Privacy Policy
Name and address of the responsible party:
The controller within the meaning of the EU General Data Protection Regulation and other data protection regulations is:
Petra Contrada
c/o Online-Impressum.de
Europaring 90
53757 Sankt Augustin
E-Mail: hello @ petracontrada.com
Tel: +49 41055 861 496
Websites:
www.petracontrada.com
www.petracontrada.eu
www.courses.petracontrada.com
www.newsletter.petracontrada.com
www.holisticlifeconcepts.eu
We respect your data!
Thank you for your interest in our website. The trust of all visitors and customers, the security of your data and the protection of your privacy are of central importance to us. Your personal data will therefore be treated by us in accordance with the applicable statutory data protection regulations and this privacy policy. Personal data is information that can be used to identify you, such as your real name, address or telephone number.
If you view and use our site without registering or otherwise expressly providing us with information, we process the data that is transmitted to us with each request from your browser (see “Log data” below). If you expressly transmit personal data to us, this is done exclusively for the purpose of the request or the respective order. We would like to point out that data transmission on the Internet can never be completely protected against access by third parties.I
n the following, we would like to explain in more detail which data we process, when and for what purpose. It explains how our services work and how the protection of your personal data is guaranteed.
Legal basis for processing personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis.
This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for data processing.
Data deletion and storage duration
The personal data of the data subject will be deleted as soon as the purpose of storage no longer applies. Data may also be stored if this is provided for by European or national laws or other regulations to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
Your rights
You have a right to free information about the personal data we have stored about you and, if applicable, a right to rectification, restriction of processing or erasure of this data. You also have the right to data portability. Finally, you also have the right to complain to the data protection supervisory authority about the processing of your personal data by us.
We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements pursuant to Art. 21 GDPR. In particular, you may object to processing for direct marketing purposes.
Providing Information
If you have any questions regarding the collection, processing or use of your personal data, for information, for the correction, blocking or deletion of data as well as for the revocation of any consent given or for objection to a specific use of data, please contact us using the following e-mail address: [email protected]
Protocol data
The automatic collection and storage of log data by the provider of the Internet services (provider) takes place because the processing of this data is technically necessary in order to display our website to you and to ensure stability and security.
The log data includes the following information
*Date and time of the respective request
*Internet address (URL) that was requested
*URL that the visitor visited immediately before
*Browser used and language
*Operating system used and its interface
*IP address and host name of the visitorAccess status / http status codeAmount of data transferred in each case
This data is transmitted to us automatically and cannot be assigned to your person with reasonable effort. The legal basis for the processing of this data is our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f GDPR, as this data processing is necessary for the operation and display of the website. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.
Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies. These are small text files that are stored on your end device and that store certain information for exchange with our system. The legal basis for the processing of this data is Art. 6 para. 1 sentence 1 lit. f GDPR. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing the browser (transient cookies). These include session cookies in particular. These store a unique identifier (session ID). This session ID can be used to assign various requests from your browser to a common session. This allows your device to be recognized when you return to our website during a session. Session cookies are also deleted when you log out.
Other cookies remain on your end device for a specified period of time and enable us to recognize your browser or end device the next time you visit our website (persistent cookies).Please note that certain cookies are already set as soon as you enter our website. You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases, in particular cookies from third-party providers (third-party cookies) or in general. If you do not accept cookies, the functionality of our website may be restricted for you.
Configuration of the cookie settings in the browser
You have the option of preventing cookies from being stored on your computer by making the appropriate browser settings. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:
Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookiesSafari™:
http://apple-safari.giga.de/tipps/cookies-in-safari-aktivieren-blockieren-loeschen-so-geht-s/ und
https://support.apple.com/kb/PH21411?locale=de_DE
Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Firefox™ https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Opera™: http://help.opera.com/Windows/10.20/de/cookies.html
Encryption through SSL
For security reasons, our website uses SSL encryption (Secure Sockets Layer). This means that transmitted data is protected and cannot be read by third parties. You can recognize successful encryption by the fact that the protocol name in the status bar of the browser changes from “http://” to “https://” and that a closed lock symbol is visible there.
