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. These visit statistics are then used by us to determine the total number of users who were referred to us via ads, in order to evaluate the success or failure of the respective ad and to optimize our ads for the future. Neither our company nor other Google Ads advertising clients receive information from Google by which you could be identified.

Through the conversion cookie, personal information, such as the websites you have visited, is stored. With each visit to our website, personal data—including the IP address of your internet connection—is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may, under certain circumstances, pass this personal data obtained through the technical procedure on to third parties.

These processing operations are carried out exclusively upon your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You can view the privacy policy and further information on Google AdSense at:

https://www.google.de/intl/de/policies/privacy/.

12. Plugins and Other Services

12.1 Google Tag Manager

On this website, we use the Google Tag Manager service. The operating company of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google corporate group, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool allows the implementation of "website tags" (i.e. keywords that are embedded in HTML elements) and their management via a user interface. By using Google Tag Manager, we can automatically track which button, link, or personalized image you have actively clicked and record which content on our website is of particular interest to you.

The tool also triggers other tags that may themselves collect data. Google Tag Manager does not access these data. If you have deactivated tracking on the domain or cookie level, this deactivation will remain in effect for all tracking tags implemented via Google Tag Manager.

These processing operations are carried out exclusively upon your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Further information on Google Tag Manager and Google’s privacy policy can be found at:

https://www.google.com/intl/de/policies/privacy/

12.2 Google WebFonts

Our website uses so-called Web Fonts for the uniform display of fonts. The Google WebFonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google corporate group, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

These processing operations are carried out exclusively upon your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Further information on Google WebFonts and Google’s privacy policy can be found at:

https://developers.google.com/fonts/faq

and

https://www.google.com/policies/privacy/

13. Payment Service Providers

13.1 Mollie

For payment processing, regardless of the payment method you use, we employ Mollie B.V., Keizersgracht 121, NL-1015CJ Amsterdam, Netherlands, as our payment service provider. The payment data you enter is collected, stored, and passed on only to the companies involved in the payment process by Mollie B.V. in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR. Mollie, as a company based in the EU, is subject to the provisions of the European General Data Protection Regulation (GDPR). For further information on data protection by Mollie, please refer to Mollie’s privacy policy:

https://www.mollie.com/de/privacy

You may object to the processing of your data at any time by sending a message to Mollie. However, Mollie may remain entitled to process your personal data if this is necessary for contract-compliant payment processing. A revocation does not affect the lawfulness of any past data processing operations.

The payment options provided by the Mollie Payment Provider include the following:

• PayPal

• Klarna Invoice

• Klarna Sofort

• SEPA Bank Transfer (Prepayment)

• Mastercard

• Visa

• American Express

• Apple Pay

14. Your Rights as a Data Subject

14.1 Right to Confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

14.2 Right to Access (Art. 15 GDPR)

You have the right to receive, free of charge and at any time, information from us about the personal data stored about you as well as a copy of this data, in accordance with legal provisions.

14.3 Right to Rectification (Art. 16 GDPR)

You have the right to request the rectification of any incorrect personal data concerning you. Furthermore, you have the right to request, taking into account the purposes of the processing, the completion of incomplete personal data.

14.4 Right to Erasure (Art. 17 GDPR)

You have the right to require that the personal data concerning you be erased immediately, provided that one of the legally prescribed grounds applies and the processing or storage is no longer necessary.

14.5 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request that we restrict the processing of your personal data if one of the legal requirements is met.

14.6 Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to have these data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

14.7 Right to Object (Art. 21 GDPR)

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data which is based on Art. 6 para. 1 lit. e) (processing in the public interest) or f) (processing based on balancing of interests) GDPR.

This also applies to profiling based on these provisions as defined in Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing is necessary for the assertion, exercise, or defense of legal claims.

In individual cases, we process personal data for direct marketing purposes. You may object at any time to the processing of your personal data for such advertising purposes. This also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.

Furthermore, you have the right to object, for reasons arising from your particular situation, to the processing of your personal data for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

You are free to exercise your right to object in connection with the use of information society services by automated means, in which technical specifications are used.

14.8 Withdrawal of Data Protection Consent

You have the right to withdraw your consent for the processing of personal data at any time with effect for the future, without any disadvantages arising for you. Previous data transfers remain lawful.

14.9 Complaint to a Supervisory Authority

You have the right to lodge a complaint with the competent data protection supervisory authority if you believe that your rights have been violated.

The contact details of the data protection supervisory authorities of all federal states can be found at:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

15. Routine Storage, Deletion, and Blocking of Personal Data

We process and store your personal data only for the period necessary to achieve the storage purpose or as provided by the legal regulations to which our company is subject.

If the storage purpose ceases to exist or a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with legal provisions.

16. Duration of Storage of Personal Data

The criterion for the duration of storage of personal data is the respective legal retention period. After the period expires, the corresponding data will be routinely deleted, provided they are no longer required for the fulfillment of a contract or for the initiation of a contract.