Webhosting über Cloudflare
We use the services of Cloudflare Germany GmbH Rosental 780331 Munich Attention: Data Protection Officer [email protected]. Further information can be found in the privacy policy of the Claudflare, Inc. website at https://www.cloudflare.com/de-de/privacypolicy/ “We would like to point out that the company could transfer data to the USA. However, XY is certified under the EU-US Data Privacy Framework. A data transfer to the USA is therefore currently considered sufficiently secure.”
Dispatch of our E-mail newsletter via “Groove Digital Inc.”
The information provided in this section explains how the registration, dispatch, evaluation and content of our email newsletter are structured.I
f you would like to subscribe to our e-mail newsletter and read it regularly, you must register with a valid e-mail address and thus consent to the processing of your personal data by us.
Please refer to the declaration of consent on the newsletter registration form.Before sending the newsletter, you must expressly confirm to us as part of the so-called double opt-in procedure that we should activate the e-mail newsletter service for you. We do this to prevent third-party e-mail addresses from being used for registrations. For this purpose, you will receive a confirmation and authorization e-mail from us asking you to click on the link contained in this e-mail to confirm that you wish to receive our newsletter. If you do not confirm, your personal data will be automatically deleted after 14 days.
In connection with the registration, the time of registration, the time of confirmation, the IP address and the consent text are stored in addition to the e-mail address and we use the e-mail address exclusively for the delivery of the newsletter unless you have expressly consented to any other use.
Small, “invisible” files (beacons) that are sent with the newsletter can be used for various evaluations to improve our offers. The IP address, browser and time of retrieval and opening of the newsletter and the click behavior on links contained in the newsletter are recorded and statistically evaluated.
The newsletter is sent on the basis of the recipient's consent in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with Section 7 para. 2 no. 3 UWG. The analysis of opening and click rates is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our interest is to create the most suitable offers for our users and to achieve and continuously optimize this by analyzing user behavior.
Service provider for sending the newsletter: The newsletter is sent with the help of Groove Digital INC, 1 N Dearborn, 5th Floor, Chicago, IL 60601, USA (hereinafter referred to as the “sending service provider”). You can view the data protection provisions of the shipping service provider at https://groovedigital.com/privacy “We would like to point out that there is a possibility that data may be transferred to the USA and processed by US authorities. Groove Digital INC is not certified under the EU-US Data Privacy Framework. Groove Digital INC has undertaken to comply with the standard contractual clauses for the transfer of personal data to third countries in accordance with Directive 2016/679 (Standard Contractual Clauses - SCC)."(https://www.privacyshield.gov/participant?id=a2zt0000000GnH6AAK)
You can unsubscribe by withdrawing your consent. You can unsubscribe from the newsletter at any time. To do so, please use the link provided in the newsletter or send us a corresponding e-mail message to the following address: [email protected]. A separate revocation of the dispatch or evaluation of user behavior is unfortunately not possible.
YouTube
Our website uses YouTube functions. The provider of these services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit our site, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you give YouTube the opportunity to assign your user behavior directly to your personal YouTube profile. You can prevent this by logging out of your YouTube account. The data collected by YouTube is transmitted to the USA, which is considered a third country with an insecure level of data protection according to the GDPR. We have no knowledge of further processing and the duration of storage by YouTubeThe legal basis for the processing of the data is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, as we would like to offer you an appealing and informative website.You can find further information on the handling of user data by YouTube in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.
Groove Digital Inc.
We also offer you digital products such as tickets, online courses, vouchers, digital products and download products for purchase via our website. For this purpose, we use the service Groove Digital INC, 1 N Dearborn, 5th Floor, Chicago, IL 60601, USA (hereinafter referred to as “shipping service provider”). You can view the privacy policy of the shipping service provider at https://groovedigital.com/privacy “We would like to point out that there is a possibility that data may be transferred to the USA and processed by US authorities. Groove Digital INC is not certified under the EU-US Data Privacy Framework. Groove Digital INC has undertaken to comply with the Standard Contractual Clauses (SCC) for the transfer of personal data to third countries in accordance with Directive 2016/679.” (https://www.privacyshield.gov/participant?id=a2zt0000000GnH6AAK)
Calendar booking system
Sumo Group, Inc
APPOINTMENT BOOKING THROUGH Sumo Group Inc.
In order to offer you the modern service of simplified online appointment booking, we use the services of Sumo Group, Inc. (dba “AppSumo”) 1305 E. 6th Street #3 Austin, TX 78702 (hereinafter referred to as Tidycal).
When using Tidycal, browser-specific data and your IP address are transmitted to Tidycal. By clicking on the “Book appointment” button, your personal data such as name, e-mail address and other data provided by you will also be transmitted to Tidycal. We have no knowledge of the further processing and the duration of storage.
We would like to point out that there is a possibility that data may be transferred to the USA and processed by US authorities.
However, Tidycal is certified in accordance with the EU-US Data Privacy Framework. Data transfer to the USA is therefore currently considered sufficiently secure.To protect your data, we have concluded a data processing agreement with Tidycal in accordance with an order processing contract pursuant to Art. 28 GDPR.We would also like to point out that you are not obliged to use this service to make an appointment. If you do not wish to do so, please use another of the contact options offered to make an appointment.Further information on this can be found in the privacy policy of Sumo group Inc and Tidycal at https://tidycal.com/privacy-policyhttps://appsumo.com/privacy/
Legal Basis
The legal basis for the use of the Tidycal online appointment booking is your consent pursuant to Art. 6 para. 1 lit. a GDPR.
Course Systems
Groove Digital inc.
In order to customize and improve our online marketing activities, we use the services of Groove Digital INC, 1 N Dearborn, 5th Floor, Chicago, IL 60601, USA (hereinafter referred to as “shipping service provider”). You can view the privacy policy of the shipping service provider at “We would like to point out that there is a possibility that data may be transferred to the USA and processed by US authorities.” Groove Digital INC is not certified under the EU-US Data Privacy Framework. Groove Digital INC has undertaken to comply with the Standard Contractual Clauses (SCC) for the transfer of personal data to third countries in accordance with Directive 2016/679.” (https://www.privacyshield.gov/participant?id=a2zt0000000GnH6AAK)
We use this software in particular for
- Provision of a member area
- Creation of landing pages
- Platform for the distribution of online coursesTo protect your personal data, we have concluded an order processing contract with Groove Digital Inc. in accordance with Art. 28 GDPR. You can find more information on the standard contractual clauses at
https://ec.europa.eu/info/law/law
-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de
Further information can be found at: https://groovedigital.com/privacy As soon as the purpose of storing your personal data no longer applies, it will be blocked, thus restricting processing or deleting it in accordance with the statutory deletion periods.
Legal Basis
The legal basis for this processing of data is the fulfillment of contractual measures pursuant to Art. 6 para. 1 lit. b GDPR.
Implementation of online surveys
We use the online platform Surveyed to collect and process the results“
We would like to point out that data may be transferred to the USA and processed by US authorities. Surveyed is not certified under the EU-US Data Privacy Framework. Surveyed has undertaken to comply with the standard contractual clauses for the transfer of personal data to third countries in accordance with Directive 2016/679 (Standard Contractual Clauses - SCC).” The provider provides data protection information here: https://surveyed.live/privacypolicy “To protect your personal data, we have concluded a data processing agreement with Surveyed in accordance with an order processing contract pursuant to Art. 28 GDPR.”
Online documents
GOOGLE FORMS
This website uses Google Forms, a survey tool from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Ireland Limited processes the data in the EU.
We would like to point out that there is a possibility that data may be transferred to the USA and processed by US authorities.
To protect your personal data, we have concluded a data processing agreement with Google Ireland Limited in accordance with an order processing contract pursuant to Art. 28 GDPR.
It cannot be ruled out that data will also be processed in the USA.
However, the parent company Google LLC, based in the USA, is certified in accordance with the EU-US Data Privacy Framework. Data transfer to the USA is therefore currently considered sufficiently secure.
You can find more information at https://privacy.google.com/businesses/processorterms/
Users' personal data is deleted or anonymized after 14 months.
Overview of data protection: https://policies.google.com/?hl=de and the privacy policy:
https://www.google.de/intl/de/policies/privacy
Legal Basis
The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR.
Acast
This website uses the Acast Player for hosting and providing podcasts.
The provider of these services is Acast AB (publ) Company reg. no. 556946-8498Kungsgatan 28 Stockholm 111 35 Sweden
The legal basis for the processing of the data is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, as we would like to offer you an appealing website as well as various contemporary information and interaction possibilities with us.
Further information can be found in the Acast privacy policy, which is available at:
https://www.acast.com/general-data-protection-regulation-gdpr-privacy-policy
Webinars via GrooveDigital, Inc
We use the service Groove Digital INC, 1 N Dearborn, 5th Floor, Chicago, IL 60601, USA (hereinafter referred to as the “delivery service provider”) to register for and conduct our webinars. You can view the privacy policy of the shipping service provider at https://groovedigital.com/privacy “We would like to point out that there is a possibility that data may be transferred to the USA and processed by US authorities. Groove Digital INC is not certified under the EU-US Data Privacy Framework. Groove Digital INC has undertaken to comply with the Standard Contractual Clauses (SCC) for the transfer of personal data to third countries in accordance with Directive 2016/679.”
(https://www.privacyshield.gov/participant?id=a2zt0000000GnH6AAK)
Meetings via Zoom or Skype
We use the services Zoom1 and/or Skype2 to conduct meetings.
1. The Zoom service is provided by Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA (hereinafter “Zoom”).
This company is certified in accordance with the EU-US Data Privacy Framework.
Data transfer to the USA is currently considered sufficiently secure.
Further information can be found in Zoom's privacy policy at https://zoom.us/de-de/privacy.html
2. Skype is a Microsoft service.By using this service, data is transferred to Microsoft Office 365 in the USA.
These functions are offered by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
This company is certified in accordance with the EU-US Data Privacy Framework.
Data transfer to the USA is currently considered sufficiently secure.
Further information can be found in Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
We have concluded an order processing contract with Microsoft in accordance with Art. 28 GDPR.
The following data is collected from you
First name / surname
Street, zip code, city, country
Phone / cell phone
e-mail address
Social network profiles (Facebook, Instagram, XING), if applicable
Analytics
A.) GOOGLE ANALYTICS
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. According to the GDPR, the USA is considered a third country with an insecure level of data protection, but if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.on behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports and statistics on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Translated with DeepL.com (free version)
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
If you delete your cookies, you must click this link again.
This website uses Google Analytics with the IP masking extension (“anonymizeIp”). This means that IP addresses are further processed in abbreviated form; according to Google, this should virtually rule out the possibility of personal references. Insofar as the data collected about you is personally identifiable, this should therefore be excluded immediately and the personal data deleted immediately.
We use Google Analytics to analyze and regularly improve the use of our website.
We can use the statistics obtained to improve our offer and make it more interesting for you as a user.
Google Ireland Limited processes the data in the EU.
To protect your personal data, we have concluded a data processing agreement with Google Ireland Limited in accordance with an order processing contract pursuant to Art. 28 GDPR.
It cannot be ruled out that data may also be processed in the USA. However, the parent company Google LLC, based in the USA, is certified in accordance with the EU-US Data Privacy Framework.
Data transfer to the USA is therefore currently considered sufficiently secure.You can find more information at:
https://privacy.google.com/businesses/processorterms/ Users' personal data is deleted or anonymized after 14 months.
You can find more information about Google here:
Terms of use https://www.google.com/analytics/terms/de.html
Overview of data protection
https://policies.google.com/?hl=de , as well as the privacy policy: https://www.google.de/intl/de/policies/privacy
Legal Basis
The legal basis for this processing of data is your consent pursuant to Art. 6 para. 1 lit. a GDPR.
B.) GOOGLE TAG MANAGER
This website uses Google Tag Manager. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
This website uses Google Tag Manager to centrally manage and configure data collection. This service allows website tags to be managed via an interface.
The Google Tag Manager only implements tags. The Google Tag Manager triggers other tags, which in turn may collect personal data.
This is hereby pointed out separately. However, Google Tag Manager does not access this data. The Google Tag Manager therefore does not collect or store any data. If deactivation has been carried out at domain or cookie level, it will remain in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.
Google Ireland Limited processes the data in the EU.
To protect your personal data, we have concluded a data processing agreement with Google Ireland Limited in accordance with an order processing contract pursuant to Art. 28 GDPR.
It cannot be ruled out that data may also be processed in the USA. However, the parent company Google LLC, based in the USA, is certified in accordance with the EU-US Data Privacy Framework. Data transfer to the USA is therefore currently considered sufficiently secure.
You can find more information at: https://privacy.google.com/businesses/processorterms/Users' personal data is deleted or anonymized after 14 months.
You can find more information about Google here:
User conditions: https://www.google.com/analytics/terms/de.html
Overview of data protection: https://policies.google.com/?hl=de and the privacy policy:
https://www.google.de/intl/de/policies/privacy
Google provides further information on this here:
https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/
Legal Basis
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Werbung
A.) FACEBOOK PIXEL AND FACEBOOK CUSTOM AUDIENCES
Facebook conversion tracking, the so-called “Facebook pixel” (meta pixel) of the social network Facebook, is used on our website for the purpose of analyzing and optimizing our website.
The provider of these services is Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. If you are based in the EU, the provider of the services is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”).
By using the Facebook pixel, Facebook is able to identify and determine the visitors to our website as a potential target group for the display of ads (so-called “Facebook ads”). We therefore use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our website or who have certain characteristics (interests determined on the basis of websites visited, etc.). We transmit this information to Facebook and thereby form so-called “Custom Audiences”. By using the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of visitors and are not perceived as a nuisance. By using the Facebook pixel, we can track the effectiveness of Facebook ads statistically and for market research purposes. We analyze whether visitors are redirected to our website after clicking on a Facebook ad, i.e. whether a so-called “conversion” takes place.
Meta Platforms Ireland Limited processes the data in the EU.
To protect your personal data, we have concluded a data processing agreement with Meta Platforms Ireland Limited in accordance with an order processing contract pursuant to Art. 28 GDPR.
It cannot be ruled out that data may also be processed in the USA. However, the parent company Meta Platforms Inc. based in the USA is certified in accordance with the EU-US Data Privacy Framework.
Data transfer to the USA is therefore currently considered sufficiently secure.
General information on the processing of data by Facebook can be found here https://www.facebook.com/policy.php .
Further information and details on the Facebook pixel can be found here:
www.facebook.com/business/help/742478679120153
You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set which types of ads are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads .
The settings are platform-independent, i.e. they are applied to all devices such as desktop computers or mobile devices.
Legal Basis
The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR and your express consent pursuant to Art. 49 para. 1 lit. a GDPR.
CRM
ZAPIER
We use the services of Zapier Inc, 548 Market St. #62411, San Francisco, CA 94104-5401 in order to make the operation of our website as efficient as possible and to be able to present you with the best possible offer.I
n the course of processing, data of the following categories may be processed:
- Name
- Contact data
- Address data
- Visit data
We would like to point out that there is a possibility that data may be transferred to the USA and processed by US authorities.
However, Zapier Inc. is certified in accordance with the EU-US Data Privacy Framework.
Data transfer to the USA is therefore currently considered sufficiently secure.
To protect your personal data, we have concluded a data processing agreement with Zapier in accordance with an order processing contract pursuant to Art. 28 GDPR.
Further information can be found in the Zapier privacy policy, which is available at:
https://zapier.com/privacy.
Legal Basis
The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 lit. a GDPR
Payment service providers
A.) STRIPE
We use the services of Stripe Payments Europe, Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”), among others, to process the payment process in the course of our sales offer.I
n the course of the payment process, your personal data will be forwarded to Stripe for further processing after clicking the “Order with obligation to pay” or “Buy now” button.
If the data subject selects a payment method during the ordering process in the online store, the data of the data subject is automatically transmitted to Stripe. By selecting a payment option, the data subject consents to the transfer of personal data for the purpose of processing the payment.
The personal data transmitted to Stripe is usually first name, last name, address, e-mail address, IP address and, if applicable, date of birth, telephone number, cell phone number and other data necessary for processing a payment.
Personal data relating to the respective order is also required to process the purchase contract. In particular, there may be a mutual exchange of payment information such as bank details, card number, expiry date and CVC code, data on goods and services prices.
The transmission of data is intended in particular for identity verification, payment administration and fraud prevention. The controller will transmit personal data to Stripe in particular if there is a legitimate interest in the transmission.
The personal data exchanged between Stripe and the controller may be transmitted by Stripe to credit reference agencies. The purpose of this transfer is to check identity and creditworthiness.
Stripe also passes on the personal data to service providers or subcontractors if this is necessary to fulfill the contractual obligations or if the data is to be processed.
The data subject has the option of withdrawing consent to the handling of personal data from Stripe at any time. A revocation does not affect personal data that must be processed, used or transmitted for contractual payment processing.
Stripe has undertaken to comply with the Standard Contractual Clauses (SCCs) for the transfer of personal data to third countries in accordance with Directive 2016/679.
Further information on the Standard Contractual Clauses can be found at
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de
Further information can be found at https://stripe.com/at/privacyLegal basis
The legal basis for the processing of personal data during a booking or payment process is Art. 6 para. 1 lit. b GDPR.
B.) PAYPAL
We use the services of the payment service provider PayPal Europe S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, among others, to process the payment process in the course of our sales offer.
In the course of the payment process, your personal data will be forwarded to PayPal for further processing after you click on the “Order with obligation to pay” or “Buy now” button.
If you select a payment method in the online store during the order process, your data will be automatically transmitted to PayPal. By selecting a payment option, you consent to the transfer of personal data for the purpose of processing the payment.
The personal data transmitted to PayPal is usually: first name, surname, address, e-mail address, telephone number and other data required to process a payment.
Personal data relating to the respective order is also required to process the purchase contract. In particular, there may be a mutual exchange of payment information such as bank details, card number, expiry date and CVC code, data on goods and services prices.
The purpose of transmitting the data is, in particular, identity verification, payment administration and fraud prevention. The controller will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission.
The personal data exchanged between PayPal and the controller may be transmitted by PayPal to credit reference agencies. The purpose of this transmission is to check identity and creditworthiness.
PayPal also passes on the personal data to service providers or subcontractors if this is necessary to fulfill the contractual obligations or if the data is to be processed.
You have the option to revoke your consent to the handling of personal data from PayPal at any time. A revocation does not affect personal data that must be processed, used or transmitted for contractual payment processing.
We would like to point out that there is a possibility that personal data may be transferred to the USA and processed by US authorities. The parent company PayPal is headquartered in the USA.
This company is not certified in accordance with the EU-US Data Privacy Framework. PayPal has undertaken to comply with the standard contractual clauses for the transfer of personal data to third countries in accordance with Directive 2016/679 (Standard Contractual Clauses - SCC).
For more information on the Standard Contractual Clauses, please visit
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.
Despite the Standard Contractual Clauses we have concluded with PayPal, these regulations may not be sufficient to ensure the effective protection of personal data transferred to the USA in practice.
Further information can be found in PayPal's privacy policy
https://www.paypalobjects.com/marketing/ua/pdf/DE/de/privacy-full.pdf
PayPal is not a processor within the meaning of Art. 4 No. 8 GDPR. It has its own responsibility.
Legal Basis
The legal basis for the processing of personal data during a booking or payment process is Art. 6 para. 1 lit. b GDPR.
Miscellaneous
A.) GOOGLE WEB FONTS
We use Google web fonts. All fonts are loaded locally.
When using Google Web Fonts, no personal data is forwarded to third parties.
B.) AMAZON PARTNER PROGRAM
We participate in the Amazon Partner Program. Advertisements and links from Amazon are integrated on our site, from which we can earn money by reimbursing advertising costs.
The provider of this service is “Amazon Europe”: Amazon Europe Core S.à.r.l., Amazon EU S.à.r.l., Amazon Services Europe S.à.r.l. and Amazon Media EU S.à.r.l., all four located at 38, avenue John F. Kennedy, L-1855 Luxembourg, and Amazon Digital Germany GmbH, Domagkstr. 28, 80807 Munich (hereinafter referred to as Amazon). Amazon uses cookies to recognize the origin of the orders. This allows Amazon to understand that you have clicked on the partner link or the partner ad on our website.
We would like to point out that there is a possibility that data may be transferred to the USA and processed by US authorities.
However, Amazon.com Inc. is certified in accordance with the EU-US Data Privacy Framework.
Data transfer to the USA is therefore currently considered sufficiently secure.
We have concluded an order processing contract with Amazon in accordance with Art. 28 GDPR.
Further information can be found at
https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010
The legal basisfor this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
System and Information Security
We secure our website and our other systems through technical and organizational measures against loss, destruction, access, modification or dissemination of the stored data by unauthorized persons. Despite controls, however, complete protection against all risks is not possible. The connection to the Internet and the resulting technical possibilities alone mean that no guarantee can be given that content and the flow of information will not be viewed and recorded by third parties.
Objection to unauthorized advertising by E-mail
As part of the imprint obligation pursuant to Section 5 TMG, we have published general contact details and an e-mail address on our website. We hereby object to the use of this contact data for the unsolicited sending of information material, advertising or spam e-mails that we have not explicitly requested.
Purpose of Processing your Data
The data that you provide to me as part of the order will only be processed by me for the purposes listed below:
- Invoicing / tax consultant Forwarding the invoice
- Christmas cards
- Postal mailings or e-mail messages / notices, project-related
-Advertising as part of the newsletter
Duration of Data Storage
As shown, I generally only process your data for the purpose of carrying out your order.
This means that I will delete your data once this purpose has been achieved, unless you have consented to longer storage or there is a retention obligation under tax, commercial or other laws.
Your rights as a so-called "data subject"
Since I process your data, as shown, you are also entitled to corresponding rights against me as a data subject, unless these are restricted or excluded by law.
These are in particular the rights listed below:
- In accordance with Art. 15 GDPR, to request information about your personal data processed by me. In the case of a request for information that is not made in writing, I ask for your understanding that I may then require proof from you that you are the person you claim to be.
- In accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by me
- To demand the erasure of your personal data stored by me in accordance with Art. 17 GDPR
- to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR
- In accordance with Art. 20 GDPR, to receive your personal data that you have provided to me in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
- in accordance with Art. 7 para. 3 GDPR, to withdraw any consent given at any time. However, this revocation only relates to future data processing. This does not affect the lawfulness of processing based on this legal basis.
- to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or that of my company.
The supervisory authority responsible for data protection for our company ist:
The State Commissioner for Data Protection of Lower Saxon
Denis Lehmkemper
Postfach 221
30002 Hannover
oder
Prinzenstraße 5
30159 Hannover
Tel: 0511 120-4500
E-Mail: [email protected]
It is very important to me to protect you and your data as well as possible. For this reason, I have taken measures to protect your data from unauthorized access as far as possible (see Art. 32 GDPR).
In this regard, I have taken what I consider to be appropriate technical and organizational security measures to prevent accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access to your data by third parties. My security measures are continuously reviewed for their effectiveness in line with technological developments and improved where necessary.
Up-to-dateness and amendment of this information
This information is currently valid and was last updated in January 2025